From dshaw@jabberwocky.com Fri Mar 1 00:59:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Mar 1 00:59:01 2002 Subject: implications of subkeys? In-Reply-To: References: Message-ID: <20020228235727.GF691@akamai.com> On Thu, Feb 28, 2002 at 02:55:26PM -0800, Steve Butler wrote: > After thinking this over and using gpg to generate some keys today I have a > slightly better understanding: > * generated a 1024 bit sign only DSA master key pair > * added a 2048 bit encrypt only ELG sub key pair > * added a 1024 bit encrypt only ELG sub key pair > * added 2 1024 bit sign only DSA sub key pair > > I suppose I could have used two ELG keys with sign/encrypt capability > instead of the four sub keys. Yes, but then you would have had two "keys" in the keyservers and on people's keyrings. > Now, I take it that the 3rd party must know the exact key ID I wish them to > use. If somebody sends files both to me at home (pleasure) and at work > (business) then they must know enough to specify different key ID. If I > remember the discussion from earlier in the week the email/user ID is not > attached to a specific sub key. Correct. If they do not specify a particular key to encrypt to, GnuPG will make a reasonable guess for which subkey to use (it uses the one with the most recent signature, which generally means the most recently created key). Generally this is not an issue since people usually don't have very many active encrypting subkeys at the same time. Usually there is only one, and a new one is added some time before the first expires. Once the new one is widely distributed the old one is revoked or allowed to expire. If you are intend to use different keys for home and work, that particular case sounds like it would be more convenient to use two different full keys. > And I take it that for signing I have to specify the particular key ID on > the --local-user option rather than just allowing it to sign with the > default (which would probably be the master key). Mostly correct. GnuPG is biased internally towards subkeys. If you don't specify otherwise, it will use a subkey over the master key if possible. To specify a particular key, you can use --local-user and append an exclamation mark to the key id. This means "Don't try and figure out which subkey to use. Give me this exact key id." > However, to verify my signature the recipient need only to have my public > key with all of the sub-keys. The software will know which key ID was used > to sign and will automatically use the correct public sub-key. Likewise, > when I receive an encrypted file the software will know which public sub-key > they used to encrypt the data and will use the corresponding private > sub-key. All private keys (master and sub-keys) are protected with the same > pass phrase. All correct. It would be sort of interesting to be able to have different passphrases for different subkeys, and there is nothing in the standard that prevents it, but GnuPG doesn't do it now. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Fri Mar 1 01:05:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Mar 1 01:05:02 2002 Subject: Multiple subkey warning Message-ID: <20020301000236.GG691@akamai.com> Hi folks, What with all the discussions of multiple subkeys, I wanted to add a warning: ** Most of the current keyservers in use on the net today do not handle multiple subkeys properly. The subkeys get mangled together and corrupted. ** Worse, most of the keyservers synchronize with other keyservers, so even if you send your key to one of the good ones, it can end up on the bad ones as well and get corrupted. Obviously this doesn't affect your local copy or anyone you send your key to directly, but anyone who gets it off one of the bad keyservers will get a corrupted key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From douglist@anize.org Fri Mar 1 01:29:01 2002 From: douglist@anize.org (Douglas F. Calvert) Date: Fri Mar 1 01:29:01 2002 Subject: Scientific American Global Privacy Summit in NYC? Message-ID: <1014942876.14977.34.camel@allevil> --=-HhogfN7Dtay4ezC4wMZK Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, Is anyone going to the global privacy summit in nyc? --=20 +-----------------+---------------------------------------------------+ | Douglas Calvert | http://anize.org | +-----------------+---------------------------------------------------+ | Encrypted email | They that can give up liberty to obtain a little | | is encouraged |temporary safety deserve neither liberty nor safety| +-----------------+---------------------------------------------------+ | http://pgp.dtype.org:11371/pks/lookup?op=3Dget&search=3D0xC9541FB2 | +-------| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |--------+ --=-HhogfN7Dtay4ezC4wMZK Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8fsyct5YHPclUH7IRAhzjAJ9Lt6rOW/ZM1owrSC+s67a8+UQOugCfT1Nq HZxRzfQ9MLMAMH/CYXC6mls= =2OA5 -----END PGP SIGNATURE----- --=-HhogfN7Dtay4ezC4wMZK-- From crisbill@lightlink.com Fri Mar 1 05:09:02 2002 From: crisbill@lightlink.com (Bill Carini) Date: Fri Mar 1 05:09:02 2002 Subject: Message body is empty in email Message-ID: <3C7EF84D.4BD08E05@pop.lightlink.com> Go to the archive and see my response to "executing from the web" that I posted on February 12. (I assume that the form you are referring to is a web form). You need to give write permission to the username that the web server is using , not to gpg. This is often the user "nobody", but this varies from system to system. Another tip is to add "2>errorfile" to your gpg command. The errorfile will probably give you some valuable information. Good luck, Bill Carini From disastry@saiknes.lv Fri Mar 1 08:05:01 2002 From: disastry@saiknes.lv (disastry@saiknes.lv) Date: Fri Mar 1 08:05:01 2002 Subject: implications of subkeys? Message-ID: <3C7F27A5.671ABCEF@saiknes.lv> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Steve Butler sbutler@fchn.com wrote: > After thinking this over and using gpg to generate some keys today I have a > slightly better understanding: > * generated a 1024 bit sign only DSA master key pair > * added a 2048 bit encrypt only ELG sub key pair > * added a 1024 bit encrypt only ELG sub key pair > * added 2 1024 bit sign only DSA sub key pair > > I suppose I could have used two ELG keys with sign/encrypt capability > instead of the four sub keys. ELG sign/encrypt keys is not supported by PGP (except 658ckt06) > Now, I take it that the 3rd party must know the exact key ID I wish them to > use. If somebody sends files both to me at home (pleasure) and at work > (business) then they must know enough to specify different key ID. If I > remember the discussion from earlier in the week the email/user ID is not > attached to a specific sub key. unlike GPG, PGP does not allow to select to which subkey to encrypt, PGP always encrypts to newest one. > And I take it that for signing I have to specify the particular key ID on > the --local-user option rather than just allowing it to sign with the > default (which would probably be the master key). I'm not sure, but I think GPG will sign with subkey by default if there is one. > However, to verify my signature the recipient need only to have my public > key with all of the sub-keys. it's enough with signing subkeys. but again PGP cannot verify signatures made with subkeys (except 658ckt07 and maybe 7.x(but I'm not sure about it)) > The software will know which key ID was used > to sign and will automatically use the correct public sub-key. yes > Likewise, > when I receive an encrypted file the software will know which public sub-key > they used to encrypt the data and will use the corresponding private > sub-key. yes > All private keys (master and sub-keys) are protected with the same > pass phrase. yes. normally. different passprase can also be set (at least with 658ckt06), I think it's wery cool furture :) GPG also can use different passprase for key and subke(s), but it's difficult to set different passprases with GPG, for example, if you have 2 subkeys, you have to: export to file0 delete subkey 2 set passphrase 1 export to file1 delete key import from file0 delete subkey 1 set passphrase 2 export to file2 delete subkey 2 set passphrase 0 import from file1 import from file2 wipe file0, file1, file2 now the key will be protected with passprase 0, subkeys with passprases 1 and 2 :) __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBPH8LOTBaTVEuJQxkEQOGiQCfYPr+ga9nOipYt264ZX8IPa98q5MAn1KV 0myAIPVZcPn5aoIxCV7KiUzS =3pkT -----END PGP SIGNATURE----- From Marco van Lienen Fri Mar 1 13:25:01 2002 From: Marco van Lienen (Marco van Lienen) Date: Fri Mar 1 13:25:01 2002 Subject: porting keypair to another OS Message-ID: <20020301132252.O8706@tiscali.nl> --dp9QYJgVRVEW2bsm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'm switching from RH Linux (GnuPG 1.06) to FreeBSD 4.5-STABLE.=20 Is it possible to port my keypair without difficulties to FreeBSD? --=20 Marco van Lienen -- Unix SysAdmin -- Tiscali Benelux, Office: +31-30-248-3655 Cell: +31-6-22473707 URL: http://www.tiscali.nl/ =20 S@H:3282WU/6.250yr --> setiathome.ssl.berkeley.edu Will you find aliens? =20 Why did it happen ? BOFH Excuse: Fatal error: you're dead. --dp9QYJgVRVEW2bsm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8f3KcOwsMGR/3vQ8RAnqiAKC7luKQ1wMPsPu3d7u1JXKKSeeS4gCgwwu9 GbAhAI7gepbTu/o7EHxFfLw= =1Xr4 -----END PGP SIGNATURE----- --dp9QYJgVRVEW2bsm-- From agreene@pobox.com Fri Mar 1 13:51:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Fri Mar 1 13:51:01 2002 Subject: porting keypair to another OS In-Reply-To: <20020301132252.O8706@tiscali.nl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 1 Mar 2002, Marco van Lienen wrote: >I'm switching from RH Linux (GnuPG 1.06) to FreeBSD 4.5-STABLE. >Is it possible to port my keypair without difficulties to FreeBSD? Just copy everything in ~/.gnupg to the new machine. Tony - -- Anthony E. Greene PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D Chat: AOL/Yahoo: TonyG05 Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8f3fupCpg3WyUI50RApuPAKC8aopRZSKPSkjnNpkpfog7mwR7bgCfd7La l8ZaQ55Z0cUFzoRZfE1bvYE= =dxLZ -----END PGP SIGNATURE----- From incanus@codesorcery.net Fri Mar 1 16:24:01 2002 From: incanus@codesorcery.net (Justin R. Miller) Date: Fri Mar 1 16:24:01 2002 Subject: Scientific American Global Privacy Summit in NYC? In-Reply-To: <1014942876.14977.34.camel@allevil> References: <1014942876.14977.34.camel@allevil> Message-ID: <20020301152127.GD7166@mithrandir.codesorcery.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Said Douglas F. Calvert on Thu, Feb 28, 2002 at 07:34:36PM -0500: > Is anyone going to the global privacy summit in nyc? Where can I find more info on this? I'd be interested... - -- [!] Justin R. Miller PGP 0xC9C40C31 -=- http://codesorcery.net http://www.newsbytes.com/news/02/174673.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8f5x394d6K8nEDDERAkjpAJ4rDBApY5CT7a6UK4Le1gmhAPcCJACgg3Ia WqYxic5MmDa0CNowxdtXIfo= =QNaG -----END PGP SIGNATURE----- From sbutler@fchn.com Fri Mar 1 16:36:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Fri Mar 1 16:36:01 2002 Subject: implications of subkeys? Message-ID: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com> I was really thinking of 2 ELG sign/encrypt sub-keys instead of the 2 ELG encrypt sub-keys and the 2 DSA sign sub keys. However, there was some note about the ELG sign/encrypt being depreciated. I'm not sure what that really means in this case but the dictionary definition implied this was a bad thing! The more comments I read, the closer I come to believing the best bet is a key set for work and a totally separate key set for home. Or more precisely, a personal set and a business set. Now, it does appear to me that the default mechanism GPG uses to build the keys (a DSA sign pair and an ELG encrypt pair as a sub-key) really does lend itself to keeping the DSA around as long as possible while putting a life on the ELG sub-keys. However, if the authorities came and asked for my decrypting key, I'm not sure I'd know how to pull only the ELG sub key (private piece) out to give to them without also letting them have the DSA private key. --Steve PS Thanks for everybody who has chipped in on this discussion as it sure has increased my understanding of the black box. -----Original Message----- From: David Shaw [mailto:dshaw@jabberwocky.com] Sent: Thursday, February 28, 2002 3:57 PM To: GnuPG Users Subject: Re: implications of subkeys? On Thu, Feb 28, 2002 at 02:55:26PM -0800, Steve Butler wrote: > After thinking this over and using gpg to generate some keys today I have a > slightly better understanding: > * generated a 1024 bit sign only DSA master key pair > * added a 2048 bit encrypt only ELG sub key pair > * added a 1024 bit encrypt only ELG sub key pair > * added 2 1024 bit sign only DSA sub key pair > > I suppose I could have used two ELG keys with sign/encrypt capability > instead of the four sub keys. Yes, but then you would have had two "keys" in the keyservers and on people's keyrings. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From dshaw@jabberwocky.com Fri Mar 1 17:04:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Mar 1 17:04:02 2002 Subject: implications of subkeys? In-Reply-To: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com> References: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com> Message-ID: <20020301160141.GC680@akamai.com> On Fri, Mar 01, 2002 at 07:32:29AM -0800, Steve Butler wrote: > I was really thinking of 2 ELG sign/encrypt sub-keys instead of the 2 ELG > encrypt sub-keys and the 2 DSA sign sub keys. However, there was some note > about the ELG sign/encrypt being depreciated. I'm not sure what that really > means in this case but the dictionary definition implied this was a bad > thing! In this particular case, it means "Don't use these." :) ElGamal signatures are somewhat controversial. > Now, it does appear to me that the default mechanism GPG uses to build the > keys (a DSA sign pair and an ELG encrypt pair as a sub-key) really does lend > itself to keeping the DSA around as long as possible while putting a life on > the ELG sub-keys. Yes. That's a good thing, as the DSA primary (plus your user ID) is what ties you into the web of trust. You'd want that key to stay around for a long time, if not forever. > However, if the authorities came and asked for my decrypting key, I'm not > sure I'd know how to pull only the ELG sub key (private piece) out to give > to them without also letting them have the DSA private key. You can do it with "gpg --export-secret-subkeys". However, that allows the authorities to decrypt everything sent to that key (which is a reason right there to change your encryption key every now and then). You can reveal the session key for a single message with --show-session-key. Seriously, though - if that happens, call a lawyer before you do anything, and then call the EFF. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From JanuszA.Urbanowicz Fri Mar 1 17:21:01 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Fri Mar 1 17:21:01 2002 Subject: implications of subkeys? In-Reply-To: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com> from Steve Butler at "Mar 1, 2002 07:32:29 am" Message-ID: Steve Butler wrote/napisa=B3[a]/schrieb: > The more comments I read, the closer I come to believing the best bet is a > key set for work and a totally separate key set for home. Or more > precisely, a personal set and a business set. Don't do this. I did this once and still regret (my experiences with 'legacy v3 key' are a dim echo of this past). It complicates your web of trust position, you have two set of user-ids to gather signatures, you never know if your correspondent has the right key on and generally the hassle is significant. And significantly bigger than for single key. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From sbutler@fchn.com Fri Mar 1 18:10:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Fri Mar 1 18:10:01 2002 Subject: implications of subkeys? Message-ID: Hmm. This whole thread started because of somebody's desire to secure = their home communication versus their work site communication. It really has= been a learning experience. Your and David's helpful comments throughout th= is process have shed a lot of light. So, if I have read everything correc= tly, it sounds like the general consensus is: * Have one signing only key pair -- the master set (most likely DSA of= appropriate strength for long term usage). * Have one encryption sub-key (until most keyservers understand and correctly handle multiple sub-keys) that is changed every so often. * Expose only the session-level key if possible when given a court ord= er (with appropriate legal counsel). * If must expose the encryption sub-key, then generate a new pair for future use (and change it more often) and revoke the prior sub-key pair= , I guess this still doesn't answer the one individual's concern about wa= nting to have business and personal encryption different in case a court orde= r forced exposure of one or the other key. Sounds like we need to wait f= or updates to the keyservers. -----Original Message----- From: Janusz A. Urbanowicz [mailto:alex@bofh.torun.pl] Sent: Friday, March 01, 2002 8:12 AM To: Steve Butler Cc: 'David Shaw'; GnuPG Users Subject: Re: implications of subkeys? Steve Butler wrote/napisa=B3[a]/schrieb: > The more comments I read, the closer I come to believing the best bet= is a > key set for work and a totally separate key set for home. Or more > precisely, a personal set and a business set. Don't do this. I did this once and still regret (my experiences with 'l= egacy v3 key' are a dim echo of this past). It complicates your web of trust position, you have two set of user-ids to gather signatures, you never = know if your correspondent has the right key on and generally the hassle is significant. And significantly bigger than for single key. Alex -- C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | = | * ; (_O : +-------------------------------------------------------------= + --+~| ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem = ka=BFde z=B3o | l_|/ A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF = po dno; | | CONFIDENTIALITY NOTICE: This e-mail message, including any attachments= , is for the sole use of the intended recipient(s) and may contain conf= idential and privileged information. Any unauthorized review, use, dis= closure or distribution is prohibited. If you are not the intended rec= ipient, please contact the sender by reply e-mail and destroy all copie= s of the original message. From wk@gnupg.org Fri Mar 1 18:31:03 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Mar 1 18:31:03 2002 Subject: Multiple subkey warning In-Reply-To: <20020301000236.GG691@akamai.com> (David Shaw's message of "Thu, 28 Feb 2002 19:02:36 -0500") References: <20020301000236.GG691@akamai.com> Message-ID: <87g03kpng4.fsf@alberti.gnupg.de> On Thu, 28 Feb 2002 19:02:36 -0500, David Shaw said: > ** Most of the current keyservers in use on the net today do not > handle multiple subkeys properly. The subkeys get mangled together > and corrupted. ** This is a good idea. We might want so setup a webpage to further explain this and to tell people of forthcoming keyserver networks without this problem. -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From ftobin@neverending.org Fri Mar 1 19:47:01 2002 From: ftobin@neverending.org (Frank Tobin) Date: Fri Mar 1 19:47:01 2002 Subject: [Announce] Ann.: keystory 0.1.0 (initial) release Message-ID: <20020228234703.T93061-100000@palanthas.neverending.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Announcing the 0.1.0 (initial) release of keystory: keystory, by analyzing email history, gathers data on the usage of OpenPGP signatures, and provides information to imperfectly, but practically complement the web of trust, answering questions such as "What keys has foo@bar.baz.com used, where and when?" The homepage for keystory is at: http://keystory.sourceforge.net/ tar.gz's and RPM's can be found at: http://sourceforge.net/project/showfiles.php?group_id=42442 I have put up a demo of keystory having a CGI interface at http://palanthas.neverending.org/keystory/ The demo site contains information gathered from the gnupg-users and gnupg-devel archives. keystory requires Python 2.2 or later, GnuPG, and other Python modules that are described in the README. >From the NEWS file: Noteworthy changes in 0.1.0 - ----------------------------------------------------------------- * Initial release of keystory. * Current issues are that there is no recognition of duplicately imported data and compile time is slow. - -- Frank Tobin http://www.neverending.org/~ftobin/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjx/E/gACgkQVv/RCiYMT6NwfQCgigfN1v7620XSGa+qoEfGZwMb jwkAniEOgAXGuOLO0aG+FO1CLqsmyRaX =fpYe -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From JanuszA.Urbanowicz Fri Mar 1 20:27:01 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Fri Mar 1 20:27:01 2002 Subject: implications of subkeys? In-Reply-To: from Len Sassaman at "Feb 27, 2002 03:59:15 pm" Message-ID: Len Sassaman wrote/napisa=B3[a]/schrieb: > This isn't actually needed, however, due to a trick in the PGP trust > model that isn't too widely known: >=20 > If a key A bearing a given user-id signs a key B with an identicial > user-id (and the signature is made on that identical user id) then trust > for key B is calculated as though all the signatures for this shared > user-id on key A were made on key B. This was introduced around the time > of PGP 3.0, to prevent an RSA/DSA divide in the web of trust. I do not want to seem to attack PGP developers et al, but why the hell this (very important IMO) feature wasn't publicized then? Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From dshaw@jabberwocky.com Fri Mar 1 20:38:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Mar 1 20:38:02 2002 Subject: implications of subkeys? In-Reply-To: References: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com> Message-ID: <20020301193236.GD1518@akamai.com> On Fri, Mar 01, 2002 at 05:12:24PM +0100, Janusz A. Urbanowicz wrote: > Steve Butler wrote/napisa?[a]/schrieb: > > > The more comments I read, the closer I come to believing the best bet is a > > key set for work and a totally separate key set for home. Or more > > precisely, a personal set and a business set. > > Don't do this. I did this once and still regret (my experiences with 'legacy > v3 key' are a dim echo of this past). It complicates your web of trust > position, you have two set of user-ids to gather signatures, you never know > if your correspondent has the right key on and generally the hassle is > significant. And significantly bigger than for single key. Hmm. Personal preference, I think. For me, I always felt it was better to seperate my work life from my personal life - that means two email addresses, two different keys, etc. There is inevitable overlap, of course, but it works well for me that way. It also works better if the company requires things like a company revocation key, or worse, a company ADK. I wouldn't want that on my personal key. In the USA, at least, I have read about possible legal issues with regards to the boundaries between private and company communications. If I send a private email from a company email address, the company can under some circumstances ask for a copy of it. (I am not a lawyer, laws are different everywhere, etc.) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Fri Mar 1 20:43:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Mar 1 20:43:02 2002 Subject: implications of subkeys? In-Reply-To: References: Message-ID: <20020301193950.GE1518@akamai.com> On Fri, Mar 01, 2002 at 09:05:57AM -0800, Steve Butler wrote: > Hmm. This whole thread started because of somebody's desire to secure their > home communication versus their work site communication. It really has been > a learning experience. Your and David's helpful comments throughout this > process have shed a lot of light. So, if I have read everything correctly, > it sounds like the general consensus is: > * Have one signing only key pair -- the master set (most likely DSA of > appropriate strength for long term usage). Yes. The algorithm is up to you and what you trust more. GnuPG 1.0.7 gives you the choice between DSA and RSA. They each have advantages and disadvantages. > * Have one encryption sub-key (until most keyservers understand and > correctly handle multiple sub-keys) that is changed every so often. Problem here. If your key is already on the bad keyservers, adding a new subkey will trigger the bug. Even if you remove the old subkey first, it doesn't leave the keyservers. > * Expose only the session-level key if possible when given a court order > (with appropriate legal counsel). > * If must expose the encryption sub-key, then generate a new pair for > future use (and change it more often) and revoke the prior sub-key pair, Yes. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Fri Mar 1 20:48:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Mar 1 20:48:01 2002 Subject: implications of subkeys? In-Reply-To: References: <20020227070231.0000.ANDRIASH@telus.net> Message-ID: <20020301194443.GF1518@akamai.com> On Wed, Feb 27, 2002 at 03:59:15PM -0800, Len Sassaman wrote: > If a key A bearing a given user-id signs a key B with an identicial > user-id (and the signature is made on that identical user id) then trust > for key B is calculated as though all the signatures for this shared > user-id on key A were made on key B. This was introduced around the time > of PGP 3.0, to prevent an RSA/DSA divide in the web of trust. I heard about this a few months ago (I think you were the one who told me, actually), but I don't really see a large benefit here. All it means is that your new key is one certification depth "hop" closer than it would be otherwise. Is that really such a big benefit? GnuPG does not do this, incidentally. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From douglist@anize.org Fri Mar 1 23:17:02 2002 From: douglist@anize.org (Douglas F. Calvert) Date: Fri Mar 1 23:17:02 2002 Subject: subkeys hate me Message-ID: <1015021360.19161.9.camel@allevil> --=-TGyZ7iYVxB4YtN13hqo2 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, I am having some serious troubles with subkeys. I have created two subkeys for my key 13300731. I have also revoked two. I can not get them to be imported into another keyring (the one on my laptop). I have tried everything i think. Here is the output on my main machine: Secret key is available. pub 1024D/13300731 created: 2001-07-07 expires: never trust: f/u sub 2048g/E8417DBF created: 2001-07-07 expires: never =20 rev! subkey has been revoked: 2002-02-27 rev! subkey has been revoked: 2002-02-27 sub 4096g/69F66200 created: 2002-02-27 expires: never =20 rev! subkey has been revoked: 2002-02-27 sub 1024D/ECF0CF22 created: 2002-03-01 expires: never =20 sub 4096g/711013C1 created: 2002-03-01 expires: never =20 (1) Douglas F. Elznic gpg --export-secret-keys -a >secret.asc gpg --export-secret-subkeys -a > secret-sub.asc Then one my laptop: dfc@lrrp:~$ gpg --allow-secret-key-import --import secret.asc=20 gpg: key 13300731: already in secret keyring gpg: key C9541FB2: already in secret keyring gpg: key 0B1770DB: already in secret keyring gpg: Total number processed: 3 gpg: secret keys read: 3 gpg: secret keys unchanged: 3 dfc@lrrp:~$ gpg --allow-secret-key-import --import secret-sub.asc=20 gpg: key 13300731: already in secret keyring gpg: key C9541FB2: already in secret keyring gpg: key 0B1770DB: already in secret keyring gpg: Total number processed: 3 gpg: secret keys read: 3 gpg: secret keys unchanged: 3 Now when I do gpg --edit-key 13300731 on my laptop gpg: no secret subkey for public subkey 69F66200 - ignoring gpg: no secret subkey for public subkey ECF0CF22 - ignoring gpg: no secret subkey for public subkey 711013C1 - ignoring Secret key is available. pub 1024D/13300731 created: 2001-07-07 expires: never trust: f/u sub 2048g/E8417DBF created: 2001-07-07 expires: never =20 rev! subkey has been revoked: 2002-02-27 sub 4096g/69F66200 created: 2002-02-27 expires: never =20 rev! subkey has been revoked: 2002-02-27 sub 1024D/ECF0CF22 created: 2002-03-01 expires: never =20 sub 4096g/711013C1 created: 2002-03-01 expires: never =20 (1) Douglas F. Elznic I have even gone as far as importing secring and pubring from my main .gnupg dir and still no luck. Any clues? Dave Shaw and Frank Tobin i know you guys know;) Werner you probably know too, but these guys hold my hand during everything... --=20 +-----------------+---------------------------------------------------+ | Douglas Calvert | http://anize.org | +-----------------+---------------------------------------------------+ | Encrypted email | They that can give up liberty to obtain a little | | is encouraged |temporary safety deserve neither liberty nor safety| +-----------------+---------------------------------------------------+ | http://pgp.dtype.org:11371/pks/lookup?op=3Dget&search=3D0xC9541FB2 | +-------| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |--------+ --=-TGyZ7iYVxB4YtN13hqo2 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8f/8wt5YHPclUH7IRAr61AJ9faUClQaIDMVsR30gXWfEwS9GdkgCfRMI7 Us0sh0Rz9mzloc1VprK2BK0= =owzE -----END PGP SIGNATURE----- --=-TGyZ7iYVxB4YtN13hqo2-- From ingo.kloecker@epost.de Sat Mar 2 13:54:02 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sat Mar 2 13:54:02 2002 Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?) Message-ID: <200203021351.06645@erwin.ingo-kloecker.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 01 March 2002 20:39, David Shaw wrote: > Yes. The algorithm is up to you and what you trust more. GnuPG > 1.0.7 gives you the choice between DSA and RSA. They each have > advantages and disadvantages. Is there somewhere a short but complete list of the advantages and=20 disadvantages? Regards, Ingo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8gMq5GnR+RTDgudgRAlx+AKCdvCAU6q3Dsf982yUwggue5GNncACfZ+VK C/PnLv/wBtti8CruOI5CKIA=3D =3DrazX -----END PGP SIGNATURE----- From nyg102@psu.edu Sat Mar 2 15:08:02 2002 From: nyg102@psu.edu (Naresh Reddy) Date: Sat Mar 2 15:08:02 2002 Subject: Creating a Key problem Message-ID: When I create a key? By gpg --gen-key. But I don't know where the key is being creating. Do I need to set up a .gnupg file or something? Naresh ----------------------------------- Naresh Reddy nyg102@psu.edu http://www.personal.psu.edu/nyg102 ----------------------------------- From dshaw@jabberwocky.com Sat Mar 2 15:24:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 2 15:24:01 2002 Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?) In-Reply-To: <200203021351.06645@erwin.ingo-kloecker.de> References: <200203021351.06645@erwin.ingo-kloecker.de> Message-ID: <20020302142133.GC679@akamai.com> On Sat, Mar 02, 2002 at 01:51:01PM +0100, Ingo Kl=F6cker wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > On Friday 01 March 2002 20:39, David Shaw wrote: > > Yes. The algorithm is up to you and what you trust more. GnuPG > > 1.0.7 gives you the choice between DSA and RSA. They each have > > advantages and disadvantages. >=20 > Is there somewhere a short but complete list of the advantages and=20 > disadvantages? This is pretty good: http://www.samsimpson.com/pgpfaq.html David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From ingo.kloecker@epost.de Sat Mar 2 19:10:02 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sat Mar 2 19:10:02 2002 Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?) In-Reply-To: <20020302142133.GC679@akamai.com> References: <200203021351.06645@erwin.ingo-kloecker.de> <20020302142133.GC679@akamai.com> Message-ID: <200203021901.03086@erwin.ingo-kloecker.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 02 March 2002 15:21, David Shaw wrote: > On Sat, Mar 02, 2002 at 01:51:01PM +0100, Ingo Kl=F6cker wrote: > > On Friday 01 March 2002 20:39, David Shaw wrote: > > > Yes. The algorithm is up to you and what you trust more. GnuPG > > > 1.0.7 gives you the choice between DSA and RSA. They each have > > > advantages and disadvantages. > > > > Is there somewhere a short but complete list of the advantages and > > disadvantages? > > This is pretty good: > http://www.samsimpson.com/pgpfaq.html Thanks. At least from section 8.1 it doesn't seem that RSA keys have any=20 advantages (except the backwards compatibility with plain PGP 2.x). Regards, Ingo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8gRNcGnR+RTDgudgRAr0ZAJ9AhXnxnRLL9MxbHYnNNACzC8C6xQCgprmA u/M2T4l4JFXVIHSthP84qQM=3D =3DyuEh -----END PGP SIGNATURE----- From dvgevers@wxs.nl Sat Mar 2 21:45:01 2002 From: dvgevers@wxs.nl (Dick Gevers) Date: Sat Mar 2 21:45:01 2002 Subject: Bug of sorts in documentation GPG 1.0.6 Message-ID: <3C8138B1.13699.782FC1@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, For several years I have been using PGP but as NAI has stopped further development I decided to look into GnuPG. I am completely new to GnuPG and it took me several hours to get it working because there is a small inaccuracy in the file readme.w32: It says quote 4. If you did not use the default directory "c:\gnupg", you should enter a string with the directory into the Registry under the key: \\HKEY_CURRENT_USER\Software\GNU\GnuPG\HomeDir Please use forward slashes and not the backslashes when setting filenames for GnuPG into the Registry. unquote Since my C:\ drive is FAT32 I find it unreliable for storing files such as those of GPG and do so on an NTFS drive. Today I downloaded GnuPG 1.0.6 and GPGShell for Windows v. 2.25 and the QDGPG plugin for Pegasus Mail. I couldn't get any of these to work okay until I found the page http://www.jumaros.de/rsoft/gpg/guide.html The problem is there shouldn't be a Regkey \\HKEY_CURRENT_USER\Software\GNU\GnuPG\HomeDir but rather \\HKEY_CURRENT_USER\Software\GNU\GnuPG with a string value called "HomeDir" containing as data the path to the GPG.exe directory. Moreover the mention that forward slashes must be used is unnecessary and un-windows like: backward slashes work fine. HTH Regards =Dick Gevers= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyBOLEACgkQwC/zk+cxEdMO8ACgm2FpLryaipzevxpE47yoq92C pLcAoJljS+VJxYsxuKnMpmz/FHlJ/ahO =XUv1 -----END PGP SIGNATURE----- From xconsole@it.yorku.ca Sun Mar 3 10:13:01 2002 From: xconsole@it.yorku.ca (Harold Rodriguez) Date: Sun Mar 3 10:13:01 2002 Subject: Creating a Key problem Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + When I create a key? By gpg --gen-key. + But I don't know where the key is being creating. Do I need to set up a + .gnupg file or something? I assume you're using a *nix type system. If so, the first time you type gpg --gen-key a ~/.gnupg directory will be created (if it does not already exist). All your keys will be stored in there. - -- Harold Rodriguez .:. X_console World Wide Web .:. http://it.yorku.ca/moonfrog GnuPG Key ID .:. 0x9ECCF021 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8gehi8mTSoJ7M8CERAtgyAKDHhgIAbiqDvMPYFMEHnGRZRyx3rACguXxw kbgYjXNBaeRk2zKg6SCESDY= =Vg+P -----END PGP SIGNATURE----- From wk@gnupg.org Sun Mar 3 13:54:01 2002 From: wk@gnupg.org (Werner Koch) Date: Sun Mar 3 13:54:01 2002 Subject: Bug of sorts in documentation GPG 1.0.6 In-Reply-To: <3C8138B1.13699.782FC1@localhost> ("Dick Gevers"'s message of "Sat, 2 Mar 2002 20:40:17 -0000") References: <3C8138B1.13699.782FC1@localhost> Message-ID: <87n0xpu86t.fsf@alberti.gnupg.de> On Sat, 2 Mar 2002 20:40:17 -0000, Dick Gevers said: > with a string value called "HomeDir" containing as data the path to > the GPG.exe directory. This has been fixed in the README. > Moreover the mention that forward slashes must be used is > unnecessary and un-windows like: backward slashes work fine. When I write forward slash, I mean forward slash. Backslashes may work, though. Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From jkane89@softhome.net Sun Mar 3 17:50:01 2002 From: jkane89@softhome.net (John Kane) Date: Sun Mar 3 17:50:01 2002 Subject: subkeys hate me Message-ID: <3C819101.5660267@softhome.net> To the best of my knowledge, on your original system you'd do: gpg --armor -o mysecret.asc --export-secret-keys myemail@myemail.net gpg --armor -o mypubkey.asc --export myemail@myemail.net and on the second system (if you have gpg) do: gpg --allow-secret-key-import --import mysecret.asc gpg --import mypubkey.asc Note that the 'mysecret.asc' text file contains only the secret part of your key, and you need to transfer both the public and private parts to make the key behave properly on the new system. From mutz@kde.org Sun Mar 3 21:08:01 2002 From: mutz@kde.org (Marc Mutz) Date: Sun Mar 3 21:08:01 2002 Subject: Creating a Key problem In-Reply-To: References: Message-ID: <200203032104.39730@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 03 March 2002 10:09, Harold Rodriguez wrote: > + When I create a key? By gpg --gen-key. > + But I don't know where the key is being creating. Do I need to set > up a + .gnupg file or something? > > I assume you're using a *nix type system. If so, the first time you > type gpg --gen-key a ~/.gnupg directory will be created (if it does > not already exist). All your keys will be stored in there. But the very first time (when gnupg creates the .gnupg directory), it=20 will simply exit afterwards. Just enter the same command again ;-) Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8goHW3oWD+L2/6DgRAr7dAJ4j0kKlL7e/URn3X/y/coDtElg9UgCfWo4Y VWXKzcglmRyX4KVB8QntFqs=3D =3D4b/i -----END PGP SIGNATURE----- From jharris@widomaker.com Sun Mar 3 22:22:01 2002 From: jharris@widomaker.com (Jason Harris) Date: Sun Mar 3 22:22:01 2002 Subject: duplicate keyid survey results Message-ID: <20020303212007.GA1170@p5.widomaker.com> --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable A current list of duplicate PGP keyids can be found on my website: http://jharris.cjb.net/ (which _usually_ redirects to:) http://galileo.spaceports.com/~jharris/ --=20 Jason Harris jharris@widomaker.com --+QahgC5+KEYLbs62 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8gpOGSypIl9OdoOMRAqfdAJwKzfOoFuZ5fm6i5v3//PEqEDEnRQCgr+dy Ez6c3NTf8EXwFjPo2JV6Lj4= =rtyb -----END PGP SIGNATURE----- --+QahgC5+KEYLbs62-- From promos@uniwebs.com Mon Mar 4 02:13:02 2002 From: promos@uniwebs.com (Promotions at Uniwebs) Date: Mon Mar 4 02:13:02 2002 Subject: A status report http://www.marylandyachtclub.com http://hallmans.org/bodkin.htm Message-ID: A status report http://www.marylandyachtclub.com http://hallmans.org/bodkin.htm I am trying this new mail list and want to report a status... A status report http://www.marylandyachtclub.com http://hallmans.org/bodkin.htm From hironobu@h2np.net Mon Mar 4 03:04:01 2002 From: hironobu@h2np.net (Hironobu SUZUKI) Date: Mon Mar 4 03:04:01 2002 Subject: duplicate keyid survey results In-Reply-To: Your message of "Sun, 03 Mar 2002 16:20:08 EST." <20020303212007.GA1170@p5.widomaker.com> Message-ID: <200203040201.LAA16029@blue.h2np.net> Good job!! > A current list of duplicate PGP keyids can be found on my website: I found same problem when I did some test of "search" function of my key server, (See http://openpksd.org). My program never return duplicate keyid because I'm afraid of the fraud key. I know that this specificity has a potential of Denial of Service attack. Please give me some idea what keyserver should behave about it. -- Hironobu SUZUKI Independent Software Consultant E-Mail: hironobu@h2np.net URL: http://h2np.net From rabbi@quickie.net Mon Mar 4 03:12:01 2002 From: rabbi@quickie.net (Len Sassaman) Date: Mon Mar 4 03:12:01 2002 Subject: duplicate keyid survey results In-Reply-To: <200203040201.LAA16029@blue.h2np.net> Message-ID: The thing that comes to mind immediately for me is that you should allow for a 64-bit key-ID search. When 32-bit key ID collisions occur, you may want your key server to display a warning in the user-interface. Remember that 32-bit collisions could be accidental, so not reporting them would prevent the distribution of legitimate keys. (And you mention the possibility of an intential DOS.) I personally think that public key servers should do little more than accept, store, and report data that it contains. Preventing the display of keys with duplicate IDs steps over that line a bit too much for me. --Len. On Mon, 4 Mar 2002, Hironobu SUZUKI wrote: > > Good job!! > > > A current list of duplicate PGP keyids can be found on my website: > > I found same problem when I did some test of "search" function of my > key server, (See http://openpksd.org). My program never return > duplicate keyid because I'm afraid of the fraud key. I know that this > specificity has a potential of Denial of Service attack. > > Please give me some idea what keyserver should behave about it. > > -- > Hironobu SUZUKI Independent Software Consultant > E-Mail: hironobu@h2np.net > URL: http://h2np.net > > --Len. From miket@bluemug.com Mon Mar 4 03:33:02 2002 From: miket@bluemug.com (Mike Touloumtzis) Date: Mon Mar 4 03:33:02 2002 Subject: duplicate keyid survey results In-Reply-To: References: <200203040201.LAA16029@blue.h2np.net> Message-ID: <20020304023047.GA9936@bluemug.com> On Sun, Mar 03, 2002 at 06:09:40PM -0800, Len Sassaman wrote: > > The thing that comes to mind immediately for me is that you should allow > for a 64-bit key-ID search. Jason's list includes 5 duplicate 64-bit Key IDs too :-). miket From dshaw@jabberwocky.com Mon Mar 4 05:12:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Mar 4 05:12:01 2002 Subject: duplicate keyid survey results In-Reply-To: References: <200203040201.LAA16029@blue.h2np.net> Message-ID: <20020304040801.GB681@akamai.com> On Sun, Mar 03, 2002 at 06:09:40PM -0800, Len Sassaman wrote: > The thing that comes to mind immediately for me is that you should allow > for a 64-bit key-ID search. > > When 32-bit key ID collisions occur, you may want your key server to > display a warning in the user-interface. > > Remember that 32-bit collisions could be accidental, so not reporting them > would prevent the distribution of legitimate keys. (And you mention the > possibility of an intential DOS.) > > I personally think that public key servers should do little more than > accept, store, and report data that it contains. Preventing the display of > keys with duplicate IDs steps over that line a bit too much for me. I strongly agree with Len on this. Since the user's program must validate the keys via signatures anyway, a keyserver does not need to, and should not try to work out valid or invalid keys. A quick look at the list of duplicate key ids seems to show that they are all old-style v3 RSA keys which are known to have a problem with having easy to create arbitrary 32 *or* 64-bit key ids. Did I miss any v4 keys on the list? Creating a matching key id with the newer v4 key format requires either brute force creating keys until the key id matches, or breaking SHA-1, a problem that may not be impossible someday, but is difficult to the point of effectively impossible today. All that said, the 64-bit OpenPGP keyid space is very large but not infinite. There are going to be naturally occuring collisions eventually (plus, one can certainly generate a v3 RSA key with the same key id (but not fingerprint) as a v4 key). This should be harmless since the keys are validated based on the signatures and not on anything the keyserver does or does not do. If a duplicated keyid is requested from the current HKP and NAI LDAP keyservers, *all* matching keys are returned. This is the correct behavior, as it lets the receiving program and the user decide which (if any) of the returned keys is the right one. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From u_p@lycos.de Mon Mar 4 08:03:02 2002 From: u_p@lycos.de (uwe puchta) Date: Mon Mar 4 08:03:02 2002 Subject: binary of 1.0.6 for IRIX? Message-ID: <1015225266021487@lycos.de> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0214871015225266_ID Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I'm in search of a compiled Version of gnupg 1.0.6 for SGI IRIX 6.5 (MIPS3). My rented Webspace is only on a shared Host and there is no compiler available for me. - So maybe someone could help me out and make a compiled version of gpg 1.0.6. available for me. ... and yes, I know: * there is a precompiled 1.0.2 version available at http://gnupg.unixsecurity.com.br - but it has a insecure random key generator .. and I'm looking for 1.0.6. * it's not such a good idea to have an encryption software compiled and provided by someone I don't know personally - but it's for my own personal privacy and not for comerical use best wishes Uwe ______________________________________________________ Beginnen Sie das neue Jahr gut informiert: Zeitschriften-Abos zum Sparpreis! http://www.lycos.de/webguides/entertainment/weihnachten/abo.html 250 Farb-Visitenkarten GRATIS*. In einem Wert von EUR 99,00! http://www.vistaprint.de/vp/splash/lycosde.asp Jetzt eigene Domains f=FCr 1,23 Euro/Monat http://lycos.de.domainnames.com/default.asp?caller=3Dlycos_d_footer --=_NextPart_Caramail_0214871015225266_ID-- From disastry@saiknes.lv.NO.SPaM.NET Mon Mar 4 09:13:02 2002 From: disastry@saiknes.lv.NO.SPaM.NET (disastry@saiknes.lv.NO.SPaM.NET) Date: Mon Mar 4 09:13:02 2002 Subject: duplicate keyid survey results Message-ID: <3C832AD9.A67BC9D7@saiknes.lv.NO.SPaM.NET> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Len Sassaman rabbi@quickie.net wrote: > The thing that comes to mind immediately for me is that you should allow > for a 64-bit key-ID search. I think all (most?) keyservers allows this. some even allows search by fingerprint. > When 32-bit key ID collisions occur, you may want your key server to > display a warning in the user-interface. > > Remember that 32-bit collisions could be accidental, exactly. there are about 1600000 keys on server ( http://www.dtype.org/keyanalyze/ ) it's more than enough for birthday paradox. 81 keys with duplicate keyid are normal, some of them are DEADBEAFed of course. > so not reporting them > would prevent the distribution of legitimate keys. (And you mention the > possibility of an intential DOS.) > > I personally think that public key servers should do little more than > accept, store, and report data that it contains. IMO, keyserver SHOULD NOT accept keys/userid that are not selfsigned. > Preventing the display of > keys with duplicate IDs steps over that line a bit too much for me. > --Len. > > On Mon, 4 Mar 2002, Hironobu SUZUKI wrote: > > > A current list of duplicate PGP keyids can be found on my website: __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBPIMOtDBaTVEuJQxkEQNylgCg5AKPRlZf34gtxo+qlMHBWC5XjrEAoMhB G53a/SmRE102mnuqgAE5OrKr =baXx -----END PGP SIGNATURE----- From douglist@anize.org Mon Mar 4 10:07:01 2002 From: douglist@anize.org (Douglas F. Calvert) Date: Mon Mar 4 10:07:01 2002 Subject: binary of 1.0.6 for IRIX? In-Reply-To: <1015225266021487@lycos.de> References: <1015225266021487@lycos.de> Message-ID: <1015233166.19161.950.camel@allevil> --=-D/ZVi5JzcrhBRdM/W4io Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2002-03-04 at 02:08, uwe puchta wrote: > ... and yes, I know: > * there is a precompiled 1.0.2 version available at=20 > http://gnupg.unixsecurity.com.br - but it has a insecure=20 > random key generator .. and I'm looking for 1.0.6. > * it's not such a good idea to have an encryption software=20 > compiled and provided by someone I don't know personally -=20 > but it's for my own personal privacy and not for comerical use --=20 +-----------------+---------------------------------------------------+ | Douglas Calvert | http://anize.org | +-----------------+---------------------------------------------------+ | Encrypted email | They that can give up liberty to obtain a little | | is encouraged |temporary safety deserve neither liberty nor safety| +-----------------+---------------------------------------------------+ | http://anize.org/dfc-keys.asc | +--------| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |--------+ --=-D/ZVi5JzcrhBRdM/W4io Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8gzqNt5YHPclUH7IRAgs7AKCTL6dAZKWanFM4kfA2LuYdqCJfhgCggKr/ CCdiTBqffEioQreuWXGSQso= =gNz8 -----END PGP SIGNATURE----- --=-D/ZVi5JzcrhBRdM/W4io-- From disastry@saiknes.lv Mon Mar 4 10:54:02 2002 From: disastry@saiknes.lv (disastry@saiknes.lv) Date: Mon Mar 4 10:54:02 2002 Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?) Message-ID: <3C8343BA.9F876885@saiknes.lv> seems I sent to wrong list... now to correct one :) -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Ingo Klöcker ingo.kloecker@epost.de wrote: > On Saturday 02 March 2002 15:21, David Shaw wrote: > > On Sat, Mar 02, 2002 at 01:51:01PM +0100, Ingo Klöcker wrote: > > > On Friday 01 March 2002 20:39, David Shaw wrote: > > > > Yes. The algorithm is up to you and what you trust more. GnuPG > > > > 1.0.7 gives you the choice between DSA and RSA. They each have > > > > advantages and disadvantages. > > > > > > Is there somewhere a short but complete list of the advantages and > > > disadvantages? > > > > This is pretty good: > > http://www.samsimpson.com/pgpfaq.html > > Thanks. At least from section 8.1 it doesn't seem that RSA keys have any > advantages (except the backwards compatibility with plain PGP 2.x). > Ingo note that this FAQ was written when there was only v3 RSA keys. RSA keys have some advantages, at least two: they are not limited to 1024 bits like DSA they can use hash longer than 160 bits. __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBPIMQvDBaTVEuJQxkEQOrpwCgs0UDyUhjSsVolXG3YI63SfB3h/YAnj3J S33waNVWzt90tC/JZsrXIfVf =6dWO -----END PGP SIGNATURE----- From NoFwd@cmsmail06.cms.usa.net Mon Mar 4 12:16:02 2002 From: NoFwd@cmsmail06.cms.usa.net (NoFwd@cmsmail06.cms.usa.net) Date: Mon Mar 4 12:16:02 2002 Subject: Gnupg-users digest, Vol 1 #538 - 15 msgs Message-ID: <20020304111413.13395.qmail@cmsmail06.cms.usa.net> Hej - Hi, english version below Tack f=F6r ditt mail, jag har tyv=E4rr ingen mail m=F6jlighet under perioden 020303 - 020308 men jag kommer att l=E4sa ditt mail s=E5 fort som m=F6jligt n=E4r jag =E4r tillbaka! Mvh /Stefan Tanks for your mail, I'm out of email access from march 3 until march 8 but I'll read your mail ASAP when I'm back! Regards /Stefan From case@impressive.de Mon Mar 4 14:19:01 2002 From: case@impressive.de (nobody) Date: Mon Mar 4 14:19:01 2002 Subject: short question Message-ID: <20020304141620.5FAF.CASE@impressive.de> hi all, how can i export both key's (sec/pub)? the intention is to provide one key pair for some people to crypt files for that workgroup. tnx, // case -- From case@impressive.de Mon Mar 4 14:35:01 2002 From: case@impressive.de (nobody) Date: Mon Mar 4 14:35:01 2002 Subject: ... Message-ID: <20020304143502.5FB3.CASE@impressive.de> hi, you can delete my question. i have found the answer. // case -- From schoech@iap-kborn.de Mon Mar 4 14:41:02 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Mon Mar 4 14:41:02 2002 Subject: short question In-Reply-To: <20020304141620.5FAF.CASE@impressive.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! > how can i export both key's (sec/pub)? the intention is to provide > one key pair for some people to crypt files for that workgroup. Please read the man page before posting questions: To export public keys: gpg -a -o pubkey.asc --export To export secret keys: gpg -a -o seckey.asc --export-secret-keys HTH, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. 0160/4046859 (mobil) D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8g3i9G8Xv4GxznLoRAkJzAJ4th4DCsoQg63EDjsXIVylPhNegXQCeIWnZ j4BPPVcVs5HGIElXA6KCehY=3D =3Dypta -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Mon Mar 4 14:43:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Mar 4 14:43:01 2002 Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?) In-Reply-To: <3C8343BA.9F876885@saiknes.lv> References: <3C8343BA.9F876885@saiknes.lv> Message-ID: <20020304134033.GC681@akamai.com> On Mon, Mar 04, 2002 at 11:51:54AM +0200, disastry@saiknes.lv wrote: > seems I sent to wrong list... > now to correct one :) > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 >=20 > Ingo Kl=F6cker ingo.kloecker@epost.de wrote: > > On Saturday 02 March 2002 15:21, David Shaw wrote: > > > On Sat, Mar 02, 2002 at 01:51:01PM +0100, Ingo Kl=F6cker wrote: > > > > On Friday 01 March 2002 20:39, David Shaw wrote: > > > > > Yes. The algorithm is up to you and what you trust more. GnuP= G > > > > > 1.0.7 gives you the choice between DSA and RSA. They each have > > > > > advantages and disadvantages. > > > > > > > > Is there somewhere a short but complete list of the advantages an= d > > > > disadvantages? > > > > > > This is pretty good: > > > http://www.samsimpson.com/pgpfaq.html > >=20 > > Thanks. At least from section 8.1 it doesn't seem that RSA keys have = any=20 > > advantages (except the backwards compatibility with plain PGP 2.x). > > Ingo >=20 > note that this FAQ was written when there was only v3 RSA keys. This is true, and important - v4 RSA keys do not have most of the disadvantages of v3 RSA keys. Specifically in section 8.1, statements #2, #3, #4, #5 (mostly), and #6 do not apply to v4 RSA keys. Also, v4 RSA is not directly backwards compatible with v3 RSA without doing significant packet munging magic. > RSA keys have some advantages, at least two: > they are not limited to 1024 bits like DSA > they can use hash longer than 160 bits. RSA signing keys, that is. For me, the worst thing about RSA signing keys is that they make much larger signatures than a DSA key. All in all, that's not such a big problem these days. :) David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From andriash@telus.net Mon Mar 4 18:43:01 2002 From: andriash@telus.net (Nick Andriash) Date: Mon Mar 4 18:43:01 2002 Subject: short question In-Reply-To: References: <20020304141620.5FAF.CASE@impressive.de> Message-ID: <20020304093643.B209.ANDRIASH@telus.net> Hello Armin Sch=F6ch, On Monday, March 04 2002 at 05:38 AM PDT, you wrote: > Please read the man page before posting questions: >=20 > To export public keys: > gpg -a -o pubkey.asc --export >=20 > To export secret keys: > gpg -a -o seckey.asc --export-secret-keys With all due respect Armin, the instructions exactly as you have listed do not exist in the "man page". What you have typed is a reflection of your expertise in using GPG... not something you get by reading the Manual once. ;o) BTW, why does GnuPG use terms like "foo" and "man page"? The terms are non-sensical... I've never even heard the term man page before... and "foo" doesn't even exist?=20 --=20 Nick Andriash Courtenay, B.C. Canada From disastry@saiknes.lv Mon Mar 4 19:01:01 2002 From: disastry@saiknes.lv (disastry@saiknes.lv) Date: Mon Mar 4 19:01:01 2002 Subject: 106d (was: Re: timestamp (0x40) signatures?) Message-ID: <3C83B59F.314B537E@saiknes.lv> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Werner Koch wk@gnupg.org wrote: > BTW, I have released 1.0.6d but not written an announcement yet. > Werner doc/gpg.info (and other doc/* files) - --pgp2 [...] This option implies `--rfc1991 -no-openpgp -no-force-v4-certs --no-comment -escape-from -no-force-v3-sigs -cipher-algo IDEA --digest-algo MD5 -compress-algo 1' shuld be double dashes here __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBPIOZdTBaTVEuJQxkEQOCHQCg6eIrRi23bB3VkEXlH3JIeR2s6F8AoIQJ g1xb+w8oRZ6CBy4rlpS2g4R2 =Dc/4 -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Mon Mar 4 19:12:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Mar 4 19:12:02 2002 Subject: 106d (was: Re: timestamp (0x40) signatures?) In-Reply-To: <3C83B59F.314B537E@saiknes.lv> References: <3C83B59F.314B537E@saiknes.lv> Message-ID: <20020304181006.GB1082@akamai.com> On Mon, Mar 04, 2002 at 07:57:51PM +0200, disastry@saiknes.lv wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Werner Koch wk@gnupg.org wrote: > > BTW, I have released 1.0.6d but not written an announcement yet. > > Werner > > doc/gpg.info (and other doc/* files) > > - --pgp2 > [...] > This option implies `--rfc1991 -no-openpgp -no-force-v4-certs > --no-comment -escape-from -no-force-v3-sigs -cipher-algo IDEA > --digest-algo MD5 -compress-algo 1' > > shuld be double dashes here That's interesting. The gpg.info file is actually missing double-dashes in quite a few places. The master gpg.sgml has it right, and the gpg.1 man page file (generated from gpg.sgml) also has it right. The gpg.info file is generated from gpg.texi which is generated from gpg.sgml, but it has it wrong. Maybe something in the docbook-to-texinfo stuff? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From sbutler@fchn.com Mon Mar 4 19:14:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Mon Mar 4 19:14:01 2002 Subject: short question Message-ID: <8c810c44e26849e202e35708dddb799b3c83b8ea@fchn.com> Even then I think he wanted it all in a single file. As for 'foo' and 'fubar', etc. It's all based on well mis-understood mathematical functions. It's like f(x) or f'(x) or f"(x). Or, just th= ink to yourself "It's a math thing". And man page is a Unix thing. Very, very technical. Even I haven't ma= naged the art of writing one of those yet <>. I guess you could say that the authors of the gpg web page were unconsciously (I hope it was that anyway) showing their background. Ju= st as I suspect your background is based in Microsoft products. Not that one= is better than the other (you would have to ask "At what?" before venturin= g an answer). I think the equivalent in the M/S word is Help File. Anyway, I still think Unix shows its gender bias since they were not na= me woman pages. <> --Steve -----Original Message----- From: Nick Andriash [mailto:andriash@telus.net] Sent: Monday, March 04, 2002 9:41 AM To: gnupg-users@gnupg.org Subject: Re: short question Hello Armin Sch=F6ch, On Monday, March 04 2002 at 05:38 AM PDT, you wrote: > Please read the man page before posting questions: > > To export public keys: > gpg -a -o pubkey.asc --export > > To export secret keys: > gpg -a -o seckey.asc --export-secret-keys With all due respect Armin, the instructions exactly as you have listed= do not exist in the "man page". What you have typed is a reflection of your expertise in using GPG... not something you get by reading the Manual once. ;o) BTW, why does GnuPG use terms like "foo" and "man page"? The terms are non-sensical... I've never even heard the term man page before... and "foo" doesn't even exist? -- Nick Andriash Courtenay, B.C. Canada _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments= , is for the sole use of the intended recipient(s) and may contain conf= idential and privileged information. Any unauthorized review, use, dis= closure or distribution is prohibited. If you are not the intended rec= ipient, please contact the sender by reply e-mail and destroy all copie= s of the original message. From dshaw@jabberwocky.com Mon Mar 4 19:24:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Mar 4 19:24:01 2002 Subject: short question In-Reply-To: <20020304093643.B209.ANDRIASH@telus.net> References: <20020304141620.5FAF.CASE@impressive.de> <20020304093643.B209.ANDRIASH@telus.net> Message-ID: <20020304182137.GC1082@akamai.com> On Mon, Mar 04, 2002 at 09:40:47AM -0800, Nick Andriash wrote: > Hello Armin Sch=F6ch, >=20 > On Monday, March 04 2002 at 05:38 AM PDT, you wrote: >=20 > > Please read the man page before posting questions: > >=20 > > To export public keys: > > gpg -a -o pubkey.asc --export > >=20 > > To export secret keys: > > gpg -a -o seckey.asc --export-secret-keys >=20 > With all due respect Armin, the instructions exactly as you have listed > do not exist in the "man page". What you have typed is a reflection of > your expertise in using GPG... not something you get by reading the > Manual once. ;o) >=20 > BTW, why does GnuPG use terms like "foo" and "man page"? The terms are > non-sensical... I've never even heard the term man page before... and > "foo" doesn't even exist?=20 "man page" refers to a page in the online Unix manual. For example, "man gpg" gives you the manual for gpg. As for 'foo': http://www.tf.hut.fi/cgi-bin/jargon?search=3Dfoo David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Mon Mar 4 19:32:03 2002 From: wk@gnupg.org (Werner Koch) Date: Mon Mar 4 19:32:03 2002 Subject: 106d In-Reply-To: <20020304181006.GB1082@akamai.com> (David Shaw's message of "Mon, 4 Mar 2002 13:10:06 -0500") References: <3C83B59F.314B537E@saiknes.lv> <20020304181006.GB1082@akamai.com> Message-ID: <877kosp4qb.fsf_-_@alberti.gnupg.de> On Mon, 4 Mar 2002 13:10:06 -0500, David Shaw said: > That's interesting. The gpg.info file is actually missing > double-dashes in quite a few places. There is a bug in docbook2texi which I fixed using sed, seems that a g is missing at the end of the repalcement pattern. The proper way would be to fix this in docbook2texi, though. %.texi : %.xml if HAVE_DOCBOOK_TO_TEXI docbook2texi $< | sed 's,--,---,' >$@ else : Warning: missing docbook to texinfo tools, cannot make $@ touch $@ endif -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From lionel@mamane.lu Mon Mar 4 20:15:01 2002 From: lionel@mamane.lu (Lionel Elie Mamane) Date: Mon Mar 4 20:15:01 2002 Subject: short question In-Reply-To: <20020304093643.B209.ANDRIASH@telus.net> References: <20020304141620.5FAF.CASE@impressive.de> <20020304093643.B209.ANDRIASH@telus.net> Message-ID: <20020304191632.GA4946@home.mamane.lu> --nFreZHaLTZJo0R7j Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 04, 2002 at 09:40:47AM -0800, Nick Andriash wrote: > BTW, why does GnuPG use terms like "foo" and "man page"? > The terms are non-sensical... Not that much, at least for man page. > I've never even heard the term man page before... You have never used an Unix-like system, that's why. Man pages are the main source of documentation on an Unix-like system. They are then accessed with "man name_of_command". For example, the man page of gpg is summoned up with the command "man gpg". There are graphical interfaces for man pages, too, but I never used one. > "foo" doesn't even exist?=20 foo, bar, fubar, baz are usual terms in the hacker community for metavariable. When you need some name for the sake of the example, you take foo. If you need two names, you take foo and bar. Three, foo, bar and baz. Look at the jargon file =F7) http://www.tuxedo.org/~esr/jargon/html/entry/foo.html --=20 Lionel --nFreZHaLTZJo0R7j Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyDyBAACgkQscRzFz57S3NOrACg9S4bSGrmVosx+E4AVwNNbqGc WaYAn3RpTTdqY4r6gTp7HsnjslYoUUPq =30tf -----END PGP SIGNATURE----- --nFreZHaLTZJo0R7j-- From huber@alum.wpi.edu Mon Mar 4 22:55:01 2002 From: huber@alum.wpi.edu (Josh Huber) Date: Mon Mar 4 22:55:01 2002 Subject: short question In-Reply-To: <8c810c44e26849e202e35708dddb799b3c83b8ea@fchn.com> (Steve Butler's message of "Mon, 4 Mar 2002 10:10:46 -0800") References: <8c810c44e26849e202e35708dddb799b3c83b8ea@fchn.com> Message-ID: <87ofi480fi.fsf@paradoxical.net> Steve Butler writes: > As for 'foo' and 'fubar', etc. It's all based on well > mis-understood mathematical functions. It's like f(x) or f'(x) or > f"(x). Or, just think to yourself "It's a math thing". Huh? foo /foo/ A sample name for absolutely anything, especially programs and files (especially {scratch files}). First on the standard list of {metasyntactic variables} used in {syntax} examples. See also {bar}, {baz}, {qux}, {quux}, {corge}, {grault}, {garply}, {waldo}, {fred}, {plugh}, {xyzzy}, {thud}. The etymology of "foo" is obscure. When used in connection with "bar" it is generally traced to the WWII-era Army slang acronym {FUBAR}, later bowdlerised to {foobar}. FUBAR Fouled / Fucked Up Beyond All Recognition / Repair (slang, Usenet, IRC) FUBAR 1. (WWII military slang) Fucked up beyond all recognition (or repair). I'm not sure how you came up with mathematical functions out of that... :) ttyl, -- Josh Huber From zadnik@atlas.cz Tue Mar 5 02:51:01 2002 From: zadnik@atlas.cz (M. =?ISO-8859-2?B?ruFkbu1r?=) Date: Tue Mar 5 02:51:01 2002 Subject: changing order of uids Message-ID: <20020305024735.59d8242d.zadnik@atlas.cz> Hi, please, how to change order of uids (Please CC me, I'm not on the list. Thanks) I mean I have a key eg.: (1) test-01 test-01@foo.com (2) test-02 test-02@foo.com (3) test-03 test-03@bar.com ut I need this order: (1) test-03 test-03@bar.com (2) test-01 test-01@foo.com (3) test-02 test-02@foo.com I know that it is possible with some hack (and is planned for next release of gpg as regular option) (I even did it in past), but I fool lost the page describing it :-( Just an URL describing it will be fine. Thanks for help M. Zadnik -- Please CC me, I'm not on the list. Thanks From schoech@iap-kborn.de Tue Mar 5 08:49:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Tue Mar 5 08:49:01 2002 Subject: short question In-Reply-To: <20020304093643.B209.ANDRIASH@telus.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Nick ! > With all due respect Armin, the instructions exactly as you have listed > do not exist in the "man page". What you have typed is a reflection of > your expertise in using GPG... not something you get by reading the > Manual once. ;o) They do :-) But you are right that there is nothing like a man page on a windows system. You can find an online version of the GPG man(ual) page at: http://www.gnupg.org/gpgman.html Somewhere down the list of options you find "--export-secret-keys" Others have already pointed out that it is enough to type "man gpg" on a *nix box to get this information. I didn't mean to offend, just to point him to where he can find further information about all command-line options of gpg. That's why I gave him the answer in addition to the hint to have a look at the gpg docs. Hope we can end this thread and have all learned something :-) Armin -- Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. 0160/4046859 (mobil) D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8hHfZG8Xv4GxznLoRAmPEAKDN3O2gz/IRiqr+dZMbpf0xshv26wCgxRpX FHBQ7IpPb3CK3LYPyikUlBs=3D =3DNGzm -----END PGP SIGNATURE----- From NoFwd@cpdvg012.netaddress.usa.net Tue Mar 5 09:07:02 2002 From: NoFwd@cpdvg012.netaddress.usa.net (NoFwd@cpdvg012.netaddress.usa.net) Date: Tue Mar 5 09:07:02 2002 Subject: Gnupg-users digest, Vol 1 #539 - 15 msgs Message-ID: <20020305080516.10357.qmail@cpdvg012.netaddress.usa.net> Hej - Hi, english version below Tack f=F6r ditt mail, jag har tyv=E4rr ingen mail m=F6jlighet under perioden 020303 - 020308 men jag kommer att l=E4sa ditt mail s=E5 fort som m=F6jligt n=E4r jag =E4r tillbaka! Mvh /Stefan Tanks for your mail, I'm out of email access from march 3 until march 8 but I'll read your mail ASAP when I'm back! Regards /Stefan From rbeck@tqtx.com Tue Mar 5 17:38:01 2002 From: rbeck@tqtx.com (Ron Beck) Date: Tue Mar 5 17:38:01 2002 Subject: short question References: <8c810c44e26849e202e35708dddb799b3c83b8ea@fchn.com> Message-ID: <3C84F62B.3C2B4D3E@tqtx.com> Sorry, but there's no gender bias here. "man" is simply short for manual and is in character for all the other short and (seemingly) meaningless commands within the unix environment. Of course these days with everything GUI or web based, who needs command line commands? :-) Ron Steve Butler wrote: > Anyway, I still think Unix shows its gender bias since they were not name > woman pages. <> > > --Steve From zadnik@atlas.cz Tue Mar 5 18:13:01 2002 From: zadnik@atlas.cz (M. =?ISO-8859-2?B?ruFkbu1r?=) Date: Tue Mar 5 18:13:01 2002 Subject: changing order of uids In-Reply-To: References: <20020305024735.59d8242d.zadnik@atlas.cz> Message-ID: <20020305052756.07bab574.zadnik@atlas.cz> Dne Mon, 4 Mar 2002 21:11:54 -0500 (EST) Harold Rodriguez napsal/a: >=20 > Hi, >=20 > Haven't done that before, but if I remember correctly, gpg automaticall= y > puts the newest uid right at the top. So if you want uid #3 to be #1, t= ry > deleting #3 and then adding it again, so it should be #1 now. Thanks, I've found the URL describing how to do it without deleting the key: http://lists.gnupg.org/pipermail/gnupg-users/2001-October/010194.html Regards M.Zadnik >=20 > - --=20 > Harold Rodriguez .:. X_console > World Wide Web .:. http://it.yorku.ca/moonfrog > GnuPG Key ID .:. 0x9ECCF021 >=20 >=20 > On Tue, 5 Mar 2002, M. [ISO-8859-2] =AE=E1dn=EDk wrote: >=20 > + Hi, > + please, how to change order of uids > + (Please CC me, I'm not on the list. Thanks) > + > + I mean I have a key eg.: > + (1) test-01 test-01@foo.com > + (2) test-02 test-02@foo.com > + (3) test-03 test-03@bar.com > + > + ut I need this order: > + (1) test-03 test-03@bar.com > + (2) test-01 test-01@foo.com > + (3) test-02 test-02@foo.com > + > + I know that it is possible with some hack > + (and is planned for next release of gpg as regular option) > + (I even did it in past), > + but I fool lost the page describing it :-( > + Just an URL describing it will be fine. > + > + Thanks for help > + M. Zadnik > + > + From jimdrubin@yahoo.com Tue Mar 5 19:41:01 2002 From: jimdrubin@yahoo.com (Jim Rubin) Date: Tue Mar 5 19:41:01 2002 Subject: installing/configuring GPG on Windows 2000 Message-ID: <20020305183842.23197.qmail@web13503.mail.yahoo.com> I need to install GPG on a windows 2000 system. Does anyone have intructions for the special setup that the GPG page mentions is needed for windows. >Supported Systems >Windows 95/98/NT/2000/ME with x86 CPU works fine (you >need a special setup to build it). __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ From twoaday@freakmail.de Tue Mar 5 19:54:01 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Tue Mar 5 19:54:01 2002 Subject: installing/configuring GPG on Windows 2000 In-Reply-To: <20020305183842.23197.qmail@web13503.mail.yahoo.com> References: <20020305183842.23197.qmail@web13503.mail.yahoo.com> Message-ID: <20020305185926.GA2846@daredevil.joesixpack.net> On Tue Mar 05 2002; 10:38, Jim Rubin wrote: > I need to install GPG on a windows 2000 system. Does > anyone have intructions for the special setup that the > GPG page mentions is needed for windows. If you don't need to build the binary from the source, this was meant by "special setup", you can install it without any additional steps. Timo From dvgevers@wxs.nl Tue Mar 5 20:34:01 2002 From: dvgevers@wxs.nl (Dick Gevers) Date: Tue Mar 5 20:34:01 2002 Subject: short question In-Reply-To: References: <20020304093643.B209.ANDRIASH@telus.net> Message-ID: <3C851BEE.14102.473053E@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 05 March 2002 at 7= :46 h, Armin Sch=F6ch wrote about "Re: short question": >They do :-) But yo= u are right that there is nothing like a man page >on a windows system. Sor= ry, I must disagree. The file gpg.man does contain the command --exp= ort-secret-keys [names] I installed GPG this weekend and if you open gpg.ma= n with any text editor the whole man page is visible. HTH =3DDick Gevers=3D -= ----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: Encryp= tion is an envelope: the contents are private iEUEARECAAYFAjyFG+4ACgkQwC/zk= +cxEdNuqwCWNFwfyuvrvXetyrCUcOq+WjMq gwCfdfVXCJB73gjwTOE3SA5HPMA8IqM=3D =3DpC= 0l -----END PGP SIGNATURE----- From xconsole@it.yorku.ca Tue Mar 5 21:46:01 2002 From: xconsole@it.yorku.ca (Harold Rodriguez) Date: Tue Mar 5 21:46:01 2002 Subject: short question In-Reply-To: <3C851BEE.14102.473053E@localhost> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since man is really more of a UNIX thing, perhaps it would be better to rename gpg.man in Windows to something with a .txt extension. It would make it obvious to Windows users that this is a readable text file then. - --=20 Harold Rodriguez .:. X_console World Wide Web .:. http://it.yorku.ca/moonfrog GnuPG Key ID .:. 0x9ECCF021 On Tue, 5 Mar 2002, Dick Gevers wrote: + + + On Tuesday, 05 March 2002 at 7:46 h, Armin Sch=F6ch wrote about "Re: shor= t question": + + >They do :-) But you are right that there is nothing like a man page + >on a windows system. + + Sorry, I must disagree. The file gpg.man does contain the command + --export-secret-keys [names] + + I installed GPG this weekend and if you open gpg.man with any text + editor the whole man page is visible. + + HTH + =3DDick Gevers=3D + + + _______________________________________________ + Gnupg-users mailing list + Gnupg-users@gnupg.org + http://lists.gnupg.org/mailman/listinfo/gnupg-users + ------------ Output from gpg ------------ + gpg: Signature made Tue Mar 5 14:26:38 2002 EST using DSA key ID E73111D= 3 + gpg: Good signature from "Dick Gevers (GPG-DSA & ElG) " + gpg: WARNING: This key is not certified with a trusted signature! + gpg: There is no indication that the signature belongs to the ow= ner. + gpg: Fingerprint: 3FEF 27E5 39D1 CDC0 132D 904F C02F F393 E731 11D3 + + -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8hS248mTSoJ7M8CERAjgOAJ9pCaK6HPCbFrjH52BzOqLWf1xEPACgmLxe 46+HTM8coU55Q4XLTXapfPY=3D =3DSVQy -----END PGP SIGNATURE----- From rjwills@speakeasy.net Wed Mar 6 05:18:01 2002 From: rjwills@speakeasy.net (Bob Wills) Date: Wed Mar 6 05:18:01 2002 Subject: vs. 1.0.6 on AIX Message-ID: <000801c1c4c6$03f2d860$543de7d8@net.speakeasy.net> This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C1C493.B8C15880 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable We are in the process of installing the 1.0.6 version of GnuPG on AIX = vs. 4.3.3 and are finding errors in the source code. Should we have = much trouble in the install onto an AIX environment? Am also confused = about the compiler we need to use. ------=_NextPart_000_0005_01C1C493.B8C15880 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
We are in the = process of=20 installing the 1.0.6 version of GnuPG on AIX vs. 4.3.3 and are finding = errors in=20 the source code.  Should we have much trouble in the install onto = an AIX=20 environment?  Am also confused about the compiler we need to=20 use.
------=_NextPart_000_0005_01C1C493.B8C15880-- From Ralf.Huels@schufa.de Wed Mar 6 08:24:01 2002 From: Ralf.Huels@schufa.de (Huels, Ralf SCORE) Date: Wed Mar 6 08:24:01 2002 Subject: AW: short question Message-ID: <51896D38E5E4D111BE560001FA68BA369FB651@SBO1002> > Sorry, I must disagree. The file gpg.man does contain the command > --export-secret-keys [names] >=20 > I installed GPG this weekend and if you open gpg.man with any text=20 > editor the whole man page is visible. Also, if you use Cygwin, you can install the man page to be displayed properly with a "man gpg" command... Tsch=FC=DF, Ralf From J.Krom@fz-juelich.de Wed Mar 6 15:04:01 2002 From: J.Krom@fz-juelich.de (Jon Krom) Date: Wed Mar 6 15:04:01 2002 Subject: Order of namestrings changed when importing keys Message-ID: <3C862324.AF73AF10@fz-juelich.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello GPG world, I'm experimenting with GPG, after using several versions of PGP over the years. I installed GPG 1.0.6 on a linux box and imported my keyring into GPG. Several of the keys I imported had more than one user name string (typically different email addresses, but also other info). For some reason GPG displays for most of these keys another string as the primary key name than PGP used to do. Is there a reason for this? Did I do something wrong? Can I change this? Is it a FAQ? (I couldn't find it in the FAQ files and other docs, but perhaps I overlooked it, searched for the wrong keyword, or so) Thanks in advance. P.S. Please answer (also) by CC'ing me; I'm not a member of this mail list. Met Vriendelijke Groeten, Jon Krom - -- .................................................................... . Address: J.G. Krom phone: +49 2461 61 5451 . . IPP FZ-Juelich fax: +49 2461 61 5452 . . Postfach 1913 email: J.Krom@fz-juelich.de . . D-52425 Juelich private: Jon.Krom@ukuug.org . . Germany WWW: www.fz-juelich.de/ipp/ . . PGP: DH/DSS 0xA9A357C4 . .................................................................... "Boundaries? I've never seen one, but I've been told they exist in some people's minds." Thor Heyerdahl -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBPIYU7LzzJGmpo1fEEQKFWQCeOXsIJRN99lEhiymK6IGfybqPcRcAnAxm /XZi6xbwkWY/l99RkRKd/qli =ZMc8 -----END PGP SIGNATURE----- From andriash@telus.net Wed Mar 6 15:22:01 2002 From: andriash@telus.net (Nick Andriash) Date: Wed Mar 6 15:22:01 2002 Subject: short question In-Reply-To: <3C851BEE.14102.473053E@localhost> References: <3C851BEE.14102.473053E@localhost> Message-ID: <20020306061639.825B.ANDRIASH@telus.net> Hello Dick Gevers, On Tuesday, March 05 2002 at 11:26 AM PDT, you wrote: > Sorry, I must disagree. The file gpg.man does contain the command > --export-secret-keys [names] Yes, I realise that... but not exactly as was initially indicated: > To export public keys: > gpg -a -o pubkey.asc --export > > To export secret keys: > gpg -a -o seckey.asc --export-secret-keys and that was the point I was trying to make... the "-a" and "-o" specifically. -- Nick Andriash Courtenay, B.C. Canada From dshaw@jabberwocky.com Wed Mar 6 16:08:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Mar 6 16:08:01 2002 Subject: Order of namestrings changed when importing keys In-Reply-To: <3C862324.AF73AF10@fz-juelich.de> References: <3C862324.AF73AF10@fz-juelich.de> Message-ID: <20020306150527.GA7117@akamai.com> On Wed, Mar 06, 2002 at 03:09:40PM +0100, Jon Krom wrote: > Several of the keys I imported had more than one user name string > (typically different email addresses, but also other info). For > some reason GPG displays for most of these keys another string as > the primary key name than PGP used to do. > > Is there a reason for this? Yes. GnuPG makes the (reasonable) assumption that the most recently added (actually the most recently self-signed, but that usually means most recently added) user ID is the primary one. > Did I do something wrong? Nope. > Can I change this? Yes. In a few weeks, GnuPG 1.0.7 will come out with a command ("primary") to mark whichever user ID you like as primary. A few months ago, I posted a different way to do the same thing. You can read that here: http://lists.gnupg.org/pipermail/gnupg-users/2001-October/010194.html David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From schoech@iap-kborn.de Wed Mar 6 16:22:02 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Wed Mar 6 16:22:02 2002 Subject: short question In-Reply-To: <20020306061639.825B.ANDRIASH@telus.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Nick ! > Yes, I realise that... but not exactly as was initially indicated: > > > To export public keys: > > gpg -a -o pubkey.asc --export > > > > To export secret keys: > > gpg -a -o seckey.asc --export-secret-keys > > and that was the point I was trying to make... the "-a" and "-o" > specifically. But it will work without the "-a" and "-o" as well. Just you get a binary data format (there might be problems transmitting it) and the output will go to standard output. Bye, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8hjNjG8Xv4GxznLoRArDzAJ0aTkYH2y1mKYlCAPN728eVunwEqwCggKEg SGOb+0UhzYqcLQgwH/hdaEM=3D =3DB0Wh -----END PGP SIGNATURE----- From mark.hofstetter@univie.ac.at Wed Mar 6 16:56:01 2002 From: mark.hofstetter@univie.ac.at (Mark Hofstetter) Date: Wed Mar 6 16:56:01 2002 Subject: Compiling gpg on AIX Message-ID: <5.1.0.14.2.20020306165019.032acea8@mailbox.univie.ac.at> We're also having AIX 4.3.3 with the following configure options/CFLAGS CFLAGS="-g -O2 -mcpu=powerpc" ./configure --disable-asm --enable-static-rnd=unix --disable-nls --with-included-zlib --with-included-gettext --disable-dynload it compiles and runs flawlessly Mark -- Mag. Mark Hofstetter Vienna University Computer Center From nazir@itautec-philco.com.br Wed Mar 6 21:41:02 2002 From: nazir@itautec-philco.com.br (Nazir Najjar) Date: Wed Mar 6 21:41:02 2002 Subject: Decript without password... Message-ID: <000201c1c54e$ff1742c0$6801190a@NAZIR> Hi, Is there a way to decript files without having to type my private password??? I'd like to put this password as default to decript the massages cause i want to make a script to do it by itself... Is there a way to do it??? Thanks in advance, Nazir. From bart.martens@advalvas.be Wed Mar 6 22:07:02 2002 From: bart.martens@advalvas.be (Bart Martens) Date: Wed Mar 6 22:07:02 2002 Subject: Decript without password... In-Reply-To: <000201c1c54e$ff1742c0$6801190a@NAZIR>; from nazir@itautec-philco.com.br on Wed, Mar 06, 2002 at 05:39:21PM -0300 References: <000201c1c54e$ff1742c0$6801190a@NAZIR> Message-ID: <20020306221838.A12813@cable-195-162-215-141.upc.chello.be> On Wed, Mar 06, 2002 at 05:39:21PM -0300, Nazir Najjar wrote: > Hi, > > Is there a way to decript files without having to type my private > password??? > > I'd like to put this password as default to decript the massages cause i > want to make a script to do it by itself... > > Is there a way to do it??? > > Thanks in advance, > Nazir. I think that http://www.gnupg.org/faq.html#q4.14 answers your question. Bart From sbutler@fchn.com Wed Mar 6 22:17:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Wed Mar 6 22:17:02 2002 Subject: Decrypt without password... Message-ID: Create your own script file called gpg_decrypt and accept the file name you want to decrypt (without the .pgp extension) #!/bin/ksh #gpg_decrypt echo "my pass phrase here" | gpg --homedir /etc/gnupg/homdir --passphrase-fd 0 --no-tty --output "$1" --decrypt "$1.pgp" NOTE: The quotes around $1 allow the file name to contain embedded spaces. Embedded spaces in file names seems to be natural to Windows boxes. It causes havoc to Unix type scripts unless you are very careful to allow for the spaces. Or, just change your key to not have a pass phrase at all. -----Original Message----- From: Nazir Najjar [mailto:nazir@itautec-philco.com.br] Sent: Wednesday, March 06, 2002 12:39 PM To: gnupg-users@gnupg.org Subject: Decript without password... Hi, Is there a way to decript files without having to type my private password??? I'd like to put this password as default to decript the massages cause i want to make a script to do it by itself... Is there a way to do it??? Thanks in advance, Nazir. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From rtilley@vt.edu Wed Mar 6 22:55:01 2002 From: rtilley@vt.edu (Brad Tilley) Date: Wed Mar 6 22:55:01 2002 Subject: Decrypt without password... In-Reply-To: References: Message-ID: <200203062138.AVC07958@dagger.cc.vt.edu> On Wednesday 06 March 2002 16:13, Steve Butler wrote: Is it just me, or is this insecure? I would _never_ place my pass phrase in a file. Security and convenience seem to always be at odds. As for me, I'll take security along with inconvenience any day. > Create your own script file called gpg_decrypt and accept the file name you > want to decrypt (without the .pgp extension) > > #!/bin/ksh > #gpg_decrypt > > echo "my pass phrase here" | gpg --homedir /etc/gnupg/homdir > --passphrase-fd 0 --no-tty --output "$1" --decrypt "$1.pgp" > > NOTE: The quotes around $1 allow the file name to contain embedded spaces. > Embedded spaces in file names seems to be natural to Windows boxes. It > causes havoc to Unix type scripts unless you are very careful to allow for > the spaces. > > Or, just change your key to not have a pass phrase at all. > > > -----Original Message----- > From: Nazir Najjar [mailto:nazir@itautec-philco.com.br] > Sent: Wednesday, March 06, 2002 12:39 PM > To: gnupg-users@gnupg.org > Subject: Decript without password... > > > Hi, > > Is there a way to decript files without having to type my private > password??? > > I'd like to put this password as default to decript the massages cause i > want to make a script to do it by itself... > > Is there a way to do it??? > > Thanks in advance, > Nazir. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is > for the sole use of the intended recipient(s) and may contain confidential > and privileged information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From andrew@mcdonald.org.uk Wed Mar 6 23:16:02 2002 From: andrew@mcdonald.org.uk (Andrew McDonald) Date: Wed Mar 6 23:16:02 2002 Subject: Decrypt without password... In-Reply-To: <200203062138.AVC07958@dagger.cc.vt.edu> References: <200203062138.AVC07958@dagger.cc.vt.edu> Message-ID: <20020306221332.GB1884@mcdonald.org.uk> On Wed, Mar 06, 2002 at 04:48:44PM -0500, Brad Tilley wrote: > > Is it just me, or is this insecure? I would _never_ place my pass > phrase in a file. Security and convenience seem to always be at odds. > As for me, I'll take security along with inconvenience any day. This is exactly the reason for recommending the use of "no password" over "password in script" for automated systems. The latter doesn't really give anything more than a false sense of security (and a more complicated script) in this context. -- Andrew McDonald E-mail: andrew@mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ From sbutler@fchn.com Wed Mar 6 23:46:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Wed Mar 6 23:46:02 2002 Subject: Decrypt without password... Message-ID: <4a841a43d094a4d430a30d3b448c41633c869bcc@fchn.com> I'd never do this for my personal key. But for the corporate one running on the internal corporate GnuPG server where everybody who has access to the machine can read the plain text anyway.... Now, I don't leave the pass phrase as plain text but the methods I use to "hide" it are easily broken (otherwise I'd have to actually encrypt it with another passphrase). It at least keeps the causual observer somewhat at bay. -----Original Message----- From: Brad Tilley [mailto:rtilley@vt.edu] Sent: Wednesday, March 06, 2002 1:49 PM To: gnupg-users@gnupg.org Subject: Re: Decrypt without password... On Wednesday 06 March 2002 16:13, Steve Butler wrote: Is it just me, or is this insecure? I would _never_ place my pass phrase in a file. Security and convenience seem to always be at odds. As for me, I'll take security along with inconvenience any day. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From huber@alum.wpi.edu Thu Mar 7 00:09:02 2002 From: huber@alum.wpi.edu (Josh Huber) Date: Thu Mar 7 00:09:02 2002 Subject: Decrypt without password... In-Reply-To: <200203062138.AVC07958@dagger.cc.vt.edu> (Brad Tilley's message of "Wed, 6 Mar 2002 16:48:44 -0500") References: <200203062138.AVC07958@dagger.cc.vt.edu> Message-ID: <87k7spnvm7.fsf@paradoxical.net> Brad Tilley writes: > On Wednesday 06 March 2002 16:13, Steve Butler wrote: > > Is it just me, or is this insecure? I would _never_ place my pass > phrase in a file. Security and convenience seem to always be at > odds. As for me, I'll take security along with inconvenience any > day. Well, yeah. Of course it's insecure! :) Which is why if you're doing this, you might as well use a key with no password... ttyl, -- Josh Huber From legoxx@yahoo.com Thu Mar 7 08:55:02 2002 From: legoxx@yahoo.com (lego lego) Date: Thu Mar 7 08:55:02 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem Message-ID: <20020307075252.93709.qmail@web14504.mail.yahoo.com> hello i'm trying this from the doc/DETAILS $ cat >foo < ssb 1024g/8F70E2C0 2000-03-09 i just got this: gpg: Warning: using insecure memory! gpg: /home/peter/.gnupg/foo.sec: keyring created gpg: /home/peter/.gnupg/foo.pub: keyring created i tried to sign files using foo.sec but it won't work it seems that the keyrings are not even open... can anyone help me please? __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ From schoech@iap-kborn.de Thu Mar 7 09:31:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Thu Mar 7 09:31:01 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem In-Reply-To: <20020307075252.93709.qmail@web14504.mail.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! > but instead of this output: > sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid > passphrase) > ssb 1024g/8F70E2C0 2000-03-09 > > i just got this: > gpg: Warning: using insecure memory! > gpg: /home/peter/.gnupg/foo.sec: keyring created > gpg: /home/peter/.gnupg/foo.pub: keyring created > > i tried to sign files using foo.sec but it won't work > it seems that the keyrings are not even open... Usually this happens when you invoke gpg for the first time for user "peter". Run the command again to create the key. HTH, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8hyS3G8Xv4GxznLoRAt9BAKCD5QVVUnyeAWKhZ373eDKt1qre3ACeLD8c B4kmYClzfT/o4YRvxZCoBpE=3D =3Dw0xc -----END PGP SIGNATURE----- From legoxx@yahoo.com Thu Mar 7 10:20:02 2002 From: legoxx@yahoo.com (lego lego) Date: Thu Mar 7 10:20:02 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem In-Reply-To: Message-ID: <20020307091744.75304.qmail@web14507.mail.yahoo.com> well when i run gpg --no-default-keyring --secret-keyring foo.sec --keyring foo.pub --list-secret-keys for second time i got not output at all just gpg: Warning: using insecure memory! [peter@love1 foo]$ __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ From schoech@iap-kborn.de Thu Mar 7 10:22:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Thu Mar 7 10:22:01 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem In-Reply-To: <20020307091744.75304.qmail@web14507.mail.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > well when i run > > gpg --no-default-keyring --secret-keyring foo.sec > --keyring foo.pub --list-secret-keys > > for second time i got not output at all just > > gpg: Warning: using insecure memory! > [peter@love1 foo]$ What happened to the keyrings in ~/.gnupg ? Have they changed ? Armin - -- Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8hzCnG8Xv4GxznLoRAuP+AKDP15LQakAPmgsTvIka1wysYU4nFgCeJObh 2ddFDF6SyzRQJvlfBPafYdI=3D =3Di/5M -----END PGP SIGNATURE----- From legoxx@yahoo.com Thu Mar 7 10:28:02 2002 From: legoxx@yahoo.com (lego lego) Date: Thu Mar 7 10:28:02 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem In-Reply-To: Message-ID: <20020307092539.80260.qmail@web14503.mail.yahoo.com> i dont want to use keyrings in ~/.gnupg but ./foo.pub and ./foo.sec (i have created them using gpg --batch --gen-key -a foo and they seems to be ok) so i modified my script:gpg --no-default-keyring --secret-keyring ./foo.sec --keyring ./foo.pub --list-secret-keys but i got this... gpg: Warning: using insecure memory! gpg: [don't know]: invalid packet (ctb=2d) gpg: read_keyblock: read error: invalid packet gpg: enum_keyblocks(read) failed: invalid keyring __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ From legoxx@yahoo.com Thu Mar 7 11:00:01 2002 From: legoxx@yahoo.com (lego lego) Date: Thu Mar 7 11:00:01 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem In-Reply-To: Message-ID: <20020307095821.87433.qmail@web14508.mail.yahoo.com> well i want to use foo.pub and foo.sec in the current direcotory not /home/user/.gnupg i want to sign a file without importing key to my keyring, and i need my customer to verify signature without installing public key to his keyring. Just simple command line interface. Ideally in batch file __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ From schoech@iap-kborn.de Thu Mar 7 11:22:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Thu Mar 7 11:22:01 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem In-Reply-To: <20020307095821.87433.qmail@web14508.mail.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! > well i want to use foo.pub and foo.sec in the current > direcotory not /home/user/.gnupg > > i want to sign a file without importing key to my > keyring, and i need my customer to verify signature > without installing public key to his keyring. Just > simple command line interface. Ideally in batch file I understand what you want to achieve. And I just reproduced your problem on 1.0.3 and 1.0.6. The error message is the same as you get. It's even the same if I create the keyring by manually choosing the different options (no batch mode) Sorry that I can't help you! Bye, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8hz7GG8Xv4GxznLoRAhkaAJ9uRjq7f3fapFb6fG3edyKFBF1KHwCgmU1y XdoeCmodLnas8bky+qpe92o=3D =3D55gb -----END PGP SIGNATURE----- From bart.martens@advalvas.be Thu Mar 7 11:54:01 2002 From: bart.martens@advalvas.be (Bart Martens) Date: Thu Mar 7 11:54:01 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem In-Reply-To: <20020307075252.93709.qmail@web14504.mail.yahoo.com>; from legoxx@yahoo.com on Wed, Mar 06, 2002 at 11:52:52PM -0800 References: <20020307075252.93709.qmail@web14504.mail.yahoo.com> Message-ID: <20020307120525.A3015@cable-195-162-215-141.upc.chello.be> Maybe this solves your problem... $ mkdir someweirddir $ gpg --homedir someweirddir --no-default-keyring --secret-keyring foo.sec --keyring foo.pub --list-keys gpg: someweirddir/foo.sec: keyring created gpg: someweirddir/foo.pub: keyring created $ gpg --homedir someweirddir --no-default-keyring --secret-keyring foo.sec --keyring foo.pub --list-keys $ On Wed, Mar 06, 2002 at 11:52:52PM -0800, lego lego wrote: > hello > > i'm trying this from the doc/DETAILS > > $ cat >foo < %echo Generating a standard key > Key-Type: DSA > Key-Length: 1024 > Subkey-Type: ELG-E > Subkey-Length: 1024 > Name-Real: Joe Tester > Name-Comment: with stupid passphrase > Name-Email: joe@foo.bar > Expire-Date: 0 > Passphrase: abc > %pubring foo.pub > %secring foo.sec > # Do a commit here, so that we can later print > "done" :-) > %commit > %echo done > EOF > $ gpg --batch --gen-key -a foo > [...] > $ gpg --no-default-keyring --secret-keyring foo.sec \ > --keyring foo.pub > --list-secret-keys > > but instead of this output: > sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid > passphrase) > ssb 1024g/8F70E2C0 2000-03-09 > > i just got this: > gpg: Warning: using insecure memory! > gpg: /home/peter/.gnupg/foo.sec: keyring created > gpg: /home/peter/.gnupg/foo.pub: keyring created > > i tried to sign files using foo.sec but it won't work > it seems that the keyrings are not even open... > > can anyone help me please? > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From sbutler@fchn.com Thu Mar 7 20:23:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Thu Mar 7 20:23:02 2002 Subject: Revoke certificate -- format errors Message-ID: <84785f42b4d36418a504db0fc3a83a923c87bdb1@fchn.com> I attempted to revoke an old key for which I found the revoke certificate. However, wwwkeys.us.pgp.net returned this message: Key block in add request contained no new keys, userid's, or signatures. Your key block contained 1 format errors, which were treated as if the erroneous elements hadn't been part of your submission. The last error was on key 0xf87cc708: Key block corrupt: signature without key I had submitted this in the submit key screen. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org Comment: A revocation certificate should follow iIAEIBECAEAFAjxq1io5HQJSZXZva2UgY2VydGlmaWNhdGUgdG8gYmUgaGVsZCBz aG91bGQgc2VjcmV0IGtleSBiZSBsb3N0AAoJEIg3oxwcmCDAhLQAoMtj8AjmYOyI 9DLKQxYjid8Qrr0DAJ9LZ1tALaLtFJDWxcuJ8DJocXbYfA== =V9f7 -----END PGP PUBLIC KEY BLOCK----- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From sbutler@fchn.com Thu Mar 7 20:39:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Thu Mar 7 20:39:01 2002 Subject: Import Public key + Import Revoke Cert ==> export key to keyserve r Message-ID: <0cb4704abf58071f6a5a6795ed0976993c87c152@fchn.com> Found a solution. I had to import the public key from the keyserver, then import my revoke certificate and export the updated key back to the keyserver. At least the keyserver now shows my key as being revoked. Thanks. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From nazir@itautec-philco.com.br Thu Mar 7 21:55:01 2002 From: nazir@itautec-philco.com.br (Nazir Najjar) Date: Thu Mar 7 21:55:01 2002 Subject: Auto Descrypt Message-ID: <000101c1c61a$27a5c830$6801190a@NAZIR> Hi, Is there a way to decript files without having to type my private password??? gpg -o file.txt --decrypt file.txt.gpg Gpg needs the private password to decrypt. Is there a way to put this password inside a file and do the command above without the need to put the password?? Or is there another command that i can do it??? Thank you. From andriash@telus.net Thu Mar 7 22:21:01 2002 From: andriash@telus.net (Nick Andriash) Date: Thu Mar 7 22:21:01 2002 Subject: Auto Descrypt In-Reply-To: <000101c1c61a$27a5c830$6801190a@NAZIR> References: <000101c1c61a$27a5c830$6801190a@NAZIR> Message-ID: <20020307131551.505F.ANDRIASH@telus.net> Hello Nazir Najjar, On Thursday, March 07 2002 at 12:53 PM PDT, you wrote: > Is there a way to decript files without having to type my private > password??? I see you are using Outlook, so you can use one of the Win32 front-ends for GnuPG such as WinPT or GPGShell in which you can cache the passphrase for a certain period of time. -- Nick Andriash Courtenay, B.C. Canada From sbutler@fchn.com Thu Mar 7 22:41:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Thu Mar 7 22:41:01 2002 Subject: Auto Descrypt Message-ID: This is asked about once a day. I thought it was twice today -- but noticed that the other one was actually yesterday! 1. Don't use a pass phrase at all! When it asks for a pass phrase just hit the enter key. See the man page (gpg text file for windows folks) regarding the --edit option. This is just as secure as the 2nd option and requires less scripting changes. 2. Feed the passphrase in your script via the echo command as in: echo "my pass phrase here" \ | gpg --homedir /etc/gnupg/homdir --passphrase-fd 0 --no-tty --output myoutfile --decrypt myinfile.pgp This is korn shell syntax and subject to slight changes for Windows batch files. -----Original Message----- From: Nazir Najjar [mailto:nazir@itautec-philco.com.br] Sent: Thursday, March 07, 2002 12:54 PM To: gnupg-users@gnupg.org Subject: Auto Descrypt Hi, Is there a way to decript files without having to type my private password??? gpg -o file.txt --decrypt file.txt.gpg Gpg needs the private password to decrypt. Is there a way to put this password inside a file and do the command above without the need to put the password?? Or is there another command that i can do it??? Thank you. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From JanuszA.Urbanowicz Thu Mar 7 23:48:02 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Thu Mar 7 23:48:02 2002 Subject: what to do if keyring gets corrupted? Message-ID: I try to add new UiD to my key and after 'save' gpg reports: Command> save gpg: /home/alex/.gnupg/pubring.gpg: copy to /home/alex/.gnupg/pubring.gpg.tmp' failed: file read error gpg: update failed: file read error What to do in such a situation? I think of exporting all the keys then rebuilding the pubring from scratch, but this way local signatures will get lost. Alex -- Janusz A. Urbanowicz | ALEX3-RIPE | SF-Framling | Thawte Web Of Trust Notary Gdy dajê biednym chleb, nazywaj± mnie ¶wiêtym. Gdy pytam, dlaczego biedni nie maj± chleba, nazywaj± mnie komunist±. - abp. Helder Camara From Graham.K.Jenkins@team.telstra.com Fri Mar 8 02:50:01 2002 From: Graham.K.Jenkins@team.telstra.com (Jenkins, Graham K [IBM GSA]) Date: Fri Mar 8 02:50:01 2002 Subject: Problem with Perl Call Message-ID: <61411576E951D211AF330008C7245DD90818E81B@ntmsg0005.corpmail.telstra.com.au> Guys, I have been trying to feed a passphrase into gpg 1.0.6 (on NetBSD, Solaris and Win32) platforms) using a variation of a script suggested in some of the pgp documentation. Here's what I tried. If somebody can tell me why it doesn't work, I'd be Real Pleased .. -- #!/usr/local/bin/perl pipe(READER,WRITER); if (!fork) { close(WRITER); $^F=fileno(READER); $FilDes=fileno(READER); exec "gpg -as --passphrase-fd $FilDes /tmp/outZ" or die "can't exec gpg\n"; } close(READER); syswrite(WRITER, "secret1\n", 8); close(WRITER); wait -- From legoxx@yahoo.com Fri Mar 8 04:16:02 2002 From: legoxx@yahoo.com (lego lego) Date: Fri Mar 8 04:16:02 2002 Subject: gpg --no-default-keyring --secret-keyring foo.sec problem In-Reply-To: <20020307120525.A3015@cable-195-162-215-141.upc.chello.be> Message-ID: <20020308031353.1380.qmail@web14510.mail.yahoo.com> i found the problem: keys cannot be created using --armor option otherwise they are not usable as extern keys... __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ From cwsiv_home1@juno.com Fri Mar 8 06:14:01 2002 From: cwsiv_home1@juno.com (carl w spitzer) Date: Fri Mar 8 06:14:01 2002 Subject: gnupg won't work Message-ID: <20020307.210530.14455.4.cwsiv_home1@juno.com> Actually I am looking for 16 bit version or a way to make one. I am not too fond of winblows as it is too fond of viruses. I use LILO and want to access my mail and encrypted messages in all three OS if I can. CWSIV >From Graham -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 14 February 2002 11:27 pm, you wrote: > What about cross compiling GNUPG for DOS? to work in conjunction > with PGP262 & 263i > Youre too late. GPG is available for the Windows commandline, and using the IDEA module it is PGP 2.6x compatible. There are a couple of Windows front ends available (IMHO better than anything in Linux, particularly GPGShell) and a number of MUAs (Becky, The Bat, Pegasus, Outlook Express, Eudora, etc) have a plugin to use GPG in Windows. What more do you want? - -- Graham Please use my GPG Key ID: E935DB9D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Please encrypt or sign for internet security iD8DBQE8bGkWIwtBZOk1250RAj6aAKDnq+onS92YoUFVI7n+igd9Zw8uXgCgtFPx zJPGG7ukWQx5iVWLDufTtuo= =uYd/ -----END PGP SIGNATURE----- HO better than anything in Linux, particularly GPGShell) and a number of MUAs (Becky, The Bat, Pegasus, Outlook Express, Eudora, etc) have a plugin to use GPG in Windows. What more do you want? - -- Graham Please use my GPG Key ID: E935DB9D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Please encrypt or sign for internet security iD8DBQE8bGkWIwtBZOk1250RAj6aAKDnq+onS92YoUFVI7n+igd9Zw8uXgCgtFPx zJPGG7ukWQx5iVWLDufTtuo= =uYd/ ________________________________________________________________ GET INTERNET ACCESS FROM JUNO! Juno offers FREE or PREMIUM Internet access for less! Join Juno today! For your FREE software, visit: http://dl.www.juno.com/get/web/. From ftobin@neverending.org Fri Mar 8 07:11:02 2002 From: ftobin@neverending.org (Frank Tobin) Date: Fri Mar 8 07:11:02 2002 Subject: Problem with Perl Call In-Reply-To: <61411576E951D211AF330008C7245DD90818E81B@ntmsg0005.corpmail.telstra.com.au> Message-ID: <20020308010449.H438-100000@palanthas.neverending.org> Jenkins, Graham K [IBM GSA], on 2002-03-08, wrote: > Guys, I have been trying to feed a passphrase into gpg 1.0.6 (on NetBSD, > Solaris and Win32) platforms) using a variation of a script suggested in > some of the pgp documentation. Here's what I tried. If somebody can > tell me why it doesn't work, I'd be Real Pleased .. What was wrong with your code didn't pop out at me immediately, but I'd recommend trying out GnuPG::Interface to help relieve some of the headaches: http://gnupg-interface.sourceforge.net/ -- Frank Tobin http://www.neverending.org/~ftobin/ From bart.martens@advalvas.be Fri Mar 8 13:23:02 2002 From: bart.martens@advalvas.be (Bart Martens) Date: Fri Mar 8 13:23:02 2002 Subject: Problem with Perl Call In-Reply-To: <61411576E951D211AF330008C7245DD90818E81B@ntmsg0005.corpmail.telstra.com.au>; from Graham.K.Jenkins@team.telstra.com on Fri, Mar 08, 2002 at 12:47:26PM +1100 References: <61411576E951D211AF330008C7245DD90818E81B@ntmsg0005.corpmail.telstra.com.au> Message-ID: <20020308133434.A1590@cable-195-162-215-141.upc.chello.be> On Fri, Mar 08, 2002 at 12:47:26PM +1100, Jenkins, Graham K [IBM GSA] wrote: > Guys, I have been trying to feed a passphrase into > gpg 1.0.6 (on NetBSD, Solaris and Win32) platforms) > using a variation of a script suggested in some of the > pgp documentation. Here's what I tried. If somebody > can tell me why it doesn't work, I'd be Real Pleased .. > -- > #!/usr/local/bin/perl > pipe(READER,WRITER); > if (!fork) { > close(WRITER); > $^F=fileno(READER); > $FilDes=fileno(READER); > exec "gpg -as --passphrase-fd $FilDes /tmp/outZ" or > die "can't exec gpg\n"; > } > close(READER); > syswrite(WRITER, "secret1\n", 8); > close(WRITER); > wait > -- You may want to try something like this: open FILE, "|gpg --batch --no-tty --passphrase-fd 0 --armor --symmetric 2>> $stderr > $stdout" or die "Cannot gpg"; print FILE "passphrase\n"; print FILE "text to be encrypted\n"; close FILE; From Matthew561@aol.com Fri Mar 8 15:13:01 2002 From: Matthew561@aol.com (Matthew561@aol.com) Date: Fri Mar 8 15:13:01 2002 Subject: Question regards session key error Message-ID: <86.17920886.29ba2059@aol.com> Hello, Looking for help. Running PGP 6.02 PGP, 2.6.3ia-multi05 and GNUPG 1.06. Messages generated with any version of PGP, no problem; however encrypted messages created with GNUPG crash with a "bad session key" error if opened in PGP. I have RTFM, or FAQ, but I can see nothing about such an error or how to address/fix. Does this have any relationship to the fact that I am sending test messages to other useids that are also on my secret keyring (from me to me as it were)? Any ideas as how to fix or explain Please respond or CC off list. Thanks. Matthew From andriash@telus.net Fri Mar 8 16:50:02 2002 From: andriash@telus.net (Nick Andriash) Date: Fri Mar 8 16:50:02 2002 Subject: Question regards session key error In-Reply-To: <86.17920886.29ba2059@aol.com> References: <86.17920886.29ba2059@aol.com> Message-ID: <20020308073943.7F71.ANDRIASH@telus.net> Hello Matthew561, On Friday, March 08 2002 at 06:10 AM PDT, you wrote: > Running PGP 6.02 PGP, 2.6.3ia-multi05 and GNUPG 1.06. Messages > generated with any version of PGP, no problem; however encrypted > messages created with GNUPG crash with a "bad session key" error if > opened in PGP. I have RTFM, or FAQ, but I can see nothing about such > an error or how to address/fix. Are you using a front-end at all with GnuPG? The reason I ask is that in my experience... limited as it may be... an error message like that related to the Session Key usually indicate that the message was encrypted with an Algo that is not supported on the receiving machine's copy of PGP. I think GnuPG defaults to 3DES if a common Algo cannot be found (while PGP will default to either CAST5 or 3DES depending on version), but sometimes when using a front-end you can 'force' GnuPG to use an Algorithm regardless of the preferences found on the Public Key to which you are encrypting. That may even be possible without using a front-end by the option --cipher-algo . -- Nick Andriash Courtenay, B.C. Canada From Matthew561@aol.com Fri Mar 8 17:39:02 2002 From: Matthew561@aol.com (Matthew561@aol.com) Date: Fri Mar 8 17:39:02 2002 Subject: Question regards session key error Message-ID: <122.d695cce.29ba4276@aol.com> In a message dated 03/08/02 10:27:50 AM Central Standard Time, andriash@telus.net writes: > an error message like that > related to the Session Key usually indicate that the message was > encrypted with an Algo that is not supported on the receiving machine's > copy of PGP. Not the problem since PGP uses Cast5 and 3Des. I have "corrected" the problem using the 6.02 generated keys by adding "emulate-md-encode-bug" to the Options file but still no luck with my old RSA keys. Thanks Matthew From andriash@telus.net Fri Mar 8 18:11:01 2002 From: andriash@telus.net (Nick Andriash) Date: Fri Mar 8 18:11:01 2002 Subject: Question regards session key error In-Reply-To: <122.d695cce.29ba4276@aol.com> References: <122.d695cce.29ba4276@aol.com> Message-ID: <20020308090715.342C.ANDRIASH@telus.net> Hello Matthew561, On Friday, March 08 2002 at 08:36 AM PDT, you wrote: > Not the problem since PGP uses Cast5 and 3Des. Yes I know, but doesn't --cipher-algo in essence over ride the default, and literally 'forces' GnuPG to use the Algorithm specified, regardless what the Recipients preferences are? -- Nick Andriash Courtenay, B.C. Canada From dominik@nextbyte.de Fri Mar 8 20:21:02 2002 From: dominik@nextbyte.de (Dominik Schwald) Date: Fri Mar 8 20:21:02 2002 Subject: change the passphrase... Message-ID: Hi, how does the changing of the passphrase work? As it is possible to change the passphrase that means (to me) that the secretKey "knows" the passphrase. In detail: If i create a new key and set the password to e.g. "supersecret_1" and put a copy of that secretKey somewhere, than i change the passphrase to "supersecret_2". Am i right that it's now possible to use the first secretKey with the first passphrase for signing/encryption AS WELL AS the second secretKey with its passphrase..? Regards, dominik From jason.kruse@teldta.com Fri Mar 8 20:57:01 2002 From: jason.kruse@teldta.com (Kruse, Jason K.) Date: Fri Mar 8 20:57:01 2002 Subject: Decrypt files with embedded filenames Message-ID: <200203081954.NAA21094@phylum.teldta.com> I was running into the use-embedded-filename option not working also on Solaris using 1.0.6 and here's what I came up with: The decrypt_message() call in decrypt.c causes opt.outfile to be set to '-' since we assume --outfile isn't needed. In plaintext.c the check for opt.outfile is before the !opt.use_embedded_filename in handle_plaintext() and use_embedded_filename is never used. Fix: Change decrypt.c line 70 from if ( !opt.outfile ) to if ( !opt.outfile && !opt.use_embedded_filename ) Hope this helps. Jason From sbutler@fchn.com Fri Mar 8 21:01:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Fri Mar 8 21:01:01 2002 Subject: change the passphrase... Message-ID: <08c3882c1d46a49c5aa0ae7bd4cee0e63c891806@fchn.com> The secret key is encrypted by the passphrase. Therefore, to use the secret key you must supply the pasphrase that is used to decrypt it. That's why the passphrase needs to be longer than a single word. And yes, if you have two different secret keyrings each having your secret key but secured by two different passphrases, then each will work as you described. -----Original Message----- From: Dominik Schwald [mailto:dominik@nextbyte.de] Sent: Friday, March 08, 2002 10:59 AM To: gnupg-users@gnupg.org Subject: change the passphrase... As it is possible to change the passphrase that means (to me) that the secretKey "knows" the passphrase. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From u_p@lycos.de Fri Mar 8 21:57:01 2002 From: u_p@lycos.de (uwe puchta) Date: Fri Mar 8 21:57:01 2002 Subject: AW: Problem with Perl Call - use "open3" Message-ID: <1015620877001212@lycos.de> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0012121015620877_ID Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable the follwoing code works perfect for me - both on Unix and Win32: 1. package gpgX; 2. use strict; 3. use IPC::Open3; 4. use FileHandle; 5. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 =B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 6. sub gpg { 7. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 =B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 8. my $f =3D shift || die; 9. -r $f || die 'cannot open file: "' . $f . '"'; 10. my $cmd; 11. my $o =3D $f; 12. #$o =3D~ s/\..*?\s*$//i; # removes all extensions 13. $o =3D~ s/\.[^\.]+?$//; # removes only last extension 14. $o .=3D '.gpg'; 15. print STDERR "processing file \"$f\" - this might take some time ... \n"; 16. $cmd =3D "gpg.exe -cv --passphrase-fd 0 --s2k-cipher-algo RIJNDAEL256 -o $o $f"; 17. process($cmd); 18. } 19. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 =B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 20. sub ungpg { 21. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 =B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 22. my $f =3D shift || die; 23. my $o =3D shift || die 'no output file'; 24. $f =3D~ /\.gpg\s*$/i or die "$f doesn't have the extension .pgp"; 25. -r $f || die 'cannot open file: "' . $f . '"'; 26. print STDERR "processing file \"$f\" - this might take some time ... \n"; 27. print STDERR "output file =3D \"$o\"\n"; 28. my $cmd =3D "gpg.exe -v --passphrase-fd 0 -o $o -d $f"; 29. process($cmd); 30. } 31. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 =B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 32. sub process { 33. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 =B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0 34. my $cmd =3D shift || die 'missing $cmd'; 35. # f=FCr Tests: 36. # $cmd =3D 'perl -e "print ;print \"\nstdout - @ARGV\n\"; print STDERR \"stderr\n\"; "'; 37. chomp $gpgX::P; # the passphrase 38. chomp $gpgX::P; 39. warn 'maybe wrong passphrase!' 40. if $gpgX::P =3D~ /^xxx/; 41. my ($writeFH, $readFH, $errFH) =3D (new FileHandle, new FileHandle, new FileHandle); 42. $readFH->autoflush(); # uncomment this if you have troubles reading the result 43. # ATTENTION - W A R N I N G: Bechause we use "$cmd" and not e.g. "@cmd", 44. # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D the command in $cmd ist processed via THE SHELL. 45. # But: "@cmd" hangs when trying to read the passphrase 46. # from fd 0. See POD for open2 (not open3!). 47. my $pid =3D open3($writeFH, $readFH, $readFH, $cmd) || die; 48. print $writeFH $gpgX::P; 49. $writeFH->close(); 50. while (<$readFH>) { print; } 51. $readFH->close(); 52. waitpid $pid, 0; 53. } 54. 1; in line 16 an 28 use "pgp" (or however your binary is called) - this is the Win32 Version. line 37ff: $gpgX::P is where I store my passphrase Request: =3D=3D=3D=3D=3D=3D=3D Please, does anybody have a binary version of PGP 1.0.6 for SGI IRIX for me? Regards Uwe -------------- mailto:mail@NO-SP-AM-puchta.com -- remove "NO-SP-AM-" > -------Urspr=FCngliche Nachricht------- > Guys, I have been trying to feed a passphrase into > gpg 1.0.6 (on NetBSD, Solaris and Win32) platforms) > using a variation of a script suggested in some of the > pgp documentation. Here's what I tried. If somebody > can tell me why it doesn't work, I'd be Real Pleased .. > -- > #!/usr/local/bin/perl > pipe(READER,WRITER); > if (!fork) { > close(WRITER); > $^F=3Dfileno(READER); > $FilDes=3Dfileno(READER); > exec "gpg -as --passphrase-fd $FilDes /tmp/outZ" or > die "can't exec gpg\n"; > } > close(READER); > syswrite(WRITER, "secret1\n", 8); > close(WRITER); > wait > -- ______________________________________________________ Beginnen Sie das neue Jahr gut informiert: Zeitschriften-Abos zum Sparpreis! http://www.lycos.de/webguides/entertainment/weihnachten/abo.html 250 Farb-Visitenkarten GRATIS*. In einem Wert von EUR 99,00! http://www.vistaprint.de/vp/splash/lycosde.asp Jetzt eigene Domains f=FCr 1,23 Euro/Monat http://lycos.de.domainnames.com/default.asp?caller=3Dlycos_d_footer --=_NextPart_Caramail_0012121015620877_ID-- From mail@volker-gaibler.de Sat Mar 9 00:55:01 2002 From: mail@volker-gaibler.de (Volker Gaibler) Date: Sat Mar 9 00:55:01 2002 Subject: PGP 7.0.3 refuses to encrypt with my key Message-ID: <3C895CDB.29494.1A1E86@localhost> Hi, I tried to encrypt some message with PGPfreeware 7.0.3 with my GnuPG 1.0.6- created key, but PGP could not encrypt the message with my key: "An error has occured: key can't be used for encryption". I read in the FAQ about problems with older versions that refused to encrypt with ElGamal type-20 keys. But mine is a type-16 key, so this should be a different problem. Signing with PGP works and is also no problem with GPG. What can I do? Thanks. Volker ----------------------------------------------------------------------- Volker Gaibler contact: http://www.volker-gaibler.de mail@volker-gaibler.de ----------------------------------------------------------------------- From Graham.K.Jenkins@team.telstra.com Sat Mar 9 01:59:02 2002 From: Graham.K.Jenkins@team.telstra.com (Jenkins, Graham K [IBM GSA]) Date: Sat Mar 9 01:59:02 2002 Subject: Problem with Perl Call Message-ID: <61411576E951D211AF330008C7245DD90818E822@ntmsg0005.corpmail.telstra.com.au> My example oversimplified things a bit. My program is actually meant to feed printer files via email to a remote printer (in parts if necessary). So it really needs a separate program like you suggest to prepend the passphrase. I am actually doing it this way now - building and invoking a separate perl program on the fly - and it is working very well. But it seems a bit kludgey. So I thought "There has to be a better way .." Perhaps there isn't! Thanks for your help. G. -----Original Message----- From: Bart Martens To: Jenkins, Graham K [IBM GSA] Cc: 'gnupg-users@gnupg.org' Sent: 3/8/02 11:34 PM Subject: Re: Problem with Perl Call On Fri, Mar 08, 2002 at 12:47:26PM +1100, Jenkins, Graham K [IBM GSA] wrote: > Guys, I have been trying to feed a passphrase into > gpg 1.0.6 (on NetBSD, Solaris and Win32) platforms) > using a variation of a script suggested in some of the > pgp documentation. Here's what I tried. If somebody > can tell me why it doesn't work, I'd be Real Pleased .. > -- > #!/usr/local/bin/perl > pipe(READER,WRITER); > if (!fork) { > close(WRITER); > $^F=fileno(READER); > $FilDes=fileno(READER); > exec "gpg -as --passphrase-fd $FilDes /tmp/outZ" or > die "can't exec gpg\n"; > } > close(READER); > syswrite(WRITER, "secret1\n", 8); > close(WRITER); > wait > -- You may want to try something like this: open FILE, "|gpg --batch --no-tty --passphrase-fd 0 --armor --symmetric 2>> $stderr > $stdout" or die "Cannot gpg"; print FILE "passphrase\n"; print FILE "text to be encrypted\n"; close FILE; From hironobu@h2np.net Sat Mar 9 02:01:01 2002 From: hironobu@h2np.net (Hironobu SUZUKI) Date: Sat Mar 9 02:01:01 2002 Subject: duplicate keyid survey results In-Reply-To: Your message of "Mon, 04 Mar 2002 11:01:44 +0900." <200203040201.LAA16029@blue.h2np.net> Message-ID: <200203090059.JAA29473@blue.h2np.net> Len Sassamann: 1) The thing that comes to mind immediately for me is that you should allow for a 64-bit key-ID search. 2) The public key servers should do little more than accept, store, and report data that it contains. Preventing the display of keys with duplicate IDs steps over that line a bit too much for me. David Shaw: 3) If a duplicated keyid is requested from the current HKP and NAI LDAP keyservers, *all* matching keys are returned. This is the correct behavior, as it lets the receiving program and the user decide which (if any) of the returned keys is the right one. --- 1) 64-bit KeyID will be supported. It's easy and no problem in server. But I'm wondering how PGP/GPG user know their own 64-bit KeyID. 2) HKP protocol based HTTP/1.0 is not define the waring status for the found duplicate key. We should define some specifications for duplicate keys. This specification is not only problem of public key server(s) but also problem of OpenPGP client(s) a.k.a PGP and GPG. 3) I think "all matching keys are returned" solution is not a perfect idea. But I can support it easly for my public key server. I'd like to know how about this solution for PGP or GPG. -- Hironobu SUZUKI E-Mail: hironobu@h2np.net URL: http://h2np.net From dshaw@jabberwocky.com Sat Mar 9 04:24:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 9 04:24:01 2002 Subject: duplicate keyid survey results In-Reply-To: <200203090059.JAA29473@blue.h2np.net> References: <200203040201.LAA16029@blue.h2np.net> <200203090059.JAA29473@blue.h2np.net> Message-ID: <20020309032144.GB1023@akamai.com> On Sat, Mar 09, 2002 at 09:59:12AM +0900, Hironobu SUZUKI wrote: > > Len Sassamann: > > 1) The thing that comes to mind immediately for me is that you should > allow for a 64-bit key-ID search. > > 2) The public key servers should do little more than accept, store, > and report data that it contains. Preventing the display of keys with > duplicate IDs steps over that line a bit too much for me. > > > David Shaw: > > 3) If a duplicated keyid is requested from the current HKP and NAI > LDAP keyservers, *all* matching keys are returned. This is the > correct behavior, as it lets the receiving program and the user decide > which (if any) of the returned keys is the right one. > > --- > > 1) 64-bit KeyID will be supported. It's easy and no problem in server. > But I'm wondering how PGP/GPG user know their own 64-bit KeyID. GPG uses 64-bit keyids internally, so even though most people don't know their own 64-bit keyid, when someone does a --refresh-keys command or a key is retrieved automatically because of the --auto-key-retrieve option the 64-bit keyid can be used. Even so, the user can see their 64-bit keyid by adding the "--with-colons" option to the usual --list-keys or --list-sigs I'd even like to be able to search by fingerprint. The way I see it, since the 32-bit keyid is just the lowest 32 bits of the fingerprint, and the 64-bit keyid is just the lowest 64 bits of the fingerprint, the keyserver must calculate the fingerprint no matter what. Since it's already calculated, it would be nice to use it. > 2) HKP protocol based HTTP/1.0 is not define the waring status for the > found duplicate key. We should define some specifications for > duplicate keys. This specification is not only problem of public key > server(s) but also problem of OpenPGP client(s) a.k.a PGP and GPG. > > 3) I think "all matching keys are returned" solution is not a perfect > idea. But I can support it easly for my public key server. I'd like > to know how about this solution for PGP or GPG. If you don't think this is the right way to go, what do you suggest as an alternative? I think a warning is fine, but not returning one of the keys leaves the keyserver open for a denial of service attack. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From rabbi@quickie.net Sat Mar 9 04:28:02 2002 From: rabbi@quickie.net (Len Sassaman) Date: Sat Mar 9 04:28:02 2002 Subject: duplicate keyid survey results In-Reply-To: <20020309032144.GB1023@akamai.com> Message-ID: On Fri, 8 Mar 2002, David Shaw wrote: > I'd even like to be able to search by fingerprint. The way I see it, > since the 32-bit keyid is just the lowest 32 bits of the fingerprint, > and the 64-bit keyid is just the lowest 64 bits of the fingerprint, > the keyserver must calculate the fingerprint no matter what. Since > it's already calculated, it would be nice to use it. Yes, this is a good idea. > > 3) I think "all matching keys are returned" solution is not a perfect > > idea. But I can support it easly for my public key server. I'd like > > to know how about this solution for PGP or GPG. > > If you don't think this is the right way to go, what do you suggest as > an alternative? I think a warning is fine, but not returning one of > the keys leaves the keyserver open for a denial of service attack. Agreed -- a warning is warranted, but the key server software shouldn't be deciding not to report keys simply because they share key-ids with other keys. --Len. From hironobu@h2np.net Sat Mar 9 05:05:01 2002 From: hironobu@h2np.net (Hironobu SUZUKI) Date: Sat Mar 9 05:05:01 2002 Subject: duplicate keyid survey results In-Reply-To: Your message of "Fri, 08 Mar 2002 22:21:44 EST." <20020309032144.GB1023@akamai.com> Message-ID: <200203090403.NAA29653@blue.h2np.net> > Even so, the user can see their 64-bit keyid by adding the > "--with-colons" option to the usual --list-keys or --list-sigs Thanks! > If you don't think this is the right way to go, what do you suggest > as an alternative? I think a warning is fine, but not returning one > of the keys leaves the keyserver open for a denial of service > attack. I'd like to return only "Found duplicate keys" status to client. If keyserver returns all of duplicate key contents to client, it can be used another DoS attack. Then, user can select two thing which are retrieve by 64-bit keyid or via Web interface. User may access an exact key via Web interface with database OID number (this numbers are not appeared to user) to check key contents and get it by their own risk. Fyi: http://openpksd.org prepare Kaz's "pgpdump" interface to see internal of key contents. Regards -- Hironobu SUZUKI E-Mail: hironobu@h2np.net URL: http://h2np.net From dshaw@jabberwocky.com Sat Mar 9 05:19:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 9 05:19:02 2002 Subject: duplicate keyid survey results In-Reply-To: <200203090403.NAA29653@blue.h2np.net> References: <20020309032144.GB1023@akamai.com> <200203090403.NAA29653@blue.h2np.net> Message-ID: <20020309041522.GD1023@akamai.com> On Sat, Mar 09, 2002 at 01:03:03PM +0900, Hironobu SUZUKI wrote: > > > Even so, the user can see their 64-bit keyid by adding the > > "--with-colons" option to the usual --list-keys or --list-sigs > > Thanks! > > > If you don't think this is the right way to go, what do you suggest > > as an alternative? I think a warning is fine, but not returning one > > of the keys leaves the keyserver open for a denial of service > > attack. > > I'd like to return only "Found duplicate keys" status to client. If > keyserver returns all of duplicate key contents to client, it can be > used another DoS attack. How? The user does not know if any key from a keyserver is valid or not. Even if an attacker creates hundreds of duplicate keys, it does not matter since the signatures are what is used to check if the key is valid. > Then, user can select two thing which are retrieve by 64-bit keyid or > via Web interface. > > User may access an exact key via Web interface with database OID > number (this numbers are not appeared to user) to check key contents > and get it by their own risk. It is easy to make even a duplicate 64-bit keyid. If the keyserver makes the user go through many extra steps to get a key if there is a duplicate keyid, then that is a (mild) denial of service as well. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From rabbi@quickie.net Sat Mar 9 06:26:02 2002 From: rabbi@quickie.net (Len Sassaman) Date: Sat Mar 9 06:26:02 2002 Subject: duplicate keyid survey results In-Reply-To: <20020309041522.GD1023@akamai.com> Message-ID: On Fri, 8 Mar 2002, David Shaw wrote: > > I'd like to return only "Found duplicate keys" status to client. If > > keyserver returns all of duplicate key contents to client, it can be > > used another DoS attack. > > How? > > The user does not know if any key from a keyserver is valid or not. > Even if an attacker creates hundreds of duplicate keys, it does not > matter since the signatures are what is used to check if the key is > valid. Exactly. (I hate to keep harping on this, but...) Key servers should be storage devices. Let the user figure out if the key should be trusted or not. > It is easy to make even a duplicate 64-bit keyid. If the keyserver > makes the user go through many extra steps to get a key if there is a > duplicate keyid, then that is a (mild) denial of service as well. Agreed. We shouldn't make this harder than it has to be for the user. I do like the idea of warning the user that multiple keys were returned, though -- but the more I think about it, the more I think that that warning should occur client-side. --Len. From hironobu@h2np.net Sat Mar 9 07:42:01 2002 From: hironobu@h2np.net (Hironobu SUZUKI) Date: Sat Mar 9 07:42:01 2002 Subject: duplicate keyid survey results In-Reply-To: Your message of "Fri, 08 Mar 2002 23:15:22 EST." <20020309041522.GD1023@akamai.com> Message-ID: <200203090639.PAA29914@blue.h2np.net> > It is easy to make even a duplicate 64-bit keyid. Step 0: If you use 32bit keyid, move Step 1. If 64bit keyid, move Step 2. Step 1: If you try to get a key by 32bit keyid but found duplicate keys, move Step 2 or Step 3 which you wish. Step 2: If you try to get a key by 64bit keyid but found duplicate keys, move Step 3 or Step 4 which you wish. If 32bit duplicate keyid was generated by accidentally, 64bit keyid searching will help most of them. Step 3: Use Web interface and check a list of keyids combined fingerprints. Select one key and database will return actual key (using database OID). Users must be patients. So, some people like me move to Step 4. Step 4: Ask an actual public key for the key owner or get an public key from owner's web page. > then that is a (mild) denial of service as well. Yes, I know it. Please remember that the concept of "Web of Trust" doesn't need any keyserver nor certificate authority. "No keyserver" is default. -- Hironobu SUZUKI E-Mail: hironobu@h2np.net URL: http://h2np.net From dhlee@flynara.co.kr Sat Mar 9 08:58:02 2002 From: dhlee@flynara.co.kr (Áø³ª¶ó) Date: Sat Mar 9 08:58:02 2002 Subject: ¸íÀÛ ¿µ¾î±³À°¿ë ¾Ö´Ï¸ÞÀÌ¼Ç ¼¼Æ®(±¤.°í) Message-ID:

