From ams@kemisten.nu Tue Oct 1 19:01:02 2002 From: ams@kemisten.nu (Alfred M. Szmidt) Date: Tue Oct 1 18:01:02 2002 Subject: Confused about sub-keys. In-Reply-To: <87wup3ee0l.fsf@lgh163a.kemisten.nu> References: <87it0paqol.fsf@lgh163a.kemisten.nu> <1033371554.854.23.camel@altfrangg> <87wup3ee0l.fsf@lgh163a.kemisten.nu> Message-ID: <87ptuuxi4d.fsf@lgh163a.kemisten.nu> This is an silly, ugly hack to suit my needs nothing else, and I do not recommend anyone to use it either, anyone who does cannot blame me for anything that goes wrong (like gpg sending your secret key and password to some evil three letter agency, etc.). Oh, and it is completely untested! This patch will add "***" to the beginning of the key listing of --list-secret-keys indicate that the secret key is absent. I don't know how much one can trust that sk->protect.s2k.mode will be 1001 when the master key is absent, but it works right now... $ gpg --list-secret-keys /home/ams/.gnupg/secring.gpg --------------------------------- *** sec 1024D/870BB9D7 2002-10-01 test test ssb 1024D/2E38558B 2002-10-01 --- keylist.c.~1~ Fri Sep 20 09:40:22 2002 +++ keylist.c Tue Oct 1 17:52:10 2002 @@ -406,9 +406,13 @@ } if( secret ) { pk = NULL; sk = node->pkt->pkt.secret_key; keyid_from_sk( sk, keyid ); + + if (sk->protect.s2k.mode == 1001) + printf ("*** "); + printf("sec %4u%c/%08lX %s ", nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), (ulong)keyid[1], -- Alfred M. Szmidt From markus_kampkoetter@t-online.de Tue Oct 1 19:10:02 2002 From: markus_kampkoetter@t-online.de (markus_kampkoetter) Date: Tue Oct 1 18:10:02 2002 Subject: Point of view regarding LISA 2002 References: <20020928160931.GA51380@lightship.internal.homeport.org> <3D978E07.300@tls.msk.ru> Message-ID: <17wPc4-213OzZC@fwd03.sul.t-online.com> Michael Tokarev schrieb: > Adam Shostack wrote: > [] > > Now, are these GPG's fault? In most cases, no, they're not. But > > they're problems that we need to address to get say, 10% of the email > > on the net to be encrypted. And if thats a goal, then we need to > > examine the things that are preventing us from hitting it. > > Yeah - learn users to encrypt their emails and there will be > many problems with viruses who will try to use encryption too > thus making it impossible to detect in-transit... Oh well... ;) > > /mjt i do not agree with you. at least you will know for sure who sent the virus to you ;))) and worms cannot use cryptotechnology easily. (one day later) or can they? is it possible to write a script that automatically encrypts to all the keys on ones keyring and sends itself to the corresponding addresses? even if, it never will be able to sign. markus (c: -- markus kampkoetter praxis für chinesische medizin soesterstr. 42 d-48155 münster www.ChinesischeMedizin-online.de # meine e-mails enthalten keine anhänge, die nicht im textkörper namentlich mit ihrer dateiendung aufgeführt werden, ausführbare programme (.exe) verschicke ich grundsätzlich nicht. # From agreene@pobox.com Tue Oct 1 20:30:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Tue Oct 1 19:30:01 2002 Subject: Point of view regarding LISA 2002 In-Reply-To: <17wPc4-213OzZC@fwd03.sul.t-online.com>; from markus_kampkoetter@t-online.de on Tue, Oct 01, 2002 at 06:11:08PM +0200 References: <20020928160931.GA51380@lightship.internal.homeport.org> <3D978E07.300@tls.msk.ru> <17wPc4-213OzZC@fwd03.sul.t-online.com> Message-ID: <20021001133055.A27756@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01-Oct-2002/18:11 +0200, markus_kampkoetter wrote: >Michael Tokarev schrieb: >> Adam Shostack wrote: >> [] >> > Now, are these GPG's fault? In most cases, no, they're not. But >> > they're problems that we need to address to get say, 10% of the email >> > on the net to be encrypted. And if thats a goal, then we need to >> > examine the things that are preventing us from hitting it. >> >> Yeah - learn users to encrypt their emails and there will be >> many problems with viruses who will try to use encryption too >> thus making it impossible to detect in-transit... Oh well... ;) >> >> /mjt >i do not agree with you. at least you will know for sure who sent the >virus to you ;))) and worms cannot use cryptotechnology easily. >(one day later) >or can they? is it possible to write a script that automatically encrypts >to all the keys on ones keyring and sends itself to the corresponding >addresses? even if, it never will be able to sign. How about a worm that does this when run: 1. Read the userids of the keys on the public keyring. Make note of the userid of the first key. 2. Create a separate secring and pubring using the userid from the first key on the original public keyring. 