 
 
 
 

¸íÀÛ ¾Ö´Ï¸ÞÀÌ¼Ç SETÀÔ´Ï´Ù.
À¯ÀÍÇÑ ¸íÀÛ µ¿È­¸¸À» ¾ö¼±ÇÏ¿© ¿µ¾î±³À°¿ë ¾Ö´Ï¸ÞÀ̼ÇÀ¸·Î ±¸¼ºÇÏ¿´½À´Ï´Ù.
¹®ÀåÀÇ ¹Ýº¹ ÁøÇàÀ¸·Î ÇнÀÈ¿°ú°¡ ¶Ù¾î³³´Ï´Ù.
±¸¸ÅÇϱ⠹öÆ°À» ´­·¯ ±¸¸ÅÇϼ¼¿ä.

¢À »óÇ°¸í: ¸íÀÛ ¾Ö´Ï¸ÞÀÌ¼Ç ¼¼Æ®
¢À ±¸¼º: 10 CASE / CD 10Àå + Audio Tape 5Àå

¢º ¿µ¾î±³À°CD ±â´É¼³¸í


Ưº° º¸³Ê½º~!
Audio Tape 5Àå À» µå¸³´Ï´Ù

¸®ºä
ÀÎ
¾î
°ø
ÁÖ
 
 
Àξî°øÁÖ´Â ¿ÕÀÚ¸¦ ¸¸³ª±â À§ÇØ ¸ñ¼Ò¸®¿Í ´Ù¸®¸¦ ¹Ù²Û´Ù.
°ú¿¬ Àξî°øÁÖÀÇ »ç¶ûÀº ÀÌ·ç¾îÁú¼ö ÀÖÀ»±î?
Çî
Á©
°ú

±×
·¹
ÅÚ
 
 
ÇîÁ©°ú ±×·¹ÅÚÀº, °è¸ðÀÇ ²Õ¿¡ ºüÁø ¾Æ¹öÁö¿¡ ÀÇÇØ ½£¼Ó¿¡ ¹ö·ÁÁö°í..
±×µéÀÌ Ã£¾Æ°£ °÷Àº ¿ÂÅë ¸ÀÀÖ´Â °úÀÚ·Î Áö¾îÁø ½ÅºñÇÑ ÁýÀ̾ú´Âµ¥,,,
ÀÌ
¼Ù

ÀÌ
¾ß
±â
 
 
¾ðÁ¦³ª ±³ÈÆÀ» ÁÖ´Â À̼ÙÀ̾߱â.
À̹ø¿£ ¾î¶² ±³ÈÆÀ» ¹è¿ï±î¿ä?
¼¼
¸¶
¸®

¾Æ
±â
µÅ
Áö
 
 
¼¼¸¶¸® ¾Æ±â µÅÁö ÇüÁ¦´Â °¢ÀÚ ´Ù¾çÇÑ ¹æ¹ýÀ¸·Î ÁýÀ» Áþ´Âµ¥..
¾Ñ! ¹«¼­¿î ´Á´ë°¡ µÅÁöµéÀ» ã¾Æ¿Ô³×?
¹Ì
¿î

¿À
¸®
»õ
³¢
 
 
¸ø»ý±ä ¿À¸®¶ó´Â ÀÌÀ¯·Î µûµ¹¸²À» ´çÇÏ´Â ¹Ì¿î¿À¸®»õ³¢.
ÇÏÁö¸¸ ¹Ì¿î¿À¸®»õ³¢ÀÇ ÁøÂ¥ ¸ð½ÀÀº,,,
°É
¸®
¹ö

¿©
Çà
±â
 
 
°É¸®¹ö°¡ µµÂøÇÑ °÷Àº ¾ÆÁÖ ÀÛÀº »ç¶÷µéÀÌ »ç´Â ¼ÒÀα¹.
¾î¶²ÀÏÀÌ ¹ú¾îÁú±î?
¾Ë
¶ó
µò
°ú

¿ä
¼ú
·¥
ÇÁ
 
 
°¡³­ÇÑ ¼Ò³â ¾Ë¶óµòÀº ¿ì¿¬ÇÑ ±âȸ¿¡
½ÅºñÇÑ ¿ä¼ú·¥ÇÁ¸¦ ¾ò°Ô µÇ´Âµ¥,,,
»¡
°£
¸ð
ÀÚ
 
 
ÇҸӴϸ¦ ã¾Æ°¡´Â ±Í¿©¿î »¡°£¸ðÀÚ ¾Æ±â.
ÇÏÁö¸¸ ¹«½Ã¹«½ÃÇÑ ´Á´ë°¡,,,
Àè
°ú

Äá
ÁÙ
±â
 
 
ÇϴñîÁö ÀÚ¶ó´Â ÄáÁٱ⸦ Ÿ°í ¿Ã¶ó°£
¿ë°¨ÇÑ ¼Ò³â ÀèÀÇ ¸ðÇè!
¹é
¼³

°ø
ÁÖ
 
 
°è¸ð¿¡°Ô ÂѰܳ­ ¹é¼³°øÁÖ´Â ÀÏ°ö³­ÀåÀÌ¿Í ÇÔ²²
»ì°ÔµÇ´Âµ¥,,

¢º ¸íÀÛ ¾Ö´Ï¸ÞÀÌ¼Ç 5´Ü°è ÇнÀ¹æ¹ý

[ 1 ´Ü°è ]
¿ì¼± ¿µÈ­¸¦ óÀ½ºÎÅÍ ³¡±îÁö °¨»óÇϽʽÿÀ.
¿µ¾î ÇнÀÀÇ ½ÃÀÛÀº HearingÀ» ¹Ýº¹ÇÏ´Â °ÍÀÔ´Ï´Ù.
ÇѱÛ/ ¿µ¹®/ ÇÑ¿µ¹®/ ¹«ÀÚ¸· À¸·Î ÇнÀÀÚÀÇ ¿µ¾î½Ç·Â¿¡ ¸Â°Ô ¼±ÅÃÀÌ °¡´ÉÇÕ´Ï´Ù.

[ 2 ´Ü°è ]
1´Ü°è¿¡¼­ ÀÌ¹Ì Àڽŵµ ¸ð¸£°Ô ÁÖ¿ä´Ü¾î, ¹®ÀåµéÀÌ ±â¾ïµÇ¾î ÀÖ½À´Ï´Ù.
300¸¸ ´Ü¾î°¡ ¼ö·ÏµÈ ¾¾³×ÆÄÅ© ÀüÀÚ»çÀüÀ» ÀÌ¿ëÇÏ¿©, ´õ¿í È¿°ú¸¦ º¸½Ç¼ö ÀÖ½À´Ï´Ù.

[ 3 ´Ü°è ]
2´Ü°è¿¡¼­ ÀÍÈù ´Ü¾îµéÀ» È°¿ëÇÏ¿© ¹®ÀåÀ» °øºÎÇϽʽÿÀ.
µû¶óÇϱ⠱â´ÉÀ» ÀÌ¿ëÇÏ¿© ´Ù¾çÇÑ È¸È­¹ýÀ» ¼÷ÁöÇϽǼö ÀÖ½À´Ï´Ù.

[ 4 ´Ü°è ]
¹®Àåµè±â¿¡ Àͼ÷ÇØÁø ÈÄ ¿©·¯¹®ÀåÀÌ À̾îÁø ´Ü¶ôÀ» °øºÎÇÕ´Ï´Ù.
±¸°£ ¹Ýº¹ ±â´ÉÀ» ÀÌ¿ëÇÏ¿© ¹Ýº¹¼÷Áö ÇÔÀ¸·Î½á ȸȭ¿¡ ÀڽۨÀ» °®°Ô µË´Ï´Ù.

[ 5 ´Ü°è ]
À§ÀÇ ´Ü°èµéÀ» °ÅÄ¡¸ç ¾òÀº ¿µ¾î ½Ç·ÂÀ» ¹Þ¾Æ¾²±â ±â´ÉÀ» ÅëÇÏ¿© ¿ÏÀüÈ÷ ³» °ÍÀ¸·Î
¸¸µì´Ï´Ù. ÃʱÞ, Áß±Þ, °í±Þ, 3´Ü°èÀÇ ³­À̵µ¸¦ ÅëÇÏ¿© ´Ü°èº° ½Ç·Â Å×½ºÆ®°¡ °¡´ÉÇÕ´Ï´Ù.

 

¢º ¾Ö´Ï¸ÞÀ̼ÇÀÇ È¿À²Àû ÇнÀ¹æ¹ý

<È¿À²ÀûÀÎ À¯¾ÆÀÇ ¿µ¾î°øºÎ¹ý >

[ 1´Ü°è : ÆÐÅÏÀÎ½Ä ´Ü°è ]

¸ÕÀú ¿µ»óÀ» º¸¸é¼­ ±Í·Î µè±â¸¸ ÇÏ°Ô ÇÕ´Ï´Ù.
Çϳª ÇϳªÀÇ ¾ð¾î¸¦ µ¡ºÙ¿©¼­ µÇµµ·Ï ¸¹Àº ¿µ»óÀ» º¸¿©ÁÝ´Ï´Ù.
¾ð¾î¸¦ °¡¸£Ä¥¶§´Â ±×¸²À̳ª À½¼ºÀ» ¸¹ÀÌ »ç¿ëÇØ¾ß ÇÏ¸ç ¿òÁ÷ÀÌ´Â ±×¸²(µ¿¿µ»ó)Àº
ÆÐÅÏÀνÄÇϴµ¥ ÈξÀÈ¿°úÀûÀÔ´Ï´Ù.

[2´Ü°è : À̹ÌÁö »ç°í ´Ü°è ]
¸ÕÀú ±×¸²Ã¥À̳ª ¿µÈ­¸¦ º¸°í À̹ÌÁö »ç°í¸¦ ÇÏ°Ô ÇÕ´Ï´Ù.
ÀÌ´Ü°è¿¡¼­´Â ¿µ»óÀ» ¹ÙÅÁÀ¸·Î »ý°¢À» ÇÏ°Ô µÇ´Â À̹ÌÁö »ç°í°¡ ¹ß´ÞÇÏ°Ô µÇ´Âµ¥
°£ÆíÇÏ°í ½¬¿î ´Ü¾îºÎÅÍ À̹ÌÁö¿Í ÇÔ²² ÀÍÈ÷°Ô µË´Ï´Ù.

[3´Ü°è : ¾ð¾î»ç°í ´Ü°è ]
¾ð¾î·Î »ý°¢ÇÏ°Ô ÇÕ´Ï´Ù.
¾ð¾î»ç°í ´Ü°è·Î µé¾î°¡¸é ¸ð¹æÀÇ Ã¹ ´Ü°è·Î ÁÖ¾îÁø ´Ü¾î¸¦ ÀÌ¿ëÇØ ÂªÀº ¹®ÀåÀ»
¸¸µé¾îº¸´Â ÀÛ¾÷À» ÇÏ°Ô µË´Ï´Ù. ¿©±â¼­´Â ¸ð¹æÇÑ °ÍÀÇ ¹Ýº¹À» Áñ±â°Ô µË´Ï´Ù.

[4´Ü°è : ¾ð¾îÀÎ½Ä ´Ü°è ]
¸ÕÀú ¾ð¾îÀÇ ³»¿ëÀ» ÀÌÇØÇÏ°Ô µË´Ï´Ù.
¾ð¾î ³»¿ëÀ» ÀÌÇØÇÏ°í ´ëÈ­¸¦ ÇÏ°ÔµÇ¸ç µè°í ¸»ÇÏ´Â ±âȸ¸¦ °¡Áö°Ô µË´Ï´Ù.
¹Ýº¹À» ÅëÇØ ¾ð¾î¸¦ ¹Ù¸£°Ô ÀÎÁöÇÏ°í ºñ±³, ¼öÁ¤ÇÏ´Â °úÁ¤À» °ÅÃÄ Á¤È®ÇÏ°Ô ¾ð¾î¸¦
±¸»çÇÏ°Ô µË´Ï´Ù.

 

´õÀÌ»ó »óÇ°¸®ºä ¸ÞÀÏÀ» ¹Þ¾Æº¸°í ½ÍÁö ¾ÊÀ¸½Ã¸é [¼ö½Å°ÅºÎ]¸¦ ÇØÁֽʽÿÀ.
»óÇ°¸®ºä³ª »çÀÌÆ® ÀÌ¿ë¿¡ À־ÀÇ ºÒÆí»çÇ×À̳ª ºÒ¸¸»çÇ×, °³¼±»çÇ×ÀÌ ÀÖÀ¸½Ã¸é
koyotai@flynara.co.kr À¸·Î º¸³»ÁÖ¼¼¿ä. ¿©·¯ºÐÀÇ ÀÇ°ßÀ» Àû±Ø ¼ö¿ëÇÏ°Ú½À´Ï´Ù.

From sunny@sunbase.org Sat Mar 9 10:25:01 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Sat Mar 9 10:25:01 2002 Subject: duplicate keyid survey results In-Reply-To: <200203090403.NAA29653@blue.h2np.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2002-03-09 13:03 Hironobu SUZUKI wrote: > David Shaw wrote: > > If you don't think this is the right way to go, what do you suggest > > as an alternative? I think a warning is fine, but not returning one > > of the keys leaves the keyserver open for a denial of service > > attack. > > I'd like to return only "Found duplicate keys" status to client. If > keyserver returns all of duplicate key contents to client, it can be > used another DoS attack. Not if the server displays a terse list of all the keys from which the user can choose the desired key. Additionally there could be some cron jobs running on the server once a week or something that searches for duplicated fake keys and reports to the maintainer. But then we have the "problem" of getting the same key back again when some of the other key servers reinstall the key. If we were to get rid of obvious faked keys, they should be disabled on the server, but I doubt this a big enough problem to make any special arrangements for it. IMHO the danger of DoS attacks due to duplicate 32-bits keyIDs is not very big. If there were lots of keys showing up as duplicates, there would not be a significant amount of resources needed from the server. Waste of bandwith, yes, but I don't think it would result in a DoS situation. But then, I have no clue of the inner workings of the server software, so please correct me if I'm wrong. :-) I think the option of specifying the fingerprint is a good idea. Not necessarily the whole bunch of bits, just enough to make it unique. Regards, =D8yvind +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Why, Micro= soft=AE, WHY??? =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8idQzck6dU2KQIusRAuH2AJ9Z4DVp4nV+42qLV2N1HUWHUuvGBQCfRmnW qlKLx5woi3RiG6rc9TYiefo=3D =3DrZ3E -----END PGP SIGNATURE----- From sunny@sunbase.org Sat Mar 9 11:15:01 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Sat Mar 9 11:15:01 2002 Subject: duplicate keyid survey results In-Reply-To: <20020309041522.GD1023@akamai.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2002-03-08 23:15 David Shaw wrote: > On Sat, Mar 09, 2002 at 01:03:03PM +0900, Hironobu SUZUKI wrote: > > I'd like to return only "Found duplicate keys" status to client. If > > keyserver returns all of duplicate key contents to client, it can > > be used another DoS attack. > > How? > > The user does not know if any key from a keyserver is valid or not. > Even if an attacker creates hundreds of duplicate keys, it does not > matter since the signatures are what is used to check if the key is > valid. This is where the fingerprint comes to use. To ensure you have the key belonging to the actual user, there has to be some additional communication to verify that it's not someone who has generated a key with a false name on it. Even if a false key is used, the only problem is that the receiver can't read the encrypted message. (I take it for granted that the sender knows the receivers actual email address.) This could lead to a mess and could be a problem. I don't know of any methods to avoid this problem, except spreading your fingerprint actively to make it easier for other people to verify the authenticity of the key. The keys from a keyserver is genuine 99% of the time, but there is always a chance someone has made his own key with the same name on it. > > Then, user can select two thing which are retrieve by 64-bit keyid > > or via Web interface. > > > > User may access an exact key via Web interface with database OID > > number (this numbers are not appeared to user) to check key > > contents and get it by their own risk. > > It is easy to make even a duplicate 64-bit keyid. Shouldn't the internal CRC routines help avoiding this? I doubt it would be an easy task to duplicate the 64-bit key _and_ satisfy the SHA1 checksum. > If the keyserver makes the user go through many extra steps to get a > key if there is a duplicate keyid, then that is a (mild) denial of > service as well. Not much of extra steps needed here, just a list of all the keys to choose from. One extra step. Another thing is when GPG itself gets the key from a server, for example when verifying a signed text and you don't have the actual key from before. Will GPG then use the 32-bit keyID to get the key from the server? Greetings from Norway, =D8yvind ##################################################################### # OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm # # Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB # ################### ☮, ♥ and Linux. ################### -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8id/Gck6dU2KQIusRAlNrAJoDaVq06NRUinm56VpDqOMiqF4swwCfS8qw 73Bf5om1z0JckwQJ5Nv1b1E=3D =3Dh5HH -----END PGP SIGNATURE----- From u_p@lycos.de Sat Mar 9 12:48:02 2002 From: u_p@lycos.de (uwe puchta) Date: Sat Mar 9 12:48:02 2002 Subject: blowfish in gnuPG 1.0.6 =? 256 bit Message-ID: <1015674371022788@lycos.de> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0227881015674371_ID Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable just a question out of curiosity: what's the key size for Blowfish encryption? is it 256 bit? ... for both cipher-algo and s2k-cipher-algo (if defined so in the options file or at the command line) ______________________________________________________ Beginnen Sie das neue Jahr gut informiert: Zeitschriften-Abos zum Sparpreis! http://www.lycos.de/webguides/entertainment/weihnachten/abo.html 250 Farb-Visitenkarten GRATIS*. In einem Wert von EUR 99,00! http://www.vistaprint.de/vp/splash/lycosde.asp Jetzt eigene Domains f=FCr 1,23 Euro/Monat http://lycos.de.domainnames.com/default.asp?caller=3Dlycos_d_footer --=_NextPart_Caramail_0227881015674371_ID-- From wk@gnupg.org Sat Mar 9 13:56:01 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Mar 9 13:56:01 2002 Subject: duplicate keyid survey results In-Reply-To: ("Oyvind A. Holm"'s message of "Sat, 9 Mar 2002 11:13:12 +0100 (CET)") References: Message-ID: <87n0xhdhrq.fsf@alberti.gnupg.de> On Sat, 9 Mar 2002 11:13:12 +0100 (CET), Oyvind A Holm said: > Another thing is when GPG itself gets the key from a server, for > example when verifying a signed text and you don't have the actual key > from before. Will GPG then use the 32-bit keyID to get the key from the > server? Yes, because the current HKP servers can't cope with the full 64 bit keyID. I'd even like to have a keyserver which accepts the fingerprint. The problem here is that the signature packet does only carry the 64 bit key ID. Ciao, Werner From dshaw@jabberwocky.com Sat Mar 9 14:46:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 9 14:46:01 2002 Subject: duplicate keyid survey results In-Reply-To: <200203090639.PAA29914@blue.h2np.net> References: <20020309041522.GD1023@akamai.com> <200203090639.PAA29914@blue.h2np.net> Message-ID: <20020309134317.GF1023@akamai.com> On Sat, Mar 09, 2002 at 03:39:44PM +0900, Hironobu SUZUKI wrote: > > > It is easy to make even a duplicate 64-bit keyid. > > Step 0: If you use 32bit keyid, move Step 1. If 64bit keyid, move > Step 2. > > Step 1: If you try to get a key by 32bit keyid but found duplicate keys, > move Step 2 or Step 3 which you wish. > > Step 2: If you try to get a key by 64bit keyid but found duplicate > keys, move Step 3 or Step 4 which you wish. > > If 32bit duplicate keyid was generated by accidentally, > 64bit keyid searching will help most of them. > > Step 3: Use Web interface and check a list of keyids combined > fingerprints. Select one key and database will return actual > key (using database OID). Users must be patients. So, some > people like me move to Step 4. > > Step 4: Ask an actual public key for the key owner or get an public > key from owner's web page. This is an algorithm that a human being can follow. What is a program supposed to do? Most people do not use a web interface to get their keys - they use the keyserver interface in their application, which can only say "give me 0xXXXXXXXX". It should not have to parse and understand lots of HTML to try and resolve conflicts. Also, PGP is not being updated anymore. Even if code is added to GnuPG to talk to your keyserver, PGP will not be able to. Let me try and approach this from another direction: do you see any security problem with returning more than one key with the same keyid? If yes, can you tell me why? Remember that the keyserver does nothing to validate the keys - that is the job of the signatures on the key. The decision on whether to use a particular key belongs to the *user* who verifies the signatures and decides where this key fits into the web of trust. One of the main reasons for key signatures in the first place is to deal with this exact problem. There can never be a denial of service by generating a fake key with the same keyid because of the signatures. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Sat Mar 9 15:01:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 9 15:01:01 2002 Subject: duplicate keyid survey results In-Reply-To: <87n0xhdhrq.fsf@alberti.gnupg.de> References: <87n0xhdhrq.fsf@alberti.gnupg.de> Message-ID: <20020309135800.GG1023@akamai.com> On Sat, Mar 09, 2002 at 01:53:29PM +0100, Werner Koch wrote: > On Sat, 9 Mar 2002 11:13:12 +0100 (CET), Oyvind A Holm said: > > > Another thing is when GPG itself gets the key from a server, for > > example when verifying a signed text and you don't have the actual key > > from before. Will GPG then use the 32-bit keyID to get the key from the > > server? > > Yes, because the current HKP servers can't cope with the full 64 bit > keyID. I'd even like to have a keyserver which accepts the > fingerprint. The problem here is that the signature packet does only > carry the 64 bit key ID. Only if the keyserver can only handle 32-bit keyids. If GPG is talking to a server that can handle more (like the LDAP server), it will use the full 64-bits. (Werner, this is one of the things I added in the generic keyserver code :) ) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From agreene@pobox.com Sat Mar 9 16:12:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Sat Mar 9 16:12:01 2002 Subject: change the passphrase... In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 8 Mar 2002, Dominik Schwald wrote: >If i create a new key and set the password to e.g. "supersecret_1" and >put a copy of that secretKey somewhere, than i change the passphrase to >"supersecret_2". >Am i right that it's now possible to use the first secretKey with the >first passphrase for signing/encryption AS WELL AS the second >secretKey with its passphrase..? Yes. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8iRgDpCpg3WyUI50RAtdzAJ9g3qSzrznz4+bNVe97fnGRPWy6EwCg3Ljv gEm2RDJJc81gbs1Mt1Pnvlk= =kSFE -----END PGP SIGNATURE----- From RGB.Art.Gallery@10.0.1.9 Sat Mar 9 16:35:02 2002 From: RGB.Art.Gallery@10.0.1.9 (RGB Art Gallery) Date: Sat Mar 9 16:35:02 2002 Subject: Hand-painted Replica of Van Gogh's Sunflower for $69 Message-ID: RGB Art Gallery

RGB Art Gallery

  Special to Cincinnati Downtown Event Attendees!
20"x24" Hand-painted Oil Canvas Starts $49
This weekend only!

 

Greetings!

If you are going to attend downtown Cincinnati events, stop by RGB Art Gallery on the 2nd floor of Carew Tower. We are located on the top of the skywalk escalators near the Omini Hotel. 

As a limited time offer to downtown event attendees this weekend of March 9-10, you can buy the following high quality hand-painted replica or original art with unbelievable prices. Quick, each of these is unique.
Sunflowers 20"x24" Hunting 24"x36"

 Flower and Chair
20"x24"


Special price this week: $69.00

 Special price this week: $199.00 Special price this week: $89.00

 The retail market price is $220. You save more than 70%.

The retail market price is $699.00. You save more than 71%

 The retail market price is $299.00. You save more than 70%

The Autumn Gate 20"x24"

Roybal
12"x16"

Wall Street 1890s
20"x24"

Special price this week: $89.00
*Frame not included		 Special price this week: $35.00 Special price this week: $89.00* 
*Frame not included
The retail market price is $299.00. You save more than 70%. The retail market price is $99.00. You save more than 64%. You save 70% off the retail market price of $299.00

We have many more oil paintings on sale. Please visit our web site http://www.rgbartgallery.com to preview more canvas images and check the gallery schedule. Visit our gallery when you come to downtown for an event like this week's "Home and Garden Show" and others. Carew Tower is just two blocks away near Fountain Square. You will find many high quality hand-painted oil paintings with "unbelievable prices" (this was what many of our customers said!).

Sincerely, 

Kay
RGB Art Gallery

email: info@rgbartgallery.com 
voice: (513) 369-0300
web: www.rgbartgallery.com
 
 This message was sent to you by RGB Art Gallery. To remove your email address from the mailing list, please send an email to info@rgbartgallery.com with subject "REMOVE".
From teenieberry@worldnet.att.net Sat Mar 9 16:51:02 2002 From: teenieberry@worldnet.att.net (FRANK HUBENY) Date: Sat Mar 9 16:51:02 2002 Subject: Hand-painted Replica of Van Gogh's Sunflower for $69 References: Message-ID: <000801c1c782$fa1dd6e0$51d06620@teeniebe9euk8d> Hello Users; I do keep getting alot on none "gpg" items from this user group. Is there any way from stopping this. The subject line is from the original e-mail I recieved. <>< Frank D. Hubeny From blais@iro.umontreal.ca Sat Mar 9 21:06:02 2002 From: blais@iro.umontreal.ca (Martin Blais) Date: Sat Mar 9 21:06:02 2002 Subject: missing documentation / rant Message-ID: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there> hi here's a bug report / rant? for GPG 1.0.6 documentation is missing for --check-trustdb [NAMES] check the trust database --fix-trustdb fix a corrupted trust database these options don't know show up in the man page. someone really ought to do the grunt work of cross-checking the man page documentation with the actual options that gpg can accept. these are not in the handbook nor in the FAQ either. the only thing i could find was stuff in the mailing-lists. in particular, i cannot help but wonder, why would my trustdb become corrupted, and how is it possible that it can be fixed (and if so, why doesn't it do that by itself?). besides, i cannot figure out how to use check-trustdb, all i get is output like this: tadora:~$ gpg --check-trustdb blais gpg: given user IDs ignored in check_trustdb gpg: 15 keys processed gpg: 15 keys skipped tadora:~$ also of interest: --allow-secret-key-import is not mentioned on the output of "gpg --help". i'm sure there are many others. i know it is not fun to do, but documentation improvement for this otherwise excellent piece of software is sorely needed. encryption attracts people who will have attention for detail and will read up on how it works, will experiment with it before using it, and it would be nice if the documentation was very, very, very consistent (it is off to a very good start, but the mising stuff is frustrating). another big one (for me and other friends): the default behaviour for "gpg file.gpg" is to decrypt to a file "file", and apart from asking for the passphrase it doesn't say it has output the PLAINTEXT to a FILE. the user that is not careful might forget or not know that is unencrypted document lies in the filesystem! that is a big problem! IMHO that should not be the default behaviour, the default, just as for input, should be that it outputs to stdout, just like --decrypt does, and that using --decrypt should output to a file (plus we should get a message that says so, every functionality that write unencrypted data to the filesystem should warn the user). thanks for making gpg, i really enjoy using it otherwise. cheers, -- M. p.s. please Cc i'm not on this list. From wk@gnupg.org Sat Mar 9 22:06:01 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Mar 9 22:06:01 2002 Subject: missing documentation / rant In-Reply-To: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there> (Martin Blais's message of "Sat, 9 Mar 2002 15:02:23 -0500") References: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there> Message-ID: <87sn79bgi5.fsf@alberti.gnupg.de> On Sat, 9 Mar 2002 15:02:23 -0500, Martin Blais said: > these options don't know show up in the man page. someone really ought to do > the grunt work of cross-checking the man page documentation with the actual There are reasons for this. --dump-options is for example also not listed in the man page. But hey, you have the source, so where is the problem. > fixed (and if so, why doesn't it do that by itself?). besides, i cannot > figure out how to use check-trustdb, all i get is output like this: So don't use it. As said, there is a reason that it is not listed. BTW, the next version has it mentioned because this command has a real use then. > also of interest: > --allow-secret-key-import > is not mentioned on the output of "gpg --help". i'm sure there are many If you try to import a secret key, a messge is printed, telling you to use this option. Anyway, this option is just a temporary hack and not anymore needed in 1.0.6d. Printing all 202 commands and options with --help make no sense, it is just too much and can't probably not be understood without a more verbose description. Anyway, recent versions do print: --photo-viewer Set command line to view Photo IDs -N, --notation-data NAME=VALUE use this notation data (See the man page for a complete listing of all commands and options) There is nothing important missing, some things are maintainer only. If you or the people attracted by encryption real want to get into it, use the source. > another big one (for me and other friends): the default behaviour for "gpg > file.gpg" is to decrypt to a file "file", and apart from asking for the > passphrase it doesn't say it has output the PLAINTEXT to a FILE. the Which is the correct behaviour of a Unix tool. Use --verbose to get what you want. > lies in the filesystem! that is a big problem! IMHO that should not be the > default behaviour, the default, just as for input, should be that it outputs > to stdout, just like --decrypt does, and that using --decrypt should output A lot of tools do have this behaviour and it makes a lot of sense. IF you want to have the output on stdout, send the input to stdin. Ciao, Werner From sunny@sunbase.org Sat Mar 9 22:07:03 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Sat Mar 9 22:07:03 2002 Subject: missing documentation / rant In-Reply-To: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2002-03-09 15:02 Martin Blais wrote: > another big one (for me and other friends): the default behaviour for > "gpg file.gpg" is to decrypt to a file "file", and apart from asking > for the passphrase it doesn't say it has output the PLAINTEXT to a > FILE. the user that is not careful might forget or not know that is > unencrypted document lies in the filesystem! that is a big problem! > IMHO that should not be the default behaviour, the default, just as > for input, should be that it outputs to stdout, just like --decrypt > does, and that using --decrypt should output to a file (plus we > should get a message that says so, every functionality that write > unencrypted data to the filesystem should warn the user). This can easily be avoided by using gpg | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +------------- Nostalgien er ikke hva den engang var. --------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8injqck6dU2KQIusRAtKpAJ9gfO/XcS9dXtKsImQyHN+TBwqNPACgpU7q BPIxa3uH1MeC0TOxlY77ii8=3D =3Ds1Ae -----END PGP SIGNATURE----- From Marc.Mutz@uni-bielefeld.de Sat Mar 9 22:31:01 2002 From: Marc.Mutz@uni-bielefeld.de (Marc Mutz) Date: Sat Mar 9 22:31:01 2002 Subject: blowfish in gnuPG 1.0.6 =? 256 bit In-Reply-To: <1015674371022788@lycos.de> References: <1015674371022788@lycos.de> Message-ID: <200203092228.11603@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 09 March 2002 12:55, uwe puchta wrote: > just a question out of curiosity: > what's the key size for Blowfish encryption? > is it 256 bit? > ... for both cipher-algo and s2k-cipher-algo > (if defined so in the options file or at the > command line) http://www.counterpane.com/blowfish.html - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8in5o3oWD+L2/6DgRAkvZAJwKaB7fZVJef25joMMlFlzFrvdyUACgjxzI YSMEWqB7kWW1Zc4idqMXsNw=3D =3DnndK -----END PGP SIGNATURE----- From blais@iro.umontreal.ca Sat Mar 9 22:43:01 2002 From: blais@iro.umontreal.ca (Martin Blais) Date: Sat Mar 9 22:43:01 2002 Subject: missing documentation / rant In-Reply-To: <87sn79bgi5.fsf@alberti.gnupg.de> References: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there> <87sn79bgi5.fsf@alberti.gnupg.de> Message-ID: <20020309214111.MHMP21673.tomts23-srv.bellnexxia.net@there> On Saturday 09 March 2002 16:03, Werner Koch wrote: > On Sat, 9 Mar 2002 15:02:23 -0500, Martin Blais said: > > these options don't know show up in the man page. someone really ought to > > do the grunt work of cross-checking the man page documentation with the > > actual > > There are reasons for this. --dump-options is for example also not > listed in the man page. But hey, you have the source, so where is the > problem. there is no real problem, one of the users (me) is confused, and is making comments to the developers in order to allow them to improve the documentation of their software. i'd like to know what they are? it would be nice if there was a clear separation between options that are shown by --help and those that aren't and that are explained in the man page and manual (perhaps dub them "extended" or "private" options?). in any case, either the manual or documentation should reflect all options, right? i understand that documentation is difficult to keep up-to-date by a distributed team (and the handbook is actually quite impressive), but this is indeed a 1.0 release and for such an important release documentation should be polished... i wouldn't have bothered making comments for a development release, because i understand that. my own system is that i make it a requirement to releasing, i.e. i don't allow myself to release until i've updated the docs. if i want to release something i have to bite the bullet and slave at the docs. (and besides, sorry, but looking at the source doesn't qualify as documentation, which is what my comments are about. the beauty of oss is that i can if i want to (especially to make modifications), but that doesn't mean that all users of gpg SHOULD have to become acquainted with the source to find out what an option listed in --help is meant to do. i'm sure you'll agree with this.) > > fixed (and if so, why doesn't it do that by itself?). besides, i cannot > > figure out how to use check-trustdb, all i get is output like this: > > So don't use it. As said, there is a reason that it is not listed. well, it IS indeed listed in "gpg --help". i didn't mean to use it, i meant to understand what it does because it was listed, and is not documented, and that is why i was trying it. if i'm not meant to use it, then the problem is that it was listed. > BTW, the next version has it mentioned because this command has a real > use then. > > > also of interest: > > --allow-secret-key-import > > > > is not mentioned on the output of "gpg --help". i'm sure there are many > > If you try to import a secret key, a messge is printed, telling you to > use this option. Anyway, this option is just a temporary hack and not > anymore needed in 1.0.6d. Printing all 202 commands and options with cool. > --help make no sense, it is just too much and can't probably not be > understood without a more verbose description. Anyway, recent > versions do print: > > --photo-viewer Set command line to view Photo IDs > -N, --notation-data NAME=VALUE use this notation data > > (See the man page for a complete listing of all commands and options) that's exactly my point! is at least the man page complete? options that are listed in --help should at least also be in the man page. the opposite is not necessarily true, and some kind of grouping to acknowledge that is a nice way to let the user understand this (something like "basic options" and "extended options"). > There is nothing important missing, some things are maintainer only. > If you or the people attracted by encryption real want to get into it, > use the source. those maintainer-only options should then not be visible to the user if he's not to use them. all i'm arguing for, is that the maintainer/for-debug options be somehow marked as such or not visible. > > another big one (for me and other friends): the default behaviour for > > "gpg file.gpg" is to decrypt to a file "file", and apart from asking for > > the passphrase it doesn't say it has output the PLAINTEXT to a FILE. the > > Which is the correct behaviour of a Unix tool. Use --verbose to get > what you want. agreed, read on... > > lies in the filesystem! that is a big problem! IMHO that should not be > > the default behaviour, the default, just as for input, should be that it > > outputs to stdout, just like --decrypt does, and that using --decrypt > > should output > > A lot of tools do have this behaviour and it makes a lot of sense. IF > you want to have the output on stdout, send the input to stdin. i know i can use --decrypt and i do now (actually, you make me think, i'll try putting it in my options file). well, please consider that a default behaviour of writing plaintext files out to the filesystem is behaviour that does not foster trust in a program that is meant to provide data security for its user. i mean, there is a reason for that file to be encrypted in the first place. if i considered my filesystem permissions to be secure i probably wouldn't use encryption to store files on it. i have often forgotten to delete unencrypted files because of that (and even sometimes on my cd backups, which were recently robbed with the rest of the computing equipment. not a cool feeling. i agree that it is my fault because i misused gpg, but food for thought anyway. IMHO plaintext should only be written to files on request. consider it a security feature, and not a minor one---the user is less likely to make the mistake of decrypting to disk.) thanks for your quick answer. cheers, From blais@iro.umontreal.ca Sat Mar 9 22:57:01 2002 From: blais@iro.umontreal.ca (Martin Blais) Date: Sat Mar 9 22:57:01 2002 Subject: missing documentation / rant In-Reply-To: References: Message-ID: <20020309215503.JNTL4161.tomts17-srv.bellnexxia.net@there> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 09 March 2002 16:05, Oyvind A. Holm wrote: > On 2002-03-09 15:02 Martin Blais wrote: > question is whether it should be changed on DOSish systems, as the > stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world. > But then it's a Bad Thing to make a program work differently in > different environments. That would lead to more trouble than it's > worth. good point, so i guess it cannot be changed. perhaps an option to alter that behaviour would be cool. that option could be put in the user's options file to get that behaviour. just my 2cents. thx again, -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyKhFwACgkQq2PmC9F3Xx3UBACfYWoQti6Qhn/RoAxZ2jSCLMAo axoAn35J/lP6Wt+P++ZDAcc48NK8STx8 =qCY2 -----END PGP SIGNATURE----- From sunny@sunbase.org Sat Mar 9 23:33:01 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Sat Mar 9 23:33:01 2002 Subject: missing documentation / rant In-Reply-To: <20020309215503.JNTL4161.tomts17-srv.bellnexxia.net@there> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2002-03-09 16:53-0500 Martin Blais wrote: > On 2002-03-09 22:05:06+0100, Oyvind A. Holm wrote: > > Another question is whether it should be changed on DOSish systems, > > as the stdin/stdout thing is pretty unfamiliar in the DOS (aka > > windows) world. But then it's a Bad Thing to make a program work > > differently in different environments. That would lead to more > > trouble than it's worth. > > good point, so i guess it cannot be changed. > > perhaps an option to alter that behaviour would be cool. that option > could be put in the user's options file to get that behaviour. That seems like a good idea. Having an "always-stdout" option would be a good thing to have, especially when thinking of how hard it is to completely erase data from hard disks once it's written. After all, it's easy to redirect the output to a file. I still think the current behaviour should be the default, but I see no drawback in having an configuration option to achieve this behaviour. Regards, =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +----------- 2 + 2 =3D 5 for extremely large values of 2. ------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8iozTck6dU2KQIusRArY+AJ96aTJgFkdinstjIGrHTVr8xVpEygCfW5vi IRrTZmSXdnJ2DKSDp/sXVI8=3D =3DCiW9 -----END PGP SIGNATURE----- From bobmathews@mindspring.com Sat Mar 9 23:39:01 2002 From: bobmathews@mindspring.com (Bob Mathews) Date: Sat Mar 9 23:39:01 2002 Subject: blowfish in gnuPG 1.0.6 =? 256 bit In-Reply-To: <200203092228.11603@sendmail.mutz.com> References: <1015674371022788@lycos.de> <200203092228.11603@sendmail.mutz.com> Message-ID: <20020309223711.E10F39D19@cabbit.cat> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 09 March 2002 01:28 pm, Marc Mutz wrote: > On Saturday 09 March 2002 12:55, uwe puchta wrote: > > just a question out of curiosity: > > what's the key size for Blowfish encryption? > > is it 256 bit? > > ... for both cipher-algo and s2k-cipher-algo > > (if defined so in the options file or at the > > command line) > > > > http://www.counterpane.com/blowfish.html That page says that blowfish has a variable length key. However, according to RFC2440, OpenPGP uses blowfish with a 128-bit key. That applies to both the - --cipher-algo and --s2k-cipher-algo options. -bob mathews -----BEGIN PGP SIGNATURE----- Comment: What's this? http://bobmathews.home.mindspring.com/bob/ iD8DBQE8io5/PgDecCrBEpcRAvZyAJ9mepDoScVoV1vvpUvKvcFAhf8JVwCeIfCh 4qakEveOZBnTDcGg3j+pSOc= =RvAN -----END PGP SIGNATURE----- From twoaday@freakmail.de Sun Mar 10 00:41:01 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Sun Mar 10 00:41:01 2002 Subject: Announcement for OpenCDK Message-ID: <20020309232224.GA31086@daredevil.joesixpack.net> Hi, I decided to create a library which implements basic parts of the RFC2440 (OpenPGP) message format. This library will be no replacement for any real OpenPGP application like PGP or GPG. The goals of the library are to provide an API for parsing packets and to work with OpenPGP keys. There is also some code for signing, verification, encrypt and decrypt, but this is only partly done. Some of the code based on GPG and for all crypto functions we referring to the libgcrypt library. This library is responsible for secure memory, random generation and other sentensive parts. Currently the library is work on progress, but for the people who want to take a look at it can find the source on this webpage: http://www.winpt.org/opencdk.html Of course the whole project is available under the terms of the GNU General Public License. Timo From hironobu@h2np.net Sun Mar 10 02:26:01 2002 From: hironobu@h2np.net (Hironobu SUZUKI) Date: Sun Mar 10 02:26:01 2002 Subject: duplicate keyid survey results In-Reply-To: Your message of "Sat, 09 Mar 2002 08:43:17 EST." <20020309134317.GF1023@akamai.com> Message-ID: <200203100123.KAA32274@blue.h2np.net> I tried to send my e-mail to dshaw@jabberwocky.com from my two mail addresses, hironobu@h2np.net and hironobu@pgp.nic.ad.jp, but all of my e-mails were rejected. Please let me know another your e-mail address which I can send one. And I'm sorry for ML readers. Best Regards, -- Hironobu SUZUKI E-Mail: hironobu@h2np.net URL: http://h2np.net From wk@gnupg.org Sun Mar 10 16:14:01 2002 From: wk@gnupg.org (Werner Koch) Date: Sun Mar 10 16:14:01 2002 Subject: missing documentation / rant In-Reply-To: ("Oyvind A. Holm"'s message of "Sat, 9 Mar 2002 23:30:32 +0100 (CET)") References: Message-ID: <87g038a24l.fsf@alberti.gnupg.de> On Sat, 9 Mar 2002 23:30:32 +0100 (CET), Oyvind A Holm said: > That seems like a good idea. Having an "always-stdout" option would be What about: gpg --output - has been there for years. From dshaw@jabberwocky.com Sun Mar 10 16:45:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Mar 10 16:45:02 2002 Subject: duplicate keyid survey results In-Reply-To: <200203100123.KAA32274@blue.h2np.net> References: <20020309134317.GF1023@akamai.com> <200203100123.KAA32274@blue.h2np.net> Message-ID: <20020310154206.GC9163@akamai.com> On Sun, Mar 10, 2002 at 10:23:55AM +0900, Hironobu SUZUKI wrote: > > I tried to send my e-mail to dshaw@jabberwocky.com from my two mail > addresses, hironobu@h2np.net and hironobu@pgp.nic.ad.jp, but all of my > e-mails were rejected. > > Please let me know another your e-mail address which I can send one. Sorry - spam blocking system on your netblock. Your addresses are right in the middle of a pile of open relays in Korea. I've overridden the blacklist for your servers. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From teenieberry@worldnet.att.net Sun Mar 10 16:55:01 2002 From: teenieberry@worldnet.att.net (FRANK HUBENY) Date: Sun Mar 10 16:55:01 2002 Subject: Output Message-ID: <000501c1c84c$a9680200$efee6620@teeniebe9euk8d> Hello users; I had a problem getting an output from exporting the trustdb. It seems that one was the only one I had problems with. Someone replyed with a alternative command to output to a file. I believe it was called a pipe, or consol redirect. Could that person send it to me again. I am useing "gpg-106" for windows. On a window 200 pro machine with service packs one and two installed. I will keep a backup copy this time. <>< Frank D. Hubeny From vab@cryptnet.net Sun Mar 10 18:40:01 2002 From: vab@cryptnet.net (V Alex Brennen) Date: Sun Mar 10 18:40:01 2002 Subject: duplicate keyid survey results In-Reply-To: <87n0xhdhrq.fsf@alberti.gnupg.de> Message-ID: On Sat, 9 Mar 2002, Werner Koch wrote: > On Sat, 9 Mar 2002 11:13:12 +0100 (CET), Oyvind A Holm said: > > > Another thing is when GPG itself gets the key from a server, for > > example when verifying a signed text and you don't have the actual key > > from before. Will GPG then use the 32-bit keyID to get the key from the > > server? > > Yes, because the current HKP servers can't cope with the full 64 bit > keyID. I'd even like to have a keyserver which accepts the > fingerprint. The problem here is that the signature packet does only > carry the 64 bit key ID. I checked code into CVS that will allow CKS to support HKP style queries by the 64 bit key ID, the full 128 bit v3 fp, or the full 160 bit V4 fp. This feature will be available in the next release. Here are adapted HKP protocol examples: 32 bit key ID: GET /pks/lookup?op=get&search=0x992A4B3F HTTP/1.0 64 bit key ID: GET /pks/lookup?op=get&search=0xFA920973992A4B3F HTTP/1.0 128 bit key ID (v3) (one line wrapped by MTA): GET /pks/lookup?op=get&search=0x0A75834DE6AB89F6BE869EB81DF4E517 HTTP/1.0 160 bit key ID (v4) (one line wrapped by MTA): GET /pks/lookup?op=get&search=0x0EC8B0E3052DFC4C208F76EBFA920973992A4B3F HTTP/1.0 I included fp support, because I would like to soon write PGP software that uses fp's to transmit key information in other protocols. It would be nice to use CKS to auto fetch by fp as part of that code. - VAB --- V. Alex Brennen Senior Systems Engineer IBM Certified Specialist e-TechServices.com IBM Business Partner Bus: 352.246.8553 Fax: 770.216.1877 vab@e-techservices.com http://www.e-techservices.com/people/vab/ From vab@cryptnet.net Sun Mar 10 18:54:01 2002 From: vab@cryptnet.net (V Alex Brennen) Date: Sun Mar 10 18:54:01 2002 Subject: duplicate keyid survey results In-Reply-To: <200203090403.NAA29653@blue.h2np.net> Message-ID: On Sat, 9 Mar 2002, Hironobu SUZUKI wrote: > > > If you don't think this is the right way to go, what do you suggest > > as an alternative? I think a warning is fine, but not returning one > > of the keys leaves the keyserver open for a denial of service > > attack. > > I'd like to return only "Found duplicate keys" status to client. If > keyserver returns all of duplicate key contents to client, it can be > used another DoS attack. I don't believe this is true. While the potential to create 32 bit key id collisions easily exists in v3, it is a hard problem in v4 because the v4 keyid (both 32 and 64 bit) are part of the fingerprint which in v4 is the SHA160 hash of the key material. So, the problem of generating fake keys with a given keyid in v4 is the problem of looking for SHA1 partial collisions. While partial collisions will occur as the number of keys grows, it will not be growing fast enough to result in an inability to retrieve all keys with a given 32bit ID from a server for many decades (even if you dedicate a machine to generating PGP keys and sending them to my key server). - VAB --- V. Alex Brennen Senior Systems Engineer IBM Certified Specialist e-TechServices.com IBM Business Partner Bus: 352.246.8553 Fax: 770.216.1877 vab@e-techservices.com http://www.e-techservices.com/people/vab/ From wk@gnupg.org Sun Mar 10 19:50:02 2002 From: wk@gnupg.org (Werner Koch) Date: Sun Mar 10 19:50:02 2002 Subject: duplicate keyid survey results In-Reply-To: (V Alex Brennen's message of "Sun, 10 Mar 2002 12:34:14 -0500 (EST)") References: Message-ID: <877kok9s72.fsf@alberti.gnupg.de> On Sun, 10 Mar 2002 12:34:14 -0500 (EST), V Alex Brennen said: > I included fp support, because I would like to soon write PGP > software that uses fp's to transmit key information in other GNUTLS has experimental OpenPGP support and it uses the fingerprint on my suggestion. Werner From dshaw@jabberwocky.com Sun Mar 10 20:30:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Mar 10 20:30:02 2002 Subject: duplicate keyid survey results In-Reply-To: References: <87n0xhdhrq.fsf@alberti.gnupg.de> Message-ID: <20020310192800.GA951@akamai.com> On Sun, Mar 10, 2002 at 12:34:14PM -0500, V Alex Brennen wrote: > I checked code into CVS that will allow CKS to support HKP style > queries by the 64 bit key ID, the full 128 bit v3 fp, or the full > 160 bit V4 fp. This feature will be available in the next release. > > Here are adapted HKP protocol examples: > > 32 bit key ID: > GET /pks/lookup?op=get&search=0x992A4B3F HTTP/1.0 > > 64 bit key ID: > GET /pks/lookup?op=get&search=0xFA920973992A4B3F HTTP/1.0 > > 128 bit key ID (v3) (one line wrapped by MTA): > GET /pks/lookup?op=get&search=0x0A75834DE6AB89F6BE869EB81DF4E517 HTTP/1.0 > > 160 bit key ID (v4) (one line wrapped by MTA): > GET /pks/lookup?op=get&search=0x0EC8B0E3052DFC4C208F76EBFA920973992A4B3F > HTTP/1.0 I think this is a good thing except for one problem. From the perspective of a program that is making a call to a keyserver via HKP, it has no way to know if the keyserver is pksd, CKS, or something else. Since only CKS supports this syntax, there is a problem. I guess it could try twice and fall back to the 32 bit key id if the keyserver returns an error with a fingerprint lookup. Something to be discussed in the RFC, I think. :) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From jharris@widomaker.com Sun Mar 10 22:46:02 2002 From: jharris@widomaker.com (Jason Harris) Date: Sun Mar 10 22:46:02 2002 Subject: lookups by fingerprint and long keyid (was Re: duplicate keyid survey results) In-Reply-To: <20020310192800.GA951@akamai.com> References: <87n0xhdhrq.fsf@alberti.gnupg.de> <20020310192800.GA951@akamai.com> Message-ID: <20020310214403.GA826@pm1-24.lft.widomaker.com> --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 10, 2002 at 02:28:00PM -0500, David Shaw wrote: > On Sun, Mar 10, 2002 at 12:34:14PM -0500, V Alex Brennen wrote: > > I checked code into CVS that will allow CKS to support HKP style=20 > > queries by the 64 bit key ID, the full 128 bit v3 fp, or the full > > 160 bit V4 fp. This feature will be available in the next release. > I think this is a good thing except for one problem. From the > perspective of a program that is making a call to a keyserver via HKP, > it has no way to know if the keyserver is pksd, CKS, or something > else. Since only CKS supports this syntax, there is a problem. I > guess it could try twice and fall back to the 32 bit key id if the > keyserver returns an error with a fingerprint lookup. Those are all valid concerns. Encryption programs will have to be modified accordingly, of course. However, even without support for the extensions in encryption programs, we can still benefit by having the features available for browser-based lookups. FWIW, it should be _very easy_ to add long keyid lookups to pks, iff we're all willing to get back a list of keys matching the corresponding _short_ keyid. Having pks return only matches by long keyid would require more work, but should also be possible. (Remember, there are 81 and 5 keys by duplicate long and short keyids, respectively, and a maximum of 3 keys with the same short keyid (0xDEADBEEF).) Having pks support lookups by fingerprint would require the addition of a new Berkeley DB Btree or Hash database file. This should be a straightforward (but non-trivial) programming task. (Also, only on the pgp-keyserver-folk list, I previously announced a proof of concept Perl program that allows lookups by fingerprints. The interface isn't HKP and some scripting would be required to keep the fingerprint and keyid data current, but all sorts of improvements are possible. (At any rate, I'm glad to have finally gotten some positive (though indirect) answers about the _perceived_ need for new types of key lookups.)) > Something to be discussed in the RFC, I think. :) As features which are optional to implement, I feel that they can go in immediately. I have already needed and performed lookups (mostly non-keyserver greps on pgpring(1) output) by fingerprint and long keyid. --=20 Jason Harris jharris@widomaker.com --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8i9OdSypIl9OdoOMRAiC1AJ9B/BHevtQR953ghkmoemiIjuqhfQCeJmq4 B+WpbY6x5/eslLlhURKVIHk= =qEq/ -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- From dshaw@jabberwocky.com Sun Mar 10 23:37:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Mar 10 23:37:02 2002 Subject: lookups by fingerprint and long keyid (was Re: duplicate keyid survey results) In-Reply-To: <20020310214403.GA826@pm1-24.lft.widomaker.com> References: <87n0xhdhrq.fsf@alberti.gnupg.de> <20020310192800.GA951@akamai.com> <20020310214403.GA826@pm1-24.lft.widomaker.com> Message-ID: <20020310223513.GB2316@akamai.com> On Sun, Mar 10, 2002 at 04:44:03PM -0500, Jason Harris wrote: > On Sun, Mar 10, 2002 at 02:28:00PM -0500, David Shaw wrote: > > Something to be discussed in the RFC, I think. :) > > As features which are optional to implement, I feel that they can go > in immediately. I have already needed and performed lookups (mostly > non-keyserver greps on pgpring(1) output) by fingerprint and long keyid. For browser-based lookups by human beings, fine. For any program-driven interface, it must be discussed first. Creating a feature that breaks compatibility with an existing server base needs at least a minute or two of thought before doing it. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From hironobu@h2np.net Mon Mar 11 00:43:01 2002 From: hironobu@h2np.net (Hironobu SUZUKI) Date: Mon Mar 11 00:43:01 2002 Subject: duplicate keyid survey results In-Reply-To: Your message of "Sun, 10 Mar 2002 12:47:17 EST." Message-ID: <200203102341.IAA01283@blue.h2np.net> > I don't believe this is true. While the potential to create 32 bit > key id collisions easily exists in v3, it is a hard problem in v4 Yes. But v3 must be supported. -- Hironobu SUZUKI E-Mail: hironobu@h2np.net URL: http://h2np.net From vab@cryptnet.net Mon Mar 11 00:57:02 2002 From: vab@cryptnet.net (V Alex Brennen) Date: Mon Mar 11 00:57:02 2002 Subject: duplicate keyid survey results In-Reply-To: <200203102341.IAA01283@blue.h2np.net> Message-ID: On Mon, 11 Mar 2002, Hironobu SUZUKI wrote: > On Sun, 10 Mar 2002, V. Alex Brennen wrote: > > > I don't believe this is true. While the potential to create 32 bit > > key id collisions easily exists in v3, it is a hard problem in v4 > > Yes. But v3 must be supported. In functionality, yes. But in security... well... IMHO, it's ok to just throw v3 people to the wolves - they know what they're using is not secure, that it is attackable, in many different ways. The fixes for the insecurities in v3 are what became part of v4. People really need to upgrade and stop using anything earlier than v4. Trying to secure v3 is like trying to secure Windows 98 as an internet server. LDAP has a max results modifier on queries, I encourage people to code something similar into keyservers to protect against server side DOS's rather than return a warning or partial results. - VAB --- V. Alex Brennen Senior Systems Engineer IBM Certified Specialist e-TechServices.com IBM Business Partner Bus: 352.246.8553 Fax: 770.216.1877 vab@e-techservices.com http://www.e-techservices.com/people/vab/ From hironobu@h2np.net Mon Mar 11 01:00:02 2002 From: hironobu@h2np.net (Hironobu SUZUKI) Date: Mon Mar 11 01:00:02 2002 Subject: duplicate keyid survey results In-Reply-To: Your message of "Sun, 10 Mar 2002 12:34:14 EST." Message-ID: <200203102357.IAA01304@blue.h2np.net> > 32 bit key ID: > 64 bit key ID: > 128 bit key ID (v3) (one line wrapped by MTA): > 160 bit key ID (v4) (one line wrapped by MTA): Retrieving by 64bit key ID was done. It is available via Web interface from http://www.openpksd.org/findkey/index.html openpksd's database has 32bit<->64bit key mapping table. It is easy to support 128 bit and 160 bit keyID. Long key reduces the possibility of collision but I'm wondering that handing cost of 128/160 bit key ID is suitable cost for keyserver. -- Hironobu SUZUKI E-Mail: hironobu@h2np.net URL: http://h2np.net From hironobu@h2np.net Mon Mar 11 01:08:01 2002 From: hironobu@h2np.net (Hironobu SUZUKI) Date: Mon Mar 11 01:08:01 2002 Subject: duplicate keyid survey results In-Reply-To: Your message of "Sun, 10 Mar 2002 18:50:38 EST." Message-ID: <200203110005.JAA01319@blue.h2np.net> > they know what they're using is not secure, that it is attackable, > in many different ways. The fixes for the insecurities in v3 are > what became part of v4. Some attacks are effective not only user client but also keyserver. If keyserver found duplicate key then return "Found duplicate key". It's OK. It's little cost. If keyserver found duplicate key then return all of key contents. It is a possibility of DoS not only user client but also keyserver. v3 is problem but we have to support. -- Hironobu SUZUKI E-Mail: hironobu@h2np.net URL: http://h2np.net From Jakob Breivik Grimstveit Mon Mar 11 08:44:02 2002 From: Jakob Breivik Grimstveit (Jakob Breivik Grimstveit) Date: Mon Mar 11 08:44:02 2002 Subject: Keyservers problem (win32) Message-ID: <603327296.20020311084152@grimstveit.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Whenever trying to access the keyservers using gpg, i only get the following answer (both at home using dialup and on work using broadband): > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ... > > gpg: write failed: ec=87 > gpg: can't connect to `search.keyserver.net:11371': No error > > Press any key to continue . . . Why is that? - -- Vyrdsamt... - - Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net - - Morvikbotn 341, 5122 Morvik. Tlf: 55195667, 48298152, 55239715 - - System Integrator, Star Shipping, jakob.grimstveit@starshipping.com Veni, vedi, VCR: I came, I saw, I dubbed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyMX8QACgkQTJM+uVReKBmF2QCfViwx/11DYh+fKh0eFZ3CWeke rPYAniG4T6+J5LF7GqBOvRgl60YiJPLZ =mVtZ -----END PGP SIGNATURE----- From schoech@iap-kborn.de Mon Mar 11 08:53:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Mon Mar 11 08:53:01 2002 Subject: Output In-Reply-To: <000501c1c84c$a9680200$efee6620@teeniebe9euk8d> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Frank ! > I had a problem getting an output from exporting the trustdb. It > seems that one was the only one I had problems with. Someone replyed > with a alternative command to output to a file. I believe it was > called a pipe, or consol redirect. Try gpg --export-ownertrust > trustdb.asc This is called console redirection and will work with most programmes. It tells Windows (or *nix) to print all normal output not to the screen but to a certain file. Error messages are still printed on the screen. &> file will redirect normal output and error messages to "file". This works with Linux, don't know whether it works with DOS/Windows. gpg --import-ownertrust < trustdb.asc should import the trust values from "trustdb.asc". This tells Windows/*nix to read all input from the file instead of reading from the keyboard. HTH, Armin - -- Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8jGHRG8Xv4GxznLoRAsP+AJ4184+nUOmK8RRE6ua0VZBzJ4Qq5ACgpaWC xUCzMvLXrfZcvJmh1PtaVhg=3D =3D0Nr+ -----END PGP SIGNATURE----- From schoech@iap-kborn.de Mon Mar 11 09:50:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Mon Mar 11 09:50:01 2002 Subject: Keyservers problem (win32) In-Reply-To: <603327296.20020311084152@grimstveit.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jakob ! > Whenever trying to access the keyservers using gpg, i only get the > following answer (both at home using dialup and on work using > broadband): > > > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ... > > > > gpg: write failed: ec=3D87 > > gpg: can't connect to `search.keyserver.net:11371': No error > > > > Press any key to continue . . . > > Why is that? Have you tried other keyservers ? There are problems with some of them. I use horowitz.surfnet.nl (as suggested by Werner Koch some time ago) and it works fine for me. HTH, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8jG88G8Xv4GxznLoRAkqmAKCRgC8h+8m8baD9s8fr2FomVoKHdQCdGGhG o+OpOWxsEMyt2+jqHdOhmm0=3D =3DMtLD -----END PGP SIGNATURE----- From schoech@iap-kborn.de Mon Mar 11 10:20:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Mon Mar 11 10:20:01 2002 Subject: Keyservers problem (win32) In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! > > > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ... > > > > > > gpg: write failed: ec=3D87 > > > gpg: can't connect to `search.keyserver.net:11371': No error > > > > > > Press any key to continue . . . > > > > Why is that? I look for the error message in the source code. It's produced in a routine called "write_server" in "util/http.c" and is Windows-specific. The error code 87 stands for "ERROR_INVALID_PARAMETER" as reported by the Windows-API function "GetLastError". I'm not running Windows so I can't reproduce it. Sorry that I have no better news for you. Maybe some of the developers can make more sense out of it. Bye, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8jHYzG8Xv4GxznLoRAjSQAJ0a9nR+DAVsRwE1MJaXO6yeAegZjwCgupLf WMZjbfc149BXGpR/BwkVeTQ=3D =3DVPfY -----END PGP SIGNATURE----- From Priscilla.McKerracher@jhuapl.edu Mon Mar 11 14:30:02 2002 From: Priscilla.McKerracher@jhuapl.edu (McKerracher, Priscilla) Date: Mon Mar 11 14:30:02 2002 Subject: unsubscribe me Message-ID: <6B3C0EEAB4FED3119F5F009027DC5E9E02F82458@spacemsg3.jhuapl.edu> Please unsubscribe me. SIG Section Supervisor priscilla_mckerracher@jhuapl.edu Johns Hopkins University Applied Physics Laboratory Johns Hopkins Road Laurel, MD 20723 443-778-4474 -----Original Message----- From: gnupg-users-request@gnupg.org [mailto:gnupg-users-request@gnupg.org] Sent: Sunday, March 10, 2002 6:06 AM To: gnupg-users@gnupg.org Subject: Gnupg-users digest, Vol 1 #549 - 8 msgs Send Gnupg-users mailing list submissions to gnupg-users@gnupg.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnupg.org/mailman/listinfo/gnupg-users or, via email, send a message with subject or body 'help' to gnupg-users-request@gnupg.org You can reach the person managing the list at gnupg-users-admin@gnupg.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Gnupg-users digest..." Today's Topics: 1. Re: missing documentation / rant (Oyvind A. Holm) 2. Re: blowfish in gnuPG 1.0.6 =? 256 bit (Marc Mutz) 3. Re: missing documentation / rant (Martin Blais) 4. Re: missing documentation / rant (Martin Blais) 5. Re: missing documentation / rant (Oyvind A. Holm) 6. Re: blowfish in gnuPG 1.0.6 =? 256 bit (Bob Mathews) 7. Announcement for OpenCDK (Timo Schulz) 8. Re: duplicate keyid survey results (Hironobu SUZUKI) --__--__-- Message: 1 Date: Sat, 9 Mar 2002 22:05:06 +0100 (CET) From: "Oyvind A. Holm" To: Martin Blais cc: gnupg-users@gnupg.org Subject: Re: missing documentation / rant -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2002-03-09 15:02 Martin Blais wrote: > another big one (for me and other friends): the default behaviour for > "gpg file.gpg" is to decrypt to a file "file", and apart from asking > for the passphrase it doesn't say it has output the PLAINTEXT to a > FILE. the user that is not careful might forget or not know that is > unencrypted document lies in the filesystem! that is a big problem! > IMHO that should not be the default behaviour, the default, just as > for input, should be that it outputs to stdout, just like --decrypt > does, and that using --decrypt should output to a file (plus we > should get a message that says so, every functionality that write > unencrypted data to the filesystem should warn the user). This can easily be avoided by using gpg | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +------------- Nostalgien er ikke hva den engang var. --------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8injqck6dU2KQIusRAtKpAJ9gfO/XcS9dXtKsImQyHN+TBwqNPACgpU7q BPIxa3uH1MeC0TOxlY77ii8=3D =3Ds1Ae -----END PGP SIGNATURE----- --__--__-- Message: 2 From: Marc Mutz To: uwe puchta , gnupg-users@gnupg.org Subject: Re: blowfish in gnuPG 1.0.6 =? 256 bit Date: Sat, 9 Mar 2002 22:28:08 +0100 Organization: Bielefeld University - Department of Physics -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 09 March 2002 12:55, uwe puchta wrote: > just a question out of curiosity: > what's the key size for Blowfish encryption? > is it 256 bit? > ... for both cipher-algo and s2k-cipher-algo > (if defined so in the options file or at the > command line) http://www.counterpane.com/blowfish.html - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8in5o3oWD+L2/6DgRAkvZAJwKaB7fZVJef25joMMlFlzFrvdyUACgjxzI YSMEWqB7kWW1Zc4idqMXsNw=3D =3DnndK -----END PGP SIGNATURE----- --__--__-- Message: 3 From: Martin Blais To: Werner Koch Subject: Re: missing documentation / rant Date: Sat, 9 Mar 2002 16:39:46 -0500 Cc: gnupg-users@gnupg.org On Saturday 09 March 2002 16:03, Werner Koch wrote: > On Sat, 9 Mar 2002 15:02:23 -0500, Martin Blais said: > > these options don't know show up in the man page. someone really ought to > > do the grunt work of cross-checking the man page documentation with the > > actual > > There are reasons for this. --dump-options is for example also not > listed in the man page. But hey, you have the source, so where is the > problem. there is no real problem, one of the users (me) is confused, and is making comments to the developers in order to allow them to improve the documentation of their software. i'd like to know what they are? it would be nice if there was a clear separation between options that are shown by --help and those that aren't and that are explained in the man page and manual (perhaps dub them "extended" or "private" options?). in any case, either the manual or documentation should reflect all options, right? i understand that documentation is difficult to keep up-to-date by a distributed team (and the handbook is actually quite impressive), but this is indeed a 1.0 release and for such an important release documentation should be polished... i wouldn't have bothered making comments for a development release, because i understand that. my own system is that i make it a requirement to releasing, i.e. i don't allow myself to release until i've updated the docs. if i want to release something i have to bite the bullet and slave at the docs. (and besides, sorry, but looking at the source doesn't qualify as documentation, which is what my comments are about. the beauty of oss is that i can if i want to (especially to make modifications), but that doesn't mean that all users of gpg SHOULD have to become acquainted with the source to find out what an option listed in --help is meant to do. i'm sure you'll agree with this.) > > fixed (and if so, why doesn't it do that by itself?). besides, i cannot > > figure out how to use check-trustdb, all i get is output like this: > > So don't use it. As said, there is a reason that it is not listed. well, it IS indeed listed in "gpg --help". i didn't mean to use it, i meant to understand what it does because it was listed, and is not documented, and that is why i was trying it. if i'm not meant to use it, then the problem is that it was listed. > BTW, the next version has it mentioned because this command has a real > use then. > > > also of interest: > > --allow-secret-key-import > > > > is not mentioned on the output of "gpg --help". i'm sure there are many > > If you try to import a secret key, a messge is printed, telling you to > use this option. Anyway, this option is just a temporary hack and not > anymore needed in 1.0.6d. Printing all 202 commands and options with cool. > --help make no sense, it is just too much and can't probably not be > understood without a more verbose description. Anyway, recent > versions do print: > > --photo-viewer Set command line to view Photo IDs > -N, --notation-data NAME=VALUE use this notation data > > (See the man page for a complete listing of all commands and options) that's exactly my point! is at least the man page complete? options that are listed in --help should at least also be in the man page. the opposite is not necessarily true, and some kind of grouping to acknowledge that is a nice way to let the user understand this (something like "basic options" and "extended options"). > There is nothing important missing, some things are maintainer only. > If you or the people attracted by encryption real want to get into it, > use the source. those maintainer-only options should then not be visible to the user if he's not to use them. all i'm arguing for, is that the maintainer/for-debug options be somehow marked as such or not visible. > > another big one (for me and other friends): the default behaviour for > > "gpg file.gpg" is to decrypt to a file "file", and apart from asking for > > the passphrase it doesn't say it has output the PLAINTEXT to a FILE. the > > Which is the correct behaviour of a Unix tool. Use --verbose to get > what you want. agreed, read on... > > lies in the filesystem! that is a big problem! IMHO that should not be > > the default behaviour, the default, just as for input, should be that it > > outputs to stdout, just like --decrypt does, and that using --decrypt > > should output > > A lot of tools do have this behaviour and it makes a lot of sense. IF > you want to have the output on stdout, send the input to stdin. i know i can use --decrypt and i do now (actually, you make me think, i'll try putting it in my options file). well, please consider that a default behaviour of writing plaintext files out to the filesystem is behaviour that does not foster trust in a program that is meant to provide data security for its user. i mean, there is a reason for that file to be encrypted in the first place. if i considered my filesystem permissions to be secure i probably wouldn't use encryption to store files on it. i have often forgotten to delete unencrypted files because of that (and even sometimes on my cd backups, which were recently robbed with the rest of the computing equipment. not a cool feeling. i agree that it is my fault because i misused gpg, but food for thought anyway. IMHO plaintext should only be written to files on request. consider it a security feature, and not a minor one---the user is less likely to make the mistake of decrypting to disk.) thanks for your quick answer. cheers, --__--__-- Message: 4 From: Martin Blais To: "Oyvind A. Holm" Subject: Re: missing documentation / rant Date: Sat, 9 Mar 2002 16:53:28 -0500 Cc: gnupg-users@gnupg.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 09 March 2002 16:05, Oyvind A. Holm wrote: > On 2002-03-09 15:02 Martin Blais wrote: > question is whether it should be changed on DOSish systems, as the > stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world. > But then it's a Bad Thing to make a program work differently in > different environments. That would lead to more trouble than it's > worth. good point, so i guess it cannot be changed. perhaps an option to alter that behaviour would be cool. that option could be put in the user's options file to get that behaviour. just my 2cents. thx again, -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyKhFwACgkQq2PmC9F3Xx3UBACfYWoQti6Qhn/RoAxZ2jSCLMAo axoAn35J/lP6Wt+P++ZDAcc48NK8STx8 =qCY2 -----END PGP SIGNATURE----- --__--__-- Message: 5 Date: Sat, 9 Mar 2002 23:30:32 +0100 (CET) From: "Oyvind A. Holm" To: Martin Blais cc: gnupg-users@gnupg.org Subject: Re: missing documentation / rant -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2002-03-09 16:53-0500 Martin Blais wrote: > On 2002-03-09 22:05:06+0100, Oyvind A. Holm wrote: > > Another question is whether it should be changed on DOSish systems, > > as the stdin/stdout thing is pretty unfamiliar in the DOS (aka > > windows) world. But then it's a Bad Thing to make a program work > > differently in different environments. That would lead to more > > trouble than it's worth. > > good point, so i guess it cannot be changed. > > perhaps an option to alter that behaviour would be cool. that option > could be put in the user's options file to get that behaviour. That seems like a good idea. Having an "always-stdout" option would be a good thing to have, especially when thinking of how hard it is to completely erase data from hard disks once it's written. After all, it's easy to redirect the output to a file. I still think the current behaviour should be the default, but I see no drawback in having an configuration option to achieve this behaviour. Regards, =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +----------- 2 + 2 =3D 5 for extremely large values of 2. ------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8iozTck6dU2KQIusRArY+AJ96aTJgFkdinstjIGrHTVr8xVpEygCfW5vi IRrTZmSXdnJ2DKSDp/sXVI8=3D =3DCiW9 -----END PGP SIGNATURE----- --__--__-- Message: 6 From: Bob Mathews To: Marc Mutz , uwe puchta , gnupg-users@gnupg.org Subject: Re: blowfish in gnuPG 1.0.6 =? 256 bit Date: Sat, 9 Mar 2002 14:36:45 -0800 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 09 March 2002 01:28 pm, Marc Mutz wrote: > On Saturday 09 March 2002 12:55, uwe puchta wrote: > > just a question out of curiosity: > > what's the key size for Blowfish encryption? > > is it 256 bit? > > ... for both cipher-algo and s2k-cipher-algo > > (if defined so in the options file or at the > > command line) > > > > http://www.counterpane.com/blowfish.html That page says that blowfish has a variable length key. However, according to RFC2440, OpenPGP uses blowfish with a 128-bit key. That applies to both the - --cipher-algo and --s2k-cipher-algo options. -bob mathews -----BEGIN PGP SIGNATURE----- Comment: What's this? http://bobmathews.home.mindspring.com/bob/ iD8DBQE8io5/PgDecCrBEpcRAvZyAJ9mepDoScVoV1vvpUvKvcFAhf8JVwCeIfCh 4qakEveOZBnTDcGg3j+pSOc= =RvAN -----END PGP SIGNATURE----- --__--__-- Message: 7 Date: Sun, 10 Mar 2002 00:22:24 +0100 From: Timo Schulz To: GnuPG Users Subject: Announcement for OpenCDK Reply-To: twoaday@freakmail.de Hi, I decided to create a library which implements basic parts of the RFC2440 (OpenPGP) message format. This library will be no replacement for any real OpenPGP application like PGP or GPG. The goals of the library are to provide an API for parsing packets and to work with OpenPGP keys. There is also some code for signing, verification, encrypt and decrypt, but this is only partly done. Some of the code based on GPG and for all crypto functions we referring to the libgcrypt library. This library is responsible for secure memory, random generation and other sentensive parts. Currently the library is work on progress, but for the people who want to take a look at it can find the source on this webpage: http://www.winpt.org/opencdk.html Of course the whole project is available under the terms of the GNU General Public License. Timo --__--__-- Message: 8 From: Hironobu SUZUKI To: David Shaw cc: pgp-keyserver-folk@flame.org, gnupg-users@gnupg.org Subject: Re: duplicate keyid survey results Date: Sun, 10 Mar 2002 10:23:55 +0900 I tried to send my e-mail to dshaw@jabberwocky.com from my two mail addresses, hironobu@h2np.net and hironobu@pgp.nic.ad.jp, but all of my e-mails were rejected. Please let me know another your e-mail address which I can send one. And I'm sorry for ML readers. Best Regards, -- Hironobu SUZUKI E-Mail: hironobu@h2np.net URL: http://h2np.net --__--__-- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users End of Gnupg-users Digest From e.sanchez@maximiles.com Mon Mar 11 15:18:02 2002 From: e.sanchez@maximiles.com (=?iso-8859-1?Q?Eduardo_S=E1nchez?=) Date: Mon Mar 11 15:18:02 2002 Subject: unsubscribe me In-Reply-To: <6B3C0EEAB4FED3119F5F009027DC5E9E02F82458@spacemsg3.jhuapl.edu> Message-ID: Please unsuscribe me too. > -----Mensaje original----- > De: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]En > nombre de McKerracher, Priscilla > Enviado el: lunes, 11 de marzo de 2002 14:27 > Para: 'gnupg-users@gnupg.org' > Asunto: unsubscribe me > > > Please unsubscribe me. > > SIG Section Supervisor > priscilla_mckerracher@jhuapl.edu > Johns Hopkins University > Applied Physics Laboratory > Johns Hopkins Road > Laurel, MD 20723 > 443-778-4474 > > -----Original Message----- > From: gnupg-users-request@gnupg.org > [mailto:gnupg-users-request@gnupg.org] > Sent: Sunday, March 10, 2002 6:06 AM > To: gnupg-users@gnupg.org > Subject: Gnupg-users digest, Vol 1 #549 - 8 msgs > > > Send Gnupg-users mailing list submissions to > gnupg-users@gnupg.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnupg.org/mailman/listinfo/gnupg-users > or, via email, send a message with subject or body 'help' to > gnupg-users-request@gnupg.org > > You can reach the person managing the list at > gnupg-users-admin@gnupg.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Gnupg-users digest..." > > > Today's Topics: > > 1. Re: missing documentation / rant (Oyvind A. Holm) > 2. Re: blowfish in gnuPG 1.0.6 =? 256 bit (Marc Mutz) > 3. Re: missing documentation / rant (Martin Blais) > 4. Re: missing documentation / rant (Martin Blais) > 5. Re: missing documentation / rant (Oyvind A. Holm) > 6. Re: blowfish in gnuPG 1.0.6 =? 256 bit (Bob Mathews) > 7. Announcement for OpenCDK (Timo Schulz) > 8. Re: duplicate keyid survey results (Hironobu SUZUKI) > > --__--__-- > > Message: 1 > Date: Sat, 9 Mar 2002 22:05:06 +0100 (CET) > From: "Oyvind A. Holm" > To: Martin Blais > cc: gnupg-users@gnupg.org > Subject: Re: missing documentation / rant > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 2002-03-09 15:02 Martin Blais wrote: > > another big one (for me and other friends): the default behaviour for > > "gpg file.gpg" is to decrypt to a file "file", and apart from asking > > for the passphrase it doesn't say it has output the PLAINTEXT to a > > FILE. the user that is not careful might forget or not know that is > > unencrypted document lies in the filesystem! that is a big problem! > > IMHO that should not be the default behaviour, the default, just as > > for input, should be that it outputs to stdout, just like --decrypt > > does, and that using --decrypt should output to a file (plus we > > should get a message that says so, every functionality that write > > unencrypted data to the filesystem should warn the user). > > This can easily be avoided by using > > gpg > The output will then be sent to stdout. IMHO the current behaviour of > GnuPG is correct. When specifying a file directly, GPG behaves the > similar way -- creating a file. This is the de facto way of doing > things in UNIX and I don't think that should be changed. Another > question is whether it should be changed on DOSish systems, as the > stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world. > But then it's a Bad Thing to make a program work differently in > different environments. That would lead to more trouble than it's > worth. > > Talking about stdin/stdout... I have to mention the horrible behaviour > by PGP 6.x. When I get encrypted mail, most of the time as armoured > text, I mark the text in my editor (joe) and filter it through GnuPG. > Works fine. One day I tried doing the same using PGP. It read from > stdin, but it did not send the output to stdout, instead it created a > file called "stdin" or something like that in the current directory > where i started my mail program. I must say I was shocked by this. I'd > _never_ think such a widespread program could have serious flaws like > this. If i remember correctly, one have to specify an option (-f or > something) to make PGP use stdin/stdout, but I still call it a flaw. If > it doesn't print to stdout, it should neither read from stdin. Indeed > PGP acts like a strange bird in an UNIX environment. > > Regards, > =D8yvind > > +-------------------------------------------------------------------+ > | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | > | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | > +------------- Nostalgien er ikke hva den engang var. --------------+ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > > iD8DBQE8injqck6dU2KQIusRAtKpAJ9gfO/XcS9dXtKsImQyHN+TBwqNPACgpU7q > BPIxa3uH1MeC0TOxlY77ii8=3D > =3Ds1Ae > -----END PGP SIGNATURE----- > > > > --__--__-- > > Message: 2 > From: Marc Mutz > To: uwe puchta , > gnupg-users@gnupg.org > Subject: Re: blowfish in gnuPG 1.0.6 =? 256 bit > Date: Sat, 9 Mar 2002 22:28:08 +0100 > Organization: Bielefeld University - Department of Physics > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Saturday 09 March 2002 12:55, uwe puchta wrote: > > just a question out of curiosity: > > what's the key size for Blowfish encryption? > > is it 256 bit? > > ... for both cipher-algo and s2k-cipher-algo > > (if defined so in the options file or at the > > command line) > > > http://www.counterpane.com/blowfish.html > > - --=20 > Marc Mutz > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE8in5o3oWD+L2/6DgRAkvZAJwKaB7fZVJef25joMMlFlzFrvdyUACgjxzI > YSMEWqB7kWW1Zc4idqMXsNw=3D > =3DnndK > -----END PGP SIGNATURE----- > > > > --__--__-- > > Message: 3 > From: Martin Blais > To: Werner Koch > Subject: Re: missing documentation / rant > Date: Sat, 9 Mar 2002 16:39:46 -0500 > Cc: gnupg-users@gnupg.org > > On Saturday 09 March 2002 16:03, Werner Koch wrote: > > On Sat, 9 Mar 2002 15:02:23 -0500, Martin Blais said: > > > these options don't know show up in the man page. someone really ought > to > > > do the grunt work of cross-checking the man page > documentation with the > > > actual > > > > There are reasons for this. --dump-options is for example also not > > listed in the man page. But hey, you have the source, so where is the > > problem. > > there is no real problem, one of the users (me) is confused, and > is making > comments to the developers in order to allow them to improve the > documentation of their software. > > i'd like to know what they are? it would be nice if there was a clear > separation between options that are shown by --help and those that aren't > and > that are explained in the man page and manual (perhaps dub them "extended" > or > "private" options?). in any case, either the manual or > documentation should > > reflect all options, right? > > i understand that documentation is difficult to keep up-to-date by a > distributed team (and the handbook is actually quite impressive), but this > is > indeed a 1.0 release and for such an important release > documentation should > be polished... i wouldn't have bothered making comments for a development > release, because i understand that. my own system is that i make it a > requirement to releasing, i.e. i don't allow myself to release until i've > updated the docs. if i want to release something i have to bite > the bullet > and slave at the docs. > > (and besides, sorry, but looking at the source doesn't qualify as > documentation, which is what my comments are about. the beauty of oss is > that > i can if i want to (especially to make modifications), but that > doesn't mean > > that all users of gpg SHOULD have to become acquainted with the source to > find out what an option listed in --help is meant to do. i'm sure you'll > agree with this.) > > > > > fixed (and if so, why doesn't it do that by itself?). > besides, i cannot > > > figure out how to use check-trustdb, all i get is output like this: > > > > So don't use it. As said, there is a reason that it is not listed. > > well, it IS indeed listed in "gpg --help". i didn't mean to use > it, i meant > > to understand what it does because it was listed, and is not > documented, and > > that is why i was trying it. if i'm not meant to use it, then the > problem is > > that it was listed. > > > > BTW, the next version has it mentioned because this command has a real > > use then. > > > > > also of interest: > > > --allow-secret-key-import > > > > > > is not mentioned on the output of "gpg --help". i'm sure > there are many > > > > If you try to import a secret key, a messge is printed, telling you to > > use this option. Anyway, this option is just a temporary hack and not > > anymore needed in 1.0.6d. Printing all 202 commands and options with > > cool. > > > > --help make no sense, it is just too much and can't probably not be > > understood without a more verbose description. Anyway, recent > > versions do print: > > > > --photo-viewer Set command line to view Photo IDs > > -N, --notation-data NAME=VALUE use this notation data > > > > > (See the man page for a complete listing of all commands and options) > > that's exactly my point! is at least the man page complete? options that > are > listed in --help should at least also be in the man page. the opposite is > not > necessarily true, and some kind of grouping to acknowledge that is a nice > way > to let the user understand this (something like "basic options" and > "extended > options"). > > > > > There is nothing important missing, some things are maintainer only. > > If you or the people attracted by encryption real want to get into it, > > use the source. > > those maintainer-only options should then not be visible to the > user if he's > > not to use them. all i'm arguing for, is that the maintainer/for-debug > options be somehow marked as such or not visible. > > > > > another big one (for me and other friends): the default behaviour for > > > "gpg file.gpg" is to decrypt to a file "file", and apart from > asking for > > > the passphrase it doesn't say it has output the PLAINTEXT to > a FILE. the > > > > Which is the correct behaviour of a Unix tool. Use --verbose to get > > what you want. > > agreed, read on... > > > > > lies in the filesystem! that is a big problem! IMHO that > should not be > > > the default behaviour, the default, just as for input, should > be that it > > > outputs to stdout, just like --decrypt does, and that using --decrypt > > > should output > > > > A lot of tools do have this behaviour and it makes a lot of sense. IF > > you want to have the output on stdout, send the input to stdin. > > i know i can use --decrypt and i do now (actually, you make me > think, i'll > try putting it in my options file). > > well, please consider that a default behaviour of writing plaintext files > out > to the filesystem is behaviour that does not foster trust in a > program that > is meant to provide data security for its user. i mean, there is a reason > for > that file to be encrypted in the first place. if i considered my > filesystem > permissions to be secure i probably wouldn't use encryption to store files > on > it. > > i have often forgotten to delete unencrypted files because of > that (and even > > sometimes on my cd backups, which were recently robbed with the > rest of the > computing equipment. not a cool feeling. i agree that it is my > fault because > > i misused gpg, but food for thought anyway. IMHO plaintext should only be > written to files on request. consider it a security feature, and > not a minor > > one---the user is less likely to make the mistake of decrypting to disk.) > > thanks for your quick answer. > cheers, > > > --__--__-- > > Message: 4 > From: Martin Blais > To: "Oyvind A. Holm" > Subject: Re: missing documentation / rant > Date: Sat, 9 Mar 2002 16:53:28 -0500 > Cc: gnupg-users@gnupg.org > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Saturday 09 March 2002 16:05, Oyvind A. Holm wrote: > > On 2002-03-09 15:02 Martin Blais wrote: > > question is whether it should be changed on DOSish systems, as the > > stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world. > > But then it's a Bad Thing to make a program work differently in > > different environments. That would lead to more trouble than it's > > worth. > > good point, so i guess it cannot be changed. > > perhaps an option to alter that behaviour would be cool. that option could > be > put in the user's options file to get that behaviour. > > just my 2cents. > thx again, > -----BEGIN PGP SIGNATURE----- > Comment: For info see http://www.gnupg.org > > iEYEARECAAYFAjyKhFwACgkQq2PmC9F3Xx3UBACfYWoQti6Qhn/RoAxZ2jSCLMAo > axoAn35J/lP6Wt+P++ZDAcc48NK8STx8 > =qCY2 > -----END PGP SIGNATURE----- > > > --__--__-- > > Message: 5 > Date: Sat, 9 Mar 2002 23:30:32 +0100 (CET) > From: "Oyvind A. Holm" > To: Martin Blais > cc: gnupg-users@gnupg.org > Subject: Re: missing documentation / rant > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 2002-03-09 16:53-0500 Martin Blais wrote: > > On 2002-03-09 22:05:06+0100, Oyvind A. Holm wrote: > > > Another question is whether it should be changed on DOSish systems, > > > as the stdin/stdout thing is pretty unfamiliar in the DOS (aka > > > windows) world. But then it's a Bad Thing to make a program work > > > differently in different environments. That would lead to more > > > trouble than it's worth. > > > > good point, so i guess it cannot be changed. > > > > perhaps an option to alter that behaviour would be cool. that option > > could be put in the user's options file to get that behaviour. > > That seems like a good idea. Having an "always-stdout" option would be > a good thing to have, especially when thinking of how hard it is to > completely erase data from hard disks once it's written. After all, > it's easy to redirect the output to a file. I still think the current > behaviour should be the default, but I see no drawback in having an > configuration option to achieve this behaviour. > > Regards, > =D8yvind > > +-------------------------------------------------------------------+ > | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | > | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | > +----------- 2 + 2 =3D 5 for extremely large values of 2. ------------+ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > > iD8DBQE8iozTck6dU2KQIusRArY+AJ96aTJgFkdinstjIGrHTVr8xVpEygCfW5vi > IRrTZmSXdnJ2DKSDp/sXVI8=3D > =3DCiW9 > -----END PGP SIGNATURE----- > > > > --__--__-- > > Message: 6 > From: Bob Mathews > To: Marc Mutz , > uwe puchta , gnupg-users@gnupg.org > Subject: Re: blowfish in gnuPG 1.0.6 =? 256 bit > Date: Sat, 9 Mar 2002 14:36:45 -0800 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Saturday 09 March 2002 01:28 pm, Marc Mutz wrote: > > On Saturday 09 March 2002 12:55, uwe puchta wrote: > > > just a question out of curiosity: > > > what's the key size for Blowfish encryption? > > > is it 256 bit? > > > ... for both cipher-algo and s2k-cipher-algo > > > (if defined so in the options file or at the > > > command line) > > > > > > > > http://www.counterpane.com/blowfish.html > > That page says that blowfish has a variable length key. However, according > to > RFC2440, OpenPGP uses blowfish with a 128-bit key. That applies > to both the > - --cipher-algo and --s2k-cipher-algo options. > > -bob mathews > > -----BEGIN PGP SIGNATURE----- > Comment: What's this? http://bobmathews.home.mindspring.com/bob/ > > iD8DBQE8io5/PgDecCrBEpcRAvZyAJ9mepDoScVoV1vvpUvKvcFAhf8JVwCeIfCh > 4qakEveOZBnTDcGg3j+pSOc= > =RvAN > -----END PGP SIGNATURE----- > > > --__--__-- > > Message: 7 > Date: Sun, 10 Mar 2002 00:22:24 +0100 > From: Timo Schulz > To: GnuPG Users > Subject: Announcement for OpenCDK > Reply-To: twoaday@freakmail.de > > > Hi, > > I decided to create a library which implements basic parts > of the RFC2440 (OpenPGP) message format. This library will > be no replacement for any real OpenPGP application like PGP > or GPG. The goals of the library are to provide an API for > parsing packets and to work with OpenPGP keys. > > There is also some code for signing, verification, encrypt > and decrypt, but this is only partly done. > > Some of the code based on GPG and for all crypto functions > we referring to the libgcrypt library. This library is responsible > for secure memory, random generation and other sentensive parts. > > Currently the library is work on progress, but for the people > who want to take a look at it can find the source on this webpage: > http://www.winpt.org/opencdk.html > > Of course the whole project is available under the terms of the > GNU General Public License. > > > Timo > > > > > > --__--__-- > > Message: 8 > From: Hironobu SUZUKI > To: David Shaw > cc: pgp-keyserver-folk@flame.org, gnupg-users@gnupg.org > Subject: Re: duplicate keyid survey results > Date: Sun, 10 Mar 2002 10:23:55 +0900 > > > I tried to send my e-mail to dshaw@jabberwocky.com from my two mail > addresses, hironobu@h2np.net and hironobu@pgp.nic.ad.jp, but all of my > e-mails were rejected. > > Please let me know another your e-mail address which I can send one. > > And I'm sorry for ML readers. > > Best Regards, > > > -- > Hironobu SUZUKI > E-Mail: hironobu@h2np.net > URL: http://h2np.net > > > > > --__--__-- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > End of Gnupg-users Digest > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From info@nakawe.se Mon Mar 11 15:28:02 2002 From: info@nakawe.se (Veronica Loell) Date: Mon Mar 11 15:28:02 2002 Subject: unsubscribe me Message-ID: <200203111426.PAA07866@d1o907.telia.com> Subscribing and unsubscribing can be done at the following adress, as noted in the introductory mail that I got when I subscribed... >http://lists.gnupg.org/mailman/listinfo/gnupg-users The mail also says: You can also make such adjustments via email by sending a message to: Gnupg-users-request@gnupg.org with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions I suggest that you try one of these things if you want to unsubscribe. - Veronica Loell From factotum@gvdnet.dk Mon Mar 11 16:17:01 2002 From: factotum@gvdnet.dk (Martin Christensen) Date: Mon Mar 11 16:17:01 2002 Subject: IDs, signatures and all that stuff Message-ID: <87ofhvp2fo.fsf@gvdnet.dk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Howdy! I've been trying to make sense of signatures and multiple IDs. If someone signs my public key and I subsequently create a new ID for that key, then it is not the case that the new ID by transitivity is signed by the signer. This makes perfect sense: if the signer can verify my identity as Dr. Jekyll and signs that ID, that does not mean that he will vouch for any Mr. Hyde IDs used for eating small children afterwards. But then people say that creating new IDs for an old key is better than creating an entirely new key, since creating a new key means that I have to start collecting signatures all over again. But by doing so, will I be that much better helped? Sure, people can see that my _other_ IDs have been signed, but that will require more than a quick glance, which is more than many people will give to most keys. Am I missing something here? Martin - -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using Mailcrypt+GnuPG iEYEARECAAYFAjyMyGsACgkQYu1fMmOQldXLWQCdEPEqTOcgIDCAsIYN13n/+DrU twsAn3DaIYRApoW8VLjD603JSaVnUolv =I/A5 -----END PGP SIGNATURE----- From JanuszA.Urbanowicz Mon Mar 11 16:24:01 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Mon Mar 11 16:24:01 2002 Subject: IDs, signatures and all that stuff In-Reply-To: <87ofhvp2fo.fsf@gvdnet.dk> from Martin Christensen at "Mar 11, 2002 04:08:27 pm" Message-ID: Martin Christensen wrote/napisa=B3[a]/schrieb: > But then people say that creating new IDs for an old key is better > than creating an entirely new key, since creating a new key means that > I have to start collecting signatures all over again. But by doing so, > will I be that much better helped? Sure, people can see that my > _other_ IDs have been signed, but that will require more than a quick > glance, which is more than many people will give to most keys. >=20 > Am I missing something here? I believe that you miss teh fact that key trust is calculated on per-key and not on per-user ID basis. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From factotum@gvdnet.dk Mon Mar 11 17:14:01 2002 From: factotum@gvdnet.dk (Martin Christensen) Date: Mon Mar 11 17:14:01 2002 Subject: IDs, signatures and all that stuff In-Reply-To: ("Janusz A. Urbanowicz"'s message of "Mon, 11 Mar 2002 16:13:04 +0100 (CET)") References: Message-ID: <87k7sjozu9.fsf@gvdnet.dk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Janusz" == Janusz A Urbanowicz writes: Janusz> I believe that you miss teh fact that key trust is calculated Janusz> on per-key and not on per-user ID basis. Wouldn't that mean that I could create ad hoc bogus IDs for causing general mayhem? Martin - -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using Mailcrypt+GnuPG iEYEARECAAYFAjyM1Y4ACgkQYu1fMmOQldW5rgCePYJP0P1yFrlM7sIGigvuNzbB akMAn0Q2aW64/lNUiJCDFv1LawkGm1/X =nUBt -----END PGP SIGNATURE----- From bob@cps92.com Mon Mar 11 17:30:01 2002 From: bob@cps92.com (Bob Metelsky) Date: Mon Mar 11 17:30:01 2002 Subject: File limit size?? >4G Message-ID: <3C8CDAFE.84009AD6@cps92.com> Hello All Do we know if there is a limit on file sizes? I have a 4 + Gig file that Im encrypting , the file allegedly encrypts without error but when I decrypt I get the following error(s) invalid packet ctb=72 invalid packet ctb=69 Warning encrypted message has been manipulated! dont know invalid packet ctb=70 Any suggestions??? many thanks in advance bob From rmalayter@bai.org Mon Mar 11 17:58:01 2002 From: rmalayter@bai.org (Ryan Malayter) Date: Mon Mar 11 17:58:01 2002 Subject: Cipher/hash for passphrase in PGP 7.0 Message-ID: <22FD1855C2B16C40A1F6DE406420021E0187F840@mail.bai.org> Does anybody know what hash algorithm and symmetric cipher PGP v7.x uses on private key material? I've tried many combinations of different cipher/hash algorithms, but I can only seem to export a secret key and use it successfully in PGP 7.x when it has *no* passphrase. I've tried Blowfish/RIPEMD-160 (the GnuPG default), and all the combinations of 3des, CAST, RIJNDAEL and SHA1, with no success. Regards, -ryan- From broonie@sirena.org.uk Mon Mar 11 18:30:01 2002 From: broonie@sirena.org.uk (Mark Brown) Date: Mon Mar 11 18:30:01 2002 Subject: IDs, signatures and all that stuff In-Reply-To: <87k7sjozu9.fsf@gvdnet.dk> References: <87k7sjozu9.fsf@gvdnet.dk> Message-ID: <20020311172807.GD685@sirena.org.uk> --xaMk4Io5JJdpkLEb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 11, 2002 at 05:04:30PM +0100, Martin Christensen wrote: > >>>>> "Janusz" =3D=3D Janusz A Urbanowicz writes: > Janusz> I believe that you miss teh fact that key trust is calculated > Janusz> on per-key and not on per-user ID basis. > Wouldn't that mean that I could create ad hoc bogus IDs for causing > general mayhem? Not really. The trust he's talking about is not for your IDs, it's for trusting your signatures on other people's keys. If you've got two IDs on your key, one very widely signed and one not signed except by yourself your signature on other people's keys will still come into play on the web of trust even though your second ID might not be verifiable. --=20 "You grabbed my hand and we fell into it, like a daydream - or a fever." --xaMk4Io5JJdpkLEb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8jOknJ2Vo11xhU60RArtVAJ90eDDUb17Ftce/Cu2nUO3WE9bdJgCg8F/4 hyh/v5jhNOVFKBy8IopxFTI= =AxVz -----END PGP SIGNATURE----- --xaMk4Io5JJdpkLEb-- From Lgom347@cs.com Mon Mar 11 19:42:02 2002 From: Lgom347@cs.com (Lgom347@cs.com) Date: Mon Mar 11 19:42:02 2002 Subject: (no subject) Message-ID: <36.24604222.29be53e7@cs.com> My Windows 98 claims to be missing file: C:\PROGRA~1\CARBON~1\ccw32.vxd. Can someone help me fix this problem. From mutz@kde.org Mon Mar 11 20:07:01 2002 From: mutz@kde.org (Marc Mutz) Date: Mon Mar 11 20:07:01 2002 Subject: Cipher/hash for passphrase in PGP 7.0 In-Reply-To: <22FD1855C2B16C40A1F6DE406420021E0187F840@mail.bai.org> References: <22FD1855C2B16C40A1F6DE406420021E0187F840@mail.bai.org> Message-ID: <200203111957.42180@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 11 March 2002 17:55, Ryan Malayter wrote: > Does anybody know what hash algorithm and symmetric cipher PGP v7.x > uses on private key material? The problem is the cipher. It's IDEA. > I've tried many combinations of > different cipher/hash algorithms, but I can only seem to export a > secret key and use it successfully in PGP 7.x when it has *no* > passphrase. You hit the nail on the head, as we say in Germany. Marc - -- Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8jP4k3oWD+L2/6DgRAgWXAJ9HHQ6/5L2mSerlMsdA1a6rSYxtSwCfYUVS dtbiWcgwZccP40IqHmvFQzw= =KFs5 -----END PGP SIGNATURE----- From bart.martens@advalvas.be Mon Mar 11 20:13:02 2002 From: bart.martens@advalvas.be (Bart Martens) Date: Mon Mar 11 20:13:02 2002 Subject: Keyservers problem (win32) In-Reply-To: <603327296.20020311084152@grimstveit.net>; from jakob@grimstveit.net on Mon, Mar 11, 2002 at 08:41:52AM +0100 References: <603327296.20020311084152@grimstveit.net> Message-ID: <20020311202452.D1858@cable-195-162-215-141.upc.chello.be> On Mon, Mar 11, 2002 at 08:41:52AM +0100, Jakob Breivik Grimstveit wrote: > Whenever trying to access the keyservers using gpg, i only get the > following answer (both at home using dialup and on work using > broadband): > > > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ... > > > > gpg: write failed: ec=87 > > gpg: can't connect to `search.keyserver.net:11371': No error > > > > Press any key to continue . . . > > Why is that? Other keyservers work fine, like wwwkeys.pgp.net . I have a similar problem here, also with search.keyserver.net, but not allways. See: bart@cable-195-162-215-141:~$ gpg --keyserver search.keyserver.net --recv-key FBA6ECF1 gpg: requesting key FBA6ECF1 from search.keyserver.net ... gpg: [fd 5]: read error: Connection reset by peer gpg: no valid OpenPGP data found. gpg: read_block: read error: invalid keyring gpg: Total number processed: 0 bart@cable-195-162-215-141:~$ gpg --keyserver search.keyserver.net --recv-key FBA6ECF1 gpg: requesting key FBA6ECF1 from search.keyserver.net ... gpg: key FBA6ECF1: not changed gpg: Total number processed: 1 gpg: unchanged: 1 bart@cable-195-162-215-141:~$ As you can see, the first time it failed, the second time it succeeds. I'm going to trace this, when I have some spare time. For now I use wwwkeys.pgp.net as the default keyserver (in ~/.gnupg/options). Bart Martens From factotum@gvdnet.dk Mon Mar 11 20:43:01 2002 From: factotum@gvdnet.dk (Martin Christensen) Date: Mon Mar 11 20:43:01 2002 Subject: IDs, signatures and all that stuff In-Reply-To: <20020311172807.GD685@sirena.org.uk> (Mark Brown's message of "Mon, 11 Mar 2002 17:28:07 +0000") References: <87k7sjozu9.fsf@gvdnet.dk> <20020311172807.GD685@sirena.org.uk> Message-ID: <87y9gyoq4o.fsf@gvdnet.dk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Mark" == Mark Brown writes: >> Wouldn't that mean that I could create ad hoc bogus IDs for causing >> general mayhem? Mark> Not really. The trust he's talking about is not for your IDs, Mark> it's for trusting your signatures on other people's keys. If Mark> you've got two IDs on your key, one very widely signed and one Mark> not signed except by yourself your signature on other people's Mark> keys will still come into play on the web of trust even though Mark> your second ID might not be verifiable. I'm starting to feel rather stupid now, like a fairly intelligent bloke such as myself _should_ grok this model without even blinking. I wonder, then, how Joe Luser then is expected to understand a word of it, especially given an assumed very low interest in technical matters by default. Anyway, I digress. I am failing to see a couple of things here. Signatures are the glue of the web of trust model, and trust is calculated on a per-key basis, not on a per-ID basis. Then what is the point in signing IDs? But on the other hand, if there's no signing on a per-ID basis, then, after getting a number of signatures, someone might create bogus IDs. I don't think that I'm mixing up trust and signatures here... but who knows? Signatures should be all about verifying people's identities, but in creating a new ID, how do I avoid having to have that particular signed all over again[1]? Needless to say, pulling keys out of the web of trust is a Bad Thing(tm), but that doesn't seem to be the argument that most people make when they tell you to make a new ID rather than a new key. The current system makes relatively good sense, but to me it doesn't seem to make _perfect_ sense. ARGH! Martin [1] I guess that once someone has signed your key once, and therefore should trust that you are who you say you are, then, because they trust your key, they'll not be reluctant to sign a reasonable new ID. - -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using Mailcrypt+GnuPG iEYEARECAAYFAjyNBrcACgkQYu1fMmOQldXENgCfdwG4ylntuPqhEc1glOaqRHvw v3wAoLuAQ6TAsITeTQO1xsZdrvP5PoVE =hdPS -----END PGP SIGNATURE----- From Jakob Breivik Grimstveit Mon Mar 11 20:47:02 2002 From: Jakob Breivik Grimstveit (Jakob Breivik Grimstveit) Date: Mon Mar 11 20:47:02 2002 Subject: Re[2]: Keyservers problem (win32) In-Reply-To: <20020311202452.D1858@cable-195-162-215-141.upc.chello.be> References: <603327296.20020311084152@grimstveit.net> <20020311202452.D1858@cable-195-162-215-141.upc.chello.be> Message-ID: <19456286375.20020311204444@grimstveit.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 11.03.2002 20:24, Bart Martens wrote the following: > On Mon, Mar 11, 2002 at 08:41:52AM +0100, Jakob Breivik Grimstveit wrote: >> Whenever trying to access the keyservers using gpg, i only get the >> following answer (both at home using dialup and on work using >> broadband): >> >> > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ... >> > >> > gpg: write failed: ec=87 >> > gpg: can't connect to `search.keyserver.net:11371': No error >> > >> > Press any key to continue . . . >> >> Why is that? > Other keyservers work fine, like wwwkeys.pgp.net . I have a similar > problem here, also with search.keyserver.net, but not allways. See: Well, it always happens for me, on to seperate computers (WinXP & W2k), on different internet connections (dialup & broadband). > As you can see, the first time it failed, the second time it succeeds. > I'm going to trace this, when I have some spare time. For now I use > wwwkeys.pgp.net as the default keyserver (in ~/.gnupg/options). I tried. 15 times. Every time I get the same response "No error". Satisfying message :). - -- Vyrdsamt... - - Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net - - Morvikbotn 341, 5122 Morvik. Tlf: 55195667, 48298152, PGP:0xB68BA32F - - System Integrator, Star Shipping, jakob.grimstveit@starshipping.com I never get lost, just momentarily disoriented. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iD8DBQE8jQktTJM+uVReKBkRAtEUAJ0fbTJvU1On3d5SfqxCv/S76QR2FQCcDgdv wIyW54EEaWL88PEVkXcYaC8= =gRV8 -----END PGP SIGNATURE----- From dan@40hex.org Tue Mar 12 03:09:02 2002 From: dan@40hex.org (Dan Stahlke) Date: Tue Mar 12 03:09:02 2002 Subject: scripts and include directories missing in 1.0.6 Message-ID: <20020311170315.A17855@acidtrip> The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, preventing compilation. Gpg compiles just fine if I use gnupg-1.0.5 and the 1.0.6 patch file. From schoech@iap-kborn.de Tue Mar 12 08:54:02 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Tue Mar 12 08:54:02 2002 Subject: scripts and include directories missing in 1.0.6 In-Reply-To: <20020311170315.A17855@acidtrip> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dan ! > The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, preventing > compilation. Where did you get the archieve from ? I downloaded it from www.gnupg.org a couple of days ago and it worked just fine. I can email it to you privately if you want me to (it's about 1.9MB); just tell me on my private mail. Thanks, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8jbNPG8Xv4GxznLoRArw5AKCFOGWPE1yRlc7a/KBAXhorQzCa4ACgyPnp trGUdquNvHBx2X6puCcfdOM=3D =3D3rDy -----END PGP SIGNATURE----- From wk@gnupg.org Tue Mar 12 11:30:02 2002 From: wk@gnupg.org (Werner Koch) Date: Tue Mar 12 11:30:02 2002 Subject: scripts and include directories missing in 1.0.6 In-Reply-To: <20020311170315.A17855@acidtrip> (Dan Stahlke's message of "Mon, 11 Mar 2002 17:03:15 -0900") References: <20020311170315.A17855@acidtrip> Message-ID: <87sn762iaf.fsf@alberti.gnupg.de> On Mon, 11 Mar 2002 17:03:15 -0900, Dan Stahlke said: > The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, No: $ tar tzvf gnupg-1.0.6.tar.gz | grep include -rw-r--r-- 1000/1000 25742 2001-04-27 16:42:25 gnupg-1.0.6/acinclude.m4 drwxrwxr-x 1000/1000 0 2001-05-29 08:59:18 gnupg-1.0.6/include/ -rw-rw-r-- 1000/1000 100 1999-02-20 21:45:39 gnupg-1.0.6/include/distfiles Done on the FTP server. From where did you get your copy or are you just short on local disk space? Werner From Priscilla.McKerracher@jhuapl.edu Tue Mar 12 13:28:01 2002 From: Priscilla.McKerracher@jhuapl.edu (McKerracher, Priscilla) Date: Tue Mar 12 13:28:01 2002 Subject: help unsubscribe Message-ID: <6B3C0EEAB4FED3119F5F009027DC5E9E02F82477@spacemsg3.jhuapl.edu> Please unsubscribe me. SIG Section Supervisor priscilla_mckerracher@jhuapl.edu Johns Hopkins University Applied Physics Laboratory Johns Hopkins Road Laurel, MD 20723 443-778-4474 -----Original Message----- From: gnupg-users-request@gnupg.org [mailto:gnupg-users-request@gnupg.org] Sent: Tuesday, March 12, 2002 6:06 AM To: gnupg-users@gnupg.org Subject: Gnupg-users digest, Vol 1 #553 - 15 msgs Send Gnupg-users mailing list submissions to gnupg-users@gnupg.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnupg.org/mailman/listinfo/gnupg-users or, via email, send a message with subject or body 'help' to gnupg-users-request@gnupg.org You can reach the person managing the list at gnupg-users-admin@gnupg.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Gnupg-users digest..." Today's Topics: 1. RE: unsubscribe me (Veronica Loell) 2. IDs, signatures and all that stuff (Martin Christensen) 3. Re: IDs, signatures and all that stuff (JanuszA.Urbanowicz) 4. Re: IDs, signatures and all that stuff (Martin Christensen) 5. File limit size?? >4G (Bob Metelsky) 6. Cipher/hash for passphrase in PGP 7.0 (Ryan Malayter) 7. Re: IDs, signatures and all that stuff (Mark Brown) 8. (no subject) (Lgom347@cs.com) 9. Re: Cipher/hash for passphrase in PGP 7.0 (Marc Mutz) 10. Re: Keyservers problem (win32) (Bart Martens) 11. Re: IDs, signatures and all that stuff (Martin Christensen) 12. Re[2]: Keyservers problem (win32) (Jakob Breivik Grimstveit) 13. scripts and include directories missing in 1.0.6 (Dan Stahlke) 14. Re: scripts and include directories missing in 1.0.6 (=?iso-8859-1?Q?Armin_Sch=F6ch?=) 15. Re: scripts and include directories missing in 1.0.6 (Werner Koch) --__--__-- Message: 1 Date: Mon, 11 Mar 2002 15:27:04 +0100 (W. Europe Standard Time) From: Veronica Loell To: gnupg-users@gnupg.org Subject: RE: unsubscribe me Reply-To: info@nakawe.se Organization: Nakawe data Subscribing and unsubscribing can be done at the following adress, as noted in the introductory mail that I got when I subscribed... >http://lists.gnupg.org/mailman/listinfo/gnupg-users The mail also says: You can also make such adjustments via email by sending a message to: Gnupg-users-request@gnupg.org with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions I suggest that you try one of these things if you want to unsubscribe. - Veronica Loell --__--__-- Message: 2 To: gnupg-users@gnupg.org Subject: IDs, signatures and all that stuff From: Martin Christensen Date: Mon, 11 Mar 2002 16:08:27 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Howdy! I've been trying to make sense of signatures and multiple IDs. If someone signs my public key and I subsequently create a new ID for that key, then it is not the case that the new ID by transitivity is signed by the signer. This makes perfect sense: if the signer can verify my identity as Dr. Jekyll and signs that ID, that does not mean that he will vouch for any Mr. Hyde IDs used for eating small children afterwards. But then people say that creating new IDs for an old key is better than creating an entirely new key, since creating a new key means that I have to start collecting signatures all over again. But by doing so, will I be that much better helped? Sure, people can see that my _other_ IDs have been signed, but that will require more than a quick glance, which is more than many people will give to most keys. Am I missing something here? Martin - -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using Mailcrypt+GnuPG iEYEARECAAYFAjyMyGsACgkQYu1fMmOQldXLWQCdEPEqTOcgIDCAsIYN13n/+DrU twsAn3DaIYRApoW8VLjD603JSaVnUolv =I/A5 -----END PGP SIGNATURE----- --__--__-- Message: 3 Subject: Re: IDs, signatures and all that stuff To: Martin Christensen Date: Mon, 11 Mar 2002 16:13:04 +0100 (CET) CC: gnupg-users@gnupg.org From: Janusz A. Urbanowicz Martin Christensen wrote/napisa=B3[a]/schrieb: > But then people say that creating new IDs for an old key is better > than creating an entirely new key, since creating a new key means that > I have to start collecting signatures all over again. But by doing so, > will I be that much better helped? Sure, people can see that my > _other_ IDs have been signed, but that will require more than a quick > glance, which is more than many people will give to most keys. >=20 > Am I missing something here? I believe that you miss teh fact that key trust is calculated on per-key and not on per-user ID basis. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 --__--__-- Message: 4 To: gnupg-users@gnupg.org Subject: Re: IDs, signatures and all that stuff From: Martin Christensen Date: Mon, 11 Mar 2002 17:04:30 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Janusz" == Janusz A Urbanowicz writes: Janusz> I believe that you miss teh fact that key trust is calculated Janusz> on per-key and not on per-user ID basis. Wouldn't that mean that I could create ad hoc bogus IDs for causing general mayhem? Martin - -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using Mailcrypt+GnuPG iEYEARECAAYFAjyM1Y4ACgkQYu1fMmOQldW5rgCePYJP0P1yFrlM7sIGigvuNzbB akMAn0Q2aW64/lNUiJCDFv1LawkGm1/X =nUBt -----END PGP SIGNATURE----- --__--__-- Message: 5 Date: Mon, 11 Mar 2002 11:27:42 -0500 From: Bob Metelsky Organization: Continuum Performance Systems To: gnupg-users@gnupg.org Subject: File limit size?? >4G Hello All Do we know if there is a limit on file sizes? I have a 4 + Gig file that Im encrypting , the file allegedly encrypts without error but when I decrypt I get the following error(s) invalid packet ctb=72 invalid packet ctb=69 Warning encrypted message has been manipulated! dont know invalid packet ctb=70 Any suggestions??? many thanks in advance bob --__--__-- Message: 6 From: Ryan Malayter To: "'gnupg-users@gnupg.org'" Subject: Cipher/hash for passphrase in PGP 7.0 Date: Mon, 11 Mar 2002 10:55:24 -0600 Does anybody know what hash algorithm and symmetric cipher PGP v7.x uses on private key material? I've tried many combinations of different cipher/hash algorithms, but I can only seem to export a secret key and use it successfully in PGP 7.x when it has *no* passphrase. I've tried Blowfish/RIPEMD-160 (the GnuPG default), and all the combinations of 3des, CAST, RIJNDAEL and SHA1, with no success. Regards, -ryan- --__--__-- Message: 7 Date: Mon, 11 Mar 2002 17:28:07 +0000 From: Mark Brown To: gnupg-users@gnupg.org Subject: Re: IDs, signatures and all that stuff --xaMk4Io5JJdpkLEb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 11, 2002 at 05:04:30PM +0100, Martin Christensen wrote: > >>>>> "Janusz" =3D=3D Janusz A Urbanowicz writes: > Janusz> I believe that you miss teh fact that key trust is calculated > Janusz> on per-key and not on per-user ID basis. > Wouldn't that mean that I could create ad hoc bogus IDs for causing > general mayhem? Not really. The trust he's talking about is not for your IDs, it's for trusting your signatures on other people's keys. If you've got two IDs on your key, one very widely signed and one not signed except by yourself your signature on other people's keys will still come into play on the web of trust even though your second ID might not be verifiable. --=20 "You grabbed my hand and we fell into it, like a daydream - or a fever." --xaMk4Io5JJdpkLEb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8jOknJ2Vo11xhU60RArtVAJ90eDDUb17Ftce/Cu2nUO3WE9bdJgCg8F/4 hyh/v5jhNOVFKBy8IopxFTI= =AxVz -----END PGP SIGNATURE----- --xaMk4Io5JJdpkLEb-- --__--__-- Message: 8 From: Lgom347@cs.com Date: Mon, 11 Mar 2002 13:39:35 EST Subject: (no subject) To: gnupg-users@gnupg.org My Windows 98 claims to be missing file: C:\PROGRA~1\CARBON~1\ccw32.vxd. Can someone help me fix this problem. --__--__-- Message: 9 Date: Mon, 11 Mar 2002 19:57:40 +0100 From: Marc Mutz Subject: Re: Cipher/hash for passphrase in PGP 7.0 To: Ryan Malayter , "'gnupg-users@gnupg.org'" Organization: KDE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 11 March 2002 17:55, Ryan Malayter wrote: > Does anybody know what hash algorithm and symmetric cipher PGP v7.x > uses on private key material? The problem is the cipher. It's IDEA. > I've tried many combinations of > different cipher/hash algorithms, but I can only seem to export a > secret key and use it successfully in PGP 7.x when it has *no* > passphrase. You hit the nail on the head, as we say in Germany. Marc - -- Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8jP4k3oWD+L2/6DgRAgWXAJ9HHQ6/5L2mSerlMsdA1a6rSYxtSwCfYUVS dtbiWcgwZccP40IqHmvFQzw= =KFs5 -----END PGP SIGNATURE----- --__--__-- Message: 10 Date: Mon, 11 Mar 2002 20:24:52 +0100 From: Bart Martens To: Jakob Breivik Grimstveit Cc: gnupg-users@gnupg.org Subject: Re: Keyservers problem (win32) Reply-To: bart.martens@advalvas.be On Mon, Mar 11, 2002 at 08:41:52AM +0100, Jakob Breivik Grimstveit wrote: > Whenever trying to access the keyservers using gpg, i only get the > following answer (both at home using dialup and on work using > broadband): > > > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ... > > > > gpg: write failed: ec=87 > > gpg: can't connect to `search.keyserver.net:11371': No error > > > > Press any key to continue . . . > > Why is that? Other keyservers work fine, like wwwkeys.pgp.net . I have a similar problem here, also with search.keyserver.net, but not allways. See: bart@cable-195-162-215-141:~$ gpg --keyserver search.keyserver.net --recv-key FBA6ECF1 gpg: requesting key FBA6ECF1 from search.keyserver.net ... gpg: [fd 5]: read error: Connection reset by peer gpg: no valid OpenPGP data found. gpg: read_block: read error: invalid keyring gpg: Total number processed: 0 bart@cable-195-162-215-141:~$ gpg --keyserver search.keyserver.net --recv-key FBA6ECF1 gpg: requesting key FBA6ECF1 from search.keyserver.net ... gpg: key FBA6ECF1: not changed gpg: Total number processed: 1 gpg: unchanged: 1 bart@cable-195-162-215-141:~$ As you can see, the first time it failed, the second time it succeeds. I'm going to trace this, when I have some spare time. For now I use wwwkeys.pgp.net as the default keyserver (in ~/.gnupg/options). Bart Martens --__--__-- Message: 11 To: gnupg-users@gnupg.org Subject: Re: IDs, signatures and all that stuff From: Martin Christensen Date: Mon, 11 Mar 2002 20:34:15 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Mark" == Mark Brown writes: >> Wouldn't that mean that I could create ad hoc bogus IDs for causing >> general mayhem? Mark> Not really. The trust he's talking about is not for your IDs, Mark> it's for trusting your signatures on other people's keys. If Mark> you've got two IDs on your key, one very widely signed and one Mark> not signed except by yourself your signature on other people's Mark> keys will still come into play on the web of trust even though Mark> your second ID might not be verifiable. I'm starting to feel rather stupid now, like a fairly intelligent bloke such as myself _should_ grok this model without even blinking. I wonder, then, how Joe Luser then is expected to understand a word of it, especially given an assumed very low interest in technical matters by default. Anyway, I digress. I am failing to see a couple of things here. Signatures are the glue of the web of trust model, and trust is calculated on a per-key basis, not on a per-ID basis. Then what is the point in signing IDs? But on the other hand, if there's no signing on a per-ID basis, then, after getting a number of signatures, someone might create bogus IDs. I don't think that I'm mixing up trust and signatures here... but who knows? Signatures should be all about verifying people's identities, but in creating a new ID, how do I avoid having to have that particular signed all over again[1]? Needless to say, pulling keys out of the web of trust is a Bad Thing(tm), but that doesn't seem to be the argument that most people make when they tell you to make a new ID rather than a new key. The current system makes relatively good sense, but to me it doesn't seem to make _perfect_ sense. ARGH! Martin [1] I guess that once someone has signed your key once, and therefore should trust that you are who you say you are, then, because they trust your key, they'll not be reluctant to sign a reasonable new ID. - -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using Mailcrypt+GnuPG iEYEARECAAYFAjyNBrcACgkQYu1fMmOQldXENgCfdwG4ylntuPqhEc1glOaqRHvw v3wAoLuAQ6TAsITeTQO1xsZdrvP5PoVE =hdPS -----END PGP SIGNATURE----- --__--__-- Message: 12 Date: Mon, 11 Mar 2002 20:44:44 +0100 From: Jakob Breivik Grimstveit Reply-To: Jakob Breivik Grimstveit To: bart.martens@advalvas.be CC: gnupg-users@gnupg.org Subject: Re[2]: Keyservers problem (win32) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 11.03.2002 20:24, Bart Martens wrote the following: > On Mon, Mar 11, 2002 at 08:41:52AM +0100, Jakob Breivik Grimstveit wrote: >> Whenever trying to access the keyservers using gpg, i only get the >> following answer (both at home using dialup and on work using >> broadband): >> >> > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ... >> > >> > gpg: write failed: ec=87 >> > gpg: can't connect to `search.keyserver.net:11371': No error >> > >> > Press any key to continue . . . >> >> Why is that? > Other keyservers work fine, like wwwkeys.pgp.net . I have a similar > problem here, also with search.keyserver.net, but not allways. See: Well, it always happens for me, on to seperate computers (WinXP & W2k), on different internet connections (dialup & broadband). > As you can see, the first time it failed, the second time it succeeds. > I'm going to trace this, when I have some spare time. For now I use > wwwkeys.pgp.net as the default keyserver (in ~/.gnupg/options). I tried. 15 times. Every time I get the same response "No error". Satisfying message :). - -- Vyrdsamt... - - Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net - - Morvikbotn 341, 5122 Morvik. Tlf: 55195667, 48298152, PGP:0xB68BA32F - - System Integrator, Star Shipping, jakob.grimstveit@starshipping.com I never get lost, just momentarily disoriented. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iD8DBQE8jQktTJM+uVReKBkRAtEUAJ0fbTJvU1On3d5SfqxCv/S76QR2FQCcDgdv wIyW54EEaWL88PEVkXcYaC8= =gRV8 -----END PGP SIGNATURE----- --__--__-- Message: 13 Date: Mon, 11 Mar 2002 17:03:15 -0900 From: Dan Stahlke To: gnupg-users@gnupg.org Subject: scripts and include directories missing in 1.0.6 Reply-To: dan@40hex.org The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, preventing compilation. Gpg compiles just fine if I use gnupg-1.0.5 and the 1.0.6 patch file. --__--__-- Message: 14 Date: Tue, 12 Mar 2002 07:50:39 +0000 (GMT) From: =?iso-8859-1?Q?Armin_Sch=F6ch?= Reply-To: To: Dan Stahlke cc: Subject: Re: scripts and include directories missing in 1.0.6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dan ! > The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, preventing > compilation. Where did you get the archieve from ? I downloaded it from www.gnupg.org a couple of days ago and it worked just fine. I can email it to you privately if you want me to (it's about 1.9MB); just tell me on my private mail. Thanks, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8jbNPG8Xv4GxznLoRArw5AKCFOGWPE1yRlc7a/KBAXhorQzCa4ACgyPnp trGUdquNvHBx2X6puCcfdOM=3D =3D3rDy -----END PGP SIGNATURE----- --__--__-- Message: 15 To: dan@40hex.org Cc: gnupg-users@gnupg.org Subject: Re: scripts and include directories missing in 1.0.6 From: Werner Koch Date: Tue, 12 Mar 2002 11:26:48 +0100 On Mon, 11 Mar 2002 17:03:15 -0900, Dan Stahlke said: > The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, No: $ tar tzvf gnupg-1.0.6.tar.gz | grep include -rw-r--r-- 1000/1000 25742 2001-04-27 16:42:25 gnupg-1.0.6/acinclude.m4 drwxrwxr-x 1000/1000 0 2001-05-29 08:59:18 gnupg-1.0.6/include/ -rw-rw-r-- 1000/1000 100 1999-02-20 21:45:39 gnupg-1.0.6/include/distfiles Done on the FTP server. From where did you get your copy or are you just short on local disk space? Werner --__--__-- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users End of Gnupg-users Digest From mail@volker-gaibler.de Tue Mar 12 17:32:02 2002 From: mail@volker-gaibler.de (Volker Gaibler) Date: Tue Mar 12 17:32:02 2002 Subject: Compatibility problem ?? Message-ID: <3C8E3AEB.17131.1872FA@localhost> Hi, is there a known compatibility problem of GPG with PGP 6 and 7? Other people can't use my gpg key because "key can't be used for encryption". I used the default values for key generation with gpg 1.0.6 There's nothing about that in the FAQ. Thanks in advance Volker ----------------------------------------------------------------------- Volker Gaibler contact: http://www.volker-gaibler.de mail@volker-gaibler.de ----------------------------------------------------------------------- From johanw@vulcan.xs4all.nl Tue Mar 12 18:16:01 2002 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Tue Mar 12 18:16:01 2002 Subject: Output In-Reply-To: from "[Armin Sch_ch]" at "Mar 11, 2002 07:50:40 am" Message-ID: <200203111716.SAA03509@vulcan.xs4all.nl> Armin Sch?ch, wrote: >&> file >will redirect normal output and error messages to "file". This works >with Linux, don't know whether it works with DOS/Windows. It will in NT/2000, not on win9x since they don't have a stderr. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From sbutler@fchn.com Tue Mar 12 19:05:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Tue Mar 12 19:05:02 2002 Subject: Compatibility problem ?? Message-ID: The message you are showing is not the same our clients had, but there does appear to be a cipher preference problem for DSH/ELG key pairs generated by 1.0.6. Once our clients went to the latest version of pgp 7, they were able to use the keys. You're message almost sounds like you sent them a public key that can only sign but not encrypt. However, that might be an artifact of the above issue dealing with the cipher preferences. I forget which one was causing problems on the PGP side. Stephen M Butler Oracle Administrator First Choice Health Network sbutler@fchn.com 206-268-2309 -----Original Message----- From: Volker Gaibler [mailto:volker.gaibler@urz.uni-heidelberg.de] Sent: Tuesday, March 12, 2002 8:29 AM To: gnupg-users@gnupg.org Subject: Compatibility problem ?? Hi, is there a known compatibility problem of GPG with PGP 6 and 7? Other people can't use my gpg key because "key can't be used for encryption". I used the default values for key generation with gpg 1.0.6 There's nothing about that in the FAQ. Thanks in advance Volker ----------------------------------------------------------------------- Volker Gaibler contact: http://www.volker-gaibler.de mail@volker-gaibler.de ----------------------------------------------------------------------- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From sean@tcob1.net Tue Mar 12 20:08:02 2002 From: sean@tcob1.net (Sean Rima) Date: Tue Mar 12 20:08:02 2002 Subject: gnupg in DOS Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been asked if anyone knows of a port of gnupg for DOS. Any help would be apprectiated. Sean - -- ,,, (o o) - -=-=-=-=-=-=-=-=-=-=-=-oOOo-(_)-oOOo-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Offering feeds for Fidonet, Adventurenet, and many other nets See http://www.tcob1.net for more details ICQ: 679813 Linux User: 231986 TCOB1 BBS: 095 43852 Yahoo: tcob_1 Jabber: tcobone@jabber.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Use GPG for Secure Mail iEYEARECAAYFAjyOT6wACgkQeR/L2ZZp3E/SmACfbCOwOXzMF8eGiGVclNlR6kgJ lzkAn0NowQJSpH4R97PO/39sceGzsllk =SOgA -----END PGP SIGNATURE----- From dan@40hex.org Tue Mar 12 21:06:01 2002 From: dan@40hex.org (Dan Stahlke) Date: Tue Mar 12 21:06:01 2002 Subject: scripts and include directories missing in 1.0.6 In-Reply-To: <87sn762iaf.fsf@alberti.gnupg.de>; from wk@gnupg.org on Tue, Mar 12, 2002 at 01:26:48 -0900 References: <20020311170315.A17855@acidtrip> <87sn762iaf.fsf@alberti.gnupg.de> Message-ID: <20020312110016.A19191@acidtrip> Well, this is odd.. I originally downloaded the file from www.gnupg.org, but now that I download it again today, all the files are indeed included. Sorry for the false alarm. On 2002.03.12 01:26 Werner Koch wrote: > On Mon, 11 Mar 2002 17:03:15 -0900, Dan Stahlke said: > > > The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, > > No: > > $ tar tzvf gnupg-1.0.6.tar.gz | grep include > -rw-r--r-- 1000/1000 25742 2001-04-27 16:42:25 > gnupg-1.0.6/acinclude.m4 > drwxrwxr-x 1000/1000 0 2001-05-29 08:59:18 > gnupg-1.0.6/include/ > -rw-rw-r-- 1000/1000 100 1999-02-20 21:45:39 > gnupg-1.0.6/include/distfiles > > Done on the FTP server. From where did you get your copy or are you > just short on local disk space? > > Werner > > From wk@gnupg.org Tue Mar 12 22:16:01 2002 From: wk@gnupg.org (Werner Koch) Date: Tue Mar 12 22:16:01 2002 Subject: Compatibility problem ?? In-Reply-To: (Steve Butler's message of "Tue, 12 Mar 2002 10:01:50 -0800") References: Message-ID: <87pu291obq.fsf@alberti.gnupg.de> On Tue, 12 Mar 2002 10:01:50 -0800, Steve Butler said: > You're message almost sounds like you sent them a public key that can only > sign but not encrypt. However, that might be an artifact of the above issue Another reason for this might be that the key has been retrieved from a keyserver and the keyserver removed the (encryption) subkeys due to a bug. I get quite often mails that it is not possible to send me an encrypted mail due to a missing encryption subkey. When the sender retrieves the key by other means (e.g. X-Request-PGP: mail header) it does work. Werner From Peter.Hegt@phidias.nl Wed Mar 13 11:13:01 2002 From: Peter.Hegt@phidias.nl (Hegt, Peter) Date: Wed Mar 13 11:13:01 2002 Subject: GPG Windows tip Message-ID: Hi, I've got this tip for making GPG easier to use in Windows. To add encrypt/decrypt commands to the context menu (right click on a file): Assuming gpg.exe is installed in c:\app\gnupg and the id of the key you'd like to use is ID then with regedit.exe in the key HKEY_CLASSES_ROOT\*\shell (create the shell key if it is not there yet): For encrypting create a key: HKEY_CLASSES_ROOT\*\shell\GPG encrypt and sign with \command (Default) = "c:\App\gnupg\gpg -u ID --armor --sign --encrypt "%1"" put double qoutes around the %1 in case the file name has spaces. If you have more keys, then add more entries For decrypting create a key: HKEY_CLASSES_ROOT\*\shell\GPG decrypt and verify (to file.out)\command (Default) = "c:\App\gnupg\gpg -o "%1%.out" "%1"" Regards, Peter peter.hegt at phidias dot nl PGP/GPG public key at http://pgpkeys.mit.edu or http://keyserver.pgp.com (search for above email address) From Jakob Breivik Grimstveit Wed Mar 13 11:28:01 2002 From: Jakob Breivik Grimstveit (Jakob Breivik Grimstveit) Date: Wed Mar 13 11:28:01 2002 Subject: GPG Windows tip In-Reply-To: References: Message-ID: <7561410656.20020313112600@grimstveit.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 13.03.2002 11:13, Hegt, Peter wrote the following: [snip snip] > HKEY_CLASSES_ROOT\*\shell\GPG encrypt and sign with some@com.com [snip snip] > HKEY_CLASSES_ROOT\*\shell\GPG decrypt and verify (to file.out) Incredibly powerful and sexy integration with the Windows GUI! Big up for Peter (as Ali would have said it). Simple and trivial perhaps, but insert an additional '&' preceding the character in the selection title you want to become hotkey for that context menu selection. As follows: HKEY_CLASSES_ROOT\*\shell\GPG &encrypt and sign with some@com.com HKEY_CLASSES_ROOT\*\shell\GPG &decrypt and verify (to file.out) Even faster! - -- Vyrdsamt... - - Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net - - Morvikbotn 341, 5122 Morvik. Tlf: 55195667, 48298152, PGP:0x545E2819 - - System Integrator, Star Shipping, jakob.grimstveit@starshipping.com If it jams, force it. If it breaks, it needed replacing -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyPKT4ACgkQTJM+uVReKBmNLACePUVbck2C5nyQE3NWHALT8b/L pv8An0KiKA0IL9hjm79XUUGLPoqaFCGm =G8I7 -----END PGP SIGNATURE----- From mail@volker-gaibler.de Wed Mar 13 12:00:01 2002 From: mail@volker-gaibler.de (Volker Gaibler) Date: Wed Mar 13 12:00:01 2002 Subject: Compatibility problem ?? In-Reply-To: Message-ID: <3C8F3EC5.745.16DFD5@localhost> On 12 Mar 2002, at 22:14, Werner Koch wrote: > Another reason for this might be that the key has been retrieved from > a keyserver and the keyserver removed the (encryption) subkeys due to > a bug. On 12 Mar 2002, at 10:01, Steve Butler wrote: > You're message almost sounds like you sent them a public key that can only > sign but not encrypt. Thanks for your hints. A keyserver problem is not possible because I did not use a keyserver (I first wanted to try this with a test key without spreading it). I think I have an answer despite I don't really know whether I did something wrong. The ElGamal subkey is present (for encryption only) but there is also a DSA subkey. GPG has no problems with that subkey but I think PGP 6/7 (which I've tried) can't handle it because everything worked after I removed it. As I read in the OpenPGP-RFC it should be compliant to have such DSA subkey but it's no problem that I can't use it because I didn't want to do this later anyway. Only the top level key provides signature services so this should not be of any practical use to me - or is it? Volker ----------------------------------------------------------------------- Volker Gaibler contact: http://www.volker-gaibler.de mail@volker-gaibler.de ----------------------------------------------------------------------- From Juergen.Polster@icn.siemens.de Wed Mar 13 15:38:01 2002 From: Juergen.Polster@icn.siemens.de (Polster Juergen) Date: Wed Mar 13 15:38:01 2002 Subject: Modifying location of secret keyring under Windows Message-ID: <1D82815C322BD41196EA00508B951F7B021B3A09@MCHH265E> Hi, I want to have my secret keyring on my floppy drive. So I modified the OPTIONS file by adding the following line: secret-keyring A:\secring.gpg and moved my secring.gpg to A:\ .Now GPG does not find my secring anymore. Instead it shows the following error message: D:\PROGRA~2\WinPT>gpg --list-secret-keys gpg: keyblock resource `D:/Program Files/WinPT//A:\secring.gpg': file open error So it keeps the old location and appends the new one. How can I specify another drive? Best regards Juergen Polster Mailto:juergen.polster@icn.siemens.de From gnupg-users@gnupg.org Wed Mar 13 16:13:01 2002 From: gnupg-users@gnupg.org (Erik) Date: Wed Mar 13 16:13:01 2002 Subject: Modifying location of secret keyring under Windows In-Reply-To: <1D82815C322BD41196EA00508B951F7B021B3A09@MCHH265E> References: <1D82815C322BD41196EA00508B951F7B021B3A09@MCHH265E> Message-ID: <1117107354.20020313101049@mochamail.com> Hello Polster, On Wed, 13 Mar 2002, at 15:36:32 [GMT +0100] you wrote in the message: > I want to have my secret keyring on my floppy drive. So I modified the > OPTIONS file by adding the following line: > secret-keyring A:\secring.gpg > and moved my secring.gpg to A:\ .Now GPG does not find my secring > anymore. Instead it shows the following error message: Use a forward slash. secret-keyring a:/secring.gpg -- Best regards, Erik From dshaw@jabberwocky.com Wed Mar 13 16:43:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Mar 13 16:43:02 2002 Subject: Compatibility problem ?? In-Reply-To: <3C8F3EC5.745.16DFD5@localhost> References: <3C8F3EC5.745.16DFD5@localhost> Message-ID: <20020313154018.GF681@akamai.com> On Wed, Mar 13, 2002 at 11:57:57AM +0100, Volker Gaibler wrote: > On 12 Mar 2002, at 22:14, Werner Koch wrote: > > Another reason for this might be that the key has been retrieved from > > a keyserver and the keyserver removed the (encryption) subkeys due to > > a bug. > On 12 Mar 2002, at 10:01, Steve Butler wrote: > > You're message almost sounds like you sent them a public key that can only > > sign but not encrypt. > > Thanks for your hints. A keyserver problem is not possible because I did not > use a keyserver (I first wanted to try this with a test key without spreading > it). > > I think I have an answer despite I don't really know whether I did > something wrong. The ElGamal subkey is present (for encryption only) > but there is also a DSA subkey. GPG has no problems with that subkey > but I think PGP 6/7 (which I've tried) can't handle it because > everything worked after I removed it. Yes. PGP does not support signing subkeys. > As I read in the OpenPGP-RFC it should be compliant to have such DSA > subkey but it's no problem that I can't use it because I didn't want > to do this later anyway. Only the top level key provides signature > services so this should not be of any practical use to me - or is > it? There is a practical use - many people like to set expiration dates on their subkeys and/or rotate them every now and then. Using a signing subkey this way means you don't have to generate a new key and get it signed each time. Using a signing subkey also means you can keep your primary key offline and just use the subkeys for signing and encryption. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From jayachristina@hotmail.com Wed Mar 13 17:24:01 2002 From: jayachristina@hotmail.com (Jaya Christina) Date: Wed Mar 13 17:24:01 2002 Subject: no valid OPENPGP data found!!!!!!!! HELP!!! Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0199_01C1CAB3.54140740 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi *, I have been using the gpg .. am a novice in this. I have encrypted a string and when i try t decrypt this i get the error = message saying gpg: no valid OPENPGP data found gpg: decryption failed: bad key and so i tried gpg --verify file.gpg C:\proj\files>gpg --verify file.gpg gpg: Signature made 03/13/02 15:31:22 using DSA key ID 727B7019 gpg: Good signature from "jayachristina (programmer) = " Is there anything i have been missing. I did the following: gpg --gen-key gpg -s file gpg -sa file gpg --verify file.gpg gpg --verify file.asc Somebody pleease help. Thanx. Ciao Jaya ------=_NextPart_000_0199_01C1CAB3.54140740 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi *,
 