3. Upload this key to multiple keyservers. 4. Send itself as an encrypted attachment to each recipient on the original pubring. Sign the message with the newly created key. If the recipient is configured to automatically fetch keys as needed, and is reading mail online, they may not realize that the key used to verify the sig was just fetched. People generally do not pay that much attention to key IDs. Even if they notice the fetching operation, they might not that that it was significant. The attachment would look legitimate and the recipient might run the executable, thinking that it is safe because it was signed and encrypted from someone they know.i Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9mdvMpCpg3WyUI50RAomAAJ0YcCADCxn+7fuYu4UXnS48H1NejQCfW+sF WtRsBKZ7p56LZeZlXHDuvhc= =48of -----END PGP SIGNATURE----- From cpilkington@ghi.com Tue Oct 1 20:49:01 2002 From: cpilkington@ghi.com (Pilkington, Christopher J.) Date: Tue Oct 1 19:49:01 2002 Subject: GnuPG 1.2.0 binary for Windows NT Message-ID: <630F0B668D03D61189990003470838D301D96F10@ghimail1.ninthave.ghi.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C26972.DD0D4DA0 Content-Type: text/plain; charset="iso-8859-1" Will there be a binary available for GnuPG 1.2.0 for Intel Windows NT platforms with the key revokation patch (and other patches) applied? If not, can someone recommend an easy way to compile the sources under WinNT? Thanks, Christopher J. Pilkington ------_=_NextPart_001_01C26972.DD0D4DA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable GnuPG 1.2.0 binary for Windows NT

Will there be a binary available for GnuPG 1.2.0 for = Intel Windows NT platforms with the key revokation patch (and other = patches) applied?

If not, can someone recommend an easy way to compile = the sources under WinNT?

Thanks,

Christopher J. Pilkington


------_=_NextPart_001_01C26972.DD0D4DA0-- From adam@homeport.org Tue Oct 1 21:12:02 2002 From: adam@homeport.org (Adam Shostack) Date: Tue Oct 1 20:12:02 2002 Subject: Point of view regarding LISA 2002 In-Reply-To: <17wPc4-213OzZC@fwd03.sul.t-online.com> References: <20020928160931.GA51380@lightship.internal.homeport.org> <3D978E07.300@tls.msk.ru> <17wPc4-213OzZC@fwd03.sul.t-online.com> Message-ID: <20021001181238.GA9157@lightship.internal.homeport.org> On Tue, Oct 01, 2002 at 06:11:08PM +0200, markus_kampkoetter wrote: | Michael Tokarev schrieb: | > Adam Shostack wrote: | > [] | > > Now, are these GPG's fault? In most cases, no, they're not. But | > > they're problems that we need to address to get say, 10% of the email | > > on the net to be encrypted. And if thats a goal, then we need to | > > examine the things that are preventing us from hitting it. | > | > Yeah - learn users to encrypt their emails and there will be | > many problems with viruses who will try to use encryption too | > thus making it impossible to detect in-transit... Oh well... ;) | > | > /mjt | i do not agree with you. at least you will know for sure who sent the virus to | you ;))) and worms cannot use cryptotechnology easily. | (one day later) | or can they? is it possible to write a script that automatically encrypts to all | the keys on ones keyring and sends itself to the corresponding addresses? even | if, it never will be able to sign. Because that worm can't sniff your password? Or create an inbound message that requires you to enter you password to decrypt it? Or send your private key off via guntella to other instances of itself? Crypto will make central AV harder. However, central AV is already hard, and the benefits of crypto may be large. (It may be that STARTTLS is more usable..) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From dshaw@jabberwocky.com Tue Oct 1 21:16:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Oct 1 20:16:01 2002 Subject: GnuPG 1.2.0 binary for Windows NT In-Reply-To: <630F0B668D03D61189990003470838D301D96F10@ghimail1.ninthave.ghi.com> References: <630F0B668D03D61189990003470838D301D96F10@ghimail1.ninthave.ghi.com> Message-ID: <20021001181628.GF3209@akamai.com> On Tue, Oct 01, 2002 at 01:49:17PM -0400, Pilkington, Christopher J. wrote: > > Will there be a binary available for GnuPG 1.2.0 for Intel Windows NT > platforms with the key revokation patch (and other patches) applied? Even better - there will be a 1.2.1 fairly soon that contains fixes for the problems that have popped up after the 1.2.0 release. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From paul.healy@goodyear.com Tue Oct 1 21:21:01 2002 From: paul.healy@goodyear.com (paul.healy@goodyear.com) Date: Tue Oct 1 20:21:01 2002 Subject: encrypt multiple files into one singlefile and then decrypt back the original multipe files Message-ID: Can gpg take several cleartext input files and make a single encrypted file that when decrypted creates the original multiple cleartext files? The reason I ask is on an on-going basis. When I need to send files to a remote user, there usually are several files to be sent. Currently if there are five files to be sent, then five ".asc" files are created and sent. I'd like to issue one encrypt command on multiple files get a single encrypted output and e-maili that single file. The remote user would decrypt this single file with the "--use-embedded-filename" flag and magically obtain the mulitple orignal files. Is this something GPG can do? From malte_gell@t-online.de Tue Oct 1 21:37:02 2002 From: malte_gell@t-online.de (Malte Gell) Date: Tue Oct 1 20:37:02 2002 Subject: gpg-agent and other passphrase caching tools Message-ID: <200210012038.10091.malte_gell@t-online.de> I'd like to use some kind of passphrase caching tool with GnuPG 1.2.0=20 and tinkered a bit with gpg-agent 0.9.2. Is gpg-agent stable enough for use in production environments ? It seems=20 to be part of the Aegypten project, will it find its way into the=20 "normal" gpg tree as well ? gpg-agent works well as far as I can see, but are there any other=20 similar tools which may be more mature or what are you using ? Regards, Malte From skquinn@speakeasy.net Tue Oct 1 21:54:02 2002 From: skquinn@speakeasy.net (Shawn K. Quinn) Date: Tue Oct 1 20:54:02 2002 Subject: Point of view regarding LISA 2002 In-Reply-To: <17wPc4-213OzZC@fwd03.sul.t-online.com> References: <3D978E07.300@tls.msk.ru> <17wPc4-213OzZC@fwd03.sul.t-online.com> Message-ID: <200210011355.25133.skquinn@speakeasy.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday October 1 2002 11:11, markus_kampkoetter wrote: > Michael Tokarev schrieb: > > Yeah - learn users to encrypt their emails and there will be > > many problems with viruses who will try to use encryption too > > thus making it impossible to detect in-transit... Oh well... ;) > > i do not agree with you. at least you will know for sure who sent the > virus to you ;)))=20 Actually, no you won't. You only know this when the message is signed,=20 which as you say below, usually won't happen. > and worms cannot use cryptotechnology easily. > (one day later) > or can they? is it possible to write a script that automatically > encrypts to all the keys on ones keyring and sends itself to the > corresponding addresses? even if, it never will be able to sign. The vast majority of the time it won't. In the (hopefully) rare case=20 where the user does not use a passphrase on their secret key, it will.=20 Yet another reason why any passphrase is better than none at all. - --=20 Shawn K. Quinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9me+bQVXDBVmaIp0RAlf1AJsHWVH5mFXeZzAT2I7+KzseOPXRiwCglfbN INy3Wpv5tyBw9l4gP5KfAlo=3D =3DIStg -----END PGP SIGNATURE----- From skquinn@speakeasy.net Tue Oct 1 22:00:02 2002 From: skquinn@speakeasy.net (Shawn K. Quinn) Date: Tue Oct 1 21:00:02 2002 Subject: Point of view regarding LISA 2002 In-Reply-To: <20021001133055.A27756@asmoweb.hqda.pentagon.mil> References: <17wPc4-213OzZC@fwd03.sul.t-online.com> <20021001133055.A27756@asmoweb.hqda.pentagon.mil> Message-ID: <200210011400.54159.skquinn@speakeasy.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday October 1 2002 12:30, Anthony E. Greene wrote: > On 01-Oct-2002/18:11 +0200, markus_kampkoetter=20 wrote: > >i do not agree with you. at least you will know for sure who sent > > the virus to you ;))) and worms cannot use cryptotechnology easily. > > (one day later) > >or can they? is it possible to write a script that automatically > > encrypts to all the keys on ones keyring and sends itself to the > > corresponding addresses? even if, it never will be able to sign. > > How about a worm that does this when run: > > 1. Read the userids of the keys on the public keyring. Make note > of the userid of the first key. > > 2. Create a separate secring and pubring using the userid from the > first key on the original public keyring. > > 3. Upload this key to multiple keyservers. > > 4. Send itself as an encrypted attachment to each recipient on the > original pubring. Sign the message with the newly created key. Sounds pretty devious, but this will probably take up a noticable amount=20 of CPU and (in the case of boxes with a proper /dev/random) the effect=20 on the entropy pool might well be noticed. > If the recipient is configured to automatically fetch keys as needed, > and is reading mail online, they may not realize that the key used to > verify the sig was just fetched.