I have been using the gpg .. am a = novice in=20 this.
 
I have encrypted a string and when i = try t decrypt=20 this i get the error message saying
gpg: no valid OPENPGP data = found
gpg: decryption failed: bad = key
 
and so i tried gpg --verify = file.gpg
C:\proj\files>gpg --verify = file.gpg
gpg:=20 Signature made 03/13/02 15:31:22  using DSA key ID 727B7019
gpg: = Good=20 signature from "jayachristina (programmer) <jayachristina@hotmail.com&g= t;"
 
 
 
Is there anything i have been = missing.
I did the following:
gpg --gen-key
gpg -s file
gpg -sa file
gpg --verify file.gpg
gpg --verify file.asc
 
 
 
Somebody pleease help.
Thanx.
Ciao
Jaya
------=_NextPart_000_0199_01C1CAB3.54140740-- From Juergen.Polster@icn.siemens.de Wed Mar 13 17:26:01 2002 From: Juergen.Polster@icn.siemens.de (Polster Juergen) Date: Wed Mar 13 17:26:01 2002 Subject: Modifying location of secret keyring under Windows Message-ID: <1D82815C322BD41196EA00508B951F7B021B3A0A@MCHH265E> Thanks! Juergen Polster > Use a forward slash. >secret-keyring a:/secring.gpg From schoech@iap-kborn.de Wed Mar 13 17:44:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Wed Mar 13 17:44:01 2002 Subject: no valid OPENPGP data found!!!!!!!! HELP!!! In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! > gpg -s file This will sign "file" with your key. > gpg -sa file This will sign "file" and produce ASCII-armoured output You should use gpg -e file gpg -ea file to actually encrypt "file". You can also do both: gpg -es file gpg -esa file Then you can decrypt with: gpg -d ..... HTH, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8j4EbG8Xv4GxznLoRAhCrAKC67jgtcZYbI8i9sMpa20JI5OsI2gCfVda/ Tsl0N1TcStD74RcpuC03+CQ=3D =3DH5ZO -----END PGP SIGNATURE----- From schoech@iap-kborn.de Wed Mar 13 18:20:02 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Wed Mar 13 18:20:02 2002 Subject: no valid OPENPGP data found!!!!!!!! HELP!!! In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! > C:\proj\files>gpg -e text.txt > You did not specify a user ID. > > Enter the user ID: jayachristina If you do a "dir" on the commandline, you will see that gpg has created a file called "text.txt.gpg" which is the encrypted one. The original data (unencrypted) is still in "text.txt". > C:\proj\files>gpg -d text.txt > gpg: no valid OpenPGP data found. > gpg: decrypt_message failed: eof You have to decrypt the encrypted file, obviously. gpg -d text.txt.gpg will work :-) Bye, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8j4msG8Xv4GxznLoRAicWAJ4piYMDxSaBGsyOey5g/Fr6ZKT5dQCfaO5Q UMMQzuikabg8dMLFHsKaIX4=3D =3Dk/DD -----END PGP SIGNATURE----- From ChingChe_Chen@asus.com.tw Thu Mar 14 08:38:01 2002 From: ChingChe_Chen@asus.com.tw (ChingChe_Chen@asus.com.tw) Date: Thu Mar 14 08:38:01 2002 Subject: GPG Windows tip Message-ID: Hi, I've tried this tip on my NT system and it's work for me. I have another question. Is it possible to support long file name? By the way, how to specify more than one recipient name? Thanks! Regards, Ching-che Chen -----Original Message----- From: Hegt, Peter [mailto:Peter.Hegt@phidias.nl] Sent: Wednesday, March 13, 2002 6:13 PM To: 'gnupg-users@gnupg.org' Subject: GPG Windows tip Hi, I've got this tip for making GPG easier to use in Windows. To add encrypt/decrypt commands to the context menu (right click on a file): Assuming gpg.exe is installed in c:\app\gnupg and the id of the key you'd like to use is ID then with regedit.exe in the key HKEY_CLASSES_ROOT\*\shell (create the shell key if it is not there yet): For encrypting create a key: HKEY_CLASSES_ROOT\*\shell\GPG encrypt and sign with \command (Default) = "c:\App\gnupg\gpg -u ID --armor --sign --encrypt "%1"" put double qoutes around the %1 in case the file name has spaces. If you have more keys, then add more entries For decrypting create a key: HKEY_CLASSES_ROOT\*\shell\GPG decrypt and verify (to file.out)\command (Default) = "c:\App\gnupg\gpg -o "%1%.out" "%1"" Regards, Peter peter.hegt at phidias dot nl PGP/GPG public key at http://pgpkeys.mit.edu or http://keyserver.pgp.com (search for above email address) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From Peter.Hegt@phidias.nl Thu Mar 14 11:25:01 2002 From: Peter.Hegt@phidias.nl (Hegt, Peter) Date: Thu Mar 14 11:25:01 2002 Subject: GPG Windows tip Message-ID: Hi, ChingChe_Chen wrote: >> I have another question. Is it possible to support long file name? Well, the file name %1 is enclosed in double quotes, so if GPG supports long file names (with spaces), then it should work fine. You can try it out yourself. >> By the way, how to specify more than one recipient name? use gpg.exe and memorise all the options... My tip has its limitations. Regards, Peter peter.hegt at phidias dot nl PGP/GPG public key at http://pgpkeys.mit.edu or http://keyserver.pgp.com (search for above email address) From pplf01@yahoo.com Thu Mar 14 12:09:01 2002 From: pplf01@yahoo.com (pplf) Date: Thu Mar 14 12:09:01 2002 Subject: OpenPGP without GnuPG? Message-ID: <3C90843C.1030202@yahoo.com> Hello, For info, it appears that Will Price, the Former Director of PGP Engineering, doesn't want to see the future of OpenPGP with GnuPG, saying : "GnuPG is polluted by the GPL". Too bad... http://www.geocities.com/openpgp/wprice20020314.txt More infos here (in french, sorry) : http://www.geocities.com/openpgp/index.html#news Ciao, -- French OpenPGP page "OpenPGP en francais" http://www.openpgp.fr.st pplf01@yahoo.com From ChingChe_Chen@asus.com.tw Thu Mar 14 13:23:02 2002 From: ChingChe_Chen@asus.com.tw (ChingChe_Chen@asus.com.tw) Date: Thu Mar 14 13:23:02 2002 Subject: GPG Windows tip Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Peter, I think I didn't describe my question about long file name clearly. I tried to decrypt a file "filenameover8.txt.asc", the out put file is "filena~1.asc.out". I just wondered is there some way to ensure that GPG can get a long file name form correctly. If this is a limitation, it's OK. Those tips already help me much and convenience enough. Thanks! Ching-che Chen - -----Original Message----- From: Hegt, Peter [mailto:Peter.Hegt@phidias.nl] Sent: Thursday, March 14, 2002 6:24 PM To: ChingChe Chen(µ{·q­õ) Subject: RE: GPG Windows tip Hi, ChingChe_Chen wrote: >> I have another question. Is it possible to support long file name? Well, the file name %1 is enclosed in double quotes, so if GPG supports long file names (with spaces), then it should work fine. You can try it out yourself. >> By the way, how to specify more than one recipient name? use gpg.exe and memorise all the options... My tip has its limitations. Regards, Peter peter.hegt at phidias dot nl PGP/GPG public key at http://pgpkeys.mit.edu or http://keyserver.pgp.com (search for above email address) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) - WinPT 0.5.5 Comment: Get my public key from (http://home.doramail.com/chingche/) iEYEARECAAYFAjyQlZsACgkQNjF8n81pvOBcAQCg5rqoYHFjmXkAOchtwQhDZPvB qvEAn2IgGC7BqM2nKEK7X2McqJu7klWi =xOYs -----END PGP SIGNATURE----- From wk@gnupg.org Thu Mar 14 14:42:01 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Mar 14 14:42:01 2002 Subject: GPG Windows tip In-Reply-To: (ChingChe_Chen@asus.com.tw's message of "Thu, 14 Mar 2002 20:22:35 +0800") References: Message-ID: <877kofe0c3.fsf@alberti.gnupg.de> On Thu, 14 Mar 2002 20:22:35 +0800, ChingChe Chen said: > I tried to decrypt a file "filenameover8.txt.asc", the out put file > is "filena~1.asc.out". I just wondered is there some way to ensure > that GPG can get a long file name form correctly. As usual with a GNU software there are no limitations on filename lengths. I recall that once you had to set a LONGNAMES flag in the created executable to tell Windows (or was it just OS/2) not to autoconvert the names. However I am not sure on this, any windows hacker here? Werner From rmartini@cipsga.org.br Thu Mar 14 22:09:01 2002 From: rmartini@cipsga.org.br (Renato Martini) Date: Thu Mar 14 22:09:01 2002 Subject: zlib bug Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I read just now the"CERT Advisory CA-2002-07 Double Free Bug in zlib Compression Library" - CA-2002-07, http://www.cert.org/advisories/CA-2002-07.html. The GnuPG uses the zlib library (release 1.1.3), and the systems affected are "any software that is linked to zlib 1.1.3 or earlier", or "data compression libraries derived from zlib 1.1.3 or earlier may contain a similar bug". The gpg is affected by this bug in zlib? The zlib library inside the GnuPG package or in the CVS will be changed? best regards - --------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br - ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8kmNrYogE2yD8bPYRA1OkAKDG8mzbEWp3lWcCIk3Nd624KWd/JwCg0Mrn uSBkeJ5sp1KzBylHmlGPyck= =VBAO -----END PGP SIGNATURE----- From andrew@mcdonald.org.uk Thu Mar 14 23:12:01 2002 From: andrew@mcdonald.org.uk (Andrew McDonald) Date: Thu Mar 14 23:12:01 2002 Subject: zlib bug In-Reply-To: References: Message-ID: <20020314220945.GA2799@mcdonald.org.uk> On Fri, Mar 15, 2002 at 06:10:59PM -0300, Renato Martini wrote: > > The GnuPG uses the zlib library (release 1.1.3), and the > systems affected are "any software that is linked to > zlib 1.1.3 or earlier", or "data compression libraries derived from zlib 1.1.3 or > earlier may contain a similar bug". > > > The gpg is affected by this bug in zlib? > The zlib library inside the GnuPG package or in the CVS will be changed? Note that, as you are running Linux, it is quite likely that your gpg is dynamically linked against the zlib libraries you probably have installed on your system. You can check this with, e.g.: admcd@bifrons:~$ ldd $(which gpg) libz.so.1 => /usr/lib/libz.so.1 (0x40022000) libdl.so.2 => /lib/libdl.so.2 (0x40031000) libnsl.so.1 => /lib/libnsl.so.1 (0x40035000) libgdbm.so.1 => /usr/lib/libgdbm.so.1 (0x4004a000) libc.so.6 => /lib/libc.so.6 (0x40050000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) The libz is zlib. In this case you will want to upgrade the libz you have installed and gpg will not need recompiling or relinking against the updated version. Most of the main distributions have already released updated zlib packages. Consult their security updates pages for information. -- Andrew McDonald E-mail: andrew@mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ From tyketto@wizard.com Thu Mar 14 23:47:01 2002 From: tyketto@wizard.com (A Guy Called Tyketto) Date: Thu Mar 14 23:47:01 2002 Subject: zlib bug In-Reply-To: References: Message-ID: <20020314224259.GA14391@wizard.com> --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 15, 2002 at 06:10:59PM -0300, Renato Martini wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 >=20 >=20 > I read just now the"CERT Advisory CA-2002-07 Double Free Bug in zlib Comp= ression > Library" - CA-2002-07, http://www.cert.org/advisories/CA-2002-07.html. >=20 > The GnuPG uses the zlib library (release 1.1.3), and the > systems affected are "any software that is linked to > zlib 1.1.3 or earlier", or "data compression libraries derived from zli= b 1.1.3 or > earlier may contain a similar bug". >=20 >=20 > The gpg is affected by this bug in zlib? > The zlib library inside the GnuPG package or in the CVS will be changed? I'm pretty sure Werner is including zlib 1.1.4 into the next releas= e=20 (it would be safe to assume so, unless he says otherwise), but it would be = in=20 one's best interest, to uninstall GnuPG, update your zlib, and recompile Gn= uPG=20 against it. I played it safe and recompiled against zlib 1.1.4, so I know m= y=20 binaries aren't affected by the bug. Error on the side of caution, and be paranoid. ;) BL. --=20 Brad Littlejohn | Email: tyketto@wizard.com Unix Systems Administrator, | tyketto@ozemail.com.au Web + NewsMaster, BOFH.. Smeghead! :) | http://www.wizard.com/~tyketto PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569 F620 C819 199A E319 F0BF --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8kSdyyBkZmuMZ8L8RAtgxAKC5vHehrpW20GVwfKP1gko+HATgOwCglAl9 YWJS3ft1pzZZFos4vdAhzPI= =kULK -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- From rj@rmarq.pair.com Fri Mar 15 05:03:01 2002 From: rj@rmarq.pair.com (RJ Marquette) Date: Fri Mar 15 05:03:01 2002 Subject: OpenPGP without GnuPG? In-Reply-To: <3C90843C.1030202@yahoo.com> Message-ID: On Thu, 14 Mar 2002, pplf wrote: > For info, it appears that Will Price, the Former Director of PGP > Engineering, doesn't want to see the future of OpenPGP with GnuPG, > saying : "GnuPG is polluted by the GPL". Too bad... > http://www.geocities.com/openpgp/wprice20020314.txt My main point: He also asked to be shown if he's wrong. Side note: To (mis)quote the Romulan ambassador: "Frankly, Chancellor, I don't know *what* to believe." My understanding is that the GPL isn't intend to be "viral" in the sense he meant it, but since many people are confused by that, and companies like Microsoft can twist the wording into showing it's "wrong" and "un-american", maybe the wording in the GPL should be revised somehow to make the true intention clear. Obviously this won't stop determined FUD spreading, but it should make it simpler for anyone who takes a moment to actually read it. RJ :) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= RJ Marquette rj(at)rmarq.pair.com RSA:448B035F DSS:CB45C555 Roller skaters: Visit http://roller-skate.org From Fabien Pochon" This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C1CC13.54CC3AC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a question about gpgme. Why when I execute only the "t-encrypt" = file in directory tests, the error message "GpgmeError Invalid = Recipients" appears? If I do "make check", all 11 tests passed. ------=_NextPart_000_0013_01C1CC13.54CC3AC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I have a question about gpgme. Why when = I execute=20 only the "t-encrypt" file in directory tests, the error message = "GpgmeError=20 Invalid Recipients" appears? If I do "make check", all 11 tests=20 passed.
------=_NextPart_000_0013_01C1CC13.54CC3AC0-- ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif From wk@gnupg.org Fri Mar 15 12:16:02 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Mar 15 12:16:02 2002 Subject: "GpgmeError Invalid Recipients" In-Reply-To: <001601c1cc0a$f482b2f0$a8cde6c2@dmaxy> ("Fabien Pochon"'s message of "Fri, 15 Mar 2002 11:19:54 +0100") References: <001601c1cc0a$f482b2f0$a8cde6c2@dmaxy> Message-ID: <87elimaxv5.fsf@alberti.gnupg.de> On Fri, 15 Mar 2002 11:19:54 +0100, Fabien Pochon said: > I have a question about gpgme. Why when I execute only the "t-encrypt" file in directory tests, the error message "GpgmeError Invalid Recipients" appears? If I do "make check", all 11 tests passed. Run it this way: $ GNUPGHOME=. ./t-encrypt Werner From Lobach Pavel Fri Mar 15 14:04:02 2002 From: Lobach Pavel (Lobach Pavel) Date: Fri Mar 15 14:04:02 2002 Subject: Passphrase in the command line Message-ID: <118172494594.20020315160143@vib.ru> Dear friends! I have a question about the GPG's command line: How can I specify the passhprase in the command line? in the PGP 6.5.8 command-line there is option -z PASSPHRASE it is very usefull option in the scripts that automatic process encrypted mail ------------ Best regards, Lobach Pavel mailto:pahan@vib.ru ICQ#112708657 From Lobach Pavel Fri Mar 15 14:13:01 2002 From: Lobach Pavel (Lobach Pavel) Date: Fri Mar 15 14:13:01 2002 Subject: Passphrase in the command line Message-ID: <62173040749.20020315161049@vib.ru> Dear friends! I have a question about the GPG's command line: How can I specify the passhprase in the command line? in the PGP 6.5.8 command-line there is option -z PASSPHRASE it is very usefull option in the scripts that automatic process encrypted mail ------------ Best regards, Lobach Pavel mailto:pahan@vib.ru ICQ#112708657 From schoech@iap-kborn.de Fri Mar 15 14:58:02 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Fri Mar 15 14:58:02 2002 Subject: Passphrase in the command line In-Reply-To: <118172494594.20020315160143@vib.ru> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I have a question about the GPG's command line: > > How can I specify the passhprase in the command line? > > in the PGP 6.5.8 command-line there is option > -z PASSPHRASE > it is very usefull option in the scripts that automatic process > encrypted mail And it's an FAQ: echo PASSPHRASE | gpg --passphrase-fd=3D0 ...... Check the manual: Unix/Linux "man gpg", Windows "gpg.man" or something similar. HTH, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8kf00G8Xv4GxznLoRAhLCAJ9x9FavddmsBW1yEuSJIaU8eeezJwCdHvwW yr7Qs0+d8h+Jr+EJdpPn4dA=3D =3DSDn8 -----END PGP SIGNATURE----- From Peter.Hegt@phidias.nl Fri Mar 15 15:01:02 2002 From: Peter.Hegt@phidias.nl (Hegt, Peter) Date: Fri Mar 15 15:01:02 2002 Subject: GPG Windows tip Message-ID: ChingChe_Chen wrote: >> I tried to decrypt a file "filenameover8.txt.asc", the out put file is "filena~1.asc.out". I just wondered is there some way to ensure that GPG can get a long file name form correctly. Yep, same problem here (W2K). I tried "%~f1" (see Start | Help, index %), but then gpg.exe fails. Anyone? Regards, Peter peter.hegt at phidias dot nl PGP/GPG public key at http://pgpkeys.mit.edu or http://keyserver.pgp.com (search for above email address) From Lobach Pavel Fri Mar 15 15:02:01 2002 From: Lobach Pavel (Lobach Pavel) Date: Fri Mar 15 15:02:01 2002 Subject: Re[2]: Passphrase in the command line In-Reply-To: <50130237387.20020315084211@mochamail.com> References: <118172494594.20020315160143@vib.ru> <50130237387.20020315084211@mochamail.com> Message-ID: <99175969701.20020315165938@vib.ru> Hello, Erik Friday, March 15, 2002, 4:42:11 PM, you wrote: E> Hello Lobach, E> On Fri, 15 Mar 2002, at 16:01:43 [GMT +0300] you wrote in the message: >> I have a question about the GPG's command line: >> How can I specify the passhprase in the command line? >> in the PGP 6.5.8 command-line there is option >> -z PASSPHRASE E> see gpg.man E> --passphrase-fd n E> Read the passphrase from file descriptor n. If E> you use 0 for n, the passphrase will be read E> from stdin. This can only be used if only E> one passphrase is supplied. Don't use this E> option if you can avoid it. E> --yes Assume "yes" on most questions. E> --no Assume "no" on most questions. E> There may be more useful options, just check gpg.man. I know about --passphrase-fd n, but it is not usable under Win9x :( Also I know about a secret key without the password (--edit passwd) I read man and forum :) !!!!!!!!!!!!! I need ability to specify password in the command line !!!!!!!!!!!!!! ------------ Best regards, Lobach Pavel mailto:pahan@vib.ru ICQ#112708657 From wk@gnupg.org Fri Mar 15 15:56:01 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Mar 15 15:56:01 2002 Subject: [Announce] GnuPG fix for included zlib Message-ID: <871yemar0b.fsf@alberti.gnupg.de> --=-=-= Hi! As you probably all know, a security problem with the compress library zlib has been found which affects a lot of software. For details see: http://www.zlib.org/advisory-2002-03-11.txt and the security announcements for your OS. GnuPG does also use zlib; however in most environments the system provided zlib is used. So an update to this system library is sufficient to fix the problem in GnuPG. On systems without a installed zlib, the GnuPG build process automatically includes the zlib copy which come with it. This may also be forced by using the --with-included-zlib configure option. On those systems, GnuPG needs to be updated! A patch with instructions is attached to this mail. Note, that the MS-Windows version is also affected by this bug; an updated binary package will be available soon. Werner --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=gnupg-zlib.patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message This is a patch against gnupg 1.0.6 to fix the security bug in the zlib code. Please note that on most systems the zlib code which comes with GnuPG is not used because usually the zlib provided by the system is used. This is in almost all cases a shared library, so it is sufficient to upgrade this one. If the system does only provide a static library, you have to build GnuPG again. Apply this patch if your system does not provide a usable zlib or you configured GnuPG using the option --with-included-zlib. The patch file is GnuPG signed; you might want to check the signature after visual inspection that the patch file itself is not a compressed one (which might trigger the bug). gpg --verify gnupg-zlib.patch Change to the source directory (cd gnupg-1.0.6) and enter: patch -p2 Merged changes from zlib 1.1.4. diff -u orig/gnupg-1.0.6/zlib/deflate.c gnupg-stable/zlib/deflate.c --- orig/gnupg-1.0.6/zlib/deflate.c Wed Jan 13 14:12:48 1999 +++ gnupg-stable/zlib/deflate.c Tue Mar 12 10:34:29 2002 @@ -1,5 +1,5 @@ /* deflate.c -- compress data using the deflation algorithm - * Copyright (C) 1995-1998 Jean-loup Gailly. + * Copyright (C) 1995-2002 Jean-loup Gailly. * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -47,12 +47,12 @@ * */ -/* @(#) $Id: deflate.c,v 1.2 1999/01/13 13:12:48 koch Exp $ */ +/* @(#) $Id: deflate.c,v 1.2.2.1 2002/03/12 09:34:29 werner Exp $ */ #include "deflate.h" const char deflate_copyright[] = - " deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly "; + " deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly "; /* If you use the zlib library in a product, an acknowledgment is welcome in the documentation of your product. If for some reason you cannot @@ -242,7 +242,7 @@ windowBits = -windowBits; } if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED || - windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || + windowBits < 9 || windowBits > 15 || level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) { return Z_STREAM_ERROR; } diff -u orig/gnupg-1.0.6/zlib/infblock.c gnupg-stable/zlib/infblock.c --- orig/gnupg-1.0.6/zlib/infblock.c Wed Jan 13 14:12:48 1999 +++ gnupg-stable/zlib/infblock.c Tue Mar 12 10:19:38 2002 @@ -1,5 +1,5 @@ /* infblock.c -- interpret and process block types to last block - * Copyright (C) 1995-1998 Mark Adler + * Copyright (C) 1995-2002 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -249,10 +249,12 @@ &s->sub.trees.tb, s->hufts, z); if (t != Z_OK) { - ZFREE(z, s->sub.trees.blens); r = t; if (r == Z_DATA_ERROR) + { + ZFREE(z, s->sub.trees.blens); s->mode = BAD; + } LEAVE } s->sub.trees.index = 0; @@ -313,11 +315,13 @@ t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f), s->sub.trees.blens, &bl, &bd, &tl, &td, s->hufts, z); - ZFREE(z, s->sub.trees.blens); if (t != Z_OK) { if (t == (uInt)Z_DATA_ERROR) + { + ZFREE(z, s->sub.trees.blens); s->mode = BAD; + } r = t; LEAVE } @@ -329,6 +333,7 @@ } s->sub.decode.codes = c; } + ZFREE(z, s->sub.trees.blens); s->mode = CODES; case CODES: UPDATE diff -u orig/gnupg-1.0.6/zlib/infcodes.c gnupg-stable/zlib/infcodes.c --- orig/gnupg-1.0.6/zlib/infcodes.c Wed Jan 13 14:12:48 1999 +++ gnupg-stable/zlib/infcodes.c Tue Mar 12 10:19:38 2002 @@ -1,5 +1,5 @@ /* infcodes.c -- process literals and length/distance pairs - * Copyright (C) 1995-1998 Mark Adler + * Copyright (C) 1995-2002 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -196,15 +196,9 @@ Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist)); c->mode = COPY; case COPY: /* o: copying bytes in window, waiting for space */ -#ifndef __TURBOC__ /* Turbo C bug for following expression */ - f = (uInt)(q - s->window) < c->sub.copy.dist ? - s->end - (c->sub.copy.dist - (q - s->window)) : - q - c->sub.copy.dist; -#else f = q - c->sub.copy.dist; - if ((uInt)(q - s->window) < c->sub.copy.dist) - f = s->end - (c->sub.copy.dist - (uInt)(q - s->window)); -#endif + while (f < s->window) /* modulo window size-"while" instead */ + f += s->end - s->window; /* of "if" handles invalid distances */ while (c->len) { NEEDOUT diff -u orig/gnupg-1.0.6/zlib/inffast.c gnupg-stable/zlib/inffast.c --- orig/gnupg-1.0.6/zlib/inffast.c Wed Jan 13 14:12:48 1999 +++ gnupg-stable/zlib/inffast.c Tue Mar 12 10:19:38 2002 @@ -1,5 +1,5 @@ /* inffast.c -- process literals and length/distance pairs fast - * Copyright (C) 1995-1998 Mark Adler + * Copyright (C) 1995-2002 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -93,28 +93,41 @@ /* do the copy */ m -= c; - if ((uInt)(q - s->window) >= d) /* offset before dest */ - { /* just copy */ - r = q - d; - *q++ = *r++; c--; /* minimum count is three, */ - *q++ = *r++; c--; /* so unroll loop a little */ - } - else /* else offset after destination */ + r = q - d; + if (r < s->window) /* wrap if needed */ { - e = d - (uInt)(q - s->window); /* bytes from offset to end */ - r = s->end - e; /* pointer to offset */ - if (c > e) /* if source crosses, */ + do { + r += s->end - s->window; /* force pointer in window */ + } while (r < s->window); /* covers invalid distances */ + e = s->end - r; + if (c > e) { - c -= e; /* copy to end of window */ + c -= e; /* wrapped copy */ do { - *q++ = *r++; + *q++ = *r++; } while (--e); - r = s->window; /* copy rest from start of window */ + r = s->window; + do { + *q++ = *r++; + } while (--c); } + else /* normal copy */ + { + *q++ = *r++; c--; + *q++ = *r++; c--; + do { + *q++ = *r++; + } while (--c); + } + } + else /* normal copy */ + { + *q++ = *r++; c--; + *q++ = *r++; c--; + do { + *q++ = *r++; + } while (--c); } - do { /* copy all or what's left */ - *q++ = *r++; - } while (--c); break; } else if ((e & 64) == 0) diff -u orig/gnupg-1.0.6/zlib/inftrees.c gnupg-stable/zlib/inftrees.c --- orig/gnupg-1.0.6/zlib/inftrees.c Wed Jan 13 14:12:49 1999 +++ gnupg-stable/zlib/inftrees.c Tue Mar 12 10:19:38 2002 @@ -1,5 +1,5 @@ /* inftrees.c -- generate Huffman trees for efficient decoding - * Copyright (C) 1995-1998 Mark Adler + * Copyright (C) 1995-2002 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -11,7 +11,7 @@ #endif const char inflate_copyright[] = - " inflate 1.1.3 Copyright 1995-1998 Mark Adler "; + " inflate 1.1.4 Copyright 1995-2002 Mark Adler "; /* If you use the zlib library in a product, an acknowledgment is welcome in the documentation of your product. If for some reason you cannot @@ -104,8 +104,7 @@ /* Given a list of code lengths and a maximum table size, make a set of tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR if the given code set is incomplete (the tables are still built in this - case), Z_DATA_ERROR if the input is invalid (an over-subscribed set of - lengths), or Z_MEM_ERROR if not enough memory. */ + case), or Z_DATA_ERROR if the input is invalid. */ { uInt a; /* counter for codes of length k */ @@ -231,7 +230,7 @@ /* allocate new table */ if (*hn + z > MANY) /* (note: doesn't matter for fixed) */ - return Z_MEM_ERROR; /* not enough memory */ + return Z_DATA_ERROR; /* overflow of MANY */ u[h] = q = hp + *hn; *hn += z; diff -u orig/gnupg-1.0.6/zlib/zlib.h gnupg-stable/zlib/zlib.h --- orig/gnupg-1.0.6/zlib/zlib.h Wed Jan 13 14:12:49 1999 +++ gnupg-stable/zlib/zlib.h Tue Mar 12 10:19:41 2002 @@ -1,7 +1,7 @@ /* zlib.h -- interface of the 'zlib' general purpose compression library - version 1.1.3, July 9th, 1998 + version 1.1.4, March 11th, 2002 - Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler + Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages @@ -37,7 +37,7 @@ extern "C" { #endif -#define ZLIB_VERSION "1.1.3" +#define ZLIB_VERSION "1.1.4" /* The 'zlib' compression library provides in-memory compression and -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6d-cvs (GNU/Linux) iD8DBQE8keynaLeriVdUjc0RAnZaAJ0Q5AX4oAWCkkE5Yqxb4mOcY8rhDQCfTd7D TR5ke8FWP2dRrl/EP5AU6i4= =uKF5 -----END PGP SIGNATURE----- --=-=-=-- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From dvgevers@wxs.nl Fri Mar 15 17:13:01 2002 From: dvgevers@wxs.nl (Dick Gevers) Date: Fri Mar 15 17:13:01 2002 Subject: Local signatures v. exportable signatures Message-ID: <3C9217BB.20811.9C27DB3@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Recently I started using GnuPG 1.0.6 under W2K, together with GPGShell for Win v. 2.25. Neither on the command line nor in GPGShell can I see any difference between a locally signed key and a key bearing an exportable signature. I know which are which but I don't want to remember it, I would like to be able to see which is what. Now the only difference I can find is when the key is exported, but I would like to see it while the keys are on my pubring, either in GPG and/or in GPGShell. I would appreciate any advice. Best regards, =Dick Gevers= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: GPGShell v. 2.25; QDGPG Pegasus Mail Plugin v. 1.0.3.0 beta 4 iEYEARECAAYFAjySF7sACgkQwC/zk+cxEdOwVgCglumbbN1JZv93W3J8IlTHnxBV zzsAoI5xABiC5VkZjvk0xPY+6S+oDwo0 =YS0/ -----END PGP SIGNATURE----- From dvgevers@wxs.nl Fri Mar 15 17:13:05 2002 From: dvgevers@wxs.nl (Dick Gevers) Date: Fri Mar 15 17:13:05 2002 Subject: Problem generating RSA keys Message-ID: <3C921CAA.30298.9D5C596@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Recently I started using GnuPG 1.0.6 under W2K, together with GPGShell for Win v. 2.25. Neither on the command line, nor in GPGShell can I generate RSA keys or use other non-default algorithms, ciphers or hashes. I looked through all the FAQ's, help files, man pages and Handbooks that I could find and tried every possible combination of the options - --load-extension - --rfc1991 - --cipher-algo - --compress-algo (either direct or via the options files of GPG and GPGShell), but in all cases the options presented are the same as those with "gpg --gen-key" without options. I have idea.dll, sha2.dll and tiger.dll sitting in the same folder as GPG.exe (being G:/GPG), but it makes no difference. I have been able to work through the basic learning curve, I believe, of using GPG on the command line and via GPGShell, but I don't understand why these options won't work. Any help would be appreciated. Thanks and regards, =Dick Gevers= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: GPGShell v. 2.25; QDGPG Pegasus Mail Plugin v. 1.0.3.0 beta 4 iEYEARECAAYFAjySHKwACgkQwC/zk+cxEdMrQwCggGE8vQ3UXkd0lsw/UQ65KzgR EDQAoIja4XBPf2h+RcOSLbhcdXbeHQAp =jypI -----END PGP SIGNATURE----- From Trevor Smith" I have PGP 7.0.3 for Win2k and have PGPKeys. I also have PGP command line 6.5.8 for Win2k. I have GnuPG 1.0.6 for Win2k and generally use it to generate new keys, etc. but I have some legacy keys from PGP. I have been trying to use the same keyrings for all three programs. Everything interoperates pretty well, EXCEPT, if I use PGPKeys to remove signatures from a key in my keyring, GnuPG immediately reports this the next time I try to use the keyring: C:\GnuPG>gpg --list-keys gpg: read_keyblock: read error: invalid packet gpg: enum_keyblocks(read) failed: invalid keyring PGP (command line and PGPKeys) both continue to read and work with the keyrings perfectly. The only way I have found to do *anything* with the keyrings at this point is to copy my GnuPG backups over the PGP-"corrupted" versions. I have not tested whether similar operations with PGP command line would cause the corruption. Does GnuPG not support what I'm trying to do (remove signatures)? Is this a bug with PGPKeys or PGP for Windows? Is this a bug with GnuPG? Has anyone ever seen this (sorry, no search function for this mail list that I can find)? Can anyone reproduce this? -- Trevor Smith trevor@haligonian.com From astiglic@okiok.com Fri Mar 15 17:51:01 2002 From: astiglic@okiok.com (Anton Stiglic) Date: Fri Mar 15 17:51:01 2002 Subject: ZLIB vulnerability Message-ID: <003101c1cc59$e67f69b0$6900a8c0@p1038mobile> Hi all, this has maybe already been discussed here, but I haven't seen any mention of it on www.gnupg.org. A colleague of mine pointed out to me that there is a security vulnerability with zlib version < 1.1.4. GnuPG 1.0.6 uses zlib version 1.1.3, so there is a security risk. See http://www.gzip.org/zlib/advisory-2002-03-11.txt They suggested replacing older versions of zlib with zlib version 1.1.4, I would suggest a new version of GnuPG that comes with zlib v 1.1.4. --Anton From dshaw@jabberwocky.com Fri Mar 15 17:59:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Mar 15 17:59:02 2002 Subject: Local signatures v. exportable signatures In-Reply-To: <3C9217BB.20811.9C27DB3@localhost> References: <3C9217BB.20811.9C27DB3@localhost> Message-ID: <20020315165646.GA681@akamai.com> On Fri, Mar 15, 2002 at 03:48:11PM -0000, Dick Gevers wrote: > Recently I started using GnuPG 1.0.6 under W2K, together with > GPGShell for Win v. 2.25. > > Neither on the command line nor in GPGShell can I see any > difference between a locally signed key and a key bearing an > exportable signature. I know which are which but I don't want to > remember it, I would like to be able to see which is what. > > Now the only difference I can find is when the key is exported, but > I would like to see it while the keys are on my pubring, either in > GPG and/or in GPGShell. GnuPG 1.0.7 shows a "L" between the "sig" and the keyid for local signatures. I don't know about GPGShell. GnuPG 1.0.7 is getting closer to release. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Fri Mar 15 18:00:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Mar 15 18:00:01 2002 Subject: Problem generating RSA keys In-Reply-To: <3C921CAA.30298.9D5C596@localhost> References: <3C921CAA.30298.9D5C596@localhost> Message-ID: <20020315165800.GC681@akamai.com> On Fri, Mar 15, 2002 at 04:09:14PM -0000, Dick Gevers wrote: > Recently I started using GnuPG 1.0.6 under W2K, together with > GPGShell for Win v. 2.25. > > Neither on the command line, nor in GPGShell can I generate RSA > keys or use other non-default algorithms, ciphers or hashes. I > looked through all the FAQ's, help files, man pages and Handbooks GnuPG 1.0.6 cannot generate RSA keys. That is a new feature in 1.0.7. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Fri Mar 15 18:08:02 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Mar 15 18:08:02 2002 Subject: fatal corruption with PGPKeys and GPG keyrings In-Reply-To: <200203151632.g2FGWF1S004371@jupiter.accesscable.net> ("Trevor Smith"'s message of "Fri, 15 Mar 2002 12:30:52 -0400") References: <200203151632.g2FGWF1S004371@jupiter.accesscable.net> Message-ID: <87elilahjv.fsf@alberti.gnupg.de> On Fri, 15 Mar 2002 12:30:52 -0400, Trevor Smith said: > C:\GnuPG>gpg --list-keys > gpg: read_keyblock: read error: invalid packet > gpg: enum_keyblocks(read) failed: invalid keyring Please run gpg --list-packets yourkeyring.pkr It should bail out at the same packet but you get a listing of all packets and by comparing it to a listing of an uncorrupted keyring you should be able to figure out. It might also be worth to use the option "--debug 1" > Does GnuPG not support what I'm trying to do (remove signatures)? Is It does. However sharing the keyring won't anymore work with forthcoming GnuPH versions. Werner From bart.martens@advalvas.be Fri Mar 15 19:13:02 2002 From: bart.martens@advalvas.be (Bart Martens) Date: Fri Mar 15 19:13:02 2002 Subject: Passphrase in the command line In-Reply-To: ; from schoech@iap-kborn.de on Fri, Mar 15, 2002 at 01:55:00PM +0000 References: <118172494594.20020315160143@vib.ru> Message-ID: <20020315192520.A1644@cable-195-162-214-95.upc.chello.be> On Fri, Mar 15, 2002 at 01:55:00PM +0000, Armin Schöch wrote: > > I have a question about the GPG's command line: > > How can I specify the passhprase in the command line? > > in the PGP 6.5.8 command-line there is option > > -z PASSPHRASE > > it is very usefull option in the scripts that automatic process > > encrypted mail > > And it's an FAQ: > echo PASSPHRASE | gpg --passphrase-fd=0 ...... > Check the manual: Unix/Linux "man gpg", Windows "gpg.man" or something > similar. > HTH, > Armin > Here it is --passphrase-fd 0 without the '='. From athlonrobnf@cs.com Fri Mar 15 21:55:01 2002 From: athlonrobnf@cs.com (AthlonRob) Date: Fri Mar 15 21:55:01 2002 Subject: ZLIB vulnerability References: <003101c1cc59$e67f69b0$6900a8c0@p1038mobile> Message-ID: <000a01c1cc63$58eb2a80$0101a8c0@robxp> Does GnuPG actually include zlib itself, or does it just require you have zlib on your system, and then utilize that? I just downloaded and compiled zlib 1.1.4 along with GnuPG yesterday, assuming GnuPG would use the updated zlib... was I mistaken? ----- Original Message ----- From: "Anton Stiglic" To: Sent: Friday, March 15, 2002 11:45 AM Subject: ZLIB vulnerability > > Hi all, > > this has maybe already been discussed here, but I haven't seen any mention > of it on www.gnupg.org. > > A colleague of mine pointed out to me that there is a security vulnerability > with zlib version < 1.1.4. > GnuPG 1.0.6 uses zlib version 1.1.3, so there is a security risk. > > See > http://www.gzip.org/zlib/advisory-2002-03-11.txt > > > They suggested replacing older versions of zlib with zlib version 1.1.4, > I would suggest a new version of GnuPG that comes with zlib v 1.1.4. > > --Anton > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From Weimer@CERT.Uni-Stuttgart.DE Fri Mar 15 22:17:01 2002 From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer) Date: Fri Mar 15 22:17:01 2002 Subject: ZLIB vulnerability In-Reply-To: <000a01c1cc63$58eb2a80$0101a8c0@robxp> ("AthlonRob"'s message of "Fri, 15 Mar 2002 12:52:36 -0800") References: <003101c1cc59$e67f69b0$6900a8c0@p1038mobile> <000a01c1cc63$58eb2a80$0101a8c0@robxp> Message-ID: <878z8th6ur.fsf@CERT.Uni-Stuttgart.DE> "AthlonRob" writes: > Does GnuPG actually include zlib itself, or does it just require you have > zlib on your system, and then utilize that? The source code includes a copy of zlib, but the build process uses the system zlib if available. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 From astiglic@okiok.com Fri Mar 15 22:59:01 2002 From: astiglic@okiok.com (Anton Stiglic) Date: Fri Mar 15 22:59:01 2002 Subject: ZLIB vulnerability References: <003101c1cc59$e67f69b0$6900a8c0@p1038mobile><000a01c1cc63$58eb2a80$0101a8c0@robxp> <878z8th6ur.fsf@CERT.Uni-Stuttgart.DE> Message-ID: <001001c1cc85$7a085e50$6900a8c0@p1038mobile> ----- Original Message ----- From: "Florian Weimer" To: Sent: Friday, March 15, 2002 1:13 PM Subject: Re: ZLIB vulnerability > "AthlonRob" writes: > > > Does GnuPG actually include zlib itself, or does it just require you have > > zlib on your system, and then utilize that? > > The source code includes a copy of zlib, but the build process uses > the system zlib if available. I happen to compile GnuPG under Windows (using Cygwin) where I don't have a system zlib, so it uses the one that comes with gnupg. The latest version of gnupg, 1.0.6, comes with zlib version 1.1.3 (which has the vulnerability). So I replaced the zlib library with zlib version 1.1.4 and recompiled my gnupg. --Anton From jmos@gmx.net Sat Mar 16 01:03:01 2002 From: jmos@gmx.net (jmos@gmx.net) Date: Sat Mar 16 01:03:01 2002 Subject: Question about mangling of passphrases Message-ID: <16775.1016236823@www42.gmx.net> Hello GnuPG Users! I wonder if it is safe to use GnuPG for symmetric encryption with 256 Bit cyphers. The problem I see is as follows: When someone uses symmetric only encryption GnuPG prompts for a passphrase. This passphrase is then hashed with an algorithm like RIPE-MD160 (whis is the default) into a 160 Bit hash value. This 160 Bit hash value (or part of it) is then used as a key for a symmetric cypher like BLOWFISH (whis has a key length of 128 Bit, so I assume the least significant 128 Bits of the hash value are being used). But what happens if someone uses a cypher with a key length of more than 160 Bit (e.g. 256 Bit) ? The hash value is too small to be used as the key for those cyphers. So how does GnuPG mangle the passphrase to yield a key with e.g. 256 Bit ? Does anyone have an answer to that ? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From athlonrobnf@cs.com Sat Mar 16 01:15:01 2002 From: athlonrobnf@cs.com (AthlonRob) Date: Sat Mar 16 01:15:01 2002 Subject: GnuPG in Linux... a little help for a Windoze user? Message-ID: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp> ------=_NextPart_000_0038_01C1CC3C.4CC864B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hey everybody- I joined this group hoping there would be information on running GnuPG under= Linux, with some reasonable front end. I'm having a hard time compiling an= ything at the moment (the front end I chose seems to really like Qt 1.4, whi= ch really doesn't like me). I've been using PGP under Win2K and WinXP (yeah= , I realize there are issues with XP, I do everything manually, so the only=20= problem is it might be using insecure memory and swapping, which I don't car= e about) for quite a while now and am happy with it. After reading for a day now, I'm seeing almost everybody uses Windows. Does= anybody have any advice for places to look for a PGP-like solution for Linu= x and information on how exactly to use it? I'd really appreciate some direction :-) Rob ------=_NextPart_000_0038_01C1CC3C.4CC864B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hey everybody-
 