=20 They will if the signature is untrusted and it should not be. KMail=20 makes the distinction painfully obvious; other MUA's with PGP/GnuPG=20 encryption probably do as well. > People generally do not pay that much attention to key IDs. Even if > they notice the fetching operation, they might not that that it was > significant. The attachment would look legitimate and the recipient > might run the executable, thinking that it is safe because it was > signed and encrypted from someone they know.i I know KMail at least does not let you encrypt attachments easily; they=20 have to be encrypted by hand and attached that way. The potential for=20 this kind of worm may well be part of the reason for this. - --=20 Shawn K. Quinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9mfDjQVXDBVmaIp0RAh1LAJ9qqDUYRAdakuUXjujGuiRS2j1T9ACgrWtF YxEspr4NCnNV0wGWTX69j4M=3D =3D73BZ -----END PGP SIGNATURE----- From markus_kampkoetter@t-online.de Tue Oct 1 22:19:02 2002 From: markus_kampkoetter@t-online.de (markus_kampkoetter) Date: Tue Oct 1 21:19:02 2002 Subject: Point of view regarding LISA 2002 References: <20020928160931.GA51380@lightship.internal.homeport.org> <3D978E07.300@tls.msk.ru> <17wPc4-213OzZC@fwd03.sul.t-online.com> <20021001133055.A27756@asmoweb.hqda.pentagon.mil> Message-ID: <17wSZL-1hL6bBC@fwd11.sul.t-online.com> Anthony E. Greene schrieb: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01-Oct-2002/18:11 +0200, markus_kampkoetter > wrote: > >Michael Tokarev schrieb: > >> Adam Shostack wrote: > >> [] > >> > Now, are these GPG's fault? In most cases, no, they're not. But > >> > they're problems that we need to address to get say, 10% of the email > >> > on the net to be encrypted. And if thats a goal, then we need to > >> > examine the things that are preventing us from hitting it. > >> > >> Yeah - learn users to encrypt their emails and there will be > >> many problems with viruses who will try to use encryption too > >> thus making it impossible to detect in-transit... Oh well... ;) > >> > >> /mjt > >i do not agree with you. at least you will know for sure who sent the > >virus to you ;))) and worms cannot use cryptotechnology easily. > >(one day later) > >or can they? is it possible to write a script that automatically encrypts > >to all the keys on ones keyring and sends itself to the corresponding > >addresses? even if, it never will be able to sign. > > How about a worm that does this when run: WHEN RUN! apart from m$outlook, which mua allows attachments to be run without asking the user? > 1. Read the userids of the keys on the public keyring. Make note > of the userid of the first key. > 2. Create a separate secring and pubring using the userid from the > first key on the original public keyring. > 3. Upload this key to multiple keyservers. > 4. Send itself as an encrypted attachment to each recipient on the > original pubring. Sign the message with the newly created key. > If the recipient is configured to automatically fetch keys as needed, and > is reading mail online, they may not realize that the key used to verify > the sig was just fetched. People generally do not pay that much attention > to key IDs. Even if they notice the fetching operation, they might not > that that it was significant. The attachment would look legitimate and the > recipient might run the executable, thinking that it is safe because it > was signed and encrypted from someone they know.i > > > Tony (snip) nice hack, so we have to take a close look at the key if an executable is attached and not run executables until we asked the "original" sender to confirm "his" action. seems to be easy to avoid this kind of attack (because hardly anybody will run executables that they do not expect in advance) - too easy....? markus (c: From dshaw@jabberwocky.com Tue Oct 1 22:28:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Oct 1 21:28:02 2002 Subject: encrypt multiple files into one singlefile and then decrypt back the original multipe files In-Reply-To: References: Message-ID: <20021001192825.GC18514@akamai.com> On Tue, Oct 01, 2002 at 02:21:52PM -0400, paul.healy@goodyear.com wrote: > > > Can gpg take several