I joined this group hoping there would be=20 information on running GnuPG under Linux, with some reasonable front end.&nb= sp;=20 I'm having a hard time compiling anything at the moment (the front end I cho= se=20 seems to really like Qt 1.4, which really doesn't like me).  I've been=20 using PGP under Win2K and WinXP (yeah, I realize there are issues with XP, I= do=20 everything manually, so the only problem is it might be using insecure memor= y=20 and swapping, which I don't care about) for quite a while now and am happy w= ith=20 it.
 
After reading for a day now, I'm seeing alm= ost=20 everybody uses Windows.  Does anybody have any advice for places to loo= k=20 for a PGP-like solution for Linux and information on how exactly to use=20 it?
 
I'd really appreciate some direction =20 :-)
 
Rob
------=_NextPart_000_0038_01C1CC3C.4CC864B0-- From agreene@pobox.com Sat Mar 16 01:37:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Sat Mar 16 01:37:02 2002 Subject: GnuPG in Linux... a little help for a Windoze user? In-Reply-To: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 15 Mar 2002, AthlonRob wrote: >I joined this group hoping there would be information on running GnuPG >under Linux, with some reasonable front end. I'm having a hard time >compiling anything at the moment (the front end I chose seems to really >like Qt 1.4, which really doesn't like me). I'm assuming you're taling about a GUI front end for GPG. I used tkpgp for a while, but it was not worth the trouble. I generally use GPG for email. I run pine and used it display/send filter functions to pipe the text through GPG. It sounds harder than it is. The bottom line is that after setting it up, Pine calls GPG automatically to handle in incoming signed and/or encrypted messages and I get an offer to sign or sign/encrypt each outgoing message. It just doesn't get much easier. If you use KMail or Evolution, GPG support is included. If you need to process files, the command line is simple: gpg --encrypt filename --recipient [userid substring OR keyid] gpg --sign filename gpg --clearsign textfile gpg --decrypt filename (automatically checks signature too) gpg --verify filename (automatically retrieves key if necessary) I spent some time looking for GUI front ends, but the commands are simple enough that I eventually concluded that it was a waste of time to spend hours fooling around with GUIs. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8kpMSpCpg3WyUI50RAvQ4AKCwo7z/l452uElzcAv+6zS14DFeMwCg3z6+ OuuhsUkdBfNEUM5dpTf/i7g= =ZNZU -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Sat Mar 16 02:01:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 16 02:01:02 2002 Subject: Question about mangling of passphrases In-Reply-To: <16775.1016236823@www42.gmx.net> References: <16775.1016236823@www42.gmx.net> Message-ID: <20020316005825.GA681@akamai.com> On Sat, Mar 16, 2002 at 01:00:23AM +0100, jmos@gmx.net wrote: > Hello GnuPG Users! > > I wonder if it is safe to use GnuPG for symmetric encryption with 256 Bit > cyphers. > The problem I see is as follows: > > When someone uses symmetric only encryption GnuPG prompts for a > passphrase. This passphrase is then hashed with an algorithm like > RIPE-MD160 (whis is the default) into a 160 Bit hash value. This > 160 Bit hash value (or part of it) is then used as a key for a > symmetric cypher like BLOWFISH (whis has a key length of 128 Bit, so > I assume the least significant 128 Bits of the hash value are being > used). But what happens if someone uses a cypher with a key length > of more than 160 Bit (e.g. 256 Bit) ? The hash value is too small > to be used as the key for those cyphers. So how does GnuPG mangle > the passphrase to yield a key with e.g. 256 Bit ? What happens is there are multiple hashes done so there will always be enough bits of hash to fill in the key bits. Each additional hash beyond the first is preloaded with an increasing number of zeroes to force the resulting hash to be different. This is documented in RFC-2440, if you want to read more about it. Look for the "String-to-key (S2K) specifiers" section. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From graham.todd@ntlworld.com Sat Mar 16 03:51:01 2002 From: graham.todd@ntlworld.com (Graham Todd) Date: Sat Mar 16 03:51:01 2002 Subject: GnuPG in Linux... a little help for a Windoze user? In-Reply-To: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp> References: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp> Message-ID: <20020316024843.LWQD7000.mta06-svc.ntlworld.com@there> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 16 March 2002 12:13 am, you uttered these words of widom regarding GnuPG in Linux... a little help for a Windoze user?: > Hey everybody- > [snipped] > > After reading for a day now, I'm seeing almost everybody uses > Windows. Does anybody have any advice for places to look for a > PGP-like solution for Linux and information on how exactly to use it? > > I'd really appreciate some direction :-) > > Rob The latest version of PGP that has been released for Linux is PGP 6.5.8, and then only for the commandline. GPG is also a commandline program. In fact, there is nothing in Linux approaching the flexibility and functions of PGP with the GUI (nor may I add, I've not come across anything even approaching GPGShell [a Windows front end for GPG] in Linux). The reason for this is mainly the key management functions, which are (sadly) missing from most front ends in Linux, and the ability to encrypt/sign/decrypt/verify text in a window having the focus. The nearest thing that there is to it is to use an emailer like Kmail, Evolution, or Xfmail with built in support for PGP and GPG, but of course these will only deal with encryption/ signing/ decryption/ verification, not with key management. There are some front ends that will enable you to keep your keyrings up to date, Seahorse and Geheimnis amongst them and they are useful to have about, but not all-embracing..... - -- Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE8krM6IwtBZOk1250RAjdnAKCo640SdTBVs3XzhRbqDQxnjx9JGQCgmRjR 1v6O9JKFK6fJmvRYX4rsttU= =529p -----END PGP SIGNATURE----- From ddm@pizzashack.org Sat Mar 16 05:28:01 2002 From: ddm@pizzashack.org (Derek D. Martin) Date: Sat Mar 16 05:28:01 2002 Subject: Strange PGP server problem Message-ID: <20020315232450.J6168@pizzashack.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've come across a problem I'm not really sure how to fix. It may not be a gpg problem per se, but a problem with the PGP servers. To make a long story short, I have two different versions of my pgp key -- each with a different valid encryption subkey. The old key is no good, and no one can get the new key, because the pgp servers seem to have problems with the key. Now, the longer version: Today, I updated my key by creating a new 4K Elgamal encryption key, and revoking my old encryption subkey. I also had a number of UIDs that are no longer valid, so I revoked the signature on those. Note that I'm pretty sure the 4K size of the key is not the problem, as I created another key of 4K today, which I had no trouble with. I uploaded the new version of my key to the keyserver at pgp.mit.edu, and checked that the new key was reflected in querries. Well, it had completely disappeared! Ok, not completely. If I searched on my name, the key doesn't show up. If I search by key ID, it does show up. On my system, the key seems fine: $ gpg --list-key ddm pub 1024D/81CFE75D 2000-10-29 Derek Martin uid [revoked] Derek Martin uid [revoked] Derek Martin sub 4096g/F73655D5 2002-03-16 [expires: 2003-03-16] sub 1024g/22E368D9 2000-10-29 Except when I try to edit the key: $ gpg --edit ddm gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: no secret subkey for public subkey 22E368D9 - ignoring Secret key is available. pub 1024D/81CFE75D created: 2000-10-29 expires: never trust: f/u sub 4096g/F73655D5 created: 2002-03-16 expires: 2003-03-16 sub 1024g/22E368D9 created: 2000-10-29 expires: never (1). Derek Martin (2) [revoked] Derek Martin (3) [revoked] Derek Martin [note the "no secret key" message for my old subkey] If I then, from another account that does not have my gpg keyring in it run $ gpg --keyserver pgp.mit.edu --recv-key 0x81CFE75D I get the following messages from gpg: $ gpg --keyserver pgp.mit.edu --recv-keys 81CFE75D gpg: requesting key 81CFE75D from pgp.mit.edu ... gpg: key 81CFE75D: invalid subkey binding gpg: key 81CFE75D: public key imported gpg: Total number processed: 1 gpg: imported: 1 I'm suspecting this may be caused by the missing secret subkey for key id 0x22E368D9. I have a back up copy of the old key, which looks like this: $ gpg --edit-key ddm Secret key is available. pub 1024D/81CFE75D created: 2000-10-29 expires: never trust: -/u sub 1024g/22E368D9 created: 2000-10-29 expires: never (1) Derek Martin (2) Derek Martin (3). Derek Martin I've tried numerous combinations of exporting and importing the secret keys and public keys, and while I can import the public side of the old encryption key, I can not import the corresponding secret key: $ ssh otherhost gpg --export-secret-keys -a |gpg --import --allow-secret ddm@otherhost's password: gpg: key 81CFE75D: already in secret keyring gpg: Total number processed: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 I think this may be a bug; gpg seems to be failing to detect that there's a new secret subkey in the exported key, and isn't importing it. During one of my iterations, I removed the old encryption key and the revoked UIDs, and I was then able to --recv-key the key after uploading it to the server. However, at that point, the key stopped showing up in searches on my name (it does still show up in searches on the key id). I did some more goofing around, and the key is showing up in searches again, but now it can't be imported (the public encryption subkey won't import). So, basically, it seems like I have two different useless keys. Obviously I don't want to create a whole new key, as a) it's a pain to generate long keys, b) I'll have to get people to sign my key all over again, c) I already have a couple of old keys I can't access out there. So I'd really, really, really like to recover this key to make it usable. AAAAGGGGGGHHHH! While I'm waiting for the gurus to soothsay me an answer, I'm going to hit the Bailey's. Happy St. Patricks Day! =8^) - -- Derek Martin ddm@pizzashack.org - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8kskOdjdlQoHP510RAk/WAJ0U7AwQzcq14fA4ew2F9NVHyuBxYACZAcCl 4d5U39wlLoCUuUutxMyRAk4= =pbbW -----END PGP SIGNATURE----- From ddm@pizzashack.org Sat Mar 16 05:42:01 2002 From: ddm@pizzashack.org (Derek D. Martin) Date: Sat Mar 16 05:42:01 2002 Subject: gpg subkeys, revisited Message-ID: <20020315233857.A6820@pizzashack.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I missed it the first time, but it sounds like I'm having the same exact problem as Douglas Calvert had a couple of weeks ago: http://lists.gnupg.org/pipermail/gnupg-users/2002-March/012088.html Except mine's slightly worse, because the key server evidently has a bogus version of my key, so no one can get my new encryption subkey. Hey Douglas, ever get your situation straightened out? Thanks - -- Derek Martin ddm@pizzashack.org - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8ksxgdjdlQoHP510RAg5hAKCon58DzxfVVlrF6q3IVaCPaHDeBACfZlJI S0L2VTFrTI83he8ZFv5ckFE= =mc5Z -----END PGP SIGNATURE----- From athlonrobnf@cs.com Sat Mar 16 05:50:01 2002 From: athlonrobnf@cs.com (AthlonRob) Date: Sat Mar 16 05:50:01 2002 Subject: GnuPG in Linux... a little help for a Windoze user? References: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp> <20020316024843.LWQD7000.mta06-svc.ntlworld.com@there> Message-ID: <00ae01c1cca5$b30628c0$0101a8c0@robxp> > verification, not with key management. There are some front ends that > will enable you to keep your keyrings up to date, Seahorse and > Geheimnis amongst them and they are useful to have about, but not > all-embracing..... Geheimnis refuses to compile here! IT IS DRIVING ME INSANE! ./configure refuses to use whatever default C++ compiler Slackware comes with. I think it comes with g++... but could be mistaken. Either way, it refuses to use it. I'm currently *trying* to work with GPA. Not having much luck. I really really really want to import my entire keyring from PGP to GPG, but am thinking that isn't possible. If I can't do that, I would at least like to be able to import my private keys... but heck, I can't even do that. Nevermind, just got that working (manually, from the command line, importing private keys)... things are looking up a bit. I love this stuff! :-) Rob ----- Original Message ----- From: "Graham Todd" To: Sent: Friday, March 15, 2002 6:51 PM Subject: Re: GnuPG in Linux... a little help for a Windoze user? > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Saturday 16 March 2002 12:13 am, you uttered these words of widom > regarding GnuPG in Linux... a little help for a Windoze user?: > > > Hey everybody- > > > [snipped] > > > > After reading for a day now, I'm seeing almost everybody uses > > Windows. Does anybody have any advice for places to look for a > > PGP-like solution for Linux and information on how exactly to use it? > > > > I'd really appreciate some direction :-) > > > > Rob > > The latest version of PGP that has been released for Linux is PGP > 6.5.8, and then only for the commandline. GPG is also a commandline > program. In fact, there is nothing in Linux approaching the > flexibility and functions of PGP with the GUI (nor may I add, I've not > come across anything even approaching GPGShell [a Windows front end for > GPG] in Linux). > > The reason for this is mainly the key management functions, which are > (sadly) missing from most front ends in Linux, and the ability to > encrypt/sign/decrypt/verify text in a window having the focus. > > The nearest thing that there is to it is to use an emailer like Kmail, > Evolution, or Xfmail with built in support for PGP and GPG, but of > course these will only deal with encryption/ signing/ decryption/ > verification, not with key management. There are some front ends that > will enable you to keep your keyrings up to date, Seahorse and > Geheimnis amongst them and they are useful to have about, but not > all-embracing..... > - -- > > Graham > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: Please sign and encrypt for internet privacy > > iD8DBQE8krM6IwtBZOk1250RAjdnAKCo640SdTBVs3XzhRbqDQxnjx9JGQCgmRjR > 1v6O9JKFK6fJmvRYX4rsttU= > =529p > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From dhlee@flynara.co.kr Sat Mar 16 06:18:02 2002 From: dhlee@flynara.co.kr (ÇöóÀ×À¥³ª¶ó) Date: Sat Mar 16 06:18:02 2002 Subject: °¢Á¾ ¹®¼­¸¦ PDF·Î º¯È¯ÇØ µå¸³´Ï´Ù(±¤..°í) Message-ID: Untitled Document
¡Ø º» ¸ÞÀÏÀº ¹ß½Å Àü¿ëÀ̹ǷΠ¼ö½ÅÀ» ¿øÇÏÁö ¾ÊÀ¸½Ã¸é ¿©±â ¸¦ ´­·¯ ÁÖ¼¼¿ä.
From douglist@anize.org Sat Mar 16 09:42:01 2002 From: douglist@anize.org (Douglas F. Calvert) Date: Sat Mar 16 09:42:01 2002 Subject: schneier on bernstiens work Message-ID: <1016268495.16321.5.camel@allevil> --=-HzW9Sfsy+NUP87Y3mwgy Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello. I recently posted a question about bernsteins facorting work. Schneier talks about the paper in the latest cryptogram. It is a little off topic for the list but still interesting... go to counterpane.com for latest cryptogram (i am too lazy to link) --BEGIN CRYPTO-GRAM Bernstein's Factoring Breakthrough? Last fall, mathematician Dan Bernstein circulated a paper discussing improvements in integer factorization, using specialized parallel hardware. The paper didn't get much attention until recently, when discussions sprang up on SlashDot and other Internet forums about the results. A naive read of the paper implies that factoring is now significantly easier using the machine described in the paper, and that keys as long as 2048 bits can now be broken. This is not the case. The improvements described in Bernstein's paper are unlikely to produce the claimed speed improvements for practically useful numbers. Currently the fastest factoring algorithm is the Number Field Sieve (NFS), which supplanted the Quadratic Sieve several years ago.=20 Basically, the NFS has two phases. The first is a search for equations that satisfy certain mathematical properties. This step is highly parallelizable, and today is routinely done with thousands of computers. The second step is a large matrix calculation, which eventually produces the prime factors of the target number. Bernstein attempts to improve the efficiency of both steps. There are some good observations here that will result in some minor speedups in factoring, but the enormous improvements claimed are more a result of redefining efficiency than anything else. Bernstein positions his results as an effect of massive parallization. To me, this is misleading. You can always simulate a parallel machine on a single computer by using a time-sliced architecture. In his model, the "cost" of factoring is a product of time and space, and he claims that he can reduce the cost of parallel sorting from a factor of m^4 to m^3.=20 Bernstein justifies his assumptions by claiming that a single processor needs m^2 memory, whereas an array of m^2 processors only needs constant memory. This may be true, but neglects to factor in the cost associated with connecting those processors: tying a million simple processors together is much more expensive than using a single processor of the same design with a mi llion bits of memory. Again, it is not clear that this technique will buy you anything for practical sized numbers. To be sure, Bernstein does not say anything different. (In fact, I commend him for not being part of the hyperbole.) His result is asymptotic. This means that it is eventually true, as the size of the number factored approaches infinity. This says nothing about how much more efficient Bernstein's algorithm is, or even whether or not it is more efficient than current techniques. Bernstein himself says this in one of his posts: "Protecting against [these techniques] means switching from n-bit keys to f(n)-bit keys. I'd like to emphasize that, at this point, very little is known about the function f. It's clear that f(n) is approximately (3.009...)n for *very* large sizes n, but I don't know whether f(n) is larger than n for *useful* sizes n." What he means is: at some bit length these techniques will be useful, but we have no idea what that bit length is. I don't believe in the factor of n - 3n length improvement. Any practical implementation of these techniques depends heavily on complicated technological assumptions and tradeoffs. Parallel computing is much easier to say than it is to do, and there are always hidden complexities. I think when all the math is said and done, these other complexities will even out his enhancements. This is not to belittle Bernstein's work. This is good research. I like his novel way of using sorting techniques to carry out the linear algebra part. This might be useful in a variety of other contexts, and is likely to open up new research directions in the design of more efficient sorting networks and sparse matrix algorithms. There are other speed improvements to the NFS in this paper, and they will most definitely be researched further. Over the past several decades factoring has steadily gotten easier, and it's gotten easier faster than anyone would have believed. Speed improvements have come from four sources. One, processors have gotten faster. Two, processors have gotten cheaper and easier to network in parallel computations. Three, there have been steady flows of minor improvements to the factoring algorithms. And four, there have been fundamental advances in the mathematics of factoring. I believe that Bernstein's work falls under the third category, and takes advantage of ancillary improvements in the second category. And if history is any guide, it will be years before anyone knows exactly whether, and how, this work will affect the actual factoring of practical numbers. Bernstein Paper: --=20 +---------------+-----------------------------------+ |Douglas Calvert| http://anize.org/dfc | | dfc@anize.org | http://imissjerry.org | +---------------+-----------------------------------+ | If you use envelopes, why not use encryption? | | http://anize.org/dfc/dfc-keys.asc | | 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 | +-------------| http://www.gnupg.org |--------------+ --=-HzW9Sfsy+NUP87Y3mwgy Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8kwbPt5YHPclUH7IRAnQVAJ9vKoxYOuOMUg3gex9XK3ckNZC6FgCghtZ8 KVqEteqo6JC03EE6Vu9oM6Q= =7tLI -----END PGP SIGNATURE----- --=-HzW9Sfsy+NUP87Y3mwgy-- From ddm@pizzashack.org Sat Mar 16 18:45:03 2002 From: ddm@pizzashack.org (Derek D. Martin) Date: Sat Mar 16 18:45:03 2002 Subject: gpg subkeys, revisited In-Reply-To: <1016257151.16327.1.camel@allevil> References: <20020315233857.A6820@pizzashack.org> <1016257151.16327.1.camel@allevil> Message-ID: <20020316124152.A7155@pizzashack.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At some point hitherto, Douglas Calvert hath spake thusly: > On Fri, 2002-03-15 at 23:38, Derek D. Martin wrote: > > I missed it the first time, but it sounds like I'm having the same > > exact problem as Douglas Calvert had a couple of weeks ago: [SNIP] > No dice. There is a problem with the keyservers. They cannot handle > multiple subkeys. [SNIP] Ok thanks, but well, my problem is a bit more involved than just that. Basically the problem is that on the machine that I read mail, I accidentally deleted my old encryption subkey. I still have other subkeys on that keyring associated with my signing key (0x81CFE75D) that I need to keep. But obviously, I want to keep my old encryption key around, so I can decrypt messages that are sent to me by people who haven't yet gotten the new subkey from me, or forgot to import it, or for messages I already have hanging around... I have a copy of the old subkey on another machine. That old keyring does not have the other subkeys that I wish to keep. What I need to do is merge the two keyrings. I can do this with the PUBLIC subkeys no problem. However, GPG will not let me incorporate the SECRET subkey, no matter what I try. I've tried using both --export-secret-key and --export-secret-subkey on the export side of things, and I always use --allow-secret on the import side, but I only get error messages from gpg as such: $ ssh otherhost gpg -a --export-secret-subkey ddm |gpg --allow-secret --import ddm@otherhost's password: gpg: key 81CFE75D: already in secret keyring gpg: Total number processed: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 So, gpg seems to fail to realize that there are subkeys in the exported block that are not in the local copy, and refuses to import them. Whether or not this is intended behavior, I think this is a bug. Otherwise, there's no way to recover accidentally deleted subkeys, and if you DO accidentally delete a subkey, your options would be to maintain two different keyrings (one with the deleted one and the other with all the other keys), or throw up your hands in frustration and generate a whole new key. And if you have old messages that you still need to decrypt with the old key, the latter isn't even really an option. Neither of those options is ideal. IMO, the best solution is for gpg to allow the import of secret subkeys. Please note: I'm not on gnupg-devel, so please CC me ONLY if your reply is going to be ONLY on that list (I'm on gnupg-users). Thanks. - -- Derek Martin ddm@pizzashack.org - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8k4PedjdlQoHP510RAoVjAKCbgELUN80DO5xj+/Stl6luJpsM7QCeK+7L 7fTlskD+WiOs0fQjNcXkezM= =IgBT -----END PGP SIGNATURE----- From sandy@montana-riverboats.com Sat Mar 16 21:04:01 2002 From: sandy@montana-riverboats.com (Sandy Pittendrigh) Date: Sat Mar 16 21:04:01 2002 Subject: difficulty at the beginning Message-ID: <3C9251B6.5020907@montana-riverboats.com> This is a multi-part message in MIME format. --------------010506040505040900070203 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit --------------010506040505040900070203 Content-Type: text/plain; name="gnupg" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="gnupg" I need to send encrypted mail from a webserver/domain host down to my desck top. My domain provider doesn't have pgp or gpg installed. So I obtained the following tar.gz sources: gnupg-1.0.6.tar.gz pgpgpg-0.13.tar.gz I untarred them, configured and compiled both sources, on both my desk top machine and at the virtual domain where my website exists. I used configure --prefix=/home/me --exec-prefix=/home/me make make install ....on both boxes. Then, at desktop : pgp -kg ....several steps omitted. pgp -kx me@mydomain.com ....which produced me.pgp The I used scp to to send me.pgp up to the webserver Then, at virtual domain: pgp -kg ....several steps omitted, using email address that reflects the name web processes run as on my site pgp -ka me.pgp .....which produced gpg: Warning: using insecure memory! gpg: key 60F87D7B: unsupported public key algorithm gpg: key 60F87D7B: no valid user IDs gpg: this may be caused by a missing self-signature gpg: key ACC7F0DF: unsupported public key algorithm gpg: key ACC7F0DF: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 2 gpg: w/o user IDs: 2 Where do I go from here? --------------010506040505040900070203-- From mutz@kde.org Sat Mar 16 21:29:01 2002 From: mutz@kde.org (Marc Mutz) Date: Sat Mar 16 21:29:01 2002 Subject: zlib bug In-Reply-To: <20020314224259.GA14391@wizard.com> References: <20020314224259.GA14391@wizard.com> Message-ID: <200203151930.28619@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 14 March 2002 23:42, A Guy Called Tyketto wrote: > but it would be in one's best interest, to uninstall GnuPG, update > your zlib, and recompile GnuPG against it. I played it safe and > recompiled against zlib 1.1.4, so I know my binaries aren't affected > by the bug. Beeeep. Uninstall? What for? Just update your zlib with the dirtibutor's=20 rpm/deb's and be done. Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8kj3D3oWD+L2/6DgRAiqYAJ0cGZKsmlU9VyeIpUezxnT88F3vUACdEsof JifUnkn1UM59QHu4bmIC5NQ=3D =3D6SkJ -----END PGP SIGNATURE----- From rmartini@cipsga.org.br Sat Mar 16 22:53:01 2002 From: rmartini@cipsga.org.br (Renato Martini) Date: Sat Mar 16 22:53:01 2002 Subject: zlib bug In-Reply-To: <20020314220945.GA2799@mcdonald.org.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Thu, 14 Mar 2002, Andrew McDonald wrote: > Date: Thu, 14 Mar 2002 22:09:45 +0000 > From: Andrew McDonald > To: mailing List gnupg-users > Subject: Re: zlib bug > > On Fri, Mar 15, 2002 at 06:10:59PM -0300, Renato Martini wrote: > > > > The GnuPG uses the zlib library (release 1.1.3), and the > > systems affected are "any software that is linked to > > zlib 1.1.3 or earlier", or "data compression libraries derived from zlib 1.1.3 or > > earlier may contain a similar bug". > > > > > > The gpg is affected by this bug in zlib? > > The zlib library inside the GnuPG package or in the CVS will be changed? > > Note that, as you are running Linux, it is quite likely that your gpg is > dynamically linked against the zlib libraries you probably have > installed on your system. You can check this with, e.g.: No Linux... I compile GnuPG Unices releases (SCO OpenServer, UnixWare, Solaris x86 etc etc), and I compile these packages statically linked with the zlib available inside the gpg sources. This is the problem for me. best regards - --------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br - ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8lRB/YogE2yD8bPYRA+rdAKCg4UkPLvB9aiB+1VHA9spZtTVscQCgiGR8 WjGm0s+A4HjcMzIy0r5iCM0= =i5Vb -----END PGP SIGNATURE----- From andrew@mcdonald.org.uk Sat Mar 16 23:16:02 2002 From: andrew@mcdonald.org.uk (Andrew McDonald) Date: Sat Mar 16 23:16:02 2002 Subject: zlib bug In-Reply-To: References: <20020314220945.GA2799@mcdonald.org.uk> Message-ID: <20020316221424.GE361@mcdonald.org.uk> --AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 17, 2002 at 06:53:57PM -0300, Renato Martini wrote: > On Thu, 14 Mar 2002, Andrew McDonald wrote: > > > > Note that, as you are running Linux, it is quite likely that your gpg is > > dynamically linked against the zlib libraries you probably have > > installed on your system. You can check this with, e.g.: >=20 > No Linux... The guess you were writing that e-mail on Linux was from the pine message ID which was of the form: > I compile GnuPG Unices releases (SCO OpenServer, UnixWare, Solaris x86 et= c etc), > and I compile these packages statically linked with the zlib available > inside the gpg sources. Werner sent an e-mail to gnupg-announce (Bcc'ed I think to gnupg-devel) on 2002-03-15 supplying a patch. I can find it in the gnupg-devel archives, but not gnupg-announce as yet. See: --=20 Andrew McDonald E-mail: andrew@mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ --AhhlLboLdkugWU4S Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8k8PA/LupyPLe7TYRArqDAJ0eaU13uo7aRPHFs2624ntTpXNyVwCghnzf j7gdEbY5Sw4NxJELukK7C9g= =0KqV -----END PGP SIGNATURE----- --AhhlLboLdkugWU4S-- From teenieberry@worldnet.att.net Sun Mar 17 00:01:01 2002 From: teenieberry@worldnet.att.net (FRANK HUBENY) Date: Sun Mar 17 00:01:01 2002 Subject: zlib bug References: <20020314224259.GA14391@wizard.com> <200203151930.28619@sendmail.mutz.com> Message-ID: <000901c1cd3f$3dc1f680$a3e96620@teeniebe9euk8d> Hello Users; Has the Windows download at the "gnupg" web - site been recompiled with the new library. If not is there a expected release date. Also will this be reflected in a different version number. <>< Frank D. Hubeny From ftobin@neverending.org Sun Mar 17 00:21:02 2002 From: ftobin@neverending.org (Frank Tobin) Date: Sun Mar 17 00:21:02 2002 Subject: nofgpg Message-ID: <20020316181552.M4261-100000@palanthas.neverending.org> I just noticed this project: NOFGPG (No One Fears GPG) is a small python-gnome gpg's key manager. http://www.cgabriel.org/sw/nofgpg/ It might be of interest to some users here. -- Frank Tobin http://www.neverending.org/~ftobin/ From jmos@gmx.net Sun Mar 17 01:40:01 2002 From: jmos@gmx.net (jmos@gmx.net) Date: Sun Mar 17 01:40:01 2002 Subject: Problem with --not-dash-escaped Message-ID: <17261.1016325475@www52.gmx.net> Hello All! Is there a problem with 'gpg --not-dash-escaped --clearsign ...' under Windows ? When I sign a message with the above command I don't get any error messages. But when I check the signature afterwards with 'gpg --verify ...' I always get the message : Invalid signature. I use GnuPG 1.0.6 under Windows 98. (The binary distribution from http://www.gnupg.org/download.html). Can anyone help ? P.S: I didn't send the signed message via email and it didn't contain 5 dashes at the beginning of a line, so that is not the problem -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From jmos@gmx.net Sun Mar 17 02:03:01 2002 From: jmos@gmx.net (jmos@gmx.net) Date: Sun Mar 17 02:03:01 2002 Subject: Question about mangling of passphrases Message-ID: <27517.1016326847@www52.gmx.net> On Sat, Mar 16, 2002 at 01:00:23AM +0100, jmos@gmx.net wrote: >>Hello GnuPG Users! >> >> I wonder if it is safe to use GnuPG for symmetric encryption with 256 Bit >> cyphers. >> The problem I see is as follows: >> >> When someone uses symmetric only encryption GnuPG prompts for a >> passphrase. This passphrase is then hashed with an algorithm like >> RIPE-MD160 (whis is the default) into a 160 Bit hash value. This >> 160 Bit hash value (or part of it) is then used as a key for a >> symmetric cypher like BLOWFISH (whis has a key length of 128 Bit, so >> I assume the least significant 128 Bits of the hash value are being >> used). But what happens if someone uses a cypher with a key length >> of more than 160 Bit (e.g. 256 Bit) ? The hash value is too small >> to be used as the key for those cyphers. So how does GnuPG mangle >> the passphrase to yield a key with e.g. 256 Bit ? >What happens is there are multiple hashes done so there will always be >enough bits of hash to fill in the key bits. Each additional hash >beyond the first is preloaded with an increasing number of zeroes to >force the resulting hash to be different. >This is documented in RFC-2440, if you want to read more about it. >Look for the "String-to-key (S2K) specifiers" section. >David O.K. Thanks David! Could this process be used to "emulate" a stronger Hash algorithm (one with a hash value with more than 160 bit) ? Let me explain this: In the GnuPG FAQ section 4.1 one can read the following: "1024 bit for DSA signatures; even for plain ElGamal signatures this is sufficient as the size of the hash is probably the weakest link if the key size is larger than 1024 bits." So If this process could be used to "emulate" a hash with a greater size it would not be anymore the weakest link and it would make sense to use DSA keys with more than 1024 bit. I guess this is nonsense but could you please tell why the above process of taking multiple hashes to fill in a symmetric key is safe and why it is not safe to use the same process to generate a hash with a greater size so that it would make sense to use greater key sizes for DSA ? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From disastry@saiknes.lv.NO.SPaM.NET Sun Mar 17 12:37:01 2002 From: disastry@saiknes.lv.NO.SPaM.NET (disastry@saiknes.lv.NO.SPaM.NET) Date: Sun Mar 17 12:37:01 2002 Subject: ZLIB and Cygwin (was: Re: ZLIB vulnerability) Message-ID: <3C947E41.90CB9646@saiknes.lv.NO.SPaM.NET> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Anton Stiglic astiglic@okiok.com wrote: > > > "AthlonRob" writes: > > > > > Does GnuPG actually include zlib itself, or does it just require you have > > > zlib on your system, and then utilize that? > > > > The source code includes a copy of zlib, but the build process uses > > the system zlib if available. > > I happen to compile GnuPG under Windows (using Cygwin) where > I don't have a system zlib, so it uses the one that comes with gnupg. > The latest version of gnupg, 1.0.6, comes with zlib version 1.1.3 > (which has the vulnerability). So I replaced the zlib library with > zlib version 1.1.4 and recompiled my gnupg. > --Anton actually you may be wrong: Cygwin have zlib - cygz.dll and GPG compiled with Cygwin uses it (I just checked with depends.exe) so you need newer cygz.dll. (unless you compile GPG with --with-included-zlib switch) __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBPJRiHjBaTVEuJQxkEQPDrACgsqr20xSOr6dZJqt+iFM+3NrVFisAoOS+ 8W2rnwlFmc1sI3GWYvgSeMdQ =JRd7 -----END PGP SIGNATURE----- From disastry@saiknes.lv.NO.SPaM.NET Sun Mar 17 12:41:02 2002 From: disastry@saiknes.lv.NO.SPaM.NET (disastry@saiknes.lv.NO.SPaM.NET) Date: Sun Mar 17 12:41:02 2002 Subject: Problem with --not-dash-escaped Message-ID: <3C94806C.5D3A39DF@saiknes.lv.NO.SPaM.NET> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message jmos@gmx.net wrote: > Is there a problem with 'gpg --not-dash-escaped --clearsign ...' under > Windows ? > > When I sign a message with the above command I don't get any error > messages. But when I check the signature afterwards with > 'gpg --verify ...' I always get the message : Invalid signature. I get good sig. for my this msg too. gpg1.0.6, win2k. > I use GnuPG 1.0.6 under Windows 98. (The binary distribution from > http://www.gnupg.org/download.html). __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) iD8DBQE8lIBKMFpNUS4lDGQRAuSbAJwJi1Q4kiWn/0Cctde62Y65Yox0wgCbB3eC VGen36OF5S/afw9Pct7iZZs= =W1en -----END PGP SIGNATURE----- From andrew@mcdonald.org.uk Sun Mar 17 16:12:01 2002 From: andrew@mcdonald.org.uk (Andrew McDonald) Date: Sun Mar 17 16:12:01 2002 Subject: zlib bug In-Reply-To: <000901c1cd3f$3dc1f680$a3e96620@teeniebe9euk8d> References: <20020314224259.GA14391@wizard.com> <200203151930.28619@sendmail.mutz.com> <000901c1cd3f$3dc1f680$a3e96620@teeniebe9euk8d> Message-ID: <20020317150940.GA13589@mcdonald.org.uk> On Sat, Mar 16, 2002 at 06:06:31PM -0500, FRANK HUBENY wrote: > > Has the Windows download at the "gnupg" web - site been recompiled with > the new library. If not is there a expected release date. Also will > this be reflected in a different version number. I believe that the gnupg-w32-1.0.6-2.zip on ftp.gnupg.org is the updated version. -- Andrew McDonald E-mail: andrew@mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ From teenieberry@worldnet.att.net Sun Mar 17 17:41:01 2002 From: teenieberry@worldnet.att.net (FRANK HUBENY) Date: Sun Mar 17 17:41:01 2002 Subject: zlib bug References: <20020314224259.GA14391@wizard.com> <200203151930.28619@sendmail.mutz.com> <000901c1cd3f$3dc1f680$a3e96620@teeniebe9euk8d> <20020317150940.GA13589@mcdonald.org.uk> Message-ID: <000b01c1cdd3$5240b350$bae96620@teeniebe9euk8d> Hello users; Thank you for the responses " :) " Just checked, old file in my archive is " version 1.0.6 ", new one has -2 on end and new "gpg.exe dated 03-15-02. <>< Frank D. Hubeny From teenieberry@worldnet.att.net Sun Mar 17 17:52:01 2002 From: teenieberry@worldnet.att.net (FRANK HUBENY) Date: Sun Mar 17 17:52:01 2002 Subject: gpg 106-2 Message-ID: <000b01c1cdd4$ea106b70$bae96620@teeniebe9euk8d> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Users; The new release for windows seems to have cleared up a problem I had with automatically retreiving keys when I derypt / verify e-mail. I was usein "106", with "WinPT" and W2k. I have just retreveived two keys with out any errors from "WinPT". I suppose a longer period of time wil tell for sure. But before it never happened. <>< -----BEGIN PGP SIGNATURE----- iD8DBQE8lMsSg8sEqRPmPjoRArPoAJ9To12UHBfueX1j6XOPdOi7LXY6swCgsIFr S4esYkUuzP5YVe4emvzs0Go= =53ZY -----END PGP SIGNATURE----- From rmartini@cipsga.org.br Sun Mar 17 19:29:01 2002 From: rmartini@cipsga.org.br (Renato Martini) Date: Sun Mar 17 19:29:01 2002 Subject: zlib bug In-Reply-To: <20020316221424.GE361@mcdonald.org.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Sat, 16 Mar 2002, Andrew McDonald wrote: > Date: Sat, 16 Mar 2002 22:14:24 +0000 > From: Andrew McDonald > To: mailing List gnupg-users > Cc: Renato Martini > Subject: Re: zlib bug > > > No Linux... > > The guess you were writing that e-mail on Linux was from the pine > message ID which was of the form: Yes! I work at a Gnu/Linux box. But, I maintain a web site called "GnuPG for Unix" (http://gnupg.unixsecurity.com.br). This site make available many gpg Unices packages... > > I compile GnuPG Unices releases (SCO OpenServer, UnixWare, Solaris x86 etc etc), > > and I compile these packages statically linked with the zlib available > > inside the gpg sources. > > Werner sent an e-mail to gnupg-announce (Bcc'ed I think to gnupg-devel) > on 2002-03-15 supplying a patch. I can find it in the gnupg-devel > archives, but not gnupg-announce as yet. See: > > Okay! Thanks Andrew, I read this... best regards - --------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br - ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8ljJgYogE2yD8bPYRAy36AJ4ri9N8pUbqnfFuXE3gQOTshM2r5ACguDqJ g/HQyBEmROnP5Oj6nzqFKbs= =Qbe6 -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Sun Mar 17 23:57:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Mar 17 23:57:01 2002 Subject: Problem with --not-dash-escaped In-Reply-To: <17261.1016325475@www52.gmx.net> References: <17261.1016325475@www52.gmx.net> Message-ID: <20020317225430.GA24342@akamai.com> On Sun, Mar 17, 2002 at 01:37:55AM +0100, jmos@gmx.net wrote: > Hello All! > > Is there a problem with 'gpg --not-dash-escaped --clearsign ...' under > Windows ? > > When I sign a message with the above command I don't get any error > messages. But when I check the signature afterwards with > 'gpg --verify ...' I always get the message : Invalid signature. > > I use GnuPG 1.0.6 under Windows 98. (The binary distribution from > http://www.gnupg.org/download.html). > > Can anyone help ? > > P.S: I didn't send the signed message via email and it didn't contain > 5 dashes at the beginning of a line, so that is not the problem Can you post a short sample signature that did not work? Also, sort of key are you signing with? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From blais@iro.umontreal.ca Mon Mar 18 04:12:02 2002 From: blais@iro.umontreal.ca (Martin Blais) Date: Mon Mar 18 04:12:02 2002 Subject: problem with unix user id and default key In-Reply-To: References: Message-ID: <20020318030925.DFUQ21605.tomts6-srv.bellnexxia.net@there> hi all i have a funny problem: when my unix username matches one of the keys in the public keyring, which is not the key for which i have a private key, i seem to have problems with the trust path. it's as if gpg always thinks that that key is the owner's key and barks everytime i need to encrypt, e.g. my username is "blais". when i create a db with a secret key for user your_name, e.g. ,---- | tadora:~$ gpg --list-keys | /home/blais/.gnupg/pubring.gpg | ------------------------------ | pub 1024D/5C3DC372 2002-03-17 Your Name | uid Your Name | sub 1024g/8D5850AB 2002-03-17 | | tadora:~$ `---- then i import and sign the public key for user blais: ,---- | tadora:~$ gpg --import blais-public-key.asc | gpg: key D1775F1D: public key imported | gpg: Total number processed: 1 | gpg: imported: 1 | tadora:~$ gpg --sign-key blais | | pub 1024D/D1775F1D created: 2001-12-02 expires: never trust: m/q | sub 1024g/4E26EFDC created: 2001-12-02 expires: never | (1) Martin Blais | (2). Martin Blais | | Really sign all user IDs? y | | pub 1024D/D1775F1D created: 2001-12-02 expires: never trust: m/q | Fingerprint: D33B E835 9B43 6D52 FE10 F47D AB63 E60B D177 5F1D | | Martin Blais | Martin Blais | | Are you really sure that you want to sign this key | with your key: "Your Name " | | Really sign? y | | You need a passphrase to unlock the secret key for | user: "Your Name " | 1024-bit DSA key, ID 5C3DC372, created 2002-03-17 | | tadora:~$ gpg --list-sigs | /home/blais/.gnupg/pubring.gpg | ------------------------------ | pub 1024D/5C3DC372 2002-03-17 Your Name | sig 5C3DC372 2002-03-18 Your Name | uid Your Name | sig 5C3DC372 2002-03-17 Your Name | sub 1024g/8D5850AB 2002-03-17 | sig 5C3DC372 2002-03-17 Your Name | | pub 1024D/D1775F1D 2001-12-02 Martin Blais | sig D1775F1D 2001-12-16 Martin Blais | sig 20D44B70 2001-12-06 [User id not found] | sig 01F8CF57 2002-03-08 [User id not found] | sig 5C3DC372 2002-03-18 Your Name | uid Martin Blais | sig D1775F1D 2001-12-16 Martin Blais | sig 20D44B70 2001-12-06 [User id not found] | sig 01F8CF57 2002-03-08 [User id not found] | sig 5C3DC372 2002-03-18 Your Name | sub 1024g/4E26EFDC 2001-12-02 | sig D1775F1D 2001-12-16 Martin Blais | | tadora:~$ `---- when i try to encrypt, i get this warning: ,---- | tadora:~$ gpg -aer blais secret | Could not find a valid trust path to the key. Let's see whether we | can assign some missing owner trust values. | | No path leading to one of our keys found. | | 1024g/4E26EFDC 2001-12-02 "Martin Blais " | Fingerprint: 5407 1AE2 2EEE 02F5 5C82 5256 20A5 00CF 4E26 EFDC | | It is NOT certain that the key belongs to its owner. | If you *really* know what you are doing, you may answer | the next question with yes | | Use this key anyway? `---- i tried fiddling with more signing, and setting the trust, to no avail. then i discovered that if i did the same under user "root", i did not have the warning. so i tried setting the --local-user, the --default-key and fiddling with all the other options and the options file, and i cannot seem to get rid of that warning. any idea? please Cc, i'm not on this list. thx, From Wolfgang.Schramm@maschinenbau-kitz.de Mon Mar 18 08:36:01 2002 From: Wolfgang.Schramm@maschinenbau-kitz.de (Schramm Wolfgang) Date: Mon Mar 18 08:36:01 2002 Subject: Please unsuscribe me too Message-ID: <4AD170797DA3FC4B828D9F7203CEB70521801F@mkdaten2> Mit freundlichen Gr=FC=DFen Wolfgang Schramm Maschinenbau Kitz GmbH From bar_ann@yahoo.com Mon Mar 18 10:49:01 2002 From: bar_ann@yahoo.com (B C) Date: Mon Mar 18 10:49:01 2002 Subject: missing ccw32.vxd Message-ID: <20020318094653.11362.qmail@web14503.mail.yahoo.com> I'm missing ccw32.vxd and my computer is going crazy... where can I download a copy of this file on net? Thanks for any help on this. ~~barb __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ From jochen@unc.edu Mon Mar 18 20:26:02 2002 From: jochen@unc.edu (Jochen =?iso-8859-1?q?K=FCpper?=) Date: Mon Mar 18 20:26:02 2002 Subject: GPA-0.5 ??? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, how can it be that there is a gpa-0.5 archive donwloadable from the gnupp pages but nothing available from the gpa homepage or gpa CVS repository ??? Is 0.5 just the same as 0.4.3? Or are there any 'political' reasons to keep development closed nowadays? Anything else? I don't know what's going on, but it would be nice if someone could shed light on this. (Yes, I looked at the ml archives, nothing relevant found.) Please cc me as I am not on these lists. Greetings, Jochen - --=20 Einigkeit und Recht und Freiheit http://www.Jochen-Kuepper= .de Libert=E9, =C9galit=E9, Fraternit=E9 GnuPG key: 44BCCD= 8E Sex, drugs and rock-n-roll -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6-cygwin-fcn-1 (Cygwin) Comment: Processed by Mailcrypt and GnuPG iD8DBQE8lj7miJ/aUUS8zY4RAlW7AKCIb7i/v9aePCSQwdH0m4MQJzdR2QCeIyVX 2c7TRe9tmFZOh+IhDY+aR88=3D =3DjFjl -----END PGP SIGNATURE----- From peter@gerwinski.de Mon Mar 18 22:22:06 2002 From: peter@gerwinski.de (Peter Gerwinski) Date: Mon Mar 18 22:22:06 2002 Subject: GPA-0.5 ??? In-Reply-To: ; from jochen@unc.edu on Mon, Mar 18, 2002 at 02:24:22PM -0500 References: Message-ID: <20020318221857.A374@miez.drewitz.de> Jochen Küpper wrote: > Is 0.5 just the same as 0.4.3? Not really: birdie/home/peter/src> diff -Nurp gpa-0.4.3 gpa-0.5.0 | wc 31654 113267 954484 > Or are there any 'political' reasons > to keep development closed nowadays? The source code is under the GNU GPL and publicly available for free. That's not exactly what I'd call "closed development". > Anything else? There was a deadline to meet. Keeping the CVS in sync and discussing everything on this list would have meant to miss it. So I just went on my way and produced gpa-0.5.0.tar.gz in time. If you are willing to spend two months or so improving GPA, be welcome to do it your way. Currently I do not have the time to sync the new source with the CVS - sorry for that. (For example, I would have to write a *long* ChangeLog, and to hack my changes to the Makefiles into the various autofoo input files - and I am not familiar with those autofoo utilities.) If you are willing to help merging back both versions of GPA, be welcome! Peter Gerwinski -- (_G-N-U_) Dr. rer. nat. Peter Gerwinski o o G-N-U GmbH, EDV-Dienstleistungen, http://www.g-n-u.de From jochen@unc.edu Mon Mar 18 23:21:02 2002 From: jochen@unc.edu (Jochen =?iso-8859-1?q?K=FCpper?=) Date: Mon Mar 18 23:21:02 2002 Subject: GPA-0.5 ??? In-Reply-To: <20020318221857.A374@miez.drewitz.de> References: <20020318221857.A374@miez.drewitz.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 18 Mar 2002 22:18:57 +0100 Peter Gerwinski wrote: Peter> Jochen K=FCpper wrote: >> Peter> The source code is under the GNU GPL and publicly available for Peter> free. That's not exactly what I'd call "closed development". Well, there wasn't much to interfere with from the outside during that process. But anyway, you did the work, you decide. I am not claiming that I would have spent time, 'cause I haven't looked at gpa for a while (since nothing was going on and moreover I just didn't use it so far. Last time I checked it was still kind of unuseable. And then I work mostly on the commandline or in emacs anyway.) >> Anything else? Peter> There was a deadline to meet. Keeping the CVS in sync and Peter> discussing everything on this list would have meant to miss it. Peter> So I just went on my way and produced gpa-0.5.0.tar.gz in time. Peter> Currently I do not have the time to sync the new source with the Peter> CVS - sorry for that. (For example, I would have to write a *long* Peter> ChangeLog, and to hack my changes to the Makefiles into the variou= s Peter> autofoo input files - and I am not familiar with those autofoo Peter> utilities.) The question here is whether it was necessary to let get cvs out of sync from the start. At least there would have been the possibility to create a new branch for your stuff -- without getting into too many discussions -- that could be merged back. And ChangeLog? Are you suggesting there is no documentation about what you did at all? If it isn't needed, why bother writing it now:( Otherwise, just put it in there, it might be terse, but that's better than nothing. One possible strength of OpenSource software is the peer-review process that you effectively circumvented before coming up with the 0.5.0 version of gpa that now is widely spread into userland, towards people that are not supposed to be beta-testers. Maybe you did everything right and the program is just flawless without any external testing, but that is not what you normally can count on. It just looks very strange that nothing is going on with the sources of a open project and all the sudden there is a new version. Kind of the first major version (considering it's announcements). Somehow like they told you one year ago we need it on Mar 10, 2002, and Mar 1 you actually realize that's only nine more days... I am grateful to all you guys building gnupg and it's environment, because that stuff is really important, but I am seriously puzzled about what happened here? Greetings, Jochen - --=20 University of North Carolina phone: +1-919-962-4403 Department of Chemistry phone: +1-919-962-1579 Venable Hall CB#3290 (Kenan C148) fax: +1-919-843-6041 Chapel Hill, NC 27599, USA GnuPG key: 44BCCD8E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6-cygwin-fcn-1 (Cygwin) Comment: Processed by Mailcrypt and GnuPG iEYEARECAAYFAjyWZ2YACgkQiJ/aUUS8zY7HnQCeK57OsJzNeSRJzb6KZU1RvYME uvUAoJdePoWoCw8+nkPBeka9hisMjNZq =3D1BiD -----END PGP SIGNATURE----- From peter@gerwinski.de Tue Mar 19 01:43:03 2002 From: peter@gerwinski.de (Peter Gerwinski) Date: Tue Mar 19 01:43:03 2002 Subject: GPA-0.5 ??? In-Reply-To: ; from jochen@unc.edu on Mon, Mar 18, 2002 at 05:17:10PM -0500 References: <20020318221857.A374@miez.drewitz.de> Message-ID: <20020319013923.F973@miez.drewitz.de> Jochen Küpper wrote: > I am not claiming that I would have spent time, 'cause I haven't > looked at gpa for a while (since nothing was going on and moreover I > just didn't use it so far. Last time I checked it was still kind of > unuseable. It is usable now. > And then I work mostly on the commandline or in emacs anyway.) Perfect. Then you will have no problem with GPA 0.5.0: If you don't like it, don't use it. > The question here is whether it was necessary to let get cvs out of > sync from the start. At least there would have been the possibility > to create a new branch for your stuff -- without getting into too many > discussions -- that could be merged back. And ChangeLog? Are you > suggesting there is no documentation about what you did at all? If it > isn't needed, why bother writing it now:( Otherwise, just put it in > there, it might be terse, but that's better than nothing. You seem to know exactly what has to be done. Please do it then. If you don't like the way how GPA 0.5.0 was created, be welcome to do it better. You have the full source code of both GPA 0.5.0 and 0.4.3, and the GNU GPL grants you full permission to use it. This is not a drink-or-die situation as with proprietary software. You have the freedom. BTW, as far as GPA is concerned, *we* gave this freedom to you. Peter -- (_G-N-U_) Dr. rer. nat. Peter Gerwinski o o G-N-U GmbH, EDV-Dienstleistungen, http://www.g-n-u.de From jaya.christina@manned.com Tue Mar 19 11:12:01 2002 From: jaya.christina@manned.com (Jaya Christina) Date: Tue Mar 19 11:12:01 2002 Subject: GnuPG for SunOS 5.7 ? Message-ID: <004f01c1cf2d$efee3bd0$9b6410ac@jc> This is a multi-part message in MIME format. ------=_NextPart_000_004C_01C1CF36.3EB2E6A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi *, Can any body please send me a working link for downloading GnuPG for = SunOS 5.7 and please put a CC for me also.. thanx in advance, Ciao, Jaya ------=_NextPart_000_004C_01C1CF36.3EB2E6A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi *,
 Can any body please send me a = working link=20 for downloading GnuPG for SunOS 5.7 and please put a CC for me also.. = thanx in=20 advance,
Ciao,
Jaya
------=_NextPart_000_004C_01C1CF36.3EB2E6A0-- From jaya.christina@manned.com Tue Mar 19 12:04:01 2002 From: jaya.christina@manned.com (Jaya Christina) Date: Tue Mar 19 12:04:01 2002 Subject: Precompiled for SunOS 5.7 pleez.. help!! Message-ID: <006601c1cf35$348f7e00$9b6410ac@jc> This is a multi-part message in MIME format. ------=_NextPart_000_0063_01C1CF3D.8B043CF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all, any precompied GnuPG1.0.g for SunOS 5.7 pleez..=20 Desperately need to compile.. getting lotsa error when make. Thanx and pleez CC me also. Ciao Christina. ------=_NextPart_000_0063_01C1CF3D.8B043CF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi all,
any precompied GnuPG1.0.g for SunOS 5.7 = pleez..=20
Desperately need to compile.. getting = lotsa error=20 when make.
Thanx and pleez CC me = also.
Ciao
Christina.
------=_NextPart_000_0063_01C1CF3D.8B043CF0-- From schoech@iap-kborn.de Tue Mar 19 12:20:02 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Tue Mar 19 12:20:02 2002 Subject: Precompiled for SunOS 5.7 pleez.. help!! In-Reply-To: <006601c1cf35$348f7e00$9b6410ac@jc> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christina ! > any precompied GnuPG1.0.g for SunOS 5.7 pleez.. > Desperately need to compile.. getting lotsa error when make. > Thanx and pleez CC me also. > Ciao > Christina. Have you run the "configure" script before calling "make" ? Does "configure" report any errors ? On my linux machine, I would type: configure make make-install (as root) to install it on the system If you have run "configure" before "make", what kind of errors do you get ? HTH, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8lx4nG8Xv4GxznLoRApsoAJ4t4eOEX3yYtDhSOc/IKpgUgmG5lwCfbdpM 8NA+5RmpCC+PAuBw+elLTvE=3D =3DzdAc -----END PGP SIGNATURE----- From Stefan.Hauschild@nuernberger.de Tue Mar 19 16:00:01 2002 From: Stefan.Hauschild@nuernberger.de (Hauschild, Stefan) Date: Tue Mar 19 16:00:01 2002 Subject: gnupg for OS/390 or z/OS Message-ID: Hallo, i'm looking for a source for OS/390 or z/OS. Did any exist ? Mit freundlichen Gr=FCssen Stefan Hauschild VERSICHERUNGSGRUPPE Abteilung AE-RW / Inkasso / Zentrale Systeme Ostendstra=DFe 100, 90334 N=FCrnberg Telefon (0911) 531-4324 Fax (0911) 531-814324 e-mail: Stefan.Hauschild@nuernberger.de =20 Hinweis Der Inhalt dieser Mail ist vertraulich und nur f=FCr den Adressaten bzw. dessen Vertreter/in bestimmt. Anderen Personen ist es nicht gestattet den Inhalt dieser Mail zu publizieren, zu verwerten, zu kopieren oder weiterzugeben. Falls Sie nicht der angegebene Adressat oder dessen Vertreter/in sind, dann senden Sie bitte die E-Mail mit einem Vermerk an den Absender zur=FCck (Antwort-Funktion bzw. reply email). Entfernen Sie bitte danach die Nachricht aus Ihrem System. Informationen oder sonstige Aussagen an den Adressaten unterliegen dem Recht des Gesch=E4ftes, zu dem sie gegeben worden sind, insbesondere den Allgemei= nen Gesch=E4fts- bzw. Versicherungsbedingungen und gegebenenfalls einer individuellen Vereinbarung. Der Inhalt der E-Mail ist nur rechtsverbindlich, wenn wir ihn dem betreffenden Adressaten schriftlich best=E4tigen. From jagadeesh@jagadeesh.org Tue Mar 19 19:43:01 2002 From: jagadeesh@jagadeesh.org (Jagadeesh Venugopal) Date: Tue Mar 19 19:43:01 2002 Subject: Announcing GPG-DIALOG.PL Message-ID: <20020319184101.95609.qmail@web10006.mail.yahoo.com> Fellow GPG Enthusiasts, I have written a simple menu driven interface to GPG that I find easier to use than memorizing the command line. You may find it useful too. It is at ftp://ftp.gnupg.org/GnuPG/gpg-dialog.pl. This script is written in generic Perl and should run on both the Unix and Win32 platforms. The script is essentially self documenting. Do use it and give me your feedback at this email address. Sincerely jagadeesh venugopal ===== Jagadeesh K. Venugopal, PMP __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ From rmartini@cipsga.org.br Tue Mar 19 19:59:01 2002 From: rmartini@cipsga.org.br (Renato Martini) Date: Tue Mar 19 19:59:01 2002 Subject: Precompiled for SunOS 5.7 pleez.. help!! In-Reply-To: <006601c1cf35$348f7e00$9b6410ac@jc> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Tue, 19 Mar 2002, Jaya Christina wrote: > Date: Tue, 19 Mar 2002 11:59:37 +0100 > From: Jaya Christina > To: gnupg-users@gnupg.org > Subject: Precompiled for SunOS 5.7 pleez.. help!! > > Hi all, > any precompied GnuPG1.0.g for SunOS 5.7 pleez.. > Desperately need to compile.. getting lotsa error when make. > Thanx and pleez CC me also. > Ciao > Christina. Hi Christina! You can download a precompiled GnuPG package (1.0.6) for Sun machines (ix86 or Sparc) at this site: http://gnupg.unixsecurity.com.br Okay? best regards - --------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br - ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8mNvFYogE2yD8bPYRA87/AJ9bAebQMFAR+FXHvfjMKKDqEmukFQCfcYvn euJgT9LOlRaQFodkLmQytRI= =cPcd -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Tue Mar 19 22:42:03 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Mar 19 22:42:03 2002 Subject: gpg subkeys, revisited In-Reply-To: <20020316124152.A7155@pizzashack.org> References: <20020315233857.A6820@pizzashack.org> <1016257151.16327.1.camel@allevil> <20020316124152.A7155@pizzashack.org> Message-ID: <20020319213951.GC683@akamai.com> On Sat, Mar 16, 2002 at 12:41:53PM -0500, Derek D. Martin wrote: > So, gpg seems to fail to realize that there are subkeys in the > exported block that are not in the local copy, and refuses to import > them. Whether or not this is intended behavior, I think this is a > bug. Otherwise, there's no way to recover accidentally deleted > subkeys, and if you DO accidentally delete a subkey, your options > would be to maintain two different keyrings (one with the deleted one > and the other with all the other keys), or throw up your hands in > frustration and generate a whole new key. And if you have old > messages that you still need to decrypt with the old key, the latter > isn't even really an option. Neither of those options is ideal. IMO, > the best solution is for gpg to allow the import of secret subkeys. GnuPG does not currently allow importing secret subkeys. In your particular example where you have two different copies of the secret key, each with a different subkey, you are going to have a difficulties. It's not exactly a common problem. :) The solution is to generate one key from your two, and import that. To do this, you need the "gpgsplit" tool, which is part of GnuPG 1.0.7 (grab the test version from ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6d.tar.gz if you need it). Run one of the keys through gpgsplit and delete all the files that come before the first "XXXXXXX-007.secret_subkey" file. Then cat the key you didn't split along with the files that are left after you deleted everything before the secret subkey. For example: $ gpgsplit mykey2 $ rm 000001-005.secret_key 000002-013.user_id 000003-002.sig $ cat mykey1 000004-007.secret_subkey 000005-002.sig > mywholekey $ gpg --allow-secret-key-import --import mywholekey David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dfc@anize.org Tue Mar 19 23:56:02 2002 From: dfc@anize.org (Douglas Calvert) Date: Tue Mar 19 23:56:02 2002 Subject: 1.0.6d, 1.1.x and big keyrings Message-ID: <1016578907.18470.348.camel@allevil> --=-k5iqbhLp7fyb9J4LRfQO Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, Are there any reasons why I would not want to run 1.0.6d? My pubring file has gotten quite large but I like having a lot of keys on disk. It seems that gpg slows down quite a bit doing trust calculations with this large keyring. If I remember correctly 1.0.7 is scheduled to be quicker on trust calculations. Does 6d have the same speedups? And what do others do with large keyrings to make things go quicker? And finalyy what are the 1.1.x versions in the devel directory? Are there any great new features being worked on in 1.1? =20 --=20 +---------------+-----------------------------------+ |Douglas Calvert| http://anize.org/dfc | | dfc@anize.org | http://imissjerry.org | +---------------+-----------------------------------+ | If you use envelopes, why not use encryption? | | http://anize.org/dfc/dfc-keys.asc | | 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 | +-------------| http://www.gnupg.org |--------------+ --=-k5iqbhLp7fyb9J4LRfQO Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8l8Nbt5YHPclUH7IRAiA+AJ9xbr62zCxvZvRSBLbgK+RWp0/L+wCgrtCr di6PqWhdH+0dMBCrr9PAXtQ= =T9XV -----END PGP SIGNATURE----- --=-k5iqbhLp7fyb9J4LRfQO-- From dshaw@jabberwocky.com Wed Mar 20 00:14:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Mar 20 00:14:01 2002 Subject: 1.0.6d, 1.1.x and big keyrings In-Reply-To: <1016578907.18470.348.camel@allevil> References: <1016578907.18470.348.camel@allevil> Message-ID: <20020319231222.GF683@akamai.com> On Tue, Mar 19, 2002 at 06:01:47PM -0500, Douglas Calvert wrote: > Hello, > Are there any reasons why I would not want to run 1.0.6d? My pubring > file has gotten quite large but I like having a lot of keys on disk. It > seems that gpg slows down quite a bit doing trust calculations with this > large keyring. If I remember correctly 1.0.7 is scheduled to be quicker > on trust calculations. Does 6d have the same speedups? GnuPG 1.0.6d is (or rather, will be) 1.0.7, it just needs some more work and testing. Several people (including me) are running 1.0.6d quite happily. Still, it is a development version. There is a reason it prints a warning on startup: "NOTE: THIS IS A DEVELOPMENT VERSION! It is only intended for test purposes and should NOT be used in a production environment or with production keys!" If you do choose to give 1.0.6d a try, be sure to report any problems back to gnupg-devel so they can be fixed. > And finalyy what are the 1.1.x versions in the devel directory? Are > there any great new features being worked on in 1.1? The 1.1.x versions in the devel directory are actually older in terms of code than 1.0.7. :) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From jmos@gmx.net Wed Mar 20 00:53:02 2002 From: jmos@gmx.net (jmos@gmx.net) Date: Wed Mar 20 00:53:02 2002 Subject: Problem with --not-dash-escaped Message-ID: <24287.1016581822@www32.gmx.net> On Sun, Mar 17, 2002 at 01:37:55AM +0100, jmos@gmx.net wrote: > Hello All! > > Is there a problem with 'gpg --not-dash-escaped --clearsign ...' under > Windows ? > > When I sign a message with the above command I don't get any error > messages. But when I check the signature afterwards with > 'gpg --verify ...' I always get the message : Invalid signature. > > I use GnuPG 1.0.6 under Windows 98. (The binary distribution from > http://www.gnupg.org/download.html). > > Can anyone help ? > > P.S: I didn't send the signed message via email and it didn't contain > 5 dashes at the beginning of a line, so that is not the problem >> Can you post a short sample signature that did not work? Also, sort >> of key are you signing with? I am signing with a 1024 Bit DSA key, but I can reproduce the error with all keys. The error only happens under Windows and only if the last line of the message I am signing is not empty (i.e. the message does not end with CR - LF). When I sign a message that does not end with CR - LF GnuPG adds a CR - LF pair. That triggers the bug. When I delete the CR (and not the LF) which was added by GnuPG the signature becomes valid ! So that seems to be the problem. Jens -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From tstrzem@sesame.com Wed Mar 20 01:09:02 2002 From: tstrzem@sesame.com (Tom Strzemieczny) Date: Wed Mar 20 01:09:02 2002 Subject: gnupg to encrypt files in a batch processes Message-ID: <3C97D352.85193C07@sesame.com> I am new to encryption & gnupg, so please bear with me. This is my first posting. Has anyone used gnupg to encrypt files in a batch processes?? I have a java program which reads files from a mailbox directory, parses the file for sender, recipient, subject & message, and then sends the email. I am modifying this program to optionally sign and/or encrypt the message portion of the email. Currently it runs a gpg command on the command line and reads the resulting stream from standard out. (I got this working on Windows 2000 without being prompted for a passphrase, but when I began testing in Linux this was not the case.) My problem was that I was being prompted for a passphrase for each email receipt. Is the solution to use the --passphrase-fd option?? Where can I find documentation on this? gpg -s -e -o - --batch --yes --passphrase-fd n -r myemail@mycompany.com /usr/local/BatchMail/mailbox/TestFileMsg where TestFileMsg is the message portion of the email to be sent to myemail@mycompany.com, and n is the file descriptor. What is n exactly? What is the format of this file? Is this the right approach? Also, I would prefer to use gpgme for this since it is unrestricted by its back-end. What are the gpgme commands for this?? Thanks, Tom From schoech@iap-kborn.de Wed Mar 20 08:30:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Wed Mar 20 08:30:01 2002 Subject: gnupg to encrypt files in a batch processes In-Reply-To: <3C97D352.85193C07@sesame.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Tom ! > Is the solution to use the --passphrase-fd option?? Where can I find > documentation on this? > > gpg -s -e -o - --batch --yes --passphrase-fd n -r myemail@mycompany.com > /usr/local/BatchMail/mailbox/TestFileMsg This would be your command echo PASSPHRASE | gpg -s -e -o - --batch --yes --passphrase-fd 0 -r myemail@mycompany.com /usr/local/BatchMail/mailbox/TestFileMsg "0" means stdin stream. HTH, Armin - -- Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8mDnMG8Xv4GxznLoRAhiJAKCTIB0BgEizOk4mlEWk3pkOwIRVZACgoYy4 txdEPlT4ZneOYUlZid54fo0=3D =3D0X4R -----END PGP SIGNATURE----- From webmaster@sajucampus.com Wed Mar 20 08:57:01 2002 From: webmaster@sajucampus.com (»çÁÖÄ·ÆÛ½º) Date: Wed Mar 20 08:57:01 2002 Subject: Áö±Ý °í¹Î ÀÖÀ¸½Ê´Ï±î? ¿ª¼ú»ó´ãÀ» Çغ¸½Ê½Ã¿ä!!(±¤°í) Message-ID: Untitled Document
»çÁÖÄ·ÆÛ½º ±¤°í¸ÞÀÏ

Áö±Ý °í¹ÎÀÌ ÀÖÀ¸½Ê´Ï±î?
»çÁÖÄ·ÆÛ½º ¼±»ý´Ôµé²² ¿ª¼ú»ó´ãÀ» Çغ¸½Ê½Ã¿ä!!!
ÃÖ°íÀÇ È­³ó¹®Áß ¿ª¼ú»ó´ã ¼±»ý´Ô:
È­³ó,±ÝÈ£,µ¿³²,ûÇã,°ÅºÀ,¸í¼®, ¹Î°æ,ûȣ¼±»ý´Ô
¹«·á¿ª¼úÇÁ·Î±×·¥ : ¶ìº°¿î¼¼, À°ÀÓÁø´Ü¹ý, À°ÀÓ³â¿ù¿î¼¼
À¯·á¿ª¼úÇÁ·Î±×·¥ : À°È¿¿î¼¼, ÁÖ¿ª¿î¼¼, »çÁÖdz¼ö¿î¼¼, ÅäÁ¤ºñ°á (ÇÚµåÆù °áÁ¦ :1,000¿ø)
´Ù¾çÇÑ ¿ª¼úÄÁÅÙÃ÷ ¹× ÇÁ·Î±×·¥ Á¦°ø
(www.sajucampus.com)
 
¡Ø º» ¸ÞÀÏÀÇ ¼ö½ÅÀ» ¿øÇÏÁö ¾ÊÀ½. (¼ö½Å°ÅºÎ)
From Helmut.Waitzmann@web.de Wed Mar 20 14:51:01 2002 From: Helmut.Waitzmann@web.de (Helmut Waitzmann) Date: Wed Mar 20 14:51:01 2002 Subject: gnupg to encrypt files in a batch processes In-Reply-To: References: Message-ID: Armin Sch=F6ch writes: >> Is the solution to use the --passphrase-fd option?? Where can I find >> documentation on this? >> >> gpg -s -e -o - --batch --yes --passphrase-fd n -r myemail@mycompany.com >> /usr/local/BatchMail/mailbox/TestFileMsg > >This would be your command > >echo PASSPHRASE | gpg -s -e -o - --batch --yes --passphrase-fd 0 -r >myemail@mycompany.com /usr/local/BatchMail/mailbox/TestFileMsg That's unsecure: If "echo" is an external program, then everybody having shell access to the machine can spy out the PASSPHRASE using the "ps" program. I recommend to do it like this: put the PASSPHRASE into a file, for example /usr/local/BatchMail/passphrase, and then use the command gpg -s -e -o - --batch --yes --passphrase-fd 0 -r myemail@mycompany.com /us= r/local/BatchMail/mailbox/TestFileMsg < /usr/local/BatchMail/passphrase From sbutler@fchn.com Wed Mar 20 17:00:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Wed Mar 20 17:00:02 2002 Subject: [WINPT USERS] Questions about installing latest WinPT over an old version Message-ID: <0343d80914b39cc1e1ccdff51dbbbda13c98b170@fchn.com> NOTE to GnuPG-user list. I've cc'd this from the winpt user list as the issues are really about gnupg rather than winpt. This person lost their passphrase to their old secret key. So we are suggesting that a work around to telling the world that it's lost is for him to sign it with his new key, then revoke the signature and upload the old key to the keyserver again. Guess it's time for the experts to step in and set us onto the right path. --Steve From: JW [mailto:jw@centraltexasit.com] Sent: Tuesday, March 19, 2002 4:00 PM >>1. Sign old key with your new key. Just like you would sign your friends >Ok... I have managed to do this on Linux. And "update" the "old" key by sending it again >according to hex ID (looks right at any rate) Probably didn't need to do this but at least your old key is now signed by your new key. >>2. Now revoke (not delete; but revoke) the signature on your old key. >But then I think the next steps failed: >Command> quit >Save changes? y >gpg: sig E60F7299.72: duplicated certificate - deleted I've never revoked just the signature before. But, the process should be similar to revoking the entire key. It should write out a certificate that you can import back in to the keyring. Guess we need the experts from the gnupg-users email list. I'll cc that list on this reply and suggest that you look there for further assistance. >When I look at the key server now there's nothing there that tells me that anything has changed.. Somehow you need to get that signature revoke certificate generated and imported back in to the keyring. Then upload the results to the keyserver. >Maybe I'm doing this all wrong by trying to use Linux and a pulling hte key down from the >keyserver as opposed to moving my public key over to Linux as a file. Should I copy my old public >key to Linux, sign/revsign it, then move the signed/revoked public key back over to WinPT, and >send the signed/revoked public key up with WinPT? In theory you should be able to pull a key down from the keyserver, sign it, upload it back. All you need to do is add in the revoke signature piece before uploading it again. >If I sign/revoke my public key with GPG on Linux, how do I import the signed/revoked key back > into WinPT for revocation... ...import from clipboard? Or maybe just overwrite C:\GNUPG Just import the revoke certificate. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From twoaday@freakmail.de Wed Mar 20 17:35:01 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Wed Mar 20 17:35:01 2002 Subject: gpgext - a tool to extract selected keys from a file Message-ID: <20020320164033.GB16034@daredevil.joesixpack.net> Hi! The subject should give all information which are useful. I had some problems to extract some keys of a very large key file but I didn't find any tool for this. So I decided to start a little project for this. The result is gpgext which should run on Linux (*nix) and Win32 systems. I don't know if other people have the same problem, but if the answer if yes, gpgext might be useful. The code is released under the GNU General Public License and can be downloaded from: http://www.winpt.org/devel/gpgext-0.1.0.tar.gz{.asc} Timo From david.livingstone@unn.ac.uk Wed Mar 20 18:01:02 2002 From: david.livingstone@unn.ac.uk (David Livingstone) Date: Wed Mar 20 18:01:02 2002 Subject: Sub Keys versus Session Keys Message-ID: <49C55B27AA8FD411A30300508BCF7B7001912053@catalina.unn.ac.uk> The textbooks (e.g. William Stalling's Cryptography & Network Security, 2nded, page 359) refer to PGP using one-time session keys to encrypt messages. GnuPG seems to use subkeys to encrypt messages instead (see GNU Privacy Handbook, page 23). Is this a difference between PGP and GnuPG, or due to using ElGamal instead of RSA, or what ? David Livingstone From david.livingstone@unn.ac.uk Wed Mar 20 18:09:02 2002 From: david.livingstone@unn.ac.uk (David Livingstone) Date: Wed Mar 20 18:09:02 2002 Subject: Which keyring for Public Keys ? Message-ID: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk> In various documents I have come across the 2 following conflictingstatements : The private keyring stores corresponding private & public keys; the public keyring stores (other peoples') public keys. The private keyring stores only private keys; the public keyring stores ones own and other peoples' public keys. Which is correct in GnuPG ? David Livingstone From jw@centraltexasit.com Wed Mar 20 18:09:06 2002 From: jw@centraltexasit.com (JW) Date: Wed Mar 20 18:09:06 2002 Subject: How can I revoke a signing? WAS: RE: [WINPT USERS] Questions about installing latest WinPT over an old version In-Reply-To: <0343d80914b39cc1e1ccdff51dbbbda13c98b152@fchn.com> Message-ID: <5.1.0.14.0.20020320105353.05358d20@mail.servicemail123.com> At 07:56 AM 3/20/2002 -0800, you wrote: >NOTE to GnuPG-user list. I've cc'd this from the winpt user list as the >issues are really about gnupg rather than winpt. I hope cross posting is ok... >This person lost their passphrase to their old secret key. So we are >suggesting that a work around to telling the world that it's lost is for him >to sign it with his new key, then revoke the signature and upload the old >key to the keyserver again. >From: JW [mailto:jw@centraltexasit.com] >Sent: Tuesday, March 19, 2002 4:00 PM > >>>1. Sign old key with your new key. Just like you would sign your friends >>Ok... I have managed to do this on Linux. And "update" the "old" key by >sending it again >>according to hex ID (looks right at any rate) > > Probably didn't need to do this but at least your old key is now signed >by your new key. First I downloaded the key from the keyserver with: gpg --keyserver pgp.mit.edu --recv-keys 0xE60F7299 I did this with the following: gpg --edit-key 0xE60F7299 and the "sign" command. >>>2. Now revoke (not delete; but revoke) the signature on your old key. > >>But then I think the next steps failed: I use the revsig command >>Command> quit >>Save changes? y >>gpg: sig E60F7299.72: duplicated certificate - deleted > >I've never revoked just the signature before. But, the process should be >similar to revoking the entire key. It should write out a certificate that >you can import back in to the keyring. If you mean write out a new _file_, no, it did not write out a new file. Perhaps this is where I went wrong. Should I try this on a file containing the old public key instead of on a key downloaded from the keyserver? This is gpg (GnuPG) 1.0.6 BTW >>When I look at the key server now there's nothing there that tells me that >anything has changed.. > >Somehow you need to get that signature revoke certificate generated and >imported back in to the keyring. Then upload the results to the keyserver. Ok, well this is what I obviously don't know how to do corectly. GnuPG users: how do I do this? >>Maybe I'm doing this all wrong by trying to use Linux and a pulling hte key >down from the >>keyserver as opposed to moving my public key over to Linux as a file. >Should I copy my old public >key to Linux, sign/revsign it, then move the >signed/revoked public key back over to WinPT, and >>send the signed/revoked public key up with WinPT? > >In theory you should be able to pull a key down from the keyserver, sign it, >upload it back. All you need to do is add in the revoke signature piece >before uploading it again. How to do that is currently beyond me :-/ >>If I sign/revoke my public key with GPG on Linux, how do I import the >signed/revoked key back >> into WinPT for revocation... ...import from clipboard? Or maybe just >overwrite C:\GNUPG > >Just import the revoke certificate. But I don't have one :-) that's the whole problem. There is no separate revoke cert that I can see. GnuPG users _ is there a way I can make a revoke certificate as a file, that I can import back into WinPT? Thanks. ---------------------------------------------------- Jonathan Wilson System Administrator Clickpatrol.com Cedar Creek Software http://www.cedarcreeksoftware.com From JanuszA.Urbanowicz Wed Mar 20 18:16:02 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Wed Mar 20 18:16:02 2002 Subject: Sub Keys versus Session Keys In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912053@catalina.unn.ac.uk> from David Livingstone at "Mar 20, 2002 04:58:42 pm" Message-ID: David Livingstone wrote/napisa=B3[a]/schrieb: >=20 > The textbooks (e.g. William Stalling's Cryptography & Network Security, > 2nded, page 359) refer to PGP using one-time session keys to encrypt > messages. That is true. =20 > GnuPG seems to use subkeys to encrypt messages instead (see GNU Privacy > Handbook, page 23). > Is this a difference between PGP and GnuPG, or due to using ElGamal > instead of RSA, or what ? It is no difference at all. All OpenPGP apps use one-time session keys. It is that rfc2440-compliant ones use other public keys (public subkeys) to encrypt them. It is difference in PK management, not in session protocol. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From dshaw@jabberwocky.com Wed Mar 20 18:48:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Mar 20 18:48:01 2002 Subject: Which keyring for Public Keys ? In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk> References: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk> Message-ID: <20020320174550.GA683@akamai.com> On Wed, Mar 20, 2002 at 05:05:55PM -0000, David Livingstone wrote: > > In various documents I have come across the 2 following conflictingstatements : > > The private keyring stores corresponding private & public keys; the public > keyring stores (other peoples') public keys. > The private keyring stores only private keys; the public keyring stores ones > own and other peoples' public keys. > > Which is correct in GnuPG ? Both :) The private keyring stores private keys (presumably your own). The public keyring stores your own and other peoples' public keys. However - each private key also contains a copy of its corresponding public key. If you ever lose all copies of your public key (unlikely), you could regenerate it (minus signatures from other people) from the private key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From JanuszA.Urbanowicz Wed Mar 20 18:57:01 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Wed Mar 20 18:57:01 2002 Subject: Which keyring for Public Keys ? In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk> from David Livingstone at "Mar 20, 2002 05:05:55 pm" Message-ID: David Livingstone wrote/napisa=B3[a]/schrieb: >=20 > In various documents I have come across the 2 following conflictingstatem= ents : >=20 > The private keyring stores corresponding private & public keys; the public > keyring stores (other peoples') public keys. > The private keyring stores only private keys; the public keyring stores o= nes > own and other peoples' public keys. >=20 > Which is correct in GnuPG ? the second one. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From ddm@pizzashack.org Wed Mar 20 18:59:01 2002 From: ddm@pizzashack.org (Derek D. Martin) Date: Wed Mar 20 18:59:01 2002 Subject: gpg subkeys, revisited In-Reply-To: <20020319213951.GC683@akamai.com> References: <20020315233857.A6820@pizzashack.org> <1016257151.16327.1.camel@allevil> <20020316124152.A7155@pizzashack.org> <20020319213951.GC683@akamai.com> Message-ID: <20020320125610.G3257@pizzashack.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At some point hitherto, David Shaw hath spake thusly: > The solution is to generate one key from your two, and import that. > To do this, you need the "gpgsplit" tool, which is part of GnuPG 1.0.7 Thanks, that does solve the problem. Unfortunately the key servers still won't take my key. Grrrr. - -- Derek D. Martin ddm@pizzashack.org PGP/GPG Key ID: 0x81CFE75D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8mM06djdlQoHP510RAtC0AJ9DrCIxUH0elnd0pnuVedzO7wh2dACeNfYu rtX88mOwpS2xyU0oVykCPew= =ddmv -----END PGP SIGNATURE----- From ftobin@neverending.org Wed Mar 20 19:05:01 2002 From: ftobin@neverending.org (Frank Tobin) Date: Wed Mar 20 19:05:01 2002 Subject: Which keyring for Public Keys ? In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk> Message-ID: <20020320125925.O1870-100000@palanthas.neverending.org> David Livingstone, on 2002-03-20, wrote: > In various documents I have come across the 2 following conflictingstatements : > > The private keyring stores corresponding private & public keys; the > public keyring stores (other peoples') public keys. > The private keyring stores only private keys; the public keyring stores > ones own and other peoples' public keys. GnuPG follows your second description. The 'keyrings' are inseparate files, secring.gpg and pubring.gpg. The concept of 'keyrings' is really an implementation issue, separate from any specification. An implementation could put all the keys in one 'keyring' (file/table/etc). In common lingo a "my X keyring" is often used to mean "all the X keys I have available to me". -- Frank Tobin http://www.neverending.org/~ftobin/ From Gerd Ewald Wed Mar 20 20:22:01 2002 From: Gerd Ewald (Gerd Ewald) Date: Wed Mar 20 20:22:01 2002 Subject: Sub Keys versus Session Keys In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912053@catalina.unn.ac.uk> References: <49C55B27AA8FD411A30300508BCF7B7001912053@catalina.unn.ac.uk> Message-ID: <361281172.20020320201730@pro-privacy.de> Hello David, On Wed, 20 Mar 2002 16:58:42 -0000 GMT your local time, which was 20.03.2002, 17:58 (GMT+0100) where I live, you wrote: [...] > Is this a difference between PGP and GnuPG, or due to using ElGamal instead > of RSA, or what ? [...] Not at all. The session key is needed for encrypting the message using one of the symmetric algorithms (CAST, 3DES, Rijndael or whatever...). This key should _not_ be used again (this is what good cryptographers teach). RSA or any other asymmetric algorithm is used to encrypt the session key with the public key of the recipient. -- Best regards, Gerd ======================================================= Tutorial for using PGP with TheBat! www.pro-privacy.de ------------------------------------------------------- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. ------------------------------------------------------- now playing: WDR2 :-) From saravn@mozdev.org Wed Mar 20 20:48:02 2002 From: saravn@mozdev.org (R. Saravanan) Date: Wed Mar 20 20:48:02 2002 Subject: Announcing a GnuPG "plugin" for Mozilla (Enigmail) Message-ID: <3C98E81B.30709@mozdev.org> Enigmail, a GnuPG "plugin" for Mozilla which has been under development for some time, has now reached a state of practical usability with the Mozilla 0.9.9 release. It allows you to send or receive encrypted mail using the Mozilla mailer and GPG. Enigmail is open source and dually licensed under GPL/MPL. You can download and install the software from the website http://enigmail.mozdev.org Enigmail is cross-platform like Mozilla, although binaries are supplied only for the Win32 and Linux-x86 platforms on the website.At the moment there is no version of Enigmail available for Netscape 6.2 or earlier, which are based on much older versions of Mozilla.There will be a version available for the next Netscape release, which is expected to be based on Mozilla 1.0. You may post enigmail-specific comments to the Enigmail newsgroup/mailing list at mozdev.org From agreene@pobox.com Wed Mar 20 21:59:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Wed Mar 20 21:59:02 2002 Subject: Which keyring for Public Keys ? In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 20 Mar 2002, David Livingstone wrote: >In various documents I have come across the 2 following >conflictingstatements : [snip] The private keyring only stores private keys. The public keyring stores all public keys no matter who owns them. Applications that treat the owner's public key differently simply have to look at both keyrings to find matching (complementary) keys. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8mPdKpCpg3WyUI50RApvAAJwJmGlLIKu6LSWvMsS0PRDrnFxyDACcD67f d53vSBTnv7zZowB19WesOLc= =Nghz -----END PGP SIGNATURE----- From brenno@dewinter.com Wed Mar 20 23:05:01 2002 From: brenno@dewinter.com (Brenno J.S.A.A.F. de Winter) Date: Wed Mar 20 23:05:01 2002 Subject: Announcing a GnuPG "plugin" for Mozilla (Enigmail) References: <3C98E81B.30709@mozdev.org> Message-ID: <3C990654.7070107@dewinter.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think that I speak for a lot and I mean A LOT of users to say that this is a very good and big step forward! Thank you! I have announced it already in several mailinglists! Thanks. R. Saravanan wrote: | | Enigmail, a GnuPG "plugin" for Mozilla which has been under | development for some time, has now reached a state of practical | usability with the Mozilla 0.9.9 release. It allows you to send or | receive encrypted mail using the Mozilla mailer and GPG. Enigmail is | open source and dually licensed under GPL/MPL. You can download and | install the software from the website http://enigmail.mozdev.org | | Enigmail is cross-platform like Mozilla, although binaries are | supplied only for the Win32 and Linux-x86 platforms on the website.At | the moment there is no version of Enigmail available for Netscape 6.2 | or earlier, which are based on much older versions of Mozilla.There | will be a version available for the next Netscape release, which is | expected to be based on Mozilla 1.0. | | You may post enigmail-specific comments to the Enigmail | newsgroup/mailing list at mozdev.org | | | | _______________________________________________ | Gnupg-users mailing list | Gnupg-users@gnupg.org | http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE8mQZT3GS+v2n8CeMRAjtrAJ9x3lDGpJJ3fsZGtuf0N6cq0XU/CACfQMB7 zXa4jgKVmi6CFxzrDID/89k= =8qxW -----END PGP SIGNATURE----- From wk@gnupg.org Thu Mar 21 12:12:02 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Mar 21 12:12:02 2002 Subject: [Announce] Announcing a GnuPG "plugin" for Mozilla (Enigmail) Message-ID: <87pu1yxlq6.fsf@alberti.gnupg.de> From: "R. Saravanan" To: gnupg-users@gnupg.org Date: Wed, 20 Mar 2002 12:50:51 -0700 Enigmail, a GnuPG "plugin" for Mozilla which has been under development for some time, has now reached a state of practical usability with the Mozilla 0.9.9 release. It allows you to send or receive encrypted mail using the Mozilla mailer and GPG. Enigmail is open source and dually licensed under GPL/MPL. You can download and install the software from the website http://enigmail.mozdev.org Enigmail is cross-platform like Mozilla, although binaries are supplied only for the Win32 and Linux-x86 platforms on the website.At the moment there is no version of Enigmail available for Netscape 6.2 or earlier, which are based on much older versions of Mozilla.There will be a version available for the next Netscape release, which is expected to be based on Mozilla 1.0. You may post enigmail-specific comments to the Enigmail newsgroup/mailing list at mozdev.org _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From jaya.christina@manned.com Thu Mar 21 12:57:02 2002 From: jaya.christina@manned.com (Jaya Christina) Date: Thu Mar 21 12:57:02 2002 Subject: make[1]: ar: Command not found when make install binutils-2.10.1 Message-ID: <009501c1d0ce$f14277b0$9b6410ac@jc> This is a multi-part message in MIME format. ------=_NextPart_000_0092_01C1D0D7.45803260 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all.. I am trying to install to get And it complains...=20 make[1]: ar: Command not found any ideas please?? And please post a CC to me...=20 Thanx a zillion in advance.. Ciao, Jaya Christina ------=_NextPart_000_0092_01C1D0D7.45803260 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi all..
 
I am trying to install = <binutils-2.10.1> to=20 get <ar>
And it complains...
    make[1]: ar: Command = not=20 found
 
any ideas please??
 
And please post a CC to me... =
 
Thanx a zillion in = advance..
Ciao,
Jaya = Christina
------=_NextPart_000_0092_01C1D0D7.45803260-- From chrisbrandl@gmx.de Thu Mar 21 15:37:01 2002 From: chrisbrandl@gmx.de (Christian Brandl) Date: Thu Mar 21 15:37:01 2002 Subject: terms and conditions in using encryption with gnupg Message-ID: <21750.1016721249@www50.gmx.net> Hello Sirs and Madams, presently, we are using pgp encryption software form Network Associates. Regarding to a possible migration to another encryption-software, I have some questions. I hope, you can help me with that. The most important one: What are the terms and conditions to use gnupg in business matters? Which is the best way to get support for our customers? Thank you in advance for your help. Best Regards, Christian Brandl -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From jaya.christina@manned.com Thu Mar 21 15:44:02 2002 From: jaya.christina@manned.com (Jaya Christina) Date: Thu Mar 21 15:44:02 2002 Subject: I am going thrugh circles.. in installing GnuPG Message-ID: <00b901c1d0e6$4449fe80$9b6410ac@jc> This is a multi-part message in MIME format. ------=_NextPart_000_00AE_01C1D0EE.967701A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all.. Well...=20 All i need is to install GnuPG in Solaris. And i say ./configure and I get autoconf missing automake missing makeinfo missing When i try to install all this autoconf the error is missing m4 When i try installing m4 the error is missing ar When i try installing ar by installing binutils flex not found When i try instaliing flex make >> ar not found I am well and truly stuck... HELP.. pleeeez... Jaya ------=_NextPart_000_00AE_01C1D0EE.967701A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi all..
 
Well...
 
All i need is to install GnuPG in=20 Solaris.
And i say ./configure and I = get
autoconf missing
automake missing
makeinfo missing
 
When i try to install all this=20 autoconf
the error is missing m4
 
When i try installing m4
the error is missing ar
 
When i try installing ar by installing=20 binutils
flex not found
 
When i try instaliing flex
make >> ar not found
 
I am well and truly = stuck...
 
HELP.. pleeeez...
Jaya
------=_NextPart_000_00AE_01C1D0EE.967701A0-- From JanuszA.Urbanowicz Thu Mar 21 15:52:02 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Thu Mar 21 15:52:02 2002 Subject: terms and conditions in using encryption with gnupg In-Reply-To: <21750.1016721249@www50.gmx.net> from Christian Brandl at "Mar 21, 2002 03:34:09 pm" Message-ID: Christian Brandl wrote/napisa=B3[a]/schrieb: > The most important one: > What are the terms and conditions to use gnupg in business matters?=20 You may sue the program as you like. The source code is avaliable, and the only limitation is that in case of providing _modified_ gnupg to anyone outside the organization, like, customers, the changes and modifications must be distributed on the same license as the orginal program, that is, The GNU General Public License version 2 or later.=20 > Which is the best way to get support for our customers? I think a good way would be to contract Werner's compant G10Code Gmbh. =20 I suggest those entries be added to the FAQ. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From lionel@mamane.lu Thu Mar 21 16:02:02 2002 From: lionel@mamane.lu (Lionel Elie Mamane) Date: Thu Mar 21 16:02:02 2002 Subject: terms and conditions in using encryption with gnupg In-Reply-To: <21750.1016721249@www50.gmx.net> References: <21750.1016721249@www50.gmx.net> Message-ID: <20020321150324.GA9129@home.mamane.lu> On Thu, Mar 21, 2002 at 03:34:09PM +0100, Christian Brandl wrote: > What are the terms and conditions to use gnupg in business matters? The full terms and conditions are on: http://www.fsf.org/licenses/gpl.html > Which is the best way to get support for our customers? Hire me :) More seriously, you might want to take a look at g10code: http://www.g10code.com/ -- Lionel From jaya.christina@manned.com Thu Mar 21 16:08:01 2002 From: jaya.christina@manned.com (Jaya Christina) Date: Thu Mar 21 16:08:01 2002 Subject: DONE. ; ) Message-ID: <00c601c1d0e9$a28ab040$9b6410ac@jc> This is a multi-part message in MIME format. ------=_NextPart_000_00C3_01C1D0F1.F9C46CE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Well... guess u guys must have am been frustrated reading all my SOS .. = but now.. I HAVE DONE IT----- I got my gpg working and doing good.. thanx everybody for all the help and for putting up=20 :) Regards, Jaya Christina ------=_NextPart_000_00C3_01C1D0F1.F9C46CE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Well... guess u guys must have am =  been=20 frustrated reading all my SOS .. but now..  I HAVE DONE=20 IT-----
 
I got my gpg working and doing = good..
thanx everybody for all the help and = for putting up=20
 
:)
Regards,
Jaya = Christina
------=_NextPart_000_00C3_01C1D0F1.F9C46CE0-- From lionel@mamane.lu Thu Mar 21 16:18:01 2002 From: lionel@mamane.lu (Lionel Elie Mamane) Date: Thu Mar 21 16:18:01 2002 Subject: terms and conditions in using encryption with gnupg In-Reply-To: References: <21750.1016721249@www50.gmx.net> Message-ID: <20020321151915.GA9363@home.mamane.lu> On Thu, Mar 21, 2002 at 03:41:40PM +0100, Janusz A. Urbanowicz wrote: > Christian Brandl wrote/napisa?[a]/schrieb: >> What are the terms and conditions to use gnupg in business matters? > You may sue the program as you like. Christian, he meant use. > The source code is avaliable, and the only limitation is that in > case of providing _modified_ gnupg to anyone Hmm... I thing modified or unmodified! -- Lionel From JanuszA.Urbanowicz Thu Mar 21 16:22:01 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Thu Mar 21 16:22:01 2002 Subject: terms and conditions in using encryption with gnupg In-Reply-To: <20020321151915.GA9363@home.mamane.lu> from Lionel Elie Mamane at "Mar 21, 2002 04:19:15 pm" Message-ID: Lionel Elie Mamane wrote/napisa=B3[a]/schrieb: > On Thu, Mar 21, 2002 at 03:41:40PM +0100, Janusz A. Urbanowicz wrote: > > Christian Brandl wrote/napisa?[a]/schrieb: >=20 > >> What are the terms and conditions to use gnupg in business matters?=20 >=20 > > You may sue the program as you like. >=20 > Christian, he meant use. Yes, a typo, sorry. =20 > > The source code is avaliable, and the only limitation is that in > > case of providing _modified_ gnupg to anyone >=20 > Hmm... I thing modified or unmodified! yes, but since vanilla GPG code is avaliable, the more important aspect is the modified code. Notabene AFAIK (IANAL) you can charge for both modified program and its source. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From sbutler@fchn.com Thu Mar 21 16:45:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Thu Mar 21 16:45:01 2002 Subject: terms and conditions in using encryption with gnupg Message-ID: Perhaps one would rather use the program than to sue it. Here in the U= SA, it might be possible to sue the program <> but I think the previo= us author really intended to type use instead. And to think that the hamm= ing distance between those two words is only 2. -----Original Message----- From: Janusz A. Urbanowicz [mailto:alex@bofh.torun.pl] Sent: Thursday, March 21, 2002 6:42 AM To: Christian Brandl Cc: gnupg-users@gnupg.org Subject: Re: terms and conditions in using encryption with gnupg Christian Brandl wrote/napisa=B3[a]/schrieb: > The most important one: > What are the terms and conditions to use gnupg in business matters? You may sue the program as you like. The source code is avaliable, and = the [snip] CONFIDENTIALITY NOTICE: This e-mail message, including any attachments= , is for the sole use of the intended recipient(s) and may contain conf= idential and privileged information. Any unauthorized review, use, dis= closure or distribution is prohibited. If you are not the intended rec= ipient, please contact the sender by reply e-mail and destroy all copie= s of the original message. From mutz@kde.org Thu Mar 21 18:14:02 2002 From: mutz@kde.org (Marc Mutz) Date: Thu Mar 21 18:14:02 2002 Subject: terms and conditions in using encryption with gnupg In-Reply-To: References: Message-ID: <200203211811.08408@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 21 March 2002 16:41, Steve Butler wrote: > Perhaps one would rather use the program than to sue it. Here in the > USA, it might be possible to sue the program <> but I think the > previous author really intended to type use instead. And to think > that the hamming distance between those two words is only 2. =2E..which is quite much for a three-tupel ;-) Actually, for words you'd use the Levenshtein distance and that is only=20 1 in this case... Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8mhQq3oWD+L2/6DgRAmJXAKDAKJG+DgkGgqAB4afBMc5clEOcSACfRVvv z7rfPu63bH62UVcYyF+8ofc=3D =3Di0kx -----END PGP SIGNATURE----- From d_well" When I execute the t-decrypt in the directory test it read in the file "cipher_1.asc" but the file t-encrypt doesn't change the file "cipher_1.asc". How can I write the result of t-encrypt in "cipher_1.asc" and it is necessary to use a file like "cipher_1.asc" to encrypt and decrypt a text, if not how can I encrypt and decryt a text? ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif From wk@gnupg.org Thu Mar 21 21:16:01 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Mar 21 21:16:01 2002 Subject: how write in file "cipher_1.asc" ? In-Reply-To: <001b01c1d106$5ff930e0$5d0be6c2@dmaxy> ("d_well"'s message of "Thu, 21 Mar 2002 19:29:18 +0100") References: <001b01c1d106$5ff930e0$5d0be6c2@dmaxy> Message-ID: <87y9glsms6.fsf@alberti.gnupg.de> On Thu, 21 Mar 2002 19:29:18 +0100, d well said: > When I execute the t-decrypt in the directory test it read in the file This is a regression test and it does not make any sense to use it for your own things. run "make check" to see if your build does work. Werner From jharris@widomaker.com Fri Mar 22 00:45:01 2002 From: jharris@widomaker.com (Jason Harris) Date: Fri Mar 22 00:45:01 2002 Subject: keys.pgp.com - any reliable info. on its status? Message-ID: <20020321234230.GA1344@pm9-07.lft.widomaker.com> --opJtzjQTFsWo+cga Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Is there any reliable information on the status of keys.pgp.com (aka keyserver.pgp.com, keys.nai.com, pgpkeys.mit.edu, and certserver.pgp.com)? Does anyone expect to get a final keydump from it? (NB: I'm not subscribed to gnupg-users@gnupg.org.) --=20 Jason Harris jharris@widomaker.com --opJtzjQTFsWo+cga Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8mm/kSypIl9OdoOMRAoJzAJ42MkY9NmtJy+J9C2Vq0V9kTL20lQCeM39N nVIQOwc5PB03jYlf4Crt7YY= =b0Be -----END PGP SIGNATURE----- --opJtzjQTFsWo+cga-- From chrisbrandl@gmx.de Fri Mar 22 09:59:01 2002 From: chrisbrandl@gmx.de (Christian Brandl) Date: Fri Mar 22 09:59:01 2002 Subject: WG: terms and conditions in using encryption with gnupg Message-ID: <31379.1016787393@www39.gmx.net> Thanks a lot for your comments! I will contact info@g10code.de for further information. Best Regards! Christian Brandl -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From rmartini@cipsga.org.br Fri Mar 22 22:13:02 2002 From: rmartini@cipsga.org.br (Renato Martini) Date: Fri Mar 22 22:13:02 2002 Subject: GpgSM Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi ALL: I downloaded the gpgme release 0.3.4. In the configure options, we can compile it with the GpgSM module 0.3.1 support. The point is: where can I found this =C4gypten module? The "ftp.gnupg.org/gcrypt/alpha/aegypten= " directory there are many packages, but what's the GpgSM module package? thanks best regards - --------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br - ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8nPBbYogE2yD8bPYRA9xRAJwI6MUAH26mS3T08yJPWG3KO1fpywCfQ/KG WNPI5/75pQW/2DVlllx2ZYg=3D =3DrWzP -----END PGP SIGNATURE----- From rasoul@rhythm.com Sat Mar 23 00:32:02 2002 From: rasoul@rhythm.com (Rasoul Hajikhani) Date: Sat Mar 23 00:32:02 2002 Subject: gpg New Bee Message-ID: <3C9BBE8A.A5612B63@rhythm.com> Hello folks, My apologies if this question has been asked before. I have created a encrypted file encrypted with two different recipients. How do I decrypt this file using the other user? The -u option does not seem to work. I am running 1.0.6 gpg. %gpg -u --decrypt myTest1.gpg It keeps asking for my pass phrase and not that of the "test" user pass phrase. Can some one tell me what option I should be using? Thanks in advance. -r From rmalayter@bai.org Sat Mar 23 01:15:02 2002 From: rmalayter@bai.org (Ryan Malayter) Date: Sat Mar 23 01:15:02 2002 Subject: Secret splitting w/ threshold Message-ID: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org> I was about to implement a custom secret-splitting threshold scheme for our corporate officers, using Shamir's polynomial method and a simple spreadsheet to do the math. Then I considered doing a simple geometirc scheme, giving each officer the equation of a line and letting the secret be the intersection of two or more of these in cartesian space. This scheme would be simpler for the execs to reconstruct in an emergency without technical help. In fact, the whole reconstruction process could be described on the back of the laminated "secret card" I'm going to give them. As I understand it, both of these schemes are equally secure, presuming large enough numbers are used as coefficients. Can anybody offer a reason why I shouldn't choose the easier geometic scheme? Also, it occurs to me that there is probably a good open-source program that implement this sort of thing, although my Googleing bore no such fruit. Does anyone have a good link to a simple, secure secret-sharing program? Finally, the secret-sharing built into the commercial PGP, while pretty neat, was only useful for PGP key material. I wish to share 10-20 bytes of passphrase material. What secret sharing capabilites are coming in GnuPG? Will it be able to share any secret? Regards, :::Ryan Malayter :::Bank Administration Institute :::Chicago, Illinois, USA :::PGP Key: http://www.malayter.com/pgp-public.txt From dshaw@jabberwocky.com Sat Mar 23 01:23:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 23 01:23:01 2002 Subject: gpg New Bee In-Reply-To: <3C9BBE8A.A5612B63@rhythm.com> References: <3C9BBE8A.A5612B63@rhythm.com> Message-ID: <20020323002041.GE4680@akamai.com> On Fri, Mar 22, 2002 at 03:30:18PM -0800, Rasoul Hajikhani wrote: > Hello folks, > My apologies if this question has been asked before. I have created a > encrypted file encrypted with two different recipients. How do I decrypt > this file using the other user? The -u option does not seem to work. I > am running 1.0.6 gpg. > %gpg -u --decrypt myTest1.gpg > It keeps asking for my pass phrase and not that of the "test" user pass > phrase. > Can some one tell me what option I should be using? There is no command line option to handle this case, as generally people don't encrypt to themselves multiple times. That said, you can still do it - just hit "enter" three times when prompted for the passphrase for the key you don't want to use. This will make GnuPG roll over and try the next available key. Good job on "Rhapsody in Blue", by the way ;) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From n.ratoandromanana@bni.mg Sat Mar 23 06:28:02 2002 From: n.ratoandromanana@bni.mg (NirinaMichel Ratoandromanana/DS-INFO) Date: Sat Mar 23 06:28:02 2002 Subject: gpg New Bee In-Reply-To: <3C9BBE8A.A5612B63@rhythm.com> References: <3C9BBE8A.A5612B63@rhythm.com> Message-ID: >%gpg -u --decrypt myTest1.gpg >It keeps asking for my pass phrase and not that of the "test" user pass >phrase. If I understand your problem, this is a suggested solution when you have a file encrypted for multiple recipient. I don't know if this is a bug or not but when decrypting, gpg ALWAYS use the first user in the secring.gpg file even if you specify the user with -u option. %gpg --export-secret-keys > gpgtemp.asc %gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt myTest1.gpg I hope this helps you. From wk@gnupg.org Sat Mar 23 11:48:02 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Mar 23 11:48:02 2002 Subject: Secret splitting w/ threshold In-Reply-To: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org> (Ryan Malayter's message of "Fri, 22 Mar 2002 18:11:56 -0600") References: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org> Message-ID: <873cyrimtz.fsf@alberti.gnupg.de> On Fri, 22 Mar 2002 18:11:56 -0600, Ryan Malayter said: > Finally, the secret-sharing built into the commercial PGP, while pretty s/commercial/proprietary/ > passphrase material. What secret sharing capabilites are coming in GnuPG? > Will it be able to share any secret? OpenPGP does not define any key splitting algorithm. I have some doubts whether this can be accomplised at all using the OpenPGP protocol. The hard thing with key splitting is to get the usability right. What PGP provides is not sufficient because (afaik) all parts most be combined on the same machine this does not increase the security unless that machine is physical secure and provides a clean protocol to combine the keys. If your goal is that 2 persons have to sign a document to get a valid signature, you should setup an organisation policy to enforce this and use 2 simple signatures. It is definitely possible to add some policy enforcement rules to GnuPG. Werner From wk@gnupg.org Sat Mar 23 11:52:01 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Mar 23 11:52:01 2002 Subject: GpgSM In-Reply-To: (Renato Martini's message of "Sat, 23 Mar 2002 18:14:43 -0300 (BRT)") References: Message-ID: <87y9gjh853.fsf@alberti.gnupg.de> On Sat, 23 Mar 2002 18:14:43 -0300 (BRT), Renato Martini said: > can I found this Ägypten module? The "ftp.gnupg.org/gcrypt/alpha/aegypten" > directory there are many packages, but what's the GpgSM module package? It is the newpg-x.y.z.tar.gz. The rationale behind this name is that eventually it will be merged back into GnuPG. If you look at the source you will see "This file is part of GnuPG". Ah yes, you need libksba and libgcrypt as well. See http://www.gnupg.org/aegypten/development.en.html gpgme works fine without gpgsm. Werner From remailer@aarg.net Sat Mar 23 15:22:01 2002 From: remailer@aarg.net (AARG! Anonymous) Date: Sat Mar 23 15:22:01 2002 Subject: Secret splitting w/ threshold Message-ID: <623b12949dc1bdf2e25a09387323d4e4@aarg.net> Take a look at http://www.mindrot.org/files/secret-share-0.0.1.tar.gz From remailer@aarg.net Sat Mar 23 17:38:01 2002 From: remailer@aarg.net (AARG! Anonymous) Date: Sat Mar 23 17:38:01 2002 Subject: Secret splitting w/ threshold Message-ID: <50da27911a6db0520002f98904e071aa@aarg.net> >Take a look at > >http://www.mindrot.org/files/secret-share-0.0.1.tar.gz The following program might be what you are after: http://www.mindrot.org/files/secsplit-1.2.tar.gz From jonas@gazonk.org Sat Mar 23 18:32:01 2002 From: jonas@gazonk.org (Jonas Bofjall) Date: Sat Mar 23 18:32:01 2002 Subject: gnupg to encrypt files in a batch processes In-Reply-To: Message-ID: On 20 Mar 2002, Helmut Waitzmann wrote: > put the PASSPHRASE into a file, for example > /usr/local/BatchMail/passphrase, and then use the command > gpg -s -e -o - --batch --yes --passphrase-fd 0 -r If you wish to avoid the file, I would suggest something along: $ cat << EOF | gpg --passphrase-fd-0 [...] ThisIsTheSecretPassphrase EOF this way, the pipe would probably(?) never make it to disk. From Weimer@CERT.Uni-Stuttgart.DE Sat Mar 23 21:15:01 2002 From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer) Date: Sat Mar 23 21:15:01 2002 Subject: Secret splitting w/ threshold In-Reply-To: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org> (Ryan Malayter's message of "Fri, 22 Mar 2002 18:11:56 -0600") References: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org> Message-ID: <87elibxcyh.fsf@CERT.Uni-Stuttgart.DE> Ryan Malayter writes: > As I understand it, both of these schemes are equally secure, presuming > large enough numbers are used as coefficients. Can anybody offer a reason > why I shouldn't choose the easier geometic scheme? If you really want to create your own scheme, you should use successive encryption using one time pads (giving each officer (except one) an OTP, and one officer gets the encrypted private key). Your approach based on simple linear algebra might interact badly with the actual cryptography. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 From rasoul@rhythm.com Sun Mar 24 00:38:02 2002 From: rasoul@rhythm.com (Rasoul Hajikhani) Date: Sun Mar 24 00:38:02 2002 Subject: gpg New Bee References: <3C9BBE8A.A5612B63@rhythm.com> Message-ID: <3C9D1117.7BFBE454@rhythm.com> NirinaMichel Ratoandromanana/DS-INFO wrote: > > >%gpg -u --decrypt myTest1.gpg > >It keeps asking for my pass phrase and not that of the "test" user pass > >phrase. > > If I understand your problem, this is a suggested solution when you have a > file encrypted for multiple recipient. I don't know if this is a bug or > not but when decrypting, gpg ALWAYS use the first user in the secring.gpg > file even if you specify the user with -u option. > > %gpg --export-secret-keys > gpgtemp.asc > %gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt > myTest1.gpg > > I hope this helps you. Thanks for responding. I tried your solution but I am afraid I get an error: gpg: Warning: using insecure memory! gpg: encrypted with 1024-bit ELG-E key, ID 0C18F568, created 2002-03-22 "test this " gpg: encrypted with 1024-bit ELG-E key, ID 23DCC2F8, created 2002-03-22 "rasoul " gpg: decryption failed: secret key not available [ gpg: [don't know]: invalid packet (ctb=36) or gpg: decrypt_message failed: unexpected data ] The command that I used was: %gpg --output myTest.gpg --encrypt -r rasoul -r test1 myTest.txt %gpg --export-secret-keys [test1 || uid] > gpgtemp.asc %gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt myTest.gpg Can you tell me what is going on? thanks in advance -r From Weimer@CERT.Uni-Stuttgart.DE Sun Mar 24 10:35:01 2002 From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer) Date: Sun Mar 24 10:35:01 2002 Subject: gnupg to encrypt files in a batch processes In-Reply-To: (Jonas Bofjall's message of "Sat, 23 Mar 2002 18:30:02 +0100 (CET)") References: Message-ID: <873cyqwbxf.fsf@CERT.Uni-Stuttgart.DE> Jonas Bofjall writes: > On 20 Mar 2002, Helmut Waitzmann wrote: > > put the PASSPHRASE into a file, for example > > /usr/local/BatchMail/passphrase, and then use the command > > gpg -s -e -o - --batch --yes --passphrase-fd 0 -r > > If you wish to avoid the file, I would suggest something along: > > $ cat << EOF | gpg --passphrase-fd-0 [...] > ThisIsTheSecretPassphrase > EOF > > this way, the pipe would probably(?) never make it to disk. I'm sorry, but bash use temporary files to implement here documents (like any other shell, I think). -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 From teenieberry@worldnet.att.net Sun Mar 24 16:46:01 2002 From: teenieberry@worldnet.att.net (FRANK HUBENY) Date: Sun Mar 24 16:46:01 2002 Subject: gpg-dialog Message-ID: <000501c1d34b$e8bc0a50$56ed6620@teeniebe9euk8d> Hello Group, I had two questions about gpg-dialog. First, Can it be compiled into a W32 exe file. If so can someone tell me how off-list is fine. Or has this been done and can I get a copy. Second, Have the gpg developers considered adding something like this to gpg. Even if as a download from their site as a gpg utilty. If in gpg asa command like ( gpg --menue ), or ( gpg --dialog ). I do like it and it is a reall good feature for people like my self who like the menue system it provides to command line program program. <>< Frank D. Hubeny From n.ratoandromanana@bni.mg Mon Mar 25 06:44:01 2002 From: n.ratoandromanana@bni.mg (NirinaMichel Ratoandromanana/DS-INFO) Date: Mon Mar 25 06:44:01 2002 Subject: Re(2): gpg New Bee In-Reply-To: <3C9D1117.7BFBE454@rhythm.com> References: <3C9BBE8A.A5612B63@rhythm.com> <3C9D1117.7BFBE454@rhythm.com> Message-ID: >gpg: Warning: using insecure memory! >gpg: encrypted with 1024-bit ELG-E key, ID 0C18F568, created 2002-03-22 > "test this " >gpg: encrypted with 1024-bit ELG-E key, ID 23DCC2F8, created 2002-03-22 > "rasoul " > >gpg: decryption failed: secret key not available >[ >gpg: [don't know]: invalid packet (ctb=36) >or >gpg: decrypt_message failed: unexpected data >] > >The command that I used was: > >%gpg --output myTest.gpg --encrypt -r rasoul -r test1 myTest.txt >%gpg --export-secret-keys [test1 || uid] > gpgtemp.asc My apologies; this line should be: %gpg --export-secret-keys test1 > $GPGDIR/gpgtemp.asc where $GPGDIR is the absolute | relative path where you put you gpg executable and your secret keyring. All the remaining is ok. > >%gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt >myTest.gpg > From ederveen@web.de Mon Mar 25 13:36:01 2002 From: ederveen@web.de (Daniel Ederveen) Date: Mon Mar 25 13:36:01 2002 Subject: Java and passphrase-fd Message-ID: <3C9F195A.592F2DC1@web.de> Hi *.*! I am developing a Java application which signs documents. I want to have detached signatures so I am using the “–b” (--detach-sign) option. Can anybody help me with the corrected use of the “--passphrase-fd” option. I tried for some time, but it didn’t work. A example would be useful. Thanks Daniel Ederveen From stefan@epy.co.at Mon Mar 25 13:53:01 2002 From: stefan@epy.co.at (Stefan H. Holek) Date: Mon Mar 25 13:53:01 2002 Subject: [ANNOUNCE] New Home For The PGPdump Interface Message-ID: <5.1.0.14.2.20020325123337.04284c38@mail.uptime.at> ----------------- PGPdump Interface ----------------- I am pleased to announce the availability of the PGPdump Interface at its new home on the web: http://www.pgpdump.net/ The PGPdump Interface is a web-interface for pgpdump, the (Open)PGP packet visualizer by Kazu Yamamoto. It can be used to determine the exact contents of PGP public key blocks (or any PGP encoded data for that matter) and is intended for those who are inconvenienced by running command line tools. Please update your bookmarks and, should you have linked to my site (thank you!), update your pages as well. The previous URL will continue to work for the time being. Regards, Stefan -- BLOWFISH n. - Preference for beef From schoech@iap-kborn.de Mon Mar 25 14:06:01 2002 From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=) Date: Mon Mar 25 14:06:01 2002 Subject: Java and passphrase-fd In-Reply-To: <3C9F195A.592F2DC1@web.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Daniel ! > I am developing a Java application which signs documents. I want to have > detached signatures so I am using the =93=96b=94 (--detach-sign) option. > Can anybody help me with the corrected use of the =93--passphrase-fd=94 > option. I tried for some time, but it didn=92t work. > A example would be useful. Have you had a look at the archive of this mailinglist ? The question of how to avoid typing in the password has been asked and answered many times before for a number of programming languages. You find the archives at: http://lists.gnupg.org/ HTH, Armin - --=20 Am Hasenberg 26 office: Institut f=FCr Atmosph=E4renphysik D-18209 Bad Doberan Schloss-Stra=DFe 6 Tel. ++49-(0)38203/42137 D-18225 K=FChlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8nyAuG8Xv4GxznLoRAuIVAJwOQIiiQXkOQFfKYBcvOeayEDbxHQCfTK39 HStW+Z6uCtw1r2Jw55pMv9A=3D =3D1Ncz -----END PGP SIGNATURE----- From ederveen@web.de Mon Mar 25 14:31:02 2002 From: ederveen@web.de (Daniel Ederveen) Date: Mon Mar 25 14:31:02 2002 Subject: Java and passphrase-fd References: Message-ID: <3C9F2631.C24386AC@web.de> Hi Armin! I only have e-mail access, so if someone could mail me the answer or an example it would make things easier for me. By the way: I am developing in a Windows NT environment. Regards Daniel Armin Schöch wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Daniel ! > > > I am developing a Java application which signs documents. I want to have > > detached signatures so I am using the “–b” (--detach-sign) option. > > Can anybody help me with the corrected use of the “--passphrase-fd” > > option. I tried for some time, but it didn’t work. > > A example would be useful. > > Have you had a look at the archive of this mailinglist ? The question > of how to avoid typing in the password has been asked and answered > many times before for a number of programming languages. > > You find the archives at: http://lists.gnupg.org/ > > HTH, > Armin > > - -- > Am Hasenberg 26 office: Institut für Atmosphärenphysik > D-18209 Bad Doberan Schloss-Straße 6 > Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY > Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 > WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: Weitere Infos: siehe http://www.gnupg.org > > iD8DBQE8nyAuG8Xv4GxznLoRAuIVAJwOQIiiQXkOQFfKYBcvOeayEDbxHQCfTK39 > HStW+Z6uCtw1r2Jw55pMv9A= > =1Ncz > -----END PGP SIGNATURE----- From jaya.christina@manned.com Mon Mar 25 15:24:02 2002 From: jaya.christina@manned.com (Jaya Christina) Date: Mon Mar 25 15:24:02 2002 Subject: Java and passphrase-fd Message-ID: <011b01c1d408$120e52c0$9b6410ac@jc> This is a multi-part message in MIME format. ------=_NextPart_000_0116_01C1D410.691A48A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Daniel,=20 This works fine in Windows. gpg --armor -o --batch --yes --passphrase-fd 0 < = -r -s -e Do u need a Java file which does this all?? One GnuPG-er has put it on = the web Best Regards, Jaya ------=_NextPart_000_0116_01C1D410.691A48A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi Daniel,
This works fine in = Windows.
 
gpg --armor -o <output-file> = --batch=20 --yes --passphrase-fd 0 < <passphrase-file> = -r <recepient>=20 -s -e  <input-file>
 
Do u need a Java file which does this = all?? One=20 GnuPG-er has put it on the web
 
 
Best Regards,
Jaya
------=_NextPart_000_0116_01C1D410.691A48A0-- From jayachristina@hotmail.com Mon Mar 25 15:31:02 2002 From: jayachristina@hotmail.com (Jaya Christina) Date: Mon Mar 25 15:31:02 2002 Subject: ...passphrase.... Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0163_01C1D411.615AFCD0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Daniel,=20 This works fine in Windows. gpg --armor -o --batch --yes --passphrase-fd 0 < = -r -s -e Do u need a Java file which does this all?? One GnuPG-er has put it on = the web Best Regards, Jaya ------=_NextPart_000_0163_01C1D411.615AFCD0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi Daniel,
This works fine in = Windows.
 
gpg --armor -o <output-file> = --batch=20 --yes --passphrase-fd 0 < <passphrase-file> = -r <recepient>=20 -s -e  <input-file>
 
Do u need a Java file which does this = all?? One=20 GnuPG-er has put it on the web
 
 
Best Regards,
Jaya
 
------=_NextPart_000_0163_01C1D411.615AFCD0-- From holzmann@mhnet.de Mon Mar 25 16:09:02 2002 From: holzmann@mhnet.de (Micha Holzmann) Date: Mon Mar 25 16:09:02 2002 Subject: how to revoke a key? Message-ID: <20020325150612.GA23783@idm-06.pf.kramski.de> Hello, a friend has lost his passphrase. He created a revocation ceritificate, but do not know how to revoke it at the key servers. I told him first he should import the revocation certifikate into his keyring and afterwards he should export his key and send this export to the key-server. First he sent me his exported key. I was able to import it and saw that it is revoked. But the transfer to the keyserver fails. I tried to find information with google, but nowhere was an exact example. So i am not really sure if my insctrucions where ok. gpg was started as following: gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc kind regards, Micha Holzmann -- Es gibt nichts gutes ausser man tut es... From JanuszA.Urbanowicz Mon Mar 25 16:30:01 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Mon Mar 25 16:30:01 2002 Subject: how to revoke a key? In-Reply-To: <20020325150612.GA23783@idm-06.pf.kramski.de> from Micha Holzmann at "Mar 25, 2002 04:06:12 pm" Message-ID: Micha Holzmann wrote/napisa=B3[a]/schrieb: > Hello, >=20 > a friend has lost his passphrase. He created a revocation ceritificate, > but do not know how to revoke it at the key servers. >=20 > I told him first he should import the revocation certifikate into his > keyring and afterwards he should export his key and send this export > to the key-server. >=20 > First he sent me his exported key. I was able to import it and saw that > it is revoked. But the transfer to the keyserver fails. >=20 > I tried to find information with google, but nowhere was an exact example. > So i am not really sure if my insctrucions where ok. >=20 > gpg was started as following: >=20 > gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc after you import the key, you send it to keyservers via=20 gpg --send-keys --keyserver wwwkeys.nl.pgp.net Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From sbutler@fchn.com Mon Mar 25 17:10:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Mon Mar 25 17:10:01 2002 Subject: how to revoke a key? Message-ID: He may have to export it to a file with --armour. Then take the file to a clipboard. Run up to the keyserver on the web and manually paste it as a new key. That's what I ended up doing when I had to use a revoke certificate. Thanks to David for sharing that hint with me a few weeks back. -----Original Message----- From: Micha Holzmann [mailto:holzmann@mhnet.de] Sent: Monday, March 25, 2002 7:06 AM To: gnupg-users@gnupg.org Subject: how to revoke a key? Hello, a friend has lost his passphrase. He created a revocation ceritificate, but do not know how to revoke it at the key servers. I told him first he should import the revocation certifikate into his keyring and afterwards he should export his key and send this export to the key-server. First he sent me his exported key. I was able to import it and saw that it is revoked. But the transfer to the keyserver fails. I tried to find information with google, but nowhere was an exact example. So i am not really sure if my insctrucions where ok. gpg was started as following: gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc kind regards, Micha Holzmann -- Es gibt nichts gutes ausser man tut es... _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From andriash@telus.net Mon Mar 25 19:07:01 2002 From: andriash@telus.net (Nick Andriash) Date: Mon Mar 25 19:07:01 2002 Subject: how to revoke a key? In-Reply-To: References: Message-ID: <20020325100038.CA4F.ANDRIASH@telus.net> Hello Steve Butler, On Monday, March 25 2002 at 08:07 AM PDT, you wrote: > He may have to export it to a file with --armour. Then take the file > to a clipboard. Run up to the keyserver on the web and manually paste > it as a new key. That's what I ended up doing when I had to use a > revoke certificate. I am just curious, but why did you have to go through so much trouble to revoke a Key? We are currently in the process of updating our PGP-Basics Lists' GnuPG/Windows Help File, and in it we mention that once the file that was first created in the revocation process is imported back into your KeyRing, all that remains is to upload the Public Key to the KeyServer. Is that not true? -- Nick Andriash Courtenay, B.C. Canada From rasoul@rhythm.com Mon Mar 25 19:44:01 2002 From: rasoul@rhythm.com (Rasoul Hajikhani) Date: Mon Mar 25 19:44:01 2002 Subject: gpg New Bee References: <3C9BBE8A.A5612B63@rhythm.com> <3C9D1117.7BFBE454@rhythm.com> Message-ID: <3C9F6F2A.D4681273@rhythm.com> Thanks a whole bunch for replying so fast. It now works... :) -r NirinaMichel Ratoandromanana/DS-INFO wrote: > > >gpg: Warning: using insecure memory! > >gpg: encrypted with 1024-bit ELG-E key, ID 0C18F568, created 2002-03-22 > > "test this " > >gpg: encrypted with 1024-bit ELG-E key, ID 23DCC2F8, created 2002-03-22 > > "rasoul " > > > >gpg: decryption failed: secret key not available > >[ > >gpg: [don't know]: invalid packet (ctb=36) > >or > >gpg: decrypt_message failed: unexpected data > >] > > > >The command that I used was: > > > >%gpg --output myTest.gpg --encrypt -r rasoul -r test1 myTest.txt > >%gpg --export-secret-keys [test1 || uid] > gpgtemp.asc > > My apologies; this line should be: > %gpg --export-secret-keys test1 > $GPGDIR/gpgtemp.asc > where $GPGDIR is the absolute | relative path where you put you gpg > executable and your secret keyring. All the remaining is ok. > > > >%gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt > >myTest.gpg > > From rasoul@rhythm.com Mon Mar 25 19:48:02 2002 From: rasoul@rhythm.com (Rasoul Hajikhani) Date: Mon Mar 25 19:48:02 2002 Subject: Key IDS Message-ID: <3C9F7070.7F90983D@rhythm.com> Hello folks, In the FAQs there is section for getting the key ids used to encrypt a message. However, I get an error when I run this code: gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | awk '/^\[GNUPG:\] ENC_TO / { print $3 }' And here is the error: Ambiguous output redirect. Can anyone shed some light on this... Thanks in advance -r From manckaert@belgacom.net Mon Mar 25 19:51:02 2002 From: manckaert@belgacom.net (Michael Anckaert) Date: Mon Mar 25 19:51:02 2002 Subject: cannot receive certain keys Message-ID: <02032521051900.00712@carpathia> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm having troubles dowloading certain keys from the keyservers I use certserver.gpg.com en sometimes I just get: Cannot find OpenPGP data or something like that. Is it because the users just have not uploaded their key or something greetings xantor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyfgwkACgkQ+99tlzYKxKZGNgCfVe2Le+n/RVI4ZY45jSjrbICh ifsAni8f8uNRp61OSdlO6b2/UVeKnEeG =0ziG -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Mon Mar 25 20:16:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Mar 25 20:16:02 2002 Subject: Key IDS In-Reply-To: <3C9F7070.7F90983D@rhythm.com> References: <3C9F7070.7F90983D@rhythm.com> Message-ID: <20020325191340.GA1638@akamai.com> On Mon, Mar 25, 2002 at 10:46:08AM -0800, Rasoul Hajikhani wrote: > Hello folks, > In the FAQs there is section for getting the key ids used to encrypt a > message. However, I get an error when I run this code: > > gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | awk > '/^\[GNUPG:\] ENC_TO / { print $3 }' > > And here is the error: > Ambiguous output redirect. What shell are you using? That's a SH-ish shell line, but the error message is from csh or a near relative. Try the command using sh or bash. If you must do it with csh, try this: gpg --batch --decrypt --list-only --status-fd 1 | awk '/^\[GNUPG:\] ENC_TO / { print $3 }' David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From rmalayter@bai.org Mon Mar 25 20:25:02 2002 From: rmalayter@bai.org (Ryan Malayter) Date: Mon Mar 25 20:25:02 2002 Subject: Secret splitting w/ threshold Message-ID: <22FD1855C2B16C40A1F6DE406420021E0187F8CE@mail.bai.org> From: Werner Koch, 23 Mar 2002 4:46 AM To: gnupg-users@gnupg.org >OpenPGP does not define any key splitting algorithm. >I have some doubts whether this can be accomplised at >all using the OpenPGP protocol. The hard thing with >key splitting is to get the usability right. What PGP >provides is not sufficient because (afaik) all parts >most be combined on the same machine this does not >increase the security unless that machine is physical >secure and provides a clean protocol to combine the keys. The Shamir and geometric threshold schemes are fairly straightforward and secure protocols, so the usability design isn't really an issue. Simply feed your sharing program it N shares (as files or whatever), in any order, and it reconstructs and displays the secret. What's really needed, I suppose, would be a standard message format that would encapsulate the sharing algorithm used, the degree of the (m,n) threshold scheme, and the actual data associated with the share. I would think OpenPGP packet formats could handle this easily, with appropriate additions to the list of algorithms. Of course, the question is, is a secret splitting feature useful enough for it to be added to the OpenPGP standard? I think so. Heck, every organization should probably share it's administrative pass phrases and keys in such a secure manner. Or perhaps a separate, simple "Open Threshold Scheme" standard, based on the OpenPGP packet format, would be a better idea. Some form of standard is desirable so that shares can be recovered universally. If I make a custom program to split disaster recovery passwords for my executives, but both myself and my custom share combining program are inaccessible when a disaster recovery needs to be occur, the whole exercise was pointless. >If your goal is that 2 persons have to sign a document >to get a valid signature, you should setup an >organisation policy to enforce this and use 2 simple >signatures. It is definitely possible to add some >policy enforcement rules to GnuPG. Signing isn't really the issue. My intent is to share an administrative pass phrase such that any two executives can get together and reconstruct it, but one executive losing or compromising his "secret card" doesn't compromise the pass phrase. Regards, -ryan- From dshaw@jabberwocky.com Mon Mar 25 20:25:08 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Mar 25 20:25:08 2002 Subject: cannot receive certain keys In-Reply-To: <02032521051900.00712@carpathia> References: <02032521051900.00712@carpathia> Message-ID: <20020325192316.GB1638@akamai.com> On Mon, Mar 25, 2002 at 09:05:19PM +0100, Michael Anckaert wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, I'm having troubles dowloading certain keys from the keyservers > I use certserver.gpg.com en sometimes I just get: Cannot find OpenPGP data > or something like that. > Is it because the users just have not uploaded their key or something Generally, "no valid OpenPGP data found" means just that - the key is not found on the server. However, the certserver.pgp.com keyserver is having problems right now, so you shouldn't take that error message too seriously. Try another keyserver. It's unclear what, if anything, will happen with the certserver.pgp.com keyserver with the recent changes at pgp.com. People have been asking on the keyserver operators list, but no answers yet. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From mutz@kde.org Mon Mar 25 20:35:02 2002 From: mutz@kde.org (Marc Mutz) Date: Mon Mar 25 20:35:02 2002 Subject: cannot receive certain keys In-Reply-To: <02032521051900.00712@carpathia> References: <02032521051900.00712@carpathia> Message-ID: <200203252032.00093@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 25 March 2002 21:05, Michael Anckaert wrote: > Hi, I'm having troubles dowloading certain keys from the keyservers > I use certserver.gpg.com en sometimes I just get: Cannot find OpenPGP d= ata > or something like that. > Is it because the users just have not uploaded their key or something No they're not very reliable currently. perhaps that has to do with NAI=20 shutting down their OpenPGP business? Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8n3sv3oWD+L2/6DgRApIcAJ4/icvkeAr0XwfNtfiCheFExuxp0gCfU++S RkP/4QR5t8ClmFk2AFIoNU8=3D =3DGO7q -----END PGP SIGNATURE----- From holzmann@mhnet.de Mon Mar 25 21:03:02 2002 From: holzmann@mhnet.de (Micha Holzmann) Date: Mon Mar 25 21:03:02 2002 Subject: how to revoke a key? In-Reply-To: References: <20020325150612.GA23783@idm-06.pf.kramski.de> Message-ID: <20020325200047.GA1268@kaliba.yoda.de> ----- originally message ----- >From : "Janusz A. Urbanowicz" Sent : Mon, Mär 25, 2002 at 04:20:36 +0100 Subject : Re: how to revoke a key? > > gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc > > after you import the key, you send it to keyservers via > > gpg --send-keys --keyserver wwwkeys.nl.pgp.net Sorry, i must correct what i wrote. We start gpg as you mentioned. My friend got this error: gpg: Warnung: Sensible Daten könnten auf Platte ausgelagert werden. gpg: Senden an wwwkeys.nl.pgp.net:11371' erfolglos (status=400) Kind Regards, Micha Holzmann -- Who the hell is General Failure, and why he is reading my disk? From JanuszA.Urbanowicz Mon Mar 25 21:11:02 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Mon Mar 25 21:11:02 2002 Subject: how to revoke a key? In-Reply-To: <20020325200047.GA1268@kaliba.yoda.de> from Micha Holzmann at "Mar 25, 2002 09:00:47 pm" Message-ID: Micha Holzmann wrote/napisa=B3[a]/schrieb: [Charset iso-8859-1 unsupported, filtering to ASCII...] > ----- originally message ----- > >From : "Janusz A. Urbanowicz" > Sent : Mon, M_r 25, 2002 at 04:20:36 +0100 > Subject : Re: how to revoke a key? >=20 > > > gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc > >=20 > > after you import the key, you send it to keyservers via=20 > >=20 > > gpg --send-keys --keyserver wwwkeys.nl.pgp.net >=20 > Sorry, i must correct what i wrote. We start gpg as you > mentioned. >=20 > My friend got this error: >=20 > gpg: Warnung: Sensible Daten k_nnten auf Platte ausgelagert werden. > gpg: Senden an wwwkeys.nl.pgp.net:11371' erfolglos (status=3D400) try another keyserver, try sending via http proxy (it helps in communication with OpenKeyserver software). Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From tstrzem@sesame.com Tue Mar 26 00:14:01 2002 From: tstrzem@sesame.com (Tom Strzemieczny) Date: Tue Mar 26 00:14:01 2002 Subject: how do i get gnupg to read the passphrase from standard in Message-ID: <3C9FAE3E.6F9C51EF@sesame.com> I need to have gnupgp read the passphrase as standard in. I want to pipe a passphrase stored in a java BatchMail program into gnupgp for encrypting files. I want to do this directly by piping the passphrase into gpg standard in. I cannot pass parameters into an echo because this is visible to ps. I cannot store the passphrase in a file for security reasons. Here's what I'm playing with right now: encrypt.sh "me@me.com" "recipient@recipient.com" "filename" where encrypt.sh is: #! /bin/sh gpg -s -e -o - --batch --passphrase-fd 0 --default-user $1 --yes --no-tty -r $2 $3 < - But i don't want gpg to hook into the standard out of my BatchMail program, but rather the standard out of the ScriptProcess that executed the command. I think I am on the right track but don't have any difinitive answers yet. Can someone please help? From rasoul@rhythm.com Tue Mar 26 00:16:02 2002 From: rasoul@rhythm.com (Rasoul Hajikhani) Date: Tue Mar 26 00:16:02 2002 Subject: Changing from long UID to UID Message-ID: <3C9FAF26.26C12B3F@rhythm.com> Folks, this question may sound trivial for some of you, but I am a new bee to gpg, so forgive me if I offend some people. How do I get a UID from a long UID? Thanks in advance -r From dshaw@jabberwocky.com Tue Mar 26 00:55:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Mar 26 00:55:02 2002 Subject: Changing from long UID to UID In-Reply-To: <3C9FAF26.26C12B3F@rhythm.com> References: <3C9FAF26.26C12B3F@rhythm.com> Message-ID: <20020325235256.GC745@akamai.com> On Mon, Mar 25, 2002 at 03:13:42PM -0800, Rasoul Hajikhani wrote: > Folks, > this question may sound trivial for some of you, but I am a new bee to > gpg, so forgive me if I offend some people. How do I get a UID from a > long UID? I assume you mean key ID? The regular or short key ID is just the lower half of the long key ID. For example: Long keyID: DB698D7199242560 Short keyID: 99242560 Incidentally, for OpenPGP keys (DH/DSS or v4 RSA) you can do the same trick with "how do I get a key id from a fingerprint". Fingerprint: 7D92FD313AB6F3734CC59CA1DB698D7199242560 Long keyID: DB698D7199242560 Short keyID: 99242560 David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From n0sq@arrl.net Tue Mar 26 05:58:02 2002 From: n0sq@arrl.net (Lee Roberts) Date: Tue Mar 26 05:58:02 2002 Subject: bad signatures Message-ID: <20020326035909.0C69E4F4BD@mail.actcom.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why does everyone say my GPG signature is bad while their PGP signature shows good? I did a decrypt/verify of one of my GPG messages with PGP and it gives a bad signature also. So far, I don't see anything wrong with my GPG configuration. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Encryption isn't just for secrets...... iEYEARECAAYFAjyf8rMACgkQUdYCmRtxtWQd7QCfQ71jTXeIsNCZkIf+Na73rKPL pZsAnA2ScTQxocdOqxBp2vH1ytgemPqb =Szmz -----END PGP SIGNATURE----- From agreene@pobox.com Tue Mar 26 06:31:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Tue Mar 26 06:31:01 2002 Subject: bad signatures In-Reply-To: <20020326035909.0C69E4F4BD@mail.actcom.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 25 Mar 2002, Lee Roberts wrote: >Why does everyone say my GPG signature is bad while their PGP signature shows >good? I did a decrypt/verify of one of my GPG messages with PGP and it gives >a bad signature also. So far, I don't see anything wrong with my GPG >configuration. Where is your key posted? I tried unsuccessfully to find your key to check the sig on your message. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8oAecpCpg3WyUI50RAi29AKDfFPUm6zEzBnBSo6lLPZD5AN0NHQCdFGId urwkzj6hGeg8qlZb15ZO2rs= =tvEs -----END PGP SIGNATURE----- From andriash@telus.net Tue Mar 26 06:38:02 2002 From: andriash@telus.net (Nick Andriash) Date: Tue Mar 26 06:38:02 2002 Subject: bad signatures In-Reply-To: <20020326035909.0C69E4F4BD@mail.actcom.net> References: <20020326035909.0C69E4F4BD@mail.actcom.net> Message-ID: <20020325213028.D486.ANDRIASH@telus.net> Hello Lee Roberts, On Monday, March 25 2002 at 08:01 PM PDT, you wrote: > Why does everyone say my GPG signature is bad while their PGP signature > shows good? I did a decrypt/verify of one of my GPG messages with PGP > and it gives a bad signature also. So far, I don't see anything wrong > with my GPG configuration. Poor wrapping by the Mail Client, i.e. wrapping of text after the message has been signed is one of the most probable causes, unless you use a WYSIWYG Editor. Also, I see this in your headers: Content-Transfer-Encoding: 8bit I'm not sure if I'm using the correct vernacular, but some Servers will be cause for concern if they convert the text to 7 bit. I could not check your signature because I could not find your Key on any of the Servers. -- Nick Andriash Courtenay, B.C. Canada From mutz@kde.org Tue Mar 26 09:15:01 2002 From: mutz@kde.org (Marc Mutz) Date: Tue Mar 26 09:15:01 2002 Subject: how do i get gnupg to read the passphrase from standard in In-Reply-To: <3C9FAE3E.6F9C51EF@sesame.com> References: <3C9FAE3E.6F9C51EF@sesame.com> Message-ID: <200203260905.41434@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 26 March 2002 00:09, Tom Strzemieczny wrote: > Here's what I'm playing with right now: > > encrypt.sh "me@me.com" "recipient@recipient.com" "filename" > > where encrypt.sh is: > > #! /bin/sh > gpg -s -e -o - --batch --passphrase-fd 0 --default-user $1 --yes > --no-tty -r $2 $3 < - > > But i don't want gpg to hook into the standard out of my BatchMail > program, but rather the standard out of the ScriptProcess that executed > the command. I think I am on the right track but don't have any > difinitive answers yet. Can someone please help? I don't understand this last paragraph in the light of what you wrote ear= ier=20 (it seems to contradict the sentence "I want to do this directly by pipin= g=20 the passphrase into gpg standard in [from BachMail]."), but you might wan= t to=20 try and make the script "exec" gpg: #!/bin/sh exec gpg -seo ... Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8oCvU3oWD+L2/6DgRAhh+AKDTrq0hkqnZCrGSttyT6braHQdU2ACg8v00 M2fRaw4IE220Xx0osL52hAg=3D =3DnhZg -----END PGP SIGNATURE----- From mutz@kde.org Tue Mar 26 09:17:01 2002 From: mutz@kde.org (Marc Mutz) Date: Tue Mar 26 09:17:01 2002 Subject: bad signatures In-Reply-To: <20020325213028.D486.ANDRIASH@telus.net> References: <20020326035909.0C69E4F4BD@mail.actcom.net> <20020325213028.D486.ANDRIASH@telus.net> Message-ID: <200203260914.15030@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 26 March 2002 06:35, Nick Andriash wrote: > On Monday, March 25 2002 at 08:01 PM PDT, you wrote: > > Why does everyone say my GPG signature is bad while their PGP signatu= re > > shows good? I did a decrypt/verify of one of my GPG messages with PGP > > and it gives a bad signature also. So far, I don't see anything wrong > > with my GPG configuration. Upload your key to a keyserver (e.g. pgp.dtype.org), so we can check what= 's=20 going on. > Poor wrapping by the Mail Client, i.e. wrapping of text after the messa= ge > has been signed is one of the most probable causes, No. KMail doesn't do that ;-) > unless you use a > WYSIWYG Editor. Also, I see this in your headers: > > Content-Transfer-Encoding: 8bit > > I'm not sure if I'm using the correct vernacular, but some Servers will= be > cause for concern if they convert the text to 7 bit. I could not check > your signature because I could not find your Key on any of the Servers. If the server converts 8but labelled content to 7bit, he will only do so = if=20 the content is 7bit text only. Since 8bit and 7bit are both incarnations = of=20 the identiy transformation, the conversion would not invalidate the sig. Most likely Lee is missing something obvious, like confusing invalid=20 signatures with untrusted keys. Am I right here? Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8oC3V3oWD+L2/6DgRArx5AKCiWCpW3OacwHtkIpyiOErhsCOZPACgmPP4 c0KSIf05xiFb0E4ae9oqkvM=3D =3D0e64 -----END PGP SIGNATURE----- From Fabien Pochon" how can I convert a GpgmeData to a char ? ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif From wk@gnupg.org Tue Mar 26 14:58:02 2002 From: wk@gnupg.org (Werner Koch) Date: Tue Mar 26 14:58:02 2002 Subject: how can I convert a GpgmeData to a char ? In-Reply-To: <003701c1d4ae$c6278000$807ae6c2@dmaxy> ("Fabien Pochon"'s message of "Tue, 26 Mar 2002 11:12:44 +0100") References: <003701c1d4ae$c6278000$807ae6c2@dmaxy> Message-ID: <87pu1r8mdv.fsf@alberti.gnupg.de> On Tue, 26 Mar 2002 11:12:44 +0100, Fabien Pochon said: > how can I convert a GpgmeData to a char ? I don't understand this. GpgmeData is an object to store large amounts of data, you probably can't squeeze it into 8 bits. Maybe you want this. char gpgme_data_release_and_get_mem (GpgmeData dh, size_t *r_len) Release the data object DH and return its content and the length of that content. The caller has to free this data. DH maybe NULL in which case NULL is returned. If there is not enough memory for allocating the return value, NULL is returned but the object is still released. If you want's to keep the object you have to use the rewind and read functions. Werner From rtilley@vt.edu Tue Mar 26 16:08:01 2002 From: rtilley@vt.edu (Brad Tilley) Date: Tue Mar 26 16:08:01 2002 Subject: Signing Keys before emailing Message-ID: <1017155148.6795.4.camel@ohio> Do you always have to sign a friend's key before using it to send them email? My gpg doesn't work unless I do this. Thanks, Brad From JanuszA.Urbanowicz Tue Mar 26 16:27:02 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Tue Mar 26 16:27:02 2002 Subject: Signing Keys before emailing In-Reply-To: <1017155148.6795.4.camel@ohio> from Brad Tilley at "Mar 26, 2002 10:05:48 am" Message-ID: Brad Tilley wrote/napisa=B3[a]/schrieb: > Do you always have to sign a friend's key before using it to send them > email? My gpg doesn't work unless I do this. You dont really have to (it is possible to make gpg use untrusted keys) but you should verify the keys with your friend and then sign it. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From Michael.E.Grimes@pbsg.com Tue Mar 26 16:33:01 2002 From: Michael.E.Grimes@pbsg.com (Grimes, Michael E {PBSG}) Date: Tue Mar 26 16:33:01 2002 Subject: Licensing Message-ID: <372350BCD370F447A35090FB5D97CEBBE44507@PLANEX04> Howdy, I would like to use GPG in a corporate (for profit) setting. Can someone give me a definitive answer to the question: Will this be legal?? Thanks, Mike From agreene@pobox.com Tue Mar 26 16:57:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Tue Mar 26 16:57:02 2002 Subject: Signing Keys before emailing In-Reply-To: <1017155148.6795.4.camel@ohio> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26 Mar 2002, Brad Tilley wrote: >Do you always have to sign a friend's key before using it to send them >email? My gpg doesn't work unless I do this. No, but GPG will tell you that the key is not guarunteed to belong to the purported owner and ask if you still want to use it. I use "gpg --lsign KeyID" to sign keys that I am confident belong to the online identity that I am familiar with. That command creates a non-exportable signature that basically means you trust the key enough to tell GPG not to keep asking you about it, but not enough to publicly endorse the key. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8oJnMpCpg3WyUI50RAhBdAJ46wOriNOkxn93RO7aFFjTMTNAkDgCgl2rl s/BxKOqQFI88+BUAnogHWnQ= =DbUC -----END PGP SIGNATURE----- From JanuszA.Urbanowicz Tue Mar 26 16:59:02 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Tue Mar 26 16:59:02 2002 Subject: Licensing In-Reply-To: <372350BCD370F447A35090FB5D97CEBBE44507@PLANEX04> from "Grimes, Michael E {PBSG}" at "Mar 26, 2002 09:28:43 am" Message-ID: Grimes, Michael E {PBSG} wrote/napisa=B3[a]/schrieb: [Charset ISO-8859-1 unsupported, filtering to ASCII...] > Howdy, >=20 > I would like to use GPG in a corporate (for profit) setting. Can someone > give me a definitive answer to the question: >=20 > Will this be legal?? yes. You may use GPG as you like. If you intend to modify the source, see the GNU General Public License v2 terms. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From sunny@sunbase.org Tue Mar 26 16:59:06 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Tue Mar 26 16:59:06 2002 Subject: Licensing In-Reply-To: <372350BCD370F447A35090FB5D97CEBBE44507@PLANEX04> Message-ID: On 2002-03-26 09:28-0600 Grimes, Michael E {PBSG} wrote: > Howdy, > > I would like to use GPG in a corporate (for profit) setting. Can > someone give me a definitive answer to the question: > > Will this be legal?? Yes, indeed. The GNU General Public License allows you to use the program commercially without paying any royalties. If you use parts of the source in other programs or link any part of it into another program, you have to share the source code of this program with the public. That's what the GPL is about -- no money business, the source code is the real treasure. =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +-------- Don't support organized crime, boycott Microsoft. --------+ From Cory_Case@troweprice.com Tue Mar 26 17:27:01 2002 From: Cory_Case@troweprice.com (Case, Cory) Date: Tue Mar 26 17:27:01 2002 Subject: AIM Encryption? Message-ID: <7CE1EE1A3A42D411893200A0C98A39C00B2D0467@tc360.troweprice.com> All, Is it possible to use gpg to encrypt AOL Instant Messenger communications? We're interested in using AIM in our corporate environment, but are very concerned about the lack of encryption of these messages as they travel over the internet to AOL & back. Alternatively, is there another product available that would offer the buddy list & chat features of AIM, in a secure message transport? We're less interested in the ftp, chat room, and other AIM features. It's the IM portion that is of most interest to us. Thanks, Cory From sbutler@fchn.com Tue Mar 26 17:31:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Tue Mar 26 17:31:02 2002 Subject: Licensing Message-ID: <5642a04ad6c4e6cbbacf2d14412baafa3ca0a1bc@fchn.com> I picked the following up from http://www.gnu.org/philosophy/free-sw.html Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software: * The freedom to run the program, for any purpose (freedom 0). * The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this. * The freedom to redistribute copies so you can help your neighbor (freedom 2). * The freedom to improve the program, and release your improvements to the public, so that the whole community benefits. (freedom 3). Access to the source code is a precondition for this. [snip] ``Free software'' does not mean ``non-commercial''. A free program must be available for commercial use, commercial development, and commercial distribution. Commercial development of free software is no longer unusual; such free commercial software is very important. -----Original Message----- From: Grimes, Michael E {PBSG} [mailto:Michael.E.Grimes@pbsg.com] Sent: Tuesday, March 26, 2002 7:29 AM To: 'gnupg-users@gnupg.org' Subject: Licensing Howdy, I would like to use GPG in a corporate (for profit) setting. Can someone give me a definitive answer to the question: Will this be legal?? Thanks, Mike _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From JanuszA.Urbanowicz Tue Mar 26 17:33:02 2002 From: JanuszA.Urbanowicz (JanuszA.Urbanowicz) Date: Tue Mar 26 17:33:02 2002 Subject: AIM Encryption? In-Reply-To: <7CE1EE1A3A42D411893200A0C98A39C00B2D0467@tc360.troweprice.com> from "Case, Cory" at "Mar 26, 2002 11:23:54 am" Message-ID: Case, Cory wrote/napisa=B3[a]/schrieb: [Charset iso-8859-1 unsupported, filtering to ASCII...] > All, >=20 > Is it possible to use gpg to encrypt AOL Instant Messenger communications? > We're interested in using AIM in our corporate environment, but are very > concerned about the lack of encryption of these messages as they travel o= ver > the internet to AOL & back. >=20 > Alternatively, is there another product available that would offer the bu= ddy > list & chat features of AIM, in a secure message transport? We're less > interested in the ftp, chat room, and other AIM features. It's the IM > portion that is of most interest to us. Jabber with Gabber client. Jabber is an open IM (see http://jabber.com and http://jabber.org) and some clients, partucularly Gabber (for GNOME) and at least one windows client support PGP encryption (Gabber uses GnuPG). Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20 From ftobin@neverending.org Tue Mar 26 17:35:02 2002 From: ftobin@neverending.org (Frank Tobin) Date: Tue Mar 26 17:35:02 2002 Subject: AIM Encryption? In-Reply-To: <7CE1EE1A3A42D411893200A0C98A39C00B2D0467@tc360.troweprice.com> Message-ID: <20020326113124.G5566-100000@palanthas.neverending.org> Case, Cory, on 2002-03-26, wrote: > Alternatively, is there another product available that would offer the > buddy list & chat features of AIM, in a secure message transport? > We're less interested in the ftp, chat room, and other AIM features. > It's the IM portion that is of most interest to us. The Jabber system supports your desires, and several clients support PGP or GnuPG. -- Frank Tobin http://www.neverending.org/~ftobin/ From debug Tue Mar 26 18:01:02 2002 From: debug (DeBug) Date: Tue Mar 26 18:01:02 2002 Subject: Re[2]: Licensing In-Reply-To: <5642a04ad6c4e6cbbacf2d14412baafa3ca0a1bc@fchn.com> References: <5642a04ad6c4e6cbbacf2d14412baafa3ca0a1bc@fchn.com> Message-ID: <9734861373.20020326185934@centras.lt> SB> I picked the following up from http://www.gnu.org/philosophy/free-sw.html SB> Free software is a matter of the users' freedom ... Thank you Steve for this comment. It is ridiculous how many people still dont make the difference between and especially the commercial part of it is not understood properly SB> ``Free software'' does not mean ``non-commercial''. SB> A free program MUST be available for commercial use, SB> commercial development, and commercial distribution. I keep explaining it all the time to the people i meet :) What i don't understand quite well is why OSI,GPL and alike licenses are not compatible with free competition rule. The rule i find to be more important than 4 freedoms you mentioned Here is an example: GPL'ed software is offered (for extra money) to those who are not satisfied with GPL conditions, that means in fact that those who use the software under GPL are discriminated compared to those who use the same software under modified and less restrictive conditions. >From this point of view I find LGPL to be much better. -- Best regards, DeBug mailto:debug@centras.lt -- From agreene@pobox.com Tue Mar 26 18:05:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Tue Mar 26 18:05:01 2002 Subject: Licensing In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Mar 2002, Oyvind A. Holm wrote: >Yes, indeed. The GNU General Public License allows you to use the >program commercially without paying any royalties. If you use parts of >the source in other programs or link any part of it into another >program, you have to share the source code of this program with the >public. Not quite. If you distribute binaries built from modified source, then you must make the modified source available to the recipients of the modified binaries. You don't have to make the source available to "the public" unless you distribute binaries to "the public", and you don't have to distribute the code at all if you don't distribute the binaries. The binaries and code remain under the GPL, so if they are distributed, the recipients can modify and/or redistribute them if they wish, according to the GPL. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8oKmxpCpg3WyUI50RAimGAJ9jWaEf7lUj/U0p/XQUXZy/1Vqq5gCcDwxt ypoCgmnMEz9d0TyAtjdxoSM= =yJG+ -----END PGP SIGNATURE----- From ftobin@neverending.org Tue Mar 26 18:35:01 2002 From: ftobin@neverending.org (Frank Tobin) Date: Tue Mar 26 18:35:01 2002 Subject: Re[2]: Licensing In-Reply-To: <9734861373.20020326185934@centras.lt> Message-ID: <20020326122612.G5677-100000@palanthas.neverending.org> DeBug, on 2002-03-26, wrote: > What i don't understand quite well is why OSI,GPL and alike licenses are > not compatible with free competition rule. The rule i find to be more > important than 4 freedoms you mentioned Here is an example: GPL'ed > software is offered (for extra money) to those who are not satisfied > with GPL conditions, that means in fact that those who use the software > under GPL are discriminated compared to those who use the same software > under modified and less restrictive conditions. You don't epxect people to believe this trollish talk, do you? First, there is no "free competition rule". Second, if an author of GPL'd software sold copies to another party under a non-GPL license, that party would likely have many more restrictions placed upon them than the GPL does. For instance, they likely wouldn't be allowed to distribute any changes and would only be able to use it for the purpose X and not Y. The GPL grants both these freedoms. The third party would get a tradeoff of being able to resell/link to the product, but with other restrictions put in place. And you certainly don't seem to have a grasp of what the OSI is, and how it differs from the FSF. -- Frank Tobin http://www.neverending.org/~ftobin/ From debug Tue Mar 26 18:56:01 2002 From: debug (DeBug) Date: Tue Mar 26 18:56:01 2002 Subject: Re[3]: Licensing In-Reply-To: <20020326122612.G5677-100000@palanthas.neverending.org> References: <20020326122612.G5677-100000@palanthas.neverending.org> Message-ID: <11838107607.20020326195339@centras.lt> >> What i don't understand quite well is why OSI,GPL and alike licenses are >> not compatible with free competition rule. FT> You don't epxect people to believe this trollish talk, do you? FT> First, there is no "free competition rule". FT> Second, if an author of GPL'd software sold copies to another party under FT> a non-GPL license, that party would likely have many more restrictions FT> placed upon them than the GPL does. It's great that Steve tried to explain what is all about now i see that my understanding of it is quite different from yours, Frank For me means first of all freedom to compete on it, and what i see in GPL - it does not really garantee such a freedom But ok , this discussion should be taken elsewhere... If you like you can enlighten me on OSI privately or redirect me to some appropriate forum (thank you in advance)... -- Best regards, DeBug mailto:debug@centras.lt -- From avbidder@fortytwo.ch Tue Mar 26 19:10:01 2002 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Mar 26 19:10:01 2002 Subject: Re[2]: Licensing In-Reply-To: <9734861373.20020326185934@centras.lt> References: <5642a04ad6c4e6cbbacf2d14412baafa3ca0a1bc@fchn.com> <9734861373.20020326185934@centras.lt> Message-ID: <1017166072.592.5.camel@zaphod> --=-tt77Me5vuYIFFji1GFyD Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-03-26 at 18:59, DeBug wrote: [...] > GPL'ed software is offered (for extra money) to those who are not satisfi= ed with GPL > conditions, that means in fact that those who use the software under [...] I think double licensing (if that's what you mean here) is a very bad thing - but I don't think it'll play an important role in the future: if I understand copyright law correctly, only the copyright holder can give out licenses. For most open source projects, the copyright holder is either somebody like GNU (who never will play such games, I guess), or the contributing deveolpers have kept the copyright of their respective portions (I believe this is how the Linux kernel is distributed), so double licensing would involve getting permissions from all copyright holders. Just my $.02 -- vbi --=-tt77Me5vuYIFFji1GFyD Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjyguPcACgkQFDhRaJIIJIGGbQCfWxOm1PLHOlM28W7fV/rcb0M+ vFUAmQG2Man4QLQ8ElA3uwg1kcESSmwa =ca+T -----END PGP SIGNATURE----- --=-tt77Me5vuYIFFji1GFyD-- From dshaw@jabberwocky.com Tue Mar 26 19:28:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Mar 26 19:28:02 2002 Subject: FAQ item?: Using GnuPG in a business Message-ID: <20020326182530.GA681@akamai.com> With the recent changes at NAI/pgp.com, there has been a definite upswing with the "can I legally use GnuPG in my business?" questions. While the GPL discussions are interesting, I suspect that the majority of the people asking this question are companies that just want to use GnuPG now that they can't use PGP. Most questions of code modification or distribution don't apply to them - they just want a PGP-alike to use. Naturally, the GPL lets them do this. Could someone write this up and stick it on a web page somewhere? If nobody jumps at it, perhaps I'll have a crack at it in a couple of days. The idea here is to make it very clear that if they're just talking about using it (rather than making their own version and distributing the changes, or whatever else), then they don't need to bother to read beyond the first paragraph. Maybe this should be a FAQ - I saw Douglas Calvert volunteered to be the new FAQ maintainer. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From agreene@pobox.com Tue Mar 26 21:30:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Tue Mar 26 21:30:01 2002 Subject: Re[3]: Licensing In-Reply-To: <11838107607.20020326195339@centras.lt> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Mar 2002, DeBug wrote: >It's great that Steve tried to explain what is all about >now i see that my understanding of it is quite different from yours, >Frank For me means first of all freedom to compete on it, >and what i see in GPL - it does not really garantee such a freedom The term "Free Software" when used to describe software licensed under the GPL, has a very specific meaning published by the Free Software Foundation . Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8oNm9pCpg3WyUI50RAi3lAJ9CVkhSnhyLpc2w1kzatYmYbN3P4gCfc1QK ci9htasVunNffHVIRm2Ka/k= =BpHD -----END PGP SIGNATURE----- From sbutler@fchn.com Tue Mar 26 21:41:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Tue Mar 26 21:41:02 2002 Subject: FAQ item?: Using GnuPG in a business Message-ID: On the first page of http://www.gnupg.org/ is a link saying 'Free Software' that takes a person to http://www.gnu.org/philosophy/free-sw.html. Now, I agree that a person has to read pretty far down that page to find "Thus, you may have paid money to get copies of GNU software, or you may have obtained copies at no charge. But regardless of how you got your copies, you always have the freedom to copy and change the software, even to sell copies. ``Free software'' does not mean ``non-commercial''. A free program must be available for commercial use, commercial development, and commercial distribution. Commercial development of free software is no longer unusual; such free commercial software is very important." Perhaps a disclaimer at the top or even back on www.gnupg.org where the 'Free Software' link is at, the wording could be changed from: "It can be freely used, modified and distributed under the terms of the GNU General Public Licence" (where Gnu General Public Licence is a link) To say: "This software may be freely used, modified and distributed in any commercial or non-commercial environment without payment of royalties under the terms of the Gnu General Public License" (where Gnu General Public License would still be a link) An addition to the FAQ up toward the top (it's been awhile since I read it) might also be appropriate. I know it took me a couple of days of digging through the web site before I could convince myself and my boss that this was for real. Stephen M Butler Oracle Administrator First Choice Health Network 206-268-2309 sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 D54B kg7je@attbi.com GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 81D8 -----Original Message----- From: David Shaw [mailto:dshaw@jabberwocky.com] Sent: Tuesday, March 26, 2002 10:26 AM To: gnupg-users@gnupg.org Subject: FAQ item?: Using GnuPG in a business With the recent changes at NAI/pgp.com, there has been a definite upswing with the "can I legally use GnuPG in my business?" questions. While the GPL discussions are interesting, I suspect that the majority of the people asking this question are companies that just want to use GnuPG now that they can't use PGP. Most questions of code modification or distribution don't apply to them - they just want a PGP-alike to use. Naturally, the GPL lets them do this. Could someone write this up and stick it on a web page somewhere? If nobody jumps at it, perhaps I'll have a crack at it in a couple of days. The idea here is to make it very clear that if they're just talking about using it (rather than making their own version and distributing the changes, or whatever else), then they don't need to bother to read beyond the first paragraph. Maybe this should be a FAQ - I saw Douglas Calvert volunteered to be the new FAQ maintainer. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------- + "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From dfc@anize.org Tue Mar 26 22:31:02 2002 From: dfc@anize.org (Douglas Calvert) Date: Tue Mar 26 22:31:02 2002 Subject: FAQ item?: Using GnuPG in a business In-Reply-To: <20020326182530.GA681@akamai.com> References: <20020326182530.GA681@akamai.com> Message-ID: <1017178166.19444.7.camel@allevil> --=-7eUCmxCOaYmrEtIzZ1ds Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-03-26 at 13:25, David Shaw wrote: > Maybe this should be a FAQ - I saw Douglas Calvert volunteered to be > the new FAQ maintainer. Yep that is me. i am waiting on werner to get some things ready. But he is busy right now. If someone wants to write this up let me know. If not please let me know what you would like included. And while we are on the subject if there are any more faq things let me know... --=20 +---------------+-----------------------------------+ |Douglas Calvert| http://anize.org/dfc | | dfc@anize.org | http://imissjerry.org | +---------------+-----------------------------------+ | If you use envelopes, why not use encryption? | | http://anize.org/dfc/dfc-keys.asc | | 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 | +-------------| http://www.gnupg.org |--------------+ --=-7eUCmxCOaYmrEtIzZ1ds Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8oOg2t5YHPclUH7IRAkxKAKCFHOwTzFpMbpmeh0HFw5xTUTZ5WACgvAm9 vCN6KOsC7tyDh+lr57R8vOQ= =gxAY -----END PGP SIGNATURE----- --=-7eUCmxCOaYmrEtIzZ1ds-- From dshaw@jabberwocky.com Tue Mar 26 22:40:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Mar 26 22:40:01 2002 Subject: FAQ item?: Using GnuPG in a business In-Reply-To: References: Message-ID: <20020326213826.GA725@akamai.com> On Tue, Mar 26, 2002 at 12:38:12PM -0800, Steve Butler wrote: > An addition to the FAQ up toward the top (it's been awhile since I read it) > might also be appropriate. I know it took me a couple of days of digging > through the web site before I could convince myself and my boss that this > was for real. Yes, that's exactly what worries me about the current documentation and web pages. The fact that it took you that long to be sure the GPL allowed you to use GnuPG freely means that it just isn't clear enough. The GPL gives users many wonderful things, but a good-sized piece of the "target market" for GnuPG simply don't care about modifying the code or redistributing it. What is needed for those people or businesses is a simple statement that says "Yes, it's free. No, there are no licencing fees. No, there are no patent issues. Take it and enjoy using it. If you want more help than is available for free on the Internet, then these three companies will even sell you support for it." David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From u_p@lycos.de Tue Mar 26 22:58:01 2002 From: u_p@lycos.de (uwe puchta) Date: Tue Mar 26 22:58:01 2002 Subject: Announcing a tool to restore original filename automatically Message-ID: <1017179726030581@lycos.de> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0305811017179726_ID Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by outmail-1.st1.spray.net id WAA21028 One of the things I've allways missed in gnuPG was the ability to restore= the original=20 filename automatically when decrypting. gnuPG just cuts off the '.gpg' ex= tension. If I=20 want to stealth the original file name or even only the file extension of= the original file=20 name, I'm more or less lost. e.g. if I want to hide the file "secrets-abo= ut-the- government.doc" in a file "xy.gpg", I (or the receipient) just gets "xy" = after decryption. So I've written a small program in Perl which should be operable both on = Unix and=20 Windows.=20 http://www.puchta.com/gpgdecrypt/ Comments, feed back and criticism are welcome greetings u_p

______________________________________________________
250 Farb-Visitenkarten GRATIS*. In einem Wert von EUR 99,00!
Jetzt eigene <= A HREF=3D"http://lycos.de.domainnames.com/default.asp?caller=3Dlycos_d_fo= oter">Domains f=FCr 1,23 Euro/Monat

--=_NextPart_Caramail_0305811017179726_ID-- From dshaw@jabberwocky.com Tue Mar 26 23:14:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Mar 26 23:14:02 2002 Subject: Announcing a tool to restore original filename automatically In-Reply-To: <1017179726030581@lycos.de> References: <1017179726030581@lycos.de> Message-ID: <20020326221228.GB1419@akamai.com> On Tue, Mar 26, 2002 at 11:10:16PM +0100, uwe puchta wrote: > > One of the things I've allways missed in gnuPG was the ability to > restore the original filename automatically when decrypting. gnuPG > just cuts off the '.gpg' extension. If I want to stealth the original > file name or even only the file extension of the original file name, > I'm more or less lost. e.g. if I want to hide the file > "secrets-about-the- government.doc" in a file "xy.gpg", I (or the > receipient) just gets "xy" after decryption. So I've written a small > program in Perl which should be operable both on Unix and Windows. > http://www.puchta.com/gpgdecrypt/ Comments, feed back and criticism > are welcome greetings u_p I'm not sure I fully understand this. Why not just use the --use-embedded-filename flag? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From karlsson@hal-pc.org Wed Mar 27 00:24:01 2002 From: karlsson@hal-pc.org (Brian M. Carlson) Date: Wed Mar 27 00:24:01 2002 Subject: bad signatures In-Reply-To: <200203260914.15030@sendmail.mutz.com> References: <20020326035909.0C69E4F4BD@mail.actcom.net> <20020325213028.D486.ANDRIASH@telus.net> <200203260914.15030@sendmail.mutz.com> Message-ID: <20020326232158.GA2168@stonewall> --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 26, 2002 at 09:14:13AM +0100, Marc Mutz wrote: > On Tuesday 26 March 2002 06:35, Nick Andriash wrote: > > On Monday, March 25 2002 at 08:01 PM PDT, you wrote: > > > Why does everyone say my GPG signature is bad while their PGP signatu= re > > > shows good? I did a decrypt/verify of one of my GPG messages with PGP > > > and it gives a bad signature also. So far, I don't see anything wrong > > > with my GPG configuration. >=20 > Upload your key to a keyserver (e.g. pgp.dtype.org), so we can check what= 's=20 > going on. x-hkp://gnv.us.ks.cryptnet.net:11371 is good. cryptnet servers won't mangle your key. >=20 > > Poor wrapping by the Mail Client, i.e. wrapping of text after the messa= ge > > has been signed is one of the most probable causes, >=20 > No. KMail doesn't do that ;-) >=20 > > unless you use a > > WYSIWYG Editor. Also, I see this in your headers: > > > > Content-Transfer-Encoding: 8bit > > > > I'm not sure if I'm using the correct vernacular, but some Servers will= be > > cause for concern if they convert the text to 7 bit. I could not check > > your signature because I could not find your Key on any of the Servers. >=20 > If the server converts 8but labelled content to 7bit, he will only do so = if=20 > the content is 7bit text only. Since 8bit and 7bit are both incarnations = of=20 > the identiy transformation, the conversion would not invalidate the sig. If you do not want this converted, use "Content-Conversion: prohibited". Servers are prohibited from converting if you state this. --=20 Brian M. Carlson OpenPGP: 0x351336B2DCA1913A --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6d (GNU/Linux) Comment: Ubi libertas, ibi patria. iQEVAwUBPKECleWR/8lWBVPnAQNC2Af/YX0Y5mDik176HpIoSRmzDkoaZy16gGHR 0fgUCEsxtZyUVYQAhrX75yLR8Tfe6kIIMcCNyXdWpTr99ojLAuvxPv73SDz0OTSc 5sMm714QbIbCBo7wcrVJSi74+QrssMPxmK2LANsNBspjOtnJVvFzFA/uFzg/BYVO 3VI4YrhTFFsdYgAqtRu49JkmP+gguz0ihZXYA5a1BheMDx8rr/kmzJ9RODYpOWRw qmp+mFOr2Wmca57LmvxFuJ0jVP2RZkduIO8/K8/Fvi9TAAtm66cfBtFnn/LSZ8TG FTP0fUubhahagH6xHSVMhqeq+S8yxXcs+PEWdTv2JlhNV4I/1sORrg== =Msgr -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2-- From samael-gnupg@lists.manxome.org Wed Mar 27 00:27:01 2002 From: samael-gnupg@lists.manxome.org (Ricardo SIGNES) Date: Wed Mar 27 00:27:01 2002 Subject: Announcing a tool to restore original filename automatically In-Reply-To: <1017179726030581@lycos.de> References: <1017179726030581@lycos.de> Message-ID: <20020326232447.GA14421@manxome.org> --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 26, 2002 at 11:10:16PM +0100, uwe puchta wrote: > [unreadable] Could you include text versions of your messages from now on? --=20 rjbs --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyhAz8ACgkQDIxbLaZ099OWCwCfcd8Z770f+nNYLl3gN47VWJ9U jQAAoIcWnK65FH2+bCnpAOohBQJwd6K7 =rpnu -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- From uwe puchta Wed Mar 27 01:46:01 2002 From: uwe puchta (uwe puchta) Date: Wed Mar 27 01:46:01 2002 Subject: Announcing a tool to restore original filename automatically Message-ID: 1017189850.baM@lycos.de> > David Shaw wrote: > I'm not sure I fully understand this. Why not just use the > --use-embedded-filename flag? --use-embedded-filename Try to create a file with a name as embedded in the data. This can be a dangerous option as it allows to overwrite files. You're right .. completely right. I must have overread this. (I have to admit, that I usually refer to the help given=20 with gpg --help). So, o.k., it was a finger exercise. Sorry for bothering the group. And to Ricardo SIGNES : sorry for sending HTML encoded mail (which I usually don't). From n0sq@arrl.net Wed Mar 27 06:07:02 2002 From: n0sq@arrl.net (Lee Roberts) Date: Wed Mar 27 06:07:02 2002 Subject: bad signatures In-Reply-To: <20020325213028.D486.ANDRIASH@telus.net> References: <20020326035909.0C69E4F4BD@mail.actcom.net> <20020325213028.D486.ANDRIASH@telus.net> Message-ID: <20020327050210.805534EBD8@mail.actcom.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I could've sworn that I uploaded the keys to the server. Anyway, the keys= were submitted to pgp.mit.edu. Key ID 0x54C7CC50 is revoked, though. On Monday 25 March 2002 10:35 pm, Nick Andriash wrote: > Hello Lee Roberts, > > On Monday, March 25 2002 at 08:01 PM PDT, you wrote: > > Why does everyone say my GPG signature is bad while their PGP signatu= re > > shows good? I did a decrypt/verify of one of my GPG messages with PGP > > and it gives a bad signature also. So far, I don't see anything wrong > > with my GPG configuration. > > Poor wrapping by the Mail Client, i.e. wrapping of text after the messa= ge > has been signed is one of the most probable causes, unless you use a > WYSIWYG Editor. Also, I see this in your headers: > > Content-Transfer-Encoding: 8bit > > I'm not sure if I'm using the correct vernacular, but some Servers will= be > cause for concern if they convert the text to 7 bit. I could not check > your signature because I could not find your Key on any of the Servers. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Encryption isn't just for secrets...... iEYEARECAAYFAjyhUv0ACgkQUdYCmRtxtWSlXACgiMelDvNwMX5Xbf2bvFcJgWCu /5YAoKslJ6C+7zHb8VCs0q1oew239yq/ =3Do9pX -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Wed Mar 27 06:39:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Mar 27 06:39:02 2002 Subject: Announcing a tool to restore original filename automatically Message-ID: <20020327053637.GA2836@akamai.com> On Wed, Mar 27, 2002 at 12:44:10AM +0000, uwe puchta wrote: > > David Shaw wrote: > > I'm not sure I fully understand this. Why not just use the > > --use-embedded-filename flag? > > > --use-embedded-filename > Try to create a file with a name as embedded in > the data. This can be a dangerous option as it > allows to overwrite files. > > You're right .. completely right. I must have overread this. > (I have to admit, that I usually refer to the help given > with gpg --help). > > So, o.k., it was a finger exercise. Sorry for bothering the > group. Hey, no worries. It's a pretty big manual - easy to miss stuff in there. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From andriash@telus.net Wed Mar 27 08:24:01 2002 From: andriash@telus.net (Nick Andriash) Date: Wed Mar 27 08:24:01 2002 Subject: bad signatures In-Reply-To: <20020326035909.0C69E4F4BD@mail.actcom.net> References: <20020326035909.0C69E4F4BD@mail.actcom.net> Message-ID: <20020326231935.2CA4.ANDRIASH@telus.net> Hello Lee Roberts, On Monday, March 25 2002 at 08:01 PM PDT, you wrote: > Why does everyone say my GPG signature is bad while their PGP signature > shows good? Now that I have your Public Key I can check your signature: gpg: Signature made 03/25/02 20:01:55 using DSA key ID 1B71B564 gpg: Good signature from "Lee A. Roberts " gpg: aka "Lee A. Roberts " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. gpg: Fingerprint: AA9A 72DC C8BD 199A D333 CDB7 51D6 0299 1B71 B564 No problems here using Becky 2.0.0.10 on Win 98SE with GnuPG 1.0.6. -- Nick Andriash Courtenay, B.C. Canada From andriash@telus.net Wed Mar 27 08:27:02 2002 From: andriash@telus.net (Nick Andriash) Date: Wed Mar 27 08:27:02 2002 Subject: bad signatures In-Reply-To: <20020327050210.805534EBD8@mail.actcom.net> References: <20020325213028.D486.ANDRIASH@telus.net> <20020327050210.805534EBD8@mail.actcom.net> Message-ID: <20020326232114.2CA7.ANDRIASH@telus.net> Hello Lee Roberts, On Tuesday, March 26 2002 at 09:04 PM PDT, you wrote: > I could've sworn that I uploaded the keys to the server. Anyway, the > keys were submitted to pgp.mit.edu. Have it now thanks. The signature on this message of yours is 'Good' as well, only this time I used PGP 7.1.1: *** PGP Signature Status: good *** Signer: Lee A. Roberts (Invalid) *** Signed: 26/03/02 9:05:01 PM *** Verified: 26/03/02 11:22:56 PM *** BEGIN PGP VERIFIED MESSAGE *** -- Nick Andriash Courtenay, B.C. Canada From sunny@sunbase.org Wed Mar 27 09:00:01 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Wed Mar 27 09:00:01 2002 Subject: bad signatures In-Reply-To: <20020327050210.805534EBD8@mail.actcom.net> Message-ID: On 2002-03-26 22:04-0700 Lee Roberts wrote: > I could've sworn that I uploaded the keys to the server. Anyway, the > keys were submitted to pgp.mit.edu. Key ID 0x54C7CC50 is revoked, > though. > > On Monday 25 March 2002 22:35, Nick Andriash wrote: > > On Monday, March 25 2002 at 20:01 PDT, you wrote: > > > Why does everyone say my GPG signature is bad while their PGP signatu= re > > > shows good? I did a decrypt/verify of one of my GPG messages with PGP > > > and it gives a bad signature also. So far, I don't see anything wrong > > > with my GPG configuration. > > > > Poor wrapping by the Mail Client, i.e. wrapping of text after the messa= ge > > has been signed is one of the most probable causes, unless you use a > > WYSIWYG Editor. Also, I see this in your headers: > > > > Content-Transfer-Encoding: 8bit > > > > I'm not sure if I'm using the correct vernacular, but some Servers will= be > > cause for concern if they convert the text to 7 bit. I could not check > > your signature because I could not find your Key on any of the Servers. I got a good signature from this message when using GnuPG 1.0.6. Fetched your key from wwwkeys.net.uk.pgp.net , works like a dream here at least. Mvh =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +----------------| http://www.sunbase.org[/sunny] |-----------------+ From lhecking@nmrc.ie Wed Mar 27 11:19:01 2002 From: lhecking@nmrc.ie (Lars Hecking) Date: Wed Mar 27 11:19:01 2002 Subject: Announcing a tool to restore original filename automatically In-Reply-To: <20020326232447.GA14421@manxome.org> References: <1017179726030581@lycos.de> <20020326232447.GA14421@manxome.org> Message-ID: <20020327101627.GA4069@nmrc.ie> Ricardo SIGNES writes: > On Tue, Mar 26, 2002 at 11:10:16PM +0100, uwe puchta wrote: > > [unreadable] > > Could you include text versions of your messages from now on? And fix his mailer which creates broken Message-Id: headers. From agreene@pobox.com Wed Mar 27 13:21:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Wed Mar 27 13:21:01 2002 Subject: bad signatures In-Reply-To: <20020327050210.805534EBD8@mail.actcom.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Mar 2002, Lee Roberts wrote: >I could've sworn that I uploaded the keys to the server. Anyway, the keys >were submitted to pgp.mit.edu. Key ID 0x54C7CC50 is revoked, though. This message verified properly. See my GPG output below. --Tony >***** Processed by mydecrypt on Wed Mar 27 07:18:31 EST 2002 ***** >gpg: Signature made Wed 27 Mar 2002 12:05:01 AM EST using DSA key ID 1B71B564 >gpg: Good signature from "Lee A. Roberts " >gpg: aka "Lee A. Roberts " >gpg: WARNING: This key is not certified with a trusted signature! >gpg: There is no indication that the signature belongs to the owner. >gpg: Fingerprint: AA9A 72DC C8BD 199A D333 CDB7 51D6 0299 1B71 B564 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8obkhpCpg3WyUI50RAn+nAKDJzPZCncpLh5vMa7ABmfYmpKGzvgCg9z02 JRKvlKUHkI+ZRGyPWbi22sE= =cXMa -----END PGP SIGNATURE----- From agreene@pobox.com Wed Mar 27 13:26:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Wed Mar 27 13:26:01 2002 Subject: bad signatures In-Reply-To: <20020327050210.805534EBD8@mail.actcom.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Mar 2002, Lee Roberts wrote: >I could've sworn that I uploaded the keys to the server. Anyway, the keys >were submitted to pgp.mit.edu. Key ID 0x54C7CC50 is revoked, though. I got a good sig with GPG and a bad sig with PGP. Ensure that textmode is set and that your mail client wraps lines correctly. Your message was sent with the lines not wrapped. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8obqFpCpg3WyUI50RAhIVAKCP4Y5ShoczLczw/mvsj1OB4423xQCffFvQ AJLXBC4sVmWvjolKjFsK9gI= =AAnk -----END PGP SIGNATURE----- From agreene@pobox.com Wed Mar 27 13:31:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Wed Mar 27 13:31:02 2002 Subject: bad signatures In-Reply-To: <20020326232114.2CA7.ANDRIASH@telus.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Mar 2002, Nick Andriash wrote: >Have it now thanks. The signature on this message of yours is 'Good' as >well, only this time I used PGP 7.1.1: > >*** PGP Signature Status: good >*** Signer: Lee A. Roberts (Invalid) >*** Signed: 26/03/02 9:05:01 PM >*** Verified: 26/03/02 11:22:56 PM >*** BEGIN PGP VERIFIED MESSAGE *** I used PGP 6.58 on Linux and the sig failed. with GnuPG 1.06 on Linux the sig verified. I've seen this before, but I don;t remember what the fix is. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8obuGpCpg3WyUI50RAmqiAKDjlg2Ur9/G3i8YzEe+tjVremSQHQCg/E2S +NzO9KJwaeWedQ+lJJpi28w= =s2jK -----END PGP SIGNATURE----- From samir_nk@yahoo.com Wed Mar 27 14:24:01 2002 From: samir_nk@yahoo.com (samir kulkarni) Date: Wed Mar 27 14:24:01 2002 Subject: Help!! Message-ID: <20020327132154.24784.qmail@web12803.mail.yahoo.com> Hi, Today while decrypting a file, I got following errors: gpg : fatal :zlib inflate problem : invalid stored block lengths secmem usage : 2048/3552 bytes in 4/8 blocks of pool 4192/16384 I have gpg (GnuPG) 1.0.4 version. It's difficult for me to understand this error. Please help me out in solving this problem. Thanks, Samir. __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/ From sbutler@fchn.com Wed Mar 27 16:31:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Wed Mar 27 16:31:02 2002 Subject: Help!! Message-ID: <292294c4b71376520a22f56b9df20aa73ca1e541@fchn.com> I've seen this under two conditions (which are twins of each other): 1. The file was FTP'ed using ASCII rather than Binary mode from a = Windows box to a *NIX box. This causes all bytes to be dropped from the = file. 2. The file was sent in Binary mode from a WSFTP client to a Linux = host. One or more (but not all) characters where dropped. The file is at least one byte short. Wish I could find the culprit cause it only = happens with one client! Stephen M Butler Oracle Administrator First Choice Health Network 206-268-2309 sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 = D54B=20 kg7je@attbi.com GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 = 81D8=20 -----Original Message----- From: samir kulkarni [mailto:samir_nk@yahoo.com] Sent: Wednesday, March 27, 2002 5:22 AM To: gnupg-users@gnupg.org Subject: Help!! Hi, Today while decrypting a file, I got following errors: gpg : fatal :zlib inflate problem : invalid stored block lengths secmem usage : 2048/3552 bytes in 4/8 blocks of pool 4192/16384 I have gpg (GnuPG) 1.0.4 version. It's difficult for me to understand this error. Please help me out in solving this problem. Thanks, Samir. __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards=AE http://movies.yahoo.com/ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, = is for the sole use of the intended recipient(s) and may contain = confidential and privileged information. Any unauthorized review, use, = disclosure or distribution is prohibited. If you are not the intended = recipient, please contact the sender by reply e-mail and destroy all = copies of the original message. From holmen@bridge-line.com Wed Mar 27 17:14:01 2002 From: holmen@bridge-line.com (Matt Holmen) Date: Wed Mar 27 17:14:01 2002 Subject: options directory Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0078_01C1D580.27143350 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0079_01C1D580.27143350" ------=_NextPart_001_0079_01C1D580.27143350 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit On first run of 'gpg' it creates a directory at /.gnupg on a unix system. Is there a way in the config or at the command line to create this directory at say /local/.gnupg? Thanks Matt Holmen ____________________________________ Matthew Holmen Program Manager BRIDGELINE Software, Inc. 130 New Boston Street Woburn, MA 01801 phone: 781.376.5555 x231 fax: 781.376.5033 email: holmen@bridge-line.com web: www.bridge-line.com ------=_NextPart_001_0079_01C1D580.27143350 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

On = first run of=20 'gpg' it creates a directory at /.gnupg on a unix system.  Is there = a way=20 in the config or at the command line to create this directory at say=20 /local/.gnupg?
 
 
Thanks
Matt=20 Holmen
 
 
____________________________________
 
Matthew = Holmen
Program Manager
BRIDGELINE Software,=20 Inc.
130 New Boston Street
Woburn, MA  01801
 
phone: 781.376.5555 x231
fax: 781.376.5033
 
email: holmen@bridge-line.com<= /DIV>
web: www.bridge-line.com
=
 
 
------=_NextPart_001_0079_01C1D580.27143350-- ------=_NextPart_000_0078_01C1D580.27143350 Content-Type: image/gif; name="BLine_logo.gif" Content-Transfer-Encoding: base64 Content-ID: <640510916@27032002-2899> R0lGODlh+gAtAPcAAP////7+/v39/fz8/Pv7+/r6+vn5+fj4+Pf39/b29vX19fT09PPz8/Ly8vHx 8fDw8O/v7+7u7u3t7ezs7Ovr6+rq6unp6ejo6Ofn5+bm5uXl5eTk5OPj4+Li4uHh4eDg4N/f397e 3t3d3dzc3Nvb29ra2tnZ2djY2NfX19bW1tXV1dTU1NPT09HR0dDQ0M/Pz87Ozs3NzczMzMvLy8rK ysnJycjIyMfHx8bGxsXFxcTExMPDw8LCwsHBwcDAwL+/v76+vr29vby8vLu7u7q6urm5ubi4uLe3 t7a2trW1tbS0tLOzs7KysrGxsbCwsK+vr66urq2traysrKurq6qqqqmpqaioqKenp6ampqWlpaSk pKOjo6KioqGhoaCgoJ+fn56enp2dnZycnJubm5qampmZmZiYmJeXl5aWlpWVlZSUlJOTk5KSkpGR kZCQkI+Pj46Ojo2NjYyMjIuLi4qKiomJiYiIiIeHh4aGhoSEhIODg4KCgoGBgYCAgH9/f35+fn19 fXx8fHt7e3p6enl5eXh4eHd3d3Z2dnV1dXR0dHNzc3JycnFxcXBwcG9vb25ubm1tbWxsbGtra2pq amlpaWhoaGdnZ2ZmZmVlZWRkZGNjY2JiYmFhYWBgYF9fX15eXl1dXVxcXFtbW1paWllZWVhYWFdX V1ZWVlVVVVRUVFNTU1JSUlFRUVBQUE9PT05OTk1NTUxMTEtLS0pKSklJSUhISEdHR0ZGRkVFRURE RENDQ0JCQkFBQUBAQD8/Pz4+Pj09PTw8PDs7Ozo6Ojk5OTg4ODc3NzY2NjU1NTQ0NDMzMzIyMjEx MTAwMC8vLy4uLi0tLSwsLCsrKyoqKikpKSgoKCcnJyYmJiUlJSQkJCMjIyIiIiEhISAgIB8fHx4e Hh0dHRwcHBsbGxoaGhkZGRgYGBcXFxYWFhUVFRQUFBMTExISEhERERAQEA8PDw4ODg0NDQwMDAsL CwoKCgkJCQgICAcHBwYGBgUFBQQEBAMDAwICAgEBAQAAAAAAAAAAACwAAAAA+gAtAAAI/wD7CRxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypxJs6bN j/pskULFs2dPU7TEKWSH6pRPn6dO6XI3FNUoWPcS0ntV6igqU61+YePnUFkrU1Z5mnIlbSE3UUbD FhVVFqGzUaKUSVQmSpQzhdg+wcKXMBvcawqRiVLL85Spcx/poQDAuLFjxhuaJVT2uDLjGewSImNs QV3CcQ8sN2agYxVDQQZEO1bgSGEm1Y7rJHTDmIxEMYzfKGTE+Ajig5EYH1LIBXZjWx/rtWDMIkeN 5zVu1DjAmE/CZgEYV8hwofuFDBIaf/9KuEwAgA7rEpK7wLiBBAjwIzRw7IYrwnkj2r+Hz1+CA8Ye zJOQJ4whgIIJJSSoYAkeSJIQHYylIREajNGh0CONweDNQZUwxohCuAEggQoLKkiCCMYk9wIAByxz kCKMrXHdAABgMI066OSIjjrgACEceQQA8EF6CJGTAQAG2BKON0x+s00uWTQ2HELeTADAArksyeSW 4QTD2AfmJPQJY0LUQ888aKY5Tzx8IVQHY2pIlAZjsiUEiWMc9GKQJYw1otAYjOWRj5pqyrOPikhG c9AscM4IQAaeGVQGY4sAKSSRBxmJ5DQI3cEZOgh1UwEADAB2ED6czGKNfQeNCQASFL3/CUCcEc0J QJ0I3UkAB4wtYEhBfALgZ0KAAlCISvWsaAAt5ITjbDjihDMHY4g4qoE8B4WoiKVDqnekAS4eFM5/ APBC5agLPGORqzcso0wyyRzzTD4NyUorRLbietCdAnRCRWNxsBrssAgVWwYz8CZTjDYkJavfAxA/ AEFoDnSRjqMQSEIKKByDQookHTC2LULLBNltkd+Ga1A+MjAWyrlXqivQMDDQYMPNOMiQRKStiobB xQzZKyedCt0JACf4SNHYFO0INPCfoi3R8IoABCBAAFhjzZgEkLBqUDM0GgfAMNxiapCm4CK0zw2M cQJzugOxYlkD44jJ2AALKKB3AieY/52Q0LUSbSdjkPTDDx/mAdCCXE8Ty1gBDeitQAJXTA1AAahU E83m0UgDzRmMXeJoAS3MAENjC/gQgxEvl+0tkioXxM4GjM3ytsz9fDOJJZd0YggCj5ZjNwA8fPNN N91wE86hQTca+K1FMxbJQLVAwNgEwtDSJ9QAvEEO8t1s85tIDhuAO0HAMPaFoxl8c489lBRYSUMl X/q6AcwgdMrj1rwNDULusF4GhIcQVxkhVs7Dl+ByJT2C+IJ2AHhAGFJDsIMU6w/IUpapCmILxniB faASyCOyEwA8eO0g9TtZpo50gGwYBB6qsACZmGeQblCAVN1ACDushwFyDO8ICASAHP+GBr3BAWB6 BNmGDxqTnQoapFiDyCAABjAGP+zhinvgwx5aBgAwOKqHBHFFBBizA065DmUAEIATyPCFL4BhC0M4 QWNCgI2EmAMDACDAE9jYxj6SgQoFAMAGMlNAxmggDGHooyKt0LqDyCoFZlBkH61QqYPkK3pHNEg9 2OAYJxakWC84gyT7mAVkJEcFYgPAeEjGmAjUDX3kygAwEpIMxmCAZwYZR3iMY4O2IIQfP0glAICY EE6ksgsJiYPYboAQMjAmDgppBGNacxBANCYRCvFCKkGRHB9QoDsWCKc4K8ABGzDihASBhgUosAIC EoQWIqAABDQgC7dgYAIuIORBzJH/ggp4B5wXEEEMmrCJqCyEGDrogAX++U8LeCAJ1FAIKSTA0IpK wA4J4cMEKvpPCVgBIXOYgAT6oBBMSGACokOIKELwAEoopA0U5Sg4KeCKj/ADHeIgh053utMQKiQf 5BCHOWhIkHaIoxzb+AY6+4GPoA41Ifs4xzh4ulN20Asi6aAqVYGmEHqAQ6tUDcc7EgKPcIB1p+Hw 20Dc4ayxJkQe4AgHthLCjm/MFYBmPatOxVGPm/j1r4ANrGAHS9jCGvawiE2sYhfLWIjAoxw6iqxk J0vZylr2spjNrGY3y9nOevazoA2taDtrjqb1ow3k5IBqV8va1rr2tbCNrWxnS9va/9r2trjNrW53 y9ve0tYCVDiUFoRJ3OIa97jITa5yl8vc5jpXbD041BeeS93qWve62M2udmEjBOka9wdHeG4FxuiY ASTuuQkQQQgYsN32OmYBRlgOcStgJeWa172V6W4/pivMAliCGsvoRGqY+worOEYAmejCYxTAq+R2 4BjeYAFxRQA8/N6NBGGDTQiOkQxvECKQqdREiFKpAQU8ZhBrsLBj9MvfVG6BHBM4wDaKJUwLgNgx wbjCY1gAwcacgQ+POe95VXOIXYiGXI5BwSwG7BjyimbIjGEAlBljvcfQABapxEQvFAcL9jwGAlNW hRmEqQBQsNcxJvhAZRIwH8sQIP8BltlAdoTJYuJiIhVtw3NjCICJGAAAEitwTAVSEQxk0OAxvDCw Y/wQ3sZYYBfCAMGidTyGQIiNELV4zAMG0QVcMGLOUwTEOZbwmDMcIxWhaQwEHKECRBypMYSQAyhO UeFWogIZFGqMABAxDiOIDQ/wyIFo1sAMXJDgMaaYlGMe0bJFlMAxXADHF4a8BiY8pgfOeMZwHfMF QugBGYFuDAYwQQs4ELfOwiRFhwDAiPQ1pgDOGAIAECroH1hgFJdAtKIbkwtb2TIWuJB0Y9KgCQD8 ItewKUQHHYMBcIxBB9HYZR7v0A1fN+YGyBiBJSaBJ2iIYhRwbsw0NuGBatRg2ZX/MMEzcKDrP2Qj mMZJQCjmAYoqN0YG3ngBIlqBbGU35hfy5oWfG0OFamBhyJuQg2MMoIsrACEa9WXMI6zRgVjowTF3 cEUAXp1KdKdyFAUHwCN04RgCDCOYuGCbY4owh13wxjGJfswrnOkYPPjhMRcQhQ6ScUPjKPwxHMCF AFA0qsbM4BegBgAcpsEGTrwC1BjABhYeEwBihDcZak8jMUDRhmPQGABBuAVxdfALafQYAG1wBQBo sIwzMybZj6lFMGHhgia/gjqOkUSKG0OChdNCB8teBAA8AeTGpCAYplAznb0rTEbc4gBMSMVr9kwM Yeci8wDQQilCEIjgwH3fjJn7/4kFUZlGIAMTqQwEo/BkCwMZo++MAcIwEt+HVXynzYzhgDFOXzVh KAEAymAD78YMVKABE2BijdEEZCc2LoBHAKAO/gYAbPAKq7cMC+AYsOcYtSBssVB7jcEBtYCAjaF7 jjECvsdyjfEIvBEKV1dei2ALImgcXic2OLAOVBAM7MBFjEEAygAFSeAOM+AYqGAHEZALofAYx7AF j5ELavAYgtAJFOYYH1UEYkMAmaAMtQYAHiAMCaAC0VB4jMED0hADEmcE0FACO3B6HkANJkB5zQAF AGANwNcYoFAJIPADiacEzWACXqYaqlANJQAE8SBvjRED3gADisBzjvEKu/dzUf8ABeeQAgwXDDag AY7BCUq3Z7uABURQDfAHAJjAJ6tAfo3RAy0QAbvQhzLIfMJkBswADd/QA4m3BrAQBoMQAo5xA7bQ B2VACbhHLUu0aI12c7rQCLiXHTcwDfinGh2gCrcgYY1RAYVgAB0ACanWK6kiR41xB8GwCzoIABUQ CZboGAGwCAIoCZL4gawwDI9wYwBAAakgCx6oGhlQCsigDOb2GGhQDK6Ai3WXBI8RB7DQBX/QYIwh AIHQC0HgGGzgBI/BA79ADFHiGGlAIXewbYzRBKkwCuC3ivtlXAeAAHFgDK7HGL/4GAQAYolHXAKQ YQJABsuQj8YxZ1MGG+5YIM+AlYWOcZKw4QA62RhMJjZB+Rg8KRoBkGGpNAAlKTYzWFxSpmKP4QZ5 AJVUWZVWyZSseJVauZVc2ZVdl5VeGZZiOZZQqV9VQJZomZZqWV02cCiVAAVZEJdyOZd0WZd2eZd4 mZd6uZd82Zd++ZeAGZiCOZiEyZdREAhL1ViKuZgbERAAOw== ------=_NextPart_000_0078_01C1D580.27143350-- From sunny@sunbase.org Wed Mar 27 17:18:02 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Wed Mar 27 17:18:02 2002 Subject: 1024 bit encryption compromised? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Found a disquieting article at : 1024-bit encryption is 'compromised' Upgrade to 2048-bit, says crypto expert According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised". The Financial Cryptography conference earlier this month, which largely focused on a paper published by cryptographer Dan Bernstein last October detailing integer factoring methodologies, revealed "significant practical security implications impacting the overwhelming majority of deployed systems utilising RSA as the public key algorithm". Based on Bernstein's proposed architecture, a panel of experts estimated that a 1,024-bit RSA factoring device can be built using only commercially available technology for a price range of several hundred million to $1bn. I guess this is the same thing that was discussed last week on this list. I'm not into this level of cryptoanalytics, but what do you folks say about this? I guess there is no need to get upset of this, if Big Brother wants my bytes, I suppose he has other ugly ways to compromise the key -- bugging my flat or setting up some kind of scanners to analyze the keyboard radiation or maybe plain old violence. I doubt the govs wants to use millions of euro to read my mail. But I admit it's damn irritating to read this now that I changed my key only one month ago. *grmpf* The question is floating around among us -- would it be wise to upgrade to 2048 bits, or is this just speculations? Now that they're talking about this, I guess one should be a step ahead of the snoopers -- especially when it comes to the future robustness of the signatures. Mvh =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +-------- Don't support organized crime, boycott Microsoft. --------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8ofApck6dU2KQIusRAvgrAKCZKsw3w+VSzUyNOSlbsOWaT+CZyQCeOu9w au88KVPs3/rNsFvPkiASBlU=3D =3D+B5H -----END PGP SIGNATURE----- From sunny@sunbase.org Wed Mar 27 17:25:01 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Wed Mar 27 17:25:01 2002 Subject: Help!! In-Reply-To: <292294c4b71376520a22f56b9df20aa73ca1e541@fchn.com> Message-ID: On 2002-03-27 07:27-0800 Steve Butler wrote: > 2. The file was sent in Binary mode from a WSFTP client to a Linux > host. One or more (but not all) characters where dropped. The > file is at least one byte short. In _binary_ mode??? Sheesh, that's an ugly one! Is this a common flaw with the WSFTP clients, or a specific version? Bugs like that cannot be accepted, it has to be corrected ASAFP. =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +----------| En dag uten Cola er som en hund uten svane. |----------+ From sunny@sunbase.org Wed Mar 27 17:39:01 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Wed Mar 27 17:39:01 2002 Subject: options directory In-Reply-To: Message-ID: On 2002-03-27 11:11-0500 Matt Holmen wrote: > On first run of 'gpg' it creates a directory at /.gnupg on a unix > system. Is there a way in the config or at the command line to create > this directory at say /local/.gnupg? You decide where GnuPG shall put its home directory with the $GNUPGHOME environment variable. export GNUPGHOME=3D/usr/local/.gnupg =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +--------------------| Why, Microsoft=AE, WHY??? |--------------------+ From sbutler@fchn.com Wed Mar 27 17:52:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Wed Mar 27 17:52:01 2002 Subject: Help!! Message-ID: I wish I knew! So far it is happening only with one client. But it = appears to happen every time they need to send the file. So far they can resend = it up to four times before all the bytes show up.=20 I'm pointing the finger at the client's software. So far they are = unwilling to take my suggestion and attempt to a UNIX to Linux FTP so see if that = is more reliable. Every so often they don't spot the size discrepancy and = my automated script emails me that gpg returned a status of '2'. Hand = attempts to decrypt usually so that problem that started this thread (zlib = inflate) but have shown various other errors. =20 So, if in doubt, have the client verify the length of the file! Stephen M Butler Oracle Administrator First Choice Health Network 206-268-2309 sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 = D54B=20 kg7je@attbi.com GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 = 81D8=20 -----Original Message----- From: Oyvind A. Holm [mailto:sunny@sunbase.org] Sent: Wednesday, March 27, 2002 8:23 AM To: gnupg-users@gnupg.org Subject: RE: Help!! On 2002-03-27 07:27-0800 Steve Butler wrote: > 2. The file was sent in Binary mode from a WSFTP client to a Linux > host. One or more (but not all) characters where dropped. The > file is at least one byte short. In _binary_ mode??? Sheesh, that's an ugly one! Is this a common flaw with the WSFTP clients, or a specific version? Bugs like that cannot be accepted, it has to be corrected ASAFP. =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +----------| En dag uten Cola er som en hund uten svane. |----------+ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, = is for the sole use of the intended recipient(s) and may contain = confidential and privileged information. Any unauthorized review, use, = disclosure or distribution is prohibited. If you are not the intended = recipient, please contact the sender by reply e-mail and destroy all = copies of the original message. From sbutler@fchn.com Wed Mar 27 18:06:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Wed Mar 27 18:06:02 2002 Subject: 1024 bit encryption compromised? Message-ID: <5069b671ffdf890f712b8541b0784b923ca1fb7d@fchn.com> We have one client using RSA. Last fall they moved to 4096 bits due to rumors about vulnerability at 1024. We moved to 2048 bit DSA/ELG-E at the same time. Perhaps we're just paranoid. Stephen M Butler Oracle Administrator First Choice Health Network 206-268-2309 sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 D54B kg7je@attbi.com GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 81D8 or kg7je@arrl.net -----Original Message----- From: Oyvind A. Holm [mailto:sunny@sunbase.org] Sent: Wednesday, March 27, 2002 8:16 AM To: gnupg-users@gnupg.org Subject: 1024 bit encryption compromised? [snip] According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised". [snip] The question is floating around among us -- would it be wise to upgrade to 2048 bits, or is this just speculations? Now that they're talking about this, I guess one should be a step ahead of the snoopers -- especially when it comes to the future robustness of the signatures. [snip] CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From mutz@kde.org Wed Mar 27 19:47:02 2002 From: mutz@kde.org (Marc Mutz) Date: Wed Mar 27 19:47:02 2002 Subject: [OT] Re: bad signatures In-Reply-To: <20020326232158.GA2168@stonewall> References: <20020326035909.0C69E4F4BD@mail.actcom.net> <200203260914.15030@sendmail.mutz.com> <20020326232158.GA2168@stonewall> Message-ID: <200203271821.01283@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 27 March 2002 00:21, Brian M. Carlson wrote: > If you do not want this converted, use "Content-Conversion: prohibited". > Servers are prohibited from converting if you state this. Care to tell me the RFC number where this is specified? Since when do broken mail relays adhere to anything other than their creators' confused minds? ;-) Marc - -- Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8of983oWD+L2/6DgRAvuUAKDlJ/rGdi2qjieudnFswGxKc0GOcgCg60r2 35+bwlGtevp5H3DLBhI3nDA= =OSHq -----END PGP SIGNATURE----- From hideki@allcity.net Wed Mar 27 21:04:01 2002 From: hideki@allcity.net (Hideki Saito) Date: Wed Mar 27 21:04:01 2002 Subject: Help!! In-Reply-To: <20020327132154.24784.qmail@web12803.mail.yahoo.com> References: <20020327132154.24784.qmail@web12803.mail.yahoo.com> Message-ID: <200203272001.g2RK1oA15153@server-1.visp.net> I used to get that error on 1.0.4, a lot, and never on 1.0.6. Maybe you can upgrade to 1.0.6 and see if it helps. >Hi, > >Today while decrypting a file, I got following errors: >gpg : fatal :zlib inflate problem : invalid stored >block lengths >secmem usage : 2048/3552 bytes in 4/8 blocks of pool >4192/16384 > >I have gpg (GnuPG) 1.0.4 version. > >It's difficult for me to understand this error. >Please help me out in solving this problem. > >Thanks, >Samir. > > >__________________________________________________ >Do You Yahoo!? >Yahoo! Movies - coverage of the 74th Academy Awards=AE >http://movies.yahoo.com/ > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users --=20 Hideki Saito mailto:hideki@allcity.net From agreene@pobox.com Wed Mar 27 23:30:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Wed Mar 27 23:30:01 2002 Subject: [OT] Re: bad signatures In-Reply-To: <200203271821.01283@sendmail.mutz.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 27 Mar 2002, Marc Mutz wrote: >On Wednesday 27 March 2002 00:21, Brian M. Carlson wrote: > >> If you do not want this converted, use "Content-Conversion: prohibited". >> Servers are prohibited from converting if you state this. > >Care to tell me the RFC number where this is specified? RFC1344, but is an informational RFC that makes recommendations. It is not a standard. >Since when do broken mail relays adhere to anything other than their creators' >confused minds? ;-) Touche' Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE8okdUpCpg3WyUI50RAhH3AJ0ewBQ9BoH7+qy0hb3jLsY08Xa3nACfUPav Qx+OImH0rBzWUeOSTPR5Y4g= =0hJ3 -----END PGP SIGNATURE----- From Ralf.Huels@schufa.de Thu Mar 28 08:49:02 2002 From: Ralf.Huels@schufa.de (Huels, Ralf SCORE) Date: Thu Mar 28 08:49:02 2002 Subject: AW: 1024 bit encryption compromised? Message-ID: <51896D38E5E4D111BE560001FA68BA369FB70E@SBO1002> Hi. > Based on Bernstein's proposed architecture, a panel of experts > estimated that a 1,024-bit RSA factoring device can be built using > only commercially available technology for a price range of several > hundred million to $1bn. Hm. Up to now I had only read opinions that stated that Bernstein's result was still rather theoretical. > I guess this is the same thing that was discussed last week on this > list. I'm not into this level of cryptoanalytics, Neither am I. > but what do you folks > say about this? I guess there is no need to get upset of this, if Big > Brother wants my bytes, I suppose he has other ugly ways to compromise > the key -- bugging my flat or setting up some kind of scanners to I guess it all depends on who you want to hide your stuff from. If you need to keep stuff from Governments or billion Dollar corporations, you better be paranoid. If you just want to keep stuff from your small provider's admin I'd guess that 1024 bit RSA still goes a long way. Personally I use GnuPG for "political" reasons rather than for a true need for cryptography. I assume that by using and promoting GnuPG, building a web of trust and so forth (besides the fact that it's fun ;-), I might weaken the position of crypto opponents, who might argue that only criminals use crypto anyway. > The question is floating around among us -- would it be wise to upgrade > to 2048 bits, or is this just speculations? Now that they're talking > about this, I guess one should be a step ahead of the snoopers -- > especially when it comes to the future robustness of the signatures. If I were to create a new key now, I would make it 2048 bits. Since I have two fairly well signed 1024 bit keys (Ranking 1722 and 2003 in the dtype.org statistic ;-), I'll stick with those as long as there are no further advances in cryptanalysis. Tschuess, Ralf From robw33@mac.com Thu Mar 28 10:52:01 2002 From: robw33@mac.com (Robert Wear) Date: Thu Mar 28 10:52:01 2002 Subject: GnuPG - Mailing List Archives Message-ID: <0BA983D1-4231-11D6-BA39-003065714510@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To whom it may concern, Please subscribe me to the mailing list. Cheerio from Sydney, Australia Rob Wear -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: For info see http://www.gnupg.org iD8DBQE8oucaKwK9QZbsXF8RAj5+AJ9220xkJO2+qqf12x+JPgTCFFKLUwCbB0ca DjvKXomp3J9MczQG14Zl0Tk= =BmBF -----END PGP SIGNATURE----- From rtilley@vt.edu Thu Mar 28 13:47:02 2002 From: rtilley@vt.edu (Brad Tilley) Date: Thu Mar 28 13:47:02 2002 Subject: GPG Article on Slashdot Message-ID: <1017319486.10961.207.camel@ohio> http://slashdot.org/articles/02/03/27/1847212.shtml?tid=93 From Thomas.Rueppel@icn.siemens.de Thu Mar 28 21:17:01 2002 From: Thomas.Rueppel@icn.siemens.de (Thomas Rueppel) Date: Thu Mar 28 21:17:01 2002 Subject: commercial usage of gnupg allowed Message-ID: <3CA379BE.4CE133DD@icn.siemens.de> Hi, is a commercial usage of gnupg allowed? If yes, what has to be considered or payed? Are there any restrictions to send encrypted files to or use gpnupg in a foreign country, e.g. somewhere in the world? Please send your answer to: Thomas.Rueppel@t-online.de Your soonest reply is highly apriciated! Best regards, Thomas Rueppel From peter.kuhm@plus.at Thu Mar 28 22:38:01 2002 From: peter.kuhm@plus.at (Peter Kuhm) Date: Thu Mar 28 22:38:01 2002 Subject: commercial usage of gnupg allowed In-Reply-To: <3CA379BE.4CE133DD@icn.siemens.de> Message-ID: <3.0.6.32.20020328223639.0172f100@mail.plus.at> At 21:14 28.03.02 +0100, Thomas Rueppel wrote: >is a commercial usage of gnupg allowed? If yes, what has to be >considered or payed? = ff. >Are there any restrictions to send encrypted files >to or use gpnupg in a foreign country, e.g. somewhere in the world? bye, Peter --=20 VIBE!AT - Verein f=FCr Internet-Benutzer =D6sterreichs (.AT) http://www.vibe= .at/ From sbutler@fchn.com Thu Mar 28 22:47:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Thu Mar 28 22:47:02 2002 Subject: commercial usage of gnupg allowed Message-ID: <9A86613AB85FF346BB1321840DB42B4B67D5AC@jupiter.fchn.com> No commercial restrictions. No royalties. You can give the source away. Usage in certain countries may be restricted by their local law. Stephen M Butler Oracle Administrator First Choice Health Network 206-268-2309 sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 D54B kg7je@attbi.com GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 81D8 -----Original Message----- From: Thomas Rueppel [mailto:Thomas.Rueppel@icn.siemens.de] Sent: Thursday, March 28, 2002 12:15 PM To: gnupg-users@gnupg.org Subject: commercial usage of gnupg allowed Hi, is a commercial usage of gnupg allowed? If yes, what has to be considered or payed? Are there any restrictions to send encrypted files to or use gpnupg in a foreign country, e.g. somewhere in the world? Please send your answer to: Thomas.Rueppel@t-online.de Your soonest reply is highly apriciated! Best regards, Thomas Rueppel _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From wk@gnupg.org Fri Mar 29 12:22:01 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Mar 29 12:22:01 2002 Subject: commercial usage of gnupg allowed In-Reply-To: <9A86613AB85FF346BB1321840DB42B4B67D5AC@jupiter.fchn.com> ("Steve Butler"'s message of "Thu, 28 Mar 2002 13:43:57 -0800") References: <9A86613AB85FF346BB1321840DB42B4B67D5AC@jupiter.fchn.com> Message-ID: <877knvpqnr.fsf@alberti.gnupg.de> On Thu, 28 Mar 2002 13:43:57 -0800, Steve Butler said: > No commercial restrictions. No royalties. You can give the source away. Basically the only restriction is that if you give a binary away you must accompany it with the source (or a written statement that you promise to deliver the source on request without any extra fee). Werner From sunny@sunbase.org Fri Mar 29 13:28:01 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Fri Mar 29 13:28:01 2002 Subject: commercial usage of gnupg allowed In-Reply-To: <877knvpqnr.fsf@alberti.gnupg.de> Message-ID: On 2002-03-29 12:19+0100 Werner Koch wrote: > > On Thu, 28 Mar 2002 13:43:57 -0800, Steve Butler said: > > > > No commercial restrictions. No royalties. You can give the source awa= y. > > Basically the only restriction is that if you give a binary away you > must accompany it with the source (or a written statement that you > promise to deliver the source on request without any extra fee). That's not a restriction, that's a feature. :) =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +--------------------| Why, Microsoft=AE, WHY??? |--------------------+ From webmaster@gnupg.org" This is a multi-part message in MIME format --=_NextPart_2rfkindysadvnqw3nerasdf Content-Type: text/plain Content-Transfer-Encoding: quoted-printable ----- Original Message ----- From: crisha=40trafficbbs.net To: webmaster=40gnupg.org Sent: 2002-3-30 2:10:57 Subject: http://gnupg.archive.sunet.se/de/ Hello, You may have spent much on lots of ways to achieve=20these - search engine registrations, website=20promotions, press release, email sending?- Here=20Traffic BBS presents you a unique method economically=20and professionally converting a PC into personal=20message distribution center=21 Traffic BBS assists you=20to post your message or ad to over 1,200,000+ message=20boards on the web worldwide. Along with a hyperlink=20to your website or email address, a message of your=20business, product, service or offer will be promptly=20submitted to targeted bulletin boards. You can expect=20instant response=21=20 Get your business, service, product or offer seen=21=20 Best Regards, Crisha Wenston Sales & Marketing=20www.trafficbbs.net =20=20 --=_NextPart_2rfkindysadvnqw3nerasdf Content-Type: text/html Content-Transfer-Encoding: quoted-printable
 
----- Original Message -----
Sent: 2002-3-30 2:10:57
Subject: http://gnupg.archive.sunet.se/de/

Do you=20 want to get maximum exposure for your website?
Are you=20 trying to introduce or sell your new product?
Are you=20 planning to present your new service or technology?
Do you=20 want to learn instant info about new service?
Have you=20 got enough time, energy and cost to spread your idea?=20
 

Hello,

=20 You may have spent much on lots of ways to achieve these - search=20 engine registrations, website promotions, press release, and email=20 distribution=A1=AD Here TrafficBBS presents you a unique method=21 TrafficBBS economically and professionally converts=20 your PC into personal information distribution center by submitting=20 your website, business info, or products details to 50,000+ search=20 engines & 120,000+ boards on the web worldwide. Along with a hyperlink=20 to your email address or logo, your website will be promptly submitted=20 to categorized search engines and a message of your business & product=20 will be instantly presented on targeted bulletin boards. You can expect=20 immediate response=21=20





=20
  Visit the Following Links for More Details about TrafficBBS

http://www.trafficbbs.net -- An overview about TrafficBBS. You can visit different pages for detailed explanation.

http://www.trafficbbs.net/list.php -- This page contains two lists.=20 One is the sample list of our search engines & directories, and the=20 other is of message boards. Both of them show to which search engines &=20 BBS we will post your registered information. Currently there are data of=20 over 50,000 & 120,000 high traffic message boards in our database, which=20 is set up for international contacts. TrafficBBS technical development=20 team updates the data periodically to meet increasing requirements.

http://www.trafficbbs.net/faq.php -- Frequently Asked Questions from our=20 new and existing customers. You can read it first for possible help. It=20 gives details of our current service packages, explanation of various=20 function areas such as Bulk Order and Multiple Products, and introduction=20 about our other promotional tools, etc.

Get your business, service, product or offer seen=21=20

Best Regards,
Crisha Wenston
Sales & Marketing=20
www.trafficbbs.net=20

 
   
    Copy right©2001 ,=20 TrafficBBS&=238482;All Rights Reserved.
TrafficBBS&=238482;is a trademark of=20 TrafficBBS.Net inc.
--=_NextPart_2rfkindysadvnqw3nerasdf-- From info@loadedmedia.com Fri Mar 29 19:56:01 2002 From: info@loadedmedia.com (Loaded Media) Date: Fri Mar 29 19:56:01 2002 Subject: GPG Encrytion process Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C1D728.E8A33BC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit I need to encrypt emails sent through an Agora Shopping Cart system I have setup on an account I have setup HostingMatters.com How do I go about doing that? I went to your web site (www.gnupg.org), but don't really see anything as to where to start. All I see is how to set it up on the server, but I don't have access to the server and let's say it was already setup on the server, then what? Is there something I need to download? How do I set it up in the shopping cart? How do I set it up on my client's PC for email retrieval? I sent this same email to HM, but they said it was beyond them and couldn't help. Can you? (I also sent this directly to ‘gnu@gnu.org’ and they told me to send this email to this user-group). Any advice would be much appreciated. Thanks, Sean ----------------------------- Loaded Media - Creative Solutions Provider Visit us at http://www.loadedmedia.com/ 856.825.2400 888.355.3200 toll free 856.794.8862 fax info@loadedmedia.com ------=_NextPart_000_0013_01C1D728.E8A33BC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

I need to encrypt emails sent through an Agora Shopping Cart = system I have setup on an account I have setup HostingMatters.com

How do I go about doing that? I went to your web site (www.gnupg.org), = but don't really see anything as to where to start. All I see is how to set = it up on the server, but I don't have access to the server and let's say it = was already setup on the server, then what? Is there something I need to = download? How do I set it up in the shopping cart? How do I set it up on my = client's PC for email retrieval?

I sent this same email to HM, but they said it was beyond them and = couldn't help. Can you? (I also sent this directly to ‘gnu@gnu.org’ = and they told me to send this email to this user-group).

Any advice would be much appreciated.

Thanks,
Sean

 

-----------------------------

Loaded Media - Creative Solutions = Provider

Visit us at http://www.loadedmedia.com/

856.825.2400

888.355.3200 toll free

856.794.8862 fax

info@loadedmedia.com

 <= /p>

------=_NextPart_000_0013_01C1D728.E8A33BC0-- From ingo.kloecker@epost.de Fri Mar 29 20:29:01 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Fri Mar 29 20:29:01 2002 Subject: bad signatures In-Reply-To: <20020326035909.0C69E4F4BD@mail.actcom.net> References: <20020326035909.0C69E4F4BD@mail.actcom.net> Message-ID: <200203292025.05395@erwin.ingo-kloecker.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 26 March 2002 05:01, Lee Roberts wrote: > Why does everyone say my GPG signature is bad while their PGP > signature shows good? I did a decrypt/verify of one of my GPG > messages with PGP and it gives a bad signature also. So far, I don't > see anything wrong with my GPG configuration. I found the problem. In full compliance with the OpenPGP specs GPG uses=20 v4 signatures by default. GPG has an option to force it to use v3=20 signatures. man gpg says: --force-v3-sigs OpenPGP states that an implementation should generate v4 signatures but PGP 5.x recognizes v4 signatures only on key material. This option forces v3 signatures for signatures on data. Obviously PGP 6.5.8 also can't handle v4 signatures. Solution: Add 'force-v3-sigs' to your ~/.gnupg/options file. Regards, Ingo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8pL+QGnR+RTDgudgRAmEQAJ9srQpHdvR1/GvXkbioc/PcPowdfgCfdSeH iiSAmwy3Simr+ZeRvIOt+94=3D =3DZLtP -----END PGP SIGNATURE----- From teiva1@caramail.com Sat Mar 30 13:19:01 2002 From: teiva1@caramail.com (Teiva martin) Date: Sat Mar 30 13:19:01 2002 Subject: Problem importing a secret key Message-ID: <1017490591012061@caramail.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0120611017490591_ID Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a problem importing a secret key from another computer. I've made a "gpg --export-secret-key --armor teiva", scp the key to the other computer, but there, all I have is a : teiva@zephyr:~/.gnupg$ gpg --import --allow-secret-key-import teiva_pvkey.asc gpg: key B7E9F209: no user ID gpg: Total number processed: 1 gpg: secret keys read: 1 What did I made wrong ? Thanks for your help ______________________________________________________ Bo=EEte aux lettres - Caramail - http://www.caramail.com --=_NextPart_Caramail_0120611017490591_ID-- From sunny@sunbase.org Sat Mar 30 13:41:01 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Sat Mar 30 13:41:01 2002 Subject: Problem importing a secret key In-Reply-To: <1017490591012061@caramail.com> Message-ID: On 2002-03-30 13:16-0000 Teiva martin wrote: > I have a problem importing a secret key from another > computer. I've made a "gpg --export-secret-key --armor > teiva", scp the key to the other computer, but there, all I > have is a : > teiva@zephyr:~/.gnupg$ gpg --import > --allow-secret-key-import teiva_pvkey.asc > gpg: key B7E9F209: no user ID > gpg: Total number processed: 1 > gpg: secret keys read: 1 > > What did I made wrong ? Judging from the error message it seems as GPG also wants the public key. The secret key contains no personal information, so GnuPG has no user ID that refer to this secret key. Try to import the public key first, then import the secret key the way you did. Mvh =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +-------- Don't support organized crime, boycott Microsoft. --------+ From teiva1@caramail.com Sat Mar 30 14:00:01 2002 From: teiva1@caramail.com (Teiva martin) Date: Sat Mar 30 14:00:01 2002 Subject: Problem importing a secret key Message-ID: <1017493103006398@caramail.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0063981017493103_ID Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Actually, the public key is already imported. That's why I really don't understand why I can't import the private key... Anyway, if that is the problem, is there any away to force gnupg to import the key, without caring about personal informations ? Teiva ______________________________________________________ Bo=EEte aux lettres - Caramail - http://www.caramail.com --=_NextPart_Caramail_0063981017493103_ID-- From dshaw@jabberwocky.com Sat Mar 30 17:32:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 30 17:32:01 2002 Subject: Problem importing a secret key In-Reply-To: References: <1017490591012061@caramail.com> Message-ID: <20020330152944.GA633@akamai.com> On Sat, Mar 30, 2002 at 01:38:45PM +0100, Oyvind A. Holm wrote: > On 2002-03-30 13:16-0000 Teiva martin wrote: > > > I have a problem importing a secret key from another > > computer. I've made a "gpg --export-secret-key --armor > > teiva", scp the key to the other computer, but there, all I > > have is a : > > teiva@zephyr:~/.gnupg$ gpg --import > > --allow-secret-key-import teiva_pvkey.asc > > gpg: key B7E9F209: no user ID > > gpg: Total number processed: 1 > > gpg: secret keys read: 1 > > > > What did I made wrong ? > > Judging from the error message it seems as GPG also wants the public > key. The secret key contains no personal information, so GnuPG has no > user ID that refer to this secret key. Try to import the public key > first, then import the secret key the way you did. This is not correct - the secret key should contain everything in the public key except for key signatures (other than the self-signature). It's possible you don't have a user ID packet in your secret key for some reason. Can you tell me what GnuPG displays when you add --verbose to your command line? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Sat Mar 30 17:32:06 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Mar 30 17:32:06 2002 Subject: FAQ item?: Using GnuPG in a business In-Reply-To: <1017178166.19444.7.camel@allevil> References: <20020326182530.GA681@akamai.com> <1017178166.19444.7.camel@allevil> Message-ID: <20020330162931.GA1103@akamai.com> On Tue, Mar 26, 2002 at 04:29:26PM -0500, Douglas Calvert wrote: > On Tue, 2002-03-26 at 13:25, David Shaw wrote: > > Maybe this should be a FAQ - I saw Douglas Calvert volunteered to be > > the new FAQ maintainer. > Yep that is me. i am waiting on werner to get some things ready. But he > is busy right now. If someone wants to write this up let me know. If not > please let me know what you would like included. And while we are on the > subject if there are any more faq things let me know... There are several pieces of information that need to be mentioned in the answer for this question. The thing that I think is most important, though, is that it is very clear very early in the answer that it is just fine to use it in a business and there are no licence fees or contracts to be signed. A lot of the free software documents on the net are very good and very complete but don't really get to the heart of the question for a business that just wants to use it (as opposed to distribute, modify, and so on). Many business folks don't really understand free software, and we should make their first experience with it be as painless and happy as possible :) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From n0sq@arrl.net Sat Mar 30 18:13:01 2002 From: n0sq@arrl.net (Lee Roberts) Date: Sat Mar 30 18:13:01 2002 Subject: bad signatures In-Reply-To: <200203292025.05395@erwin.ingo-kloecker.de> References: <20020326035909.0C69E4F4BD@mail.actcom.net> <200203292025.05395@erwin.ingo-kloecker.de> Message-ID: <20020330170742.876AE4EB60@mail.actcom.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 29 March 2002 12:25 pm, Ingo Kl=F6cker wrote: > On Tuesday 26 March 2002 05:01, Lee Roberts wrote: > > Why does everyone say my GPG signature is bad while their PGP > > signature shows good? I did a decrypt/verify of one of my GPG > > messages with PGP and it gives a bad signature also. So far, I don't > > see anything wrong with my GPG configuration. > > I found the problem. In full compliance with the OpenPGP specs GPG uses > v4 signatures by default. GPG has an option to force it to use v3 > signatures. man gpg says: > --force-v3-sigs > OpenPGP states that an implementation should > generate v4 signatures but PGP 5.x recognizes v4 > signatures only on key material. This option > forces v3 signatures for signatures on data. > > Obviously PGP 6.5.8 also can't handle v4 signatures. > > Solution: > Add 'force-v3-sigs' to your ~/.gnupg/options file. > > Regards, > Ingo Looks like that was the problem. The signature looks good on my PGP 6.5.8= now=20 but I haven't heard back from my friends yet to be sure that their versio= n of=20 PGP shows the signature as good. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Encryption isn't just for secrets...... iD8DBQE8pfGHUdYCmRtxtWQRAq0/AJ9futRCf5SCAfCd3Sg1uA/jCbRHaACfZHED pPzNw+aOhOK4rf/koet4hZ8=3D =3Dkhzx -----END PGP SIGNATURE----- From oliver@schonrocks.com Sat Mar 30 20:07:01 2002 From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=) Date: Sat Mar 30 20:07:01 2002 Subject: Creating user id's with International Characters Message-ID: <344099759.1017515101@[192.168.0.1]> --==========344102599========== Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline As you can see from my "Real Name" I have a continuous issue with the=20 German "Umlaut". RFC 2047 now allows the use non-ASCII characters in the message Header, and = most clients these days support it. http://www.ietf.org/rfc/rfc2047.txt?number=3D2047 When I recently downloaded GnuPG and created my Key-Pair, I created the=20 UserID real name with the "Umlaut". No problem so far on my machine (which=20 BTW is W2K). Problem came when I submitted my key to a keyserver which failed to read=20 the non-ASCII character correctly. I suspect that this is caused by my W32 environment using ISO-8859-1 and=20 the specification for OpenPCP speficifying UTF-8. http://www.ietf.org/rfc/rfc2440.txt However after half a day on this problem I can't seem to find a solution to = creating a key that represents the Umlaut correctly so that it will appear=20 properly in the message header/cmail client under RFC 2047, and in the=20 Keyserver Listing accroding to RFC 2440. I am sure this is a very common problem in German speaking regions and=20 there is an obvious solution. Help would be very much appreciated. Regards Oliver Sch=F6nrock --==========344102599========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6-2 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjymDF0ACgkQCrzs63tEJe+3LwCgmtvGFwBo2A72wtiMBB3irqbl j9wAn2DQZeMVXOSVz/54iKS0ThV4qgfn =T5Bk -----END PGP SIGNATURE----- --==========344102599==========-- From karlsson@hal-pc.org Sat Mar 30 22:04:02 2002 From: karlsson@hal-pc.org (Brian M. Carlson) Date: Sat Mar 30 22:04:02 2002 Subject: --compress-algo Message-ID: <20020330210229.GA25220@stonewall> --rwEMma7ioTxnRzrJ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Using the command line "gpg --compress-algo 0 --export > pgpmsg.asc" with gpg 1.0.6d yields the same results as --compress-algo [1,2]. The md5su= ms for each pgpmsg.asc are the same. Shouldn't this command create uncompress= ed output (so that I can later compress it more efficiently with bzip2)? --=20 Brian M. Carlson OpenPGP: 0x351336B2DCA1913A --rwEMma7ioTxnRzrJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6d (GNU/Linux) Comment: Ubi libertas, ibi patria. iQEVAwUBPKYn5OWR/8lWBVPnAQMVnQf+IiB1VKpy18ZxsoovV19aGbIhh7SMUWBg 4xorevWCspnHKxOR/RxGBNmxj0+8WaxuvmvmOivNZLol6HGI4UBp/VeoToDh3yGi qldZDttl0XfC0jTiVGQxIIG+m1D/ZSMGFjHjdK38l8YwKWtSFXUHIFRcMFvSd5iZ JEkR2sdeLV2BHqx5jJtJJD02chDlQ3F4HSTa85UrUN0HMBa02FyQKAKH4m/Rmt6M Os0o5OtVOE6rG0HDaawl8pQ0xRO8TtRx1QTTwwhMqyZuAMnzAr0R+q14x/jeOJHM 6PXKjfWUuu3eqGxcds6xeltkcOhvi614nnaEdZuuo4tnAlKeFWmklQ== =NX4+ -----END PGP SIGNATURE----- --rwEMma7ioTxnRzrJ-- From bart.martens@advalvas.be Sat Mar 30 23:31:01 2002 From: bart.martens@advalvas.be (Bart Martens) Date: Sat Mar 30 23:31:01 2002 Subject: --compress-algo In-Reply-To: <20020330210229.GA25220@stonewall>; from karlsson@hal-pc.org on Sat, Mar 30, 2002 at 09:02:29PM +0000 References: <20020330210229.GA25220@stonewall> Message-ID: <20020330225755.A6908@cable-195-162-214-247.upc.chello.be> On Sat, Mar 30, 2002 at 09:02:29PM +0000, Brian M. Carlson wrote: > Using the command line "gpg --compress-algo 0 --export > pgpmsg.asc" > with gpg 1.0.6d yields the same results as --compress-algo [1,2]. The md5sums > for each pgpmsg.asc are the same. Shouldn't this command create uncompressed > output (so that I can later compress it more efficiently with bzip2)? > > -- > Brian M. Carlson > > OpenPGP: 0x351336B2DCA1913A Have you tried -z 0 ? From user1312@mail-group.net Sat Mar 30 23:45:01 2002 From: user1312@mail-group.net (George Summerton) Date: Sat Mar 30 23:45:01 2002 Subject: GnuPG on Pocket PC/Windows CE? Message-ID: <000d01c1d83c$2e481d80$6501a8c0@LocalHost17> Is there a GnuPG binary that will run on an IPAQ (206mhz ARM processor) under Pocket PC 2002/Windows CE? Thanks for any information. George From ingo.kloecker@epost.de Sun Mar 31 00:45:01 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Mar 31 00:45:01 2002 Subject: Creating user id's with International Characters In-Reply-To: <344099759.1017515101@[192.168.0.1]> References: <344099759.1017515101@[192.168.0.1]> Message-ID: <200203310002.15027@erwin.ingo-kloecker.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 30 March 2002 20:05, Oliver Sch=F6nrock wrote: > As you can see from my "Real Name" I have a continuous issue with the > German "Umlaut". As you can see, /me too. ;-) > RFC 2047 now allows the use non-ASCII characters in the message > Header, and most clients these days support it. > > http://www.ietf.org/rfc/rfc2047.txt?number=3D2047 > > When I recently downloaded GnuPG and created my Key-Pair, I created > the UserID real name with the "Umlaut". No problem so far on my > machine (which BTW is W2K). Same here. > Problem came when I submitted my key to a keyserver which failed to > read the non-ASCII character correctly. Well, obviously this is the keyserver's fault. My user id is also not=20 displayed correctly on the WWW interface of the keyserver and PGP 6.5.8=20 also doesn't do it right (I heard that PGP 7 finally does it correctly,=20 but who cares anyway). GnuPG OTOH is RFC 2440 compliant and encodes the=20 user id correctly in utf-8. > However after half a day on this problem I can't seem to find a > solution to creating a key that represents the Umlaut correctly so > that it will appear properly in the message header/cmail client under > RFC 2047, and in the Keyserver Listing accroding to RFC 2440. Why should the user id appear in a message header? > I am sure this is a very common problem in German speaking regions > and there is an obvious solution. The obvious solution I can propose is not to use a broken mail client=20 which can't handle utf-8 encoded user ids correctly. But maybe there is really a problem with your user id. Please send your=20 public key to the list so that we can have a look. Regards, Ingo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8pkPzGnR+RTDgudgRAnbeAKCLSvnF7s4xJo7hKhhjqg4ZbQElfgCfV9xs Mv9VMWxwn6f/T2qlmO85TDg=3D =3D3QpD -----END PGP SIGNATURE----- From jkane89@softhome.net Sun Mar 31 00:47:02 2002 From: jkane89@softhome.net (John Kane) Date: Sun Mar 31 00:47:02 2002 Subject: --compress-algo Message-ID: <3CA64CF4.D1679B26@softhome.net> Brian Carlson writes: > "gpg --compress-algo 0 --export > pgpmsg.asc" Sorry, but the output of --export was never compressed in the first place. It does a binary export of all public keys in your keyring. (compress-algo and -z have no effect in this situation.) You can do --armor --export if you want the output to be a non-binary ascii file (which you can then compress), but --export already produces an uncompressed binary file. You would do: gpg --export >mykeys.gpg gpg -a --export >mykeys.asc gpg -a -o mykeys.asc --export From karlsson@hal-pc.org Sun Mar 31 01:15:02 2002 From: karlsson@hal-pc.org (Brian M. Carlson) Date: Sun Mar 31 01:15:02 2002 Subject: --compress-algo In-Reply-To: <20020330225755.A6908@cable-195-162-214-247.upc.chello.be> References: <20020330210229.GA25220@stonewall> <20020330225755.A6908@cable-195-162-214-247.upc.chello.be> Message-ID: <20020331001310.GA29188@stonewall> --AqsLC8rIMeq19msA Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 30, 2002 at 10:57:56PM +0100, Bart Martens wrote: > On Sat, Mar 30, 2002 at 09:02:29PM +0000, Brian M. Carlson wrote: > > Using the command line "gpg --compress-algo 0 --export > pgpmsg.asc" > > with gpg 1.0.6d yields the same results as --compress-algo [1,2]. The m= d5sums > > for each pgpmsg.asc are the same. Shouldn't this command create uncomp= ressed > > output (so that I can later compress it more efficiently with bzip2)? > >=20 > > --=20 > > Brian M. Carlson > > > > OpenPGP: 0x351336B2DCA1913A >=20 > Have you tried -z 0 ? Yes, it didn't work. It would be rather useful if when exporting the compression options took effect. --=20 Brian M. Carlson OpenPGP: 0x351336B2DCA1913A --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6d (GNU/Linux) Comment: Ubi libertas, ibi patria. iQEVAwUBPKZUlOWR/8lWBVPnAQO+fQf/ec4J2PI3R8MKTNZ+mVKzqBIfDgzXgt95 SQPF9FeNWbtm4nr01n2dvYRsC+nf82FShibStZ0q4awu+vtnuC1hxRjviKakNGRG 234+SdJiiC1S58zGZTl7IzSkLpQcoaDgN93spRE8rIOb7kC9txq7MtIzZZ+PBFP7 85+DnGMqbvfkSOaKjbHeaalHswhqitteaajMvoRE3JmwJzEvApuP3xqKRlOpQMs1 gqXhV/PCYVBMQQlSwsZ9O/W1WayQaxKMcD0k8wyz0jynwWKukW+Sgf1aLKopQWuW v2R4SOydvNr4BpuEuoT9pNaDiTTIShfVjsmepe5MWt512PxfUiRa0A== =dYhB -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA-- From oliver@schonrocks.com Sun Mar 31 01:32:02 2002 From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=) Date: Sun Mar 31 01:32:02 2002 Subject: Creating user id's with International Characters In-Reply-To: <200203310002.15027@erwin.ingo-kloecker.de> References: <200203310002.15027@erwin.ingo-kloecker.de> Message-ID: <363636211.1017534637@[192.168.0.1]> --==========363654115========== Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On 31 March 2002 00:01 +0100 Ingo Kl=F6cker = wrote: > Why should the user id appear in a message header? I didn't mean that it should. Actually I have no problem at all on the mail = client side. It works fine. Displays the "real name" in the header ok, and=20 uses the key just fine too. I am using Mulberry V2.2b4 BTW. My only problem is that the Keyserver is not displaying the name correctly=20 on its html interface and thought that that meant there is a problem with=20 my key. Here is my public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6-2 (MingW32) Comment: For info see http://www.gnupg.org mQGiBDyl9CMRBACeNR92RAEykNknOZB+BRTsNZOoRxqFznKTpOZlMi4TNXzf9URf PFzKFtbQCBACWx0NPRRVehF55nfW2Onwm6x8LH+Sxpjyuc5oIZGedd9ZwNQ3GdDM Xq6D7xbccpt8MCFQVOrRkPuANA0WRHBFhaJZL+10JMOvmGrFrXCYD93bMwCgm6/E H8x3E0DZU2Y64kp1iVHX97MD/3uzsVY8MLkX7KFXUeBL4jbEAvzbgFXfRDwxU8Pc sxhC8Otio0Uzh537iInItVhBuQkBg9ya4KEn5mRUUjbipAtTLv3Ofs8o6QhFqBFw CXrKnxDEDlSkrxGimHlEsr3iS+ay8I6YresMVWjzbyXWYhcmg6MIRZLncDZtrlY/ QSpCA/90/Gfwj2yyTmne81zEhPBXKoRfAVtxkOEY401gRuL3qSHjpy/nLS22JRAs 3opuAXOK1Q5JQikXHwaEf/tmf50KrlHU4d4BZtp/vAO47fZ1bi+Py5Zb+fZQ65s+ XkY3cnvinHgrZe1bORJiIiW0MA2uWpAHYeA2o0uvErt/C36P7bQpT2xpdmVyIFNj aMKUbnJvY2sgPG9saXZlckBzY2hvbnJvY2tzLmNvbT6IXQQTEQIAHQUCPKX0IwUJ AeEzgAULBwoDBAMVAwIDFgIBAheAAAoJEAq87Ot7RCXvz5AAoICBGCyGp4em5U1F 8/51UvKBe9PVAJsEakMEu6hz4xgIE6Nta4aziwBD8rkBDQQ8pfQpEAQA/7A8KTv/ 5Wm6yLkSaBdlamCVeUz2jk8j54W6UmYusj0q93aPUqxSTmRP4GlxkV+lVw7zYgro fPi3KqHo5h1T+b1+WXOYiRM6JIVKNrnztO0WtzviNWovJifVN08/G9nvKQ8UkjMh TL9Gg0nKJe0K/KfbOw5udppW+RJSUPw25NcABAsD/3kFrzEWcpjg6FFCUjyNoxv1 V3Vg+zkPaouj/p0FMc6FKYD49+5/pjBoNEdEnnp5dOaohUNAqxQrQserCPEbnKsb if7a/le0M8fRgLbZToIlI6ZYUsPBvKAfRo5zf0EoQ+gH1hNGxXl51oUfyJkepOVm aYcFmQez4j0Jal+VVxi0iEwEGBECAAwFAjyl9CkFCQHhM4AACgkQCrzs63tEJe9y kgCeOZdhAUA9cuucj4hyew/eH0QhFdoAoJgjko8UmtKoRllUDoqRssvwwmTZ =3DufLp -----END PGP PUBLIC KEY BLOCK----- and look how it displays on the keyserver=20 (http://math-www.uni-paderborn.de/pgp/): Type bits/keyID Date User ID pub 1024/7B4425EF 2002/03/30 Oliver Sch=C2=3Fnrock Key fingerprint =3D 47 A7 A0 2C 37 BB 09 00 62 2D AC 41 0A BC = EC=20 EB 7B 44 25 EF nice Umlaut huh? BTW Ingo, your key looks similar: Type bits/keyID Date User ID pub 1024/30E0B9D8 2000/10/16 Ingo Kl=C3=B6cker Key fingerprint =3D 71 2A 09 10 32 1A C7 62 D4 80 54 08 1A 74 = 7E=20 45 30 E0 B9 D8 Ingo H. Kl=C3=B6cker Ingo H. Kl=C3=B6cker = Ingo H. Kl=C3=B6cker=20 Only question I have is why is your O-Umlaut different to mine? So is this just a Keyserver/HTML/Char set during diapay issue? Is my key=20 actually properly encoded? Thanks for you help Oliver --==========363654115========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6-2 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjymWK0ACgkQCrzs63tEJe87/ACfY4nYQp2MxolU3Q764j82WYdz JqkAnjzyxR8mW4qOebw5+eZG1Jq1x1CQ =Pezc -----END PGP SIGNATURE----- --==========363654115==========-- From grfz@uni.de Sun Mar 31 04:00:01 2002 From: grfz@uni.de (Gregor Zattler) Date: Sun Mar 31 03:00:01 2002 Subject: gpg --list-key shows keys twice Message-ID: <20020331015328.A5513@localhost> Hi gnupg-users, gpg --list-key shows pubkeys in pubring.gpg twice, whereas pubkeys from "included" pubring.pgp are single in the listing (see below). ^^^ This is especially annoying, when using gpg in mutt: every time i mail (and encrypt) to a person from which i have only one key mutt asks me which one from the listing of two identical keys i want to use for encrytion. I am using gpg 1.06 as packed in debian sid. I reimported the whole pubring.gpg but that did not help. Any ideas? This is a listing which shows keys from gpg-pubring.gpg mixed with keys from pgp-pubring.pgp: 0 pit:~$ gpg --list-key thomas pub 1024D/393D2469 1999-09-23 Thomas Quinot uid Thomas Quinot sub 1024g/8DE13BB2 1999-09-23 pub 1024D/393D2469 1999-09-23 Thomas Quinot uid Thomas Quinot sub 1024g/8DE13BB2 1999-09-23 pub 1954R/983D1641 1997-12-09 Thomas Roessler pub 512R/030EF661 1996-04-24 Thomas Roessler [INSECURE] pub 1024R/9AA3C6F1 1995-01-03 Thomas Roessler uid Thomas Roessler uid Thomas Roessler %3 pub 1024R/A3EDCD85 1994-08-01 Thomas Roessler uid Thomas Roessler pub 512R/EBD70345 1994-05-30 Thomas L. Roessler pub 2048R/CE6AC6C1 1997-12-23 Thomas Roessler pub 1280R/593238E1 1996-01-19 Thomas Roessler uid Thomas Roessler pub 1024R/134012DD 1994-12-23 Thomas Quinot uid Thomas Quinot uid Thomas Quinot uid Thomas.Quinot@Email.ENST.FR uid Thawte Freemail Member uid Thomas Quinot pub 1024R/92E1B71D 1998-12-09 Chuck Thomas pub 1024R/56E1B8DD 1995-07-16 Ted Whalen uid Ted Whalen uid Thomas E. Whalen Ciao, Gregor -- Kommunikation benoetigt gemeinsame /"\ ASCII Ribbon Campaign Standards --> unformatierter Text \ / Respect for open standards in E-Mails, als Anhaenge nur offene X No HTML/RTF in email Standards, keine Micro$oft-Dateien / \ No M$ Word docs in email From dshaw@jabberwocky.com Sun Mar 31 04:05:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Mar 31 03:05:01 2002 Subject: --compress-algo In-Reply-To: <20020330210229.GA25220@stonewall> References: <20020330210229.GA25220@stonewall> Message-ID: <20020331010232.GA682@akamai.com> On Sat, Mar 30, 2002 at 09:02:29PM +0000, Brian M. Carlson wrote: > Using the command line "gpg --compress-algo 0 --export > pgpmsg.asc" > with gpg 1.0.6d yields the same results as --compress-algo [1,2]. The md5sums > for each pgpmsg.asc are the same. Shouldn't this command create uncompressed > output (so that I can later compress it more efficiently with bzip2)? The default for --export is already uncompressed. If you want to compress keys, use --compress-keys along with the usual --compress-algo. Note that GnuPG can import compressed keys just fine, but if you compress outside of GnuPG (with gzip or bzip2 or whatever), then you'll need to uncompress it yourself before --importing it back into GnuPG. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From haphazard@kc.rr.com Sun Mar 31 07:57:02 2002 From: haphazard@kc.rr.com (Greg Norris) Date: Sun Mar 31 06:57:02 2002 Subject: gpg --list-key shows keys twice In-Reply-To: <20020331015328.A5513@localhost> References: <20020331015328.A5513@localhost> Message-ID: <20020331045821.GA11580@glitch.localdomain> --T4sUOijqQbZv57TR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Your public keyring is being checked twice. Edit ~/.gnupg/options, and remove the "keyring" entry for ~/.gnupg/pubring.gpg. Current versions of gpg use the default keyring file automagically, while older ones required that it be specified explicitely... that's been my experience on Debian, anyway. On Sun, Mar 31, 2002 at 01:53:28AM +0100, Gregor Zattler wrote: > Hi gnupg-users, >=20 > gpg --list-key shows pubkeys in pubring.gpg twice,=20 > whereas pubkeys from "included" pubring.pgp are single in the > listing (see below). ^^^ >=20 > This is especially annoying, when using gpg in mutt: every time i > mail (and encrypt) to a person from which i have only one key > mutt asks me which one from the listing of two identical keys i > want to use for encrytion. >=20 > I am using gpg 1.06 as packed in debian sid. I reimported the > whole pubring.gpg but that did not help. Any ideas? >=20 >=20 > This is a listing which shows keys from gpg-pubring.gpg mixed > with keys from pgp-pubring.pgp: >=20 > 0 pit:~$ gpg --list-key thomas > pub 1024D/393D2469 1999-09-23 Thomas Quinot > uid Thomas Quinot > sub 1024g/8DE13BB2 1999-09-23 >=20 > pub 1024D/393D2469 1999-09-23 Thomas Quinot > uid Thomas Quinot > sub 1024g/8DE13BB2 1999-09-23 >=20 > pub 1954R/983D1641 1997-12-09 Thomas Roessler >=20 > pub 512R/030EF661 1996-04-24 Thomas Roessler = [INSECURE] >=20 > pub 1024R/9AA3C6F1 1995-01-03 Thomas Roessler > uid Thomas Roessler > uid Thomas Roessler %3 >=20 > pub 1024R/A3EDCD85 1994-08-01 Thomas Roessler > uid Thomas Roessler >=20 > pub 512R/EBD70345 1994-05-30 Thomas L. Roessler >=20 > pub 2048R/CE6AC6C1 1997-12-23 Thomas Roessler >=20 > pub 1280R/593238E1 1996-01-19 Thomas Roessler > uid Thomas Roessler >=20 > pub 1024R/134012DD 1994-12-23 Thomas Quinot > uid Thomas Quinot > uid Thomas Quinot > uid Thomas.Quinot@Email.ENST.FR > uid Thawte Freemail Member > uid Thomas Quinot >=20 > pub 1024R/92E1B71D 1998-12-09 Chuck Thomas >=20 > pub 1024R/56E1B8DD 1995-07-16 Ted Whalen > uid Ted Whalen > uid Thomas E. Whalen >=20 >=20 >=20 > Ciao, Gregor > --=20 > Kommunikation benoetigt gemeinsame /"\ ASCII Ribbon Campaign =20 > Standards --> unformatierter Text \ / Respect for open standards > in E-Mails, als Anhaenge nur offene X No HTML/RTF in email =20 > Standards, keine Micro$oft-Dateien / \ No M$ Word docs in email >=20 > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users --T4sUOijqQbZv57TR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8ppdtgrEMyr8Cx2YRAm3MAKDGcyTpFm+vUTuOFf1BOGPJx53MzACfWDql 7oOBJDcRiJ3620EubDOHPwc= =yXTL -----END PGP SIGNATURE----- --T4sUOijqQbZv57TR-- From jim@deadlock.com Sun Mar 31 11:23:01 2002 From: jim@deadlock.com (Jim Rhodes) Date: Sun Mar 31 10:23:01 2002 Subject: Removing comment via options file Message-ID: I know that it's possible to remove the comment line from ciphertext via the command line: --comment '' ... but is it possible to remove the comment line via the options file? From gw_goldwing@gwstrong.com Sun Mar 31 11:57:02 2002 From: gw_goldwing@gwstrong.com (Greg Strong) Date: Sun Mar 31 10:57:02 2002 Subject: Install GnuPG on Win98? Use GPA? Message-ID: I've downloaded GnuPG 1.0.6 and GPA. I'm assuming GPA is the standard Win32 GUI to use with GnuPG after reading a few messages. The files are gnupg-w32-1.0.6-2.zip and gpa-0.4.3.tar.gz, respectively. It looks like most of the documentation on the web site pertains to the "standard" installation onto Linux and running GnuPG from the prompt. The site does state GnuPG can be used on Win32 OS's. I would rather use GnuPG with a more user friendly frontend, but have experience working from the prompt on DOS before Windows took over. I would like to use GnuPG with my email client either encrypting email or using with signatures for authentication. Presently I'm using Virtual Access 5.51 for an email client, but this may change to Agent in the future. My questions are as follows: 1) Any special installation instructions for Win98? 2) If GPA is the standard GUI, can I use this with any email program? 3) If #2 is yes, is there any threads in the archives which would provide some help. I'm never used PGP. I've read the Howtos and parts of the manual, so I have some background. Actually using the application would be the best experience, and would like to get a good start. TIA! Greg Strong Email: gw_goldwing@gwstrong.com Sun, 31 Mar 2002 02:30 CST From sunny@sunbase.org Sun Mar 31 12:14:02 2002 From: sunny@sunbase.org (Oyvind A. Holm) Date: Sun Mar 31 11:14:02 2002 Subject: Removing comment via options file In-Reply-To: Message-ID: On 2002-03-31 09:21+0100 Jim Rhodes wrote: > I know that it's possible to remove the comment line from > ciphertext via the command line: > > --comment '' > > ... but is it possible to remove the comment line via the > options file? Yepp. comment "" =D8yvind +-------------------------------------------------------------------+ | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm | | Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB | +-------- Don't support organized crime, boycott Microsoft. --------+ From justinrt@bellsouth.net Sun Mar 31 13:10:02 2002 From: justinrt@bellsouth.net (Justin Troutman) Date: Sun Mar 31 12:10:02 2002 Subject: Install GnuPG on Win98? Use GPA? References: Message-ID: <005801c1d89b$bbea27a0$3c709d42@sardine> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Sun, 31 Mar 2002 02:30 CST Greg Strong wrote: > I've downloaded GnuPG 1.0.6 and GPA. I'm assuming GPA is the standard > Win32 GUI to use with GnuPG after reading a few messages. The files > are gnupg-w32-1.0.6-2.zip and gpa-0.4.3.tar.gz, respectively. > GPA is probably the best GUI for it, of which I use, along with WinPT (http://www.winpt.org) due to its tasktray availability and clipboard features. > It looks like most of the documentation on the web site pertains to the > "standard" installation onto Linux and running GnuPG from the prompt. > The site does state GnuPG can be used on Win32 OS's. I would rather > use GnuPG with a more user friendly frontend, but have experience > working from the prompt on DOS before Windows took over. Working with GnuPG via command line is fairly simple, provided you read over the man file and some documentation, however the GUI automation is great, but, with GnuPP, of which is explained a bit below, you can use the GUI utilities or still choose to run it at the command line. Your call. > > I would like to use GnuPG with my email client either encrypting email > or using with signatures for authentication. Presently I'm using > Virtual Access 5.51 for an email client, but this may change to Agent > in the future. > > My questions are as follows: > 1) Any special installation instructions for Win98? > > 2) If GPA is the standard GUI, can I use this with any email program? > > 3) If #2 is yes, is there any threads in the archives which would > provide some help. > > I'm never used PGP. I've read the Howtos and parts of the manual, so I > have some background. Actually using the application would be the best > experience, and would like to get a good start. TIA! > I would recommend downloading the GnuPP package, which bundles GnuPG, GPA, and WinPT together for easy installation. The GnuPP site it in German, but with a little help from Google translation, you should be able to comprehend everything at: http://translate.google.com/translate?hl=en&sl=de&u=http://www.gnupp.de/&pre v=/search%3Fq%3DGnuPP%26hl%3Den As for integration with mail clients, on my Windows 98 box, I use GPGOE (for Outlook Express), which utilizes the S/MIME encrypt/sign buttons (although not using S/MIME) to do the GnuPG encrypt/sign routines. I am well pleased with it, especially after migrating from all the GUI eye-candy of PGP and its mail plugins. Also, check http://www.gnupg.org/frontends.html for plugins and such which might be of use to you and whichever mail client you decide on using. Hope this helps you get started with using the application. If you have any questions, feel free to send 'em on. Later on, Justin 'just another hardcore crypto junkie' Troutman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) - GPGOE Plug-in 0.2.2 Comment: GnuPG - Simple. Robust. Open source. Enough said. http://www.gnupg.org | http://www.gnupp.org iD8DBQE8pt+inMjKhGLOEDYRAy3hAKC7lJR0X0aWbZsozPgukub0F4gYnACfaPUA TncYVVYMHwU9iAJfn211fhM= =ewus -----END PGP SIGNATURE----- From mutz@kde.org Sun Mar 31 14:36:02 2002 From: mutz@kde.org (Marc Mutz) Date: Sun Mar 31 13:36:02 2002 Subject: Creating user id's with International Characters In-Reply-To: <363636211.1017534637@[192.168.0.1]> References: <200203310002.15027@erwin.ingo-kloecker.de> <363636211.1017534637@[192.168.0.1]> Message-ID: <200203311333.31856@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 31 March 2002 01:30, Oliver Sch=F6nrock wrote: > and look how it displays on the keyserver > (http://math-www.uni-paderborn.de/pgp/): > > Type bits/keyID Date User ID > pub 1024/7B4425EF 2002/03/30 Oliver Sch=C2?nrock > Key fingerprint =3D 47 A7 A0 2C 37 BB 09 00 62 2D AC 41 0A = BC EC > EB 7B 44 25 EF > > nice Umlaut huh? > > BTW Ingo, your key looks similar: > > Type bits/keyID Date User ID > pub 1024/30E0B9D8 2000/10/16 Ingo Kl=C3=B6cker > Key fingerprint =3D 71 2A 09 10 32 1A C7 62 D4 80 54 08 1A = 74 7E > 45 30 E0 B9 D8 > Ingo H. Kl=C3=B6cker > Ingo H. Kl=C3=B6cker > Ingo H. Kl=C3=B6cker > > > Only question I have is why is your O-Umlaut different to mine? Because Ingo's umlaut is valid UTF-8 and your's is not ;-( Did you possibly use gpa-0.5 to create the key? > So is this just a Keyserver/HTML/Char set during diapay issue? Is my ke= y > actually properly encoded? If you force your browser to UTF-8, it should display the umlaut correctl= y.=20 But your key's id isn't properly encoded, sorry. Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8pvQK3oWD+L2/6DgRAtgUAJ4tGq8DStJmKrVedvWTZhen/TVkewCg7z24 vPp6s8xN3hdTsQcgbSa1T3o=3D =3D/gUf -----END PGP SIGNATURE----- From mutz@kde.org Sun Mar 31 14:40:02 2002 From: mutz@kde.org (Marc Mutz) Date: Sun Mar 31 13:40:02 2002 Subject: Removing comment via options file In-Reply-To: References: Message-ID: <200203311337.15133@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 31 March 2002 10:21, Jim Rhodes wrote: > I know that it's possible to remove the comment line from > ciphertext via the command line: > > --comment '' resp. --no-comment > ... but is it possible to remove the comment line via the > options file? Like any other options, you can strip the two leading dashes to obtain a = line=20 that you can put in your .gnupg/options file. Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8pvTq3oWD+L2/6DgRAvQeAKCQ0WtKcRdhMjJnm0D2Fs31LAg04ACguQS6 0HxD9Nrewr3L40va8gMJFjg=3D =3Dom70 -----END PGP SIGNATURE----- From oliver@schonrocks.com Sun Mar 31 14:55:01 2002 From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=) Date: Sun Mar 31 13:55:01 2002 Subject: Creating user id's with International Characters In-Reply-To: <200203311333.31856@sendmail.mutz.com> References: <200203311333.31856@sendmail.mutz.com> Message-ID: <38627653.1017579167@[192.168.0.1]> --==========38652894========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Marc Thanks for confirming that I do in fact have a problem. > If you force your browser to UTF-8, it should display the umlaut > correctly. But your key's id isn't properly encoded, sorry. Yes this works for me. Now I get Ingo Umlaut properly and mine as a box. So = I can clearly see the problem. > Because Ingo's umlaut is valid UTF-8 and your's is not ;-( > Did you possibly use gpa-0.5 to create the key? > No, I didn't. At this stage I have to confess that I use that "temporary=20 workaround until you get a GNU OS" called MS-W2K ;-) So I used the W2K version of gpg (GnuPG) 1.0.6-2 to create my key.=20 Obviously this is via command line and I think this is where the problem=20 stems from. How do I enter the O-Umlaut in a W2K command prompt window which is running = gpg (GnuPG) 1.0.6-2? Currently I am holding down the Alt-key and typing=20 0246 on the numeric keypad. This is obviously not working, ie not giving=20 gpg the correct character. Is there an escape sequence I should using. If=20 so what? Thanks Oliver --==========38652894========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6-2 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjym+JgACgkQCrzs63tEJe9BuACcCP4aJXKkjVLm7P8qiK2rq5z5 Rx4An3cxF7ikCo2sIGjMC2CDxOF7fzuV =l0gn -----END PGP SIGNATURE----- --==========38652894==========-- From jim@deadlock.com Sun Mar 31 14:59:02 2002 From: jim@deadlock.com (Jim Rhodes) Date: Sun Mar 31 13:59:02 2002 Subject: Removing comment via options file In-Reply-To: <200203311337.15133@sendmail.mutz.com> References: <200203311337.15133@sendmail.mutz.com> Message-ID: >> I know that it's possible to remove the comment line from >> ciphertext via the command line: >> >> --comment '' > >resp. --no-comment > >> ... but is it possible to remove the comment line via the >> options file? > > >Like any other options, you can strip the two leading dashes to obtain a line >that you can put in your .gnupg/options file. I originally tried no-comment in the options file but it doesn't actually work, that's why I was asking about it. After some trial and error I came up with the solution: comment "" ... single quotes don't work - go figure. From twoaday@freakmail.de Sun Mar 31 15:37:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Sun Mar 31 14:37:02 2002 Subject: Removing comment via options file In-Reply-To: References: <200203311337.15133@sendmail.mutz.com> Message-ID: <20020331114330.GA2849@daredevil.joesixpack.net> On Sun Mar 31 2002; 12:56, Jim Rhodes wrote: > I originally tried no-comment in the options file but it > doesn't actually work, that's why I was asking about it. FYI (from the manpage): --no-comment Do not write comment packets. This option affects only the generation of secret keys. Please note, that this has nothing to do with the comments in clear text signatures. Timo From mutz@kde.org Sun Mar 31 15:39:01 2002 From: mutz@kde.org (Marc Mutz) Date: Sun Mar 31 14:39:01 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: <005801c1d89b$bbea27a0$3c709d42@sardine> References: <005801c1d89b$bbea27a0$3c709d42@sardine> Message-ID: <200203311436.18506@sendmail.mutz.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 31 March 2002 12:06, Justin Troutman wrote: > > use GnuPG with a more user friendly frontend, but have experience > > working from the prompt on DOS before Windows took over. > > Working with GnuPG via command line is fairly simple, provided you > read over the man file and some documentation, however the GUI > automation is great, but, with GnuPP, of which is explained a bit > below, you can use the GUI utilities or still choose to run it at the > command line. Your call. STOP: If you use GPA-0.5 (aka GnuPP, AFAIK), make sure to generate your=20 keypair (if any) _on the command line_. GPA-0.5 has a nasty bug that will= =20 result in all non-us-ascii characters encoded invalidly. Don't know if th= is=20 slipped into the GnuPP release, but I guess so. Not that it would matter for Greg, but one should be careful when recomme= nding=20 GPA-0.5. Marc - --=20 Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8pwLB3oWD+L2/6DgRAg/XAKCIYx35SWLK6m854La+f6pF+Rez2QCgjkyu 5ZsEdyWvLz5Dv3fIIY/Gcco=3D =3DWcIe -----END PGP SIGNATURE----- From justinrt@bellsouth.net Sun Mar 31 16:06:01 2002 From: justinrt@bellsouth.net (Justin Troutman) Date: Sun Mar 31 15:06:01 2002 Subject: Install GnuPG on Win98? Use GPA? References: <005801c1d89b$bbea27a0$3c709d42@sardine> <200203311436.18506@sendmail.mutz.com> Message-ID: <010101c1d8b4$6c798260$bc709d42@sardine> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Sunday 31 March 2002 12:06, Justin Troutman wrote: > > use GnuPG with a more user friendly frontend, but have experience > > working from the prompt on DOS before Windows took over. > > Working with GnuPG via command line is fairly simple, provided you > read over the man file and some documentation, however the GUI > automation is great, but, with GnuPP, of which is explained a bit > below, you can use the GUI utilities or still choose to run it at the > command line. Your call. >STOP: If you use GPA-0.5 (aka GnuPP, AFAIK), make sure to generate your >keypair (if any) _on the command line_. GPA-0.5 has a nasty bug that will >result in all non-us-ascii characters encoded invalidly. Don't know if this >slipped into the GnuPP release, but I guess so. >Not that it would matter for Greg, but one should be careful when recommending >GPA-0.5. Right, my apologies. I used WinPT for key generation, however, so I've had no problems. GPA 0.5.0 is packaged with GnuPP, so it would be best to either use WinPT or generate from the command line. Thanks for pointing that out, Marc. Justin T. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) - GPGOE Plug-in 0.2.2 Comment: GnuPG - Simple. Robust. Open source. Enough said. http://www.gnupg.org | http://www.gnupp.org iD8DBQE8pwkRnMjKhGLOEDYRA6PDAJ9fWgPl15khJWoyC/1fmmYBTU/L6gCg2dNG KbimtYFMnqCeFaLOJdVG4s0= =Dn1z -----END PGP SIGNATURE----- From twoaday@freakmail.de Sun Mar 31 16:42:01 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Sun Mar 31 15:42:01 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: <010101c1d8b4$6c798260$bc709d42@sardine> References: <005801c1d89b$bbea27a0$3c709d42@sardine> <200203311436.18506@sendmail.mutz.com> <010101c1d8b4$6c798260$bc709d42@sardine> Message-ID: <20020331124547.GA3783@daredevil.joesixpack.net> On Sun Mar 31 2002; 08:03, Justin Troutman wrote: > Right, my apologies. I used WinPT for key generation, however, so > I've had no problems. GPA 0.5.0 is packaged with GnuPP, so it would > be best to either use WinPT or generate from the command line. I realized the problems with German special characters short before the GnuPP package was released so I decided to add UTF8 support for key generation and key listing into WinPT. I guess it's on the TODO list of the GPA to do the same, but I'm not sure when this will happen. Timo From oliver@schonrocks.com Sun Mar 31 18:10:02 2002 From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=) Date: Sun Mar 31 17:10:02 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: <20020331124547.GA3783@daredevil.joesixpack.net> References: <20020331124547.GA3783@daredevil.joesixpack.net> Message-ID: <50352703.1017590893@[192.168.0.1]> --==========50358862========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline > I realized the problems with German special characters short before > the GnuPP package was released so I decided to add UTF8 support for > key generation and key listing into WinPT. With reference to my earlier mails, Subject "Creating user id's with=20 International Characters" I have now also downloaded and installed the GnuPP package. Using WinPT to=20 generate a new key I get exactly the same problem. The Umlaut is not=20 encoded properly into the key. I now suspect that is has to do with the Windows locale setting. My machine = is bought in the UK and I run it with System Locale=3DUK, english keyboard=20 etc... Could this be affecting how GnuPG and/or WinPT read the command=20 line/input box on which I type in the real name. In other words, could it=20 be that not having a German locale and using Alt-0246 to type in the ö=20 character is confusing the applications? This is getting frustrating, please help. Oliver again the new key I have generated, this time using WinPT from the GnuPP: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (MingW32) - WinPT 0.5.7 mQGiBDynIxARBACi49q/oPi6y5AZ1kjO7n+K2bC0q6AVTJ89ydgDMlWD9QrBLctU 3CtvOEoekO3u3lhLRMKo1kcYB+2dT1ADZzcHBXLXEQt5BDAqOG4kL9oLZPloJ1dY 6fa4npzXMxItyjqS8kRHn30l0TzVxI8T8MV+fpaQy1naEgibyeDUcUJZBwCgjCfr MBGL8JapE6BGbKjn79bkyC8D/2c72VdANML1yY2+yPZamj0YRYI6g46L5nwPsxGs +T5GjfFzODvy1GjYiIXqhUQMmzFdvSiTgGZ6FisGihr/4B2qg/aO5daYtEEdCdVE 8TCt678jZ3ukprI4wYVbYLDtHT88ftocNJMnsqydvw12kfzgw+9D+H3yWgIpryE4 HdkuBACeKLirkOrzkXY6E76M2ZofCxmjufq/rfH95S3I+HWa5xxRikKkQutUBzWp w1V2XlPEcfC/TLHAmo3gjGzz9NQMJlLsDnV0k9K6BQregPusXdUtPqsIVTiGMJlb THosxpV1gbao9zPPHlGgUll2sfGv6g/YtDUIlS0TOB4c8YjJ9LQpT2xpdmVyIFNj aMKUbnJvY2sgPG9saXZlckBzY2hvbnJvY2tzLmNvbT6IXQQTEQIAHQUCPKcjEAUJ AeKFAAULBwoDBAMVAwIDFgIBAheAAAoJEMKL64XX1UATXr4An3BYX+KVajp8gipE Xtz6OcvUw8plAJ9Mp2dcllb4hxTjYOk3N4tH4h0er7QyT2xpdmVyIFNjaMO2bnJv Y2sgKGphc3BlcikgPG9saXZlckBzY2hvbnJvY2tzLmNvbT6IXQQTEQIAHQUCPKck EgUJAeKFAAULBwoDBAMVAwIDFgIBAheAAAoJEMKL64XX1UATkg4An0vF817Xfwn8 i86uhU5PQZEPxFa+AJ9CGbQgnI8vre7gUJH4jxEninZhqLkBjQQ8pyMcEAYA4Xa7 wX/xkVmeIUokHp/qnsyZkzGB/7m6SgHAnkNS/PNQnAYWLuCKihPEcDS1+YaSA5l5 JatruEVk6TVkOUYB3K9UHoAiynH48iFLAgTxcmtX6TaKaKSgxyosWBYSKfDi6rjT UQaP6FQUot30NDh/ovcNuYdrKWHGy3t2+MW9uRVzLQz2vDnSkwN6pMLS0eBqg6GC 4h6Am4e7V+X4SJjY1Aoa7pB2iiOFu6hCoSwgb7A7OyOIDVN/BM+ERFCQ5jqrAAMG BgClNyr3ZVxcelK/btjk8PyyoqhT2I3/oOJ0ALK09mUrYV0RroXUa1QMvz/fk3rf DMBFLV8CKGno01TPqKrgionYxz3iX7JAsSBasUiyhswO3eKF1w2kaN53nNfSg5zS tb9MC2ahPnMifNZ7DDyW3Nk0vSiGY3G8N4kSdhqPbR3zaXP/Zi8GUU03ljAIT5tA i+RGmpgimxeZIGvbPIg53ZtUgWPBNzC2i/HxUo0KhEdWsZO07m3TVRvpbXXw9AHf fAaITAQYEQIADAUCPKcjHAUJAeKFAAAKCRDCi+uF19VAE9tOAJ9JCDqBRBb2+4rh 0L1QKQyTEMop4ACfaxeZBGJZ8xsHq9xqu3Y2+G7nfdI=3D =3D+5Vg -----END PGP PUBLIC KEY BLOCK----- --==========50358862========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) iD8DBQE8pyZdliSvuT+ZB4QRAq9jAKCJvWRQitK6Og6w1cWN0QS6jiUHAQCeIicu YlL2Zrv1yy79kLS3srlTvQQ= =7Ol0 -----END PGP SIGNATURE----- --==========50358862==========-- From twoaday@freakmail.de Sun Mar 31 18:18:01 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Sun Mar 31 17:18:01 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: <50352703.1017590893@[192.168.0.1]> References: <20020331124547.GA3783@daredevil.joesixpack.net> <50352703.1017590893@[192.168.0.1]> Message-ID: <20020331142439.GA17579@daredevil.joesixpack.net> On Sun Mar 31 2002; 16:08, Oliver Schönrock wrote: > I have now also downloaded and installed the GnuPP package. Using WinPT > to generate a new key I get exactly the same problem. The Umlaut is not > encoded properly into the key. Hmmm, this is strange. I generated some test keys with international characters in the userID and they were correctly encoded into ISO-8859-1. So the "gpg -k" output was okay. > is bought in the UK and I run it with System Locale=UK, english keyboard > etc... Could this be affecting how GnuPG and/or WinPT read the command > line/input box on which I type in the real name. In other words, could it I'm not sure about this but maybe it caused the problem. > again the new key I have generated, this time using WinPT from the GnuPP: The second userID you created doesn't have charset problems so I guess you created it later with GPG on the command line? Timo From oliver@schonrocks.com Sun Mar 31 18:45:01 2002 From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=) Date: Sun Mar 31 17:45:01 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: <20020331142439.GA17579@daredevil.joesixpack.net> References: <20020331142439.GA17579@daredevil.joesixpack.net> Message-ID: <52448046.1017592988@[192.168.0.1]> --==========52458620========== Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline > > The second userID you created doesn't have charset problems so I guess > you created it later with GPG on the command line? YES!!! You are right. The second key does not have the problem. I didn't notice=20 because WinPT hadn't updated its keycache and I wasn't familiar with the=20 app yet. BUT...The good key was created with WinPT!! so you are also right about it correctly handling the umlaut.. The command line doesn't work no matter what I do. I am sure it is some=20 hidden **%$=A3 option in windows (because I have a UK machine) that is = making=20 the command line box use the wrong character set. If I set the Locale=20 Location under Control Panel/Regional Options/general to Germany and then=20 create a new uid with gpg command line, the following happens: Command> adduid Real name: Oliver Sch=F6nrock Email address: oliver@schonrocks.com Comment: You are using the `iso-8859-1' character set. You selected this USER-ID: "Oliver Sch=F6nrock " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? I only got the ISO-8859-1 message once while in English Locale, when I very = first did this 2 days ago. Now the message is back becaus of the German=20 Locale. It still produces the wrong character for the Umlaut!! anyway my personal problem is solved, since I can generate a key with=20 WinPT!!! but surely there is some really fishy stuff going on with that=20 command line box and Locale setting (or whatever else Windows is hiding). Hope this will help someone in the future. My lesson although I don't fully = understand what happened there is: "if you have a windows system locale other than the language you are trying = to use, don't use command line gpg to make your uid. Use WinPT instead!". Oliver --==========52458620========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) iD8DBQE8py6MliSvuT+ZB4QRAh8eAKCWahkR3kDrwU0DENEPP3nYRYDGZQCdEZ5R wx8EVJgonYgjSiic6WBQ5Ug= =GzaL -----END PGP SIGNATURE----- --==========52458620==========-- From ingo.kloecker@epost.de Sun Mar 31 19:00:02 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Mar 31 18:00:02 2002 Subject: Creating user id's with International Characters In-Reply-To: <38627653.1017579167@[192.168.0.1]> References: <200203311333.31856@sendmail.mutz.com> <38627653.1017579167@[192.168.0.1]> Message-ID: <200203311746.19196@erwin.ingo-kloecker.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 31 March 2002 13:52, Oliver Sch=F6nrock wrote: > How do I enter the O-Umlaut in a W2K command prompt window which is > running gpg (GnuPG) 1.0.6-2? Currently I am holding down the Alt-key > and typing 0246 on the numeric keypad. This is obviously not working, > ie not giving gpg the correct character. Is there an escape sequence > I should using. If so what? Maybe using the option "--charset iso-8859-1" helps. This will force gpg=20 too assume that you use latin1. Now try again to enter the =F6 as above=20 (246 is the correct code for the =F6 in latin1). Alternatively try the option "--charset utf-8" and enter Alt+0195=20 Alt+0182 (this is the utf-8 code for =F6). Regards, Ingo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8py9KGnR+RTDgudgRAuGbAKDCeWtwiBdy/92xTgRyzhlsFHK3JwCbBpb+ kHte4iPXhU6t6BNIi4oJk0c=3D =3DolyQ -----END PGP SIGNATURE----- From Nick Andriash Sun Mar 31 20:15:02 2002 From: Nick Andriash (Nick Andriash) Date: Sun Mar 31 19:15:02 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: References: Message-ID: <19440282497.20020331091146@telus.net> On March 31, 2002 at 09:05:21 AM, Greg wrote: > I've downloaded GnuPG 1.0.6 and GPA. I'm assuming GPA is the standard > Win32 GUI to use with GnuPG I have never tried GPA but from reports I've read you are better advised to run one of the two other Win32 GUI's available: GPGShell v2.27 http://www.jumaros.de/rsoft/gpgshell.html WinPT http://www.winpt.org/ Of the two GUI's mentioned, my favourite is GPGShell but that is just a personal observation. Try them both and compare the two side by side. Nick -- PGP Public Keys: Mailto:andriash@gmx.net?subject=PGPKeys From gw_goldwing@gwstrong.com Sun Mar 31 21:58:01 2002 From: gw_goldwing@gwstrong.com (Greg Strong) Date: Sun Mar 31 20:58:01 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: <19440282497.20020331091146@telus.net> References: <19440282497.20020331091146@telus.net> Message-ID: In article <19440282497.20020331091146@telus.net>, Nick Andriash wrote: > I have never tried GPA but from reports I've read you are better advised > to run one of the two other Win32 GUI's available: > > GPGShell v2.27 > http://www.jumaros.de/rsoft/gpgshell.html > > WinPT > http://www.winpt.org/ > > Of the two GUI's mentioned, my favourite is GPGShell but that is just a > personal observation. Try them both and compare the two side by side. I've already downloaded WinPT. I'm should have it installed and working hopefully before the end of the day. From what I've read, I like the fact it is not email client dependent. Greg Strong Email: gw_goldwing@gwstrong.com Sun, 31 Mar 2002 12:54 CST From Nick Andriash Sun Mar 31 22:13:01 2002 From: Nick Andriash (Nick Andriash) Date: Sun Mar 31 21:13:01 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: References: <19440282497.20020331091146@telus.net> Message-ID: <4347395012.20020331111017@telus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On March 31, 2002 at 11:09:07 AM, Greg wrote: > I've already downloaded WinPT. I'm should have it installed and working > hopefully before the end of the day. From what I've read, I like the fact > it is not email client dependent. None of the Win32 GUI's for GnuPG are Client dependant... that is the beauty of using them. ;o) Nick - -- PGP Public Keys: Mailto:andriash@gmx.net?subject=PGPKeys -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6-2 (MingW32) - GPGshell v2.27 iD8DBQE8p18F2usvuTvKfdIRAo2hAJsE/l37P9p6BsphjqENN8VtcVQg3QCgtvxo S/kTzomavjyQLG1mHNr8kHk= =TPOU -----END PGP SIGNATURE----- From gw_goldwing@gwstrong.com Sun Mar 31 22:26:02 2002 From: gw_goldwing@gwstrong.com (Greg Strong) Date: Sun Mar 31 21:26:02 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: <005801c1d89b$bbea27a0$3c709d42@sardine> References: <005801c1d89b$bbea27a0$3c709d42@sardine> Message-ID: In article <005801c1d89b$bbea27a0$3c709d42@sardine>, Justin Troutman wrote: > I would recommend downloading the GnuPP package, which bundles GnuPG, > GPA, and WinPT together for easy installation. > The GnuPP site it in German, but with a little help from Google > translation, you should be able to comprehend everything at: > > http://translate.google.com/translate?hl=en&sl=de&u=http://www.gnupp.de/&pre > v=/search%3Fq%3DGnuPP%26hl%3Den If the package you are referring to is at http://www.winpt.org/download.html, then I don't believe GPA is bundled. From reading the documentation only WinPT & GnuPG. The site now has documentation in English, so no translation required. > As for integration with mail clients, on my Windows 98 box, I use > GPGOE (for Outlook Express), which utilizes the S/MIME encrypt/sign > buttons (although not using S/MIME) to do the GnuPG encrypt/sign > routines. I am well pleased with it, especially after migrating from > all the GUI eye-candy of PGP and its mail plugins. > > Also, check http://www.gnupg.org/frontends.html for plugins and such > which might be of use to you and whichever mail client you decide on > using. > > Hope this helps you get started with using the application. If you > have any questions, feel free to send 'em on. Since I have NOT used GnuPG, the integration into email is a little vague to me at this time. I will have to install and use. I would imagine the frontend plugins basically make the integration into the email client seamless. One of the reasons I want to try WinPT is the fact that it is not email client dependent. I haven't yet decided what email program I will using long term, so this is a big plus. From the GnuPG reading I've done so far, you can use it to encrypt a message or sign a message. As I understand it the signing of the message authenticates the message being sent by you. Since most of the people I communicate online with do not use PGP, this would be my primary purpose. However, if needed the encryption option is always a big plus. After receiving the WinPT recommendation from you and other sources, I have decided to give it a try. Thanks for the information. Regards, Greg Strong Email: gw_goldwing@gwstrong.com Sun, 31 Mar 2002 13:10 CST From gw_goldwing@gwstrong.com Sun Mar 31 23:04:02 2002 From: gw_goldwing@gwstrong.com (Greg Strong) Date: Sun Mar 31 22:04:02 2002 Subject: Restrictions / Commercial Use? Message-ID: Are there any restrictions on using GnuPG for commercial use? GnuPG says at http://www.gnupg.org/ that "GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions." While the installation instructions for GPGshell at http://www.jfrisch.de/GPG-Install/Seiten-englisch/index.html states that If you want to use GPG in a non-commercial environment I recommend to use the following GPG-version. Please keep in mind that this file contains a version with implemented IDEA-algorithm which is free only for non-commercial use!" On http://www.jumaros.de/rsoft/gpgshell.html the author states that "GPGshell is a graphical interface for GnuPG (GNU Privacy Guard). GnuPG is a free RFC2440 (OpenPGP) compliant replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions." I've scanned the GNU General Public License (GPL) in plain text format at http://www.gnu.org/licenses/gpl.txt. I believe this license governs the distribution of GnuPG. I don't recall seeing any restrictions on use meaning commercial versus non-commercial. The only thing I can see different is the fact that GPGshell installation instructions reference a different file, gnupg-w32-1.0.6.zip, than GnuPG, gnupg-w32-1.0.6-2.zip. I have not installed GnuPG or any frontend. These statements seem to conflict each other, or am I missing something here. Please explain. TIA! Greg Strong Email: gw_goldwing@gwstrong.com Sun, 31 Mar 2002 13:33 CST From gw_goldwing@gwstrong.com Sun Mar 31 23:11:02 2002 From: gw_goldwing@gwstrong.com (Greg Strong) Date: Sun Mar 31 22:11:02 2002 Subject: Install GnuPG on Win98? Use GPA? In-Reply-To: References: <19440282497.20020331091146@telus.net> Message-ID: In article , Greg Strong wrote: > I've already downloaded WinPT. I'm should have it installed and working > hopefully before the end of the day. From what I've read, I like the fact > it is not email client dependent. After further investigation and before installation could someone please explain my other post here with the subject "Restrictions / Commercial Use." TIA! Greg Strong Email: gw_goldwing@gwstrong.com Sun, 31 Mar 2002 14:04 CST From dshaw@jabberwocky.com Sun Mar 31 23:25:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Mar 31 22:25:01 2002 Subject: Restrictions / Commercial Use? In-Reply-To: References: Message-ID: <20020331202153.GH12169@akamai.com> On Sun, Mar 31, 2002 at 02:02:58PM -0600, Greg Strong wrote: > Are there any restrictions on using GnuPG for commercial use? > > GnuPG says at http://www.gnupg.org/ that "GnuPG is a complete and free > replacement for PGP. Because it does not use the patented IDEA > algorithm, it can be used without any restrictions." This is correct. Use it commercially, use it non-commercially, use it for whatever you like. Have fun. However, if you want to use the IDEA cipher then the situation changes a little. The IDEA cipher is patented by a Swiss company called Ascom Systec Ltd. They require a licence for commercial use. GnuPG does not come with IDEA, despite what people may have added to their own copies of the distribution. You don't even need IDEA unless you are trying to communicate with a user who uses certain versions of PGP 2. Since the current version of PGP is 7, it's been a few years since PGP 2... David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From ingo.kloecker@epost.de Sun Mar 31 23:28:01 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Mar 31 22:28:01 2002 Subject: Restrictions / Commercial Use? In-Reply-To: References: Message-ID: <200203312225.32188@erwin.ingo-kloecker.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 31 March 2002 22:02, Greg Strong wrote: > Are there any restrictions on using GnuPG for commercial use? Short answer: No. But... Some binary GnuPG packages for Windows include the non-free IDEA=20 plugin. These packages must not be used in a commercial environment. So, if you want to use GnuPG for commercial use you must install a=20 binary GnuPG package which does not include the IDEA plugin. Hope this helps. Regards, Ingo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8p3C7GnR+RTDgudgRAvf7AJ4xsz2ef5gzIPmSWanLA17eANRZ9wCgyJzj x4Wg9RABZqKpvX1VDsqbvSU=3D =3DNpIZ -----END PGP SIGNATURE-----