cleartext input files and make a single encrypted > file that when decrypted creates the original multiple cleartext files? > > The reason I ask is on an on-going basis. When I need to send files to > a remote user, there usually are several files to be sent. Currently > if there are five files to be sent, then five ".asc" files are created > and sent. I'd like to issue one encrypt command on multiple files > get a single encrypted output and e-maili that single file. > The remote user would decrypt this single file with the > "--use-embedded-filename" flag and magically obtain the mulitple orignal > files. > > Is this something GPG can do? Not by itself. The OpenPGP format requires only one "file" inside an encrypted message. You can zip or tar the files together and then encrypt that though. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From agreene@pobox.com Tue Oct 1 22:51:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Tue Oct 1 21:51:02 2002 Subject: encrypt multiple files into one singlefile and then decrypt back the original multipe files In-Reply-To: ; from paul.healy@goodyear.com on Tue, Oct 01, 2002 at 02:21:52PM -0400 References: Message-ID: <20021001155111.B28141@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01-Oct-2002/14:21 -0400, paul.healy@goodyear.com wrote: >Can gpg take several cleartext input files and make a single encrypted >file that when decrypted creates the original multiple cleartext files? No. >The reason I ask is on an on-going basis. When I need to send files to >a remote user, there usually are several files to be sent. Currently >if there are five files to be sent, then five ".asc" files are created >and sent. I'd like to issue one encrypt command on multiple files >get a single encrypted output and e-maili that single file. Create a ZIP archive that contains the files, then encrypt the ZIP file. Assuming you're on a *nix box, you can do this in one step like this: zip - file1 file2 file3 file4 file5 | gpg -eat > outfile.zip.asc If you have the old DOS PKZip on a Winbox, this batch file should work: pkzip outfile.zip file1 file2 file3 file4 file5 gpg -eat outfile.zip The output should be in outfile.zip.asc. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9mfyqpCpg3WyUI50RAnA+AKDAPmTTBGR8+0AA+kL7BFVSUG0EvACgzRM5 Hmt8NAMkoLnfatVIxXcXH+o= =bR0c -----END PGP SIGNATURE----- From markus_kampkoetter@t-online.de Tue Oct 1 22:54:02 2002 From: markus_kampkoetter@t-online.de (markus_kampkoetter) Date: Tue Oct 1 21:54:02 2002 Subject: Point of view regarding LISA 2002 References: <3D978E07.300@tls.msk.ru> <17wPc4-213OzZC@fwd03.sul.t-online.com> <200210011355.25133.skquinn@speakeasy.net> Message-ID: <17wT79-0ZReroC@fwd09.sul.t-online.com> > On Tuesday October 1 2002 11:11, markus_kampkoetter wrote: > > Michael Tokarev schrieb: > > > Yeah - learn users to encrypt their emails and there will be > > > many problems with viruses who will try to use encryption too > > > thus making it impossible to detect in-transit... Oh well... ;) > > > > i do not agree with you. at least you will know for sure who sent the > > virus to you ;))) > > Actually, no you won't. You only know this when the message is signed, > which as you say below, usually won't happen. usually i would not expect someone to run an executable that came with encrypted but not signed mail ;-) > > and worms cannot use cryptotechnology easily. > > (one day later) > > or can they? is it possible to write a script that automatically > > encrypts to all the keys on ones keyring and sends itself to the > > corresponding addresses? even if, it never will be able to sign. > > The vast majority of the time it won't. In the (hopefully) rare case > where the user does not use a passphrase on their secret key, it will. > Yet another reason why any passphrase is better than none at all. you are perfectly right (anyway, everybody should try to find something better than ANY as passphrase ;). i guess tony was closer to the point i was thinking of: if you behave like the cryptosoftware you use wants you to behave, is it still possible to create a worm that uses encryption to hide itsself and spread? as far as i understood until now - any passphrase + offline-check of a key of a strange mail + be carefull running executables - we do not have to expect this too soon? markus (c: -- markus From cpilkington@ghi.com Tue Oct 1 23:09:02 2002 From: cpilkington@ghi.com (Pilkington, Christopher J.) Date: Tue Oct 1 22:09:02 2002 Subject: gpg: protection algorithm 254 is not supported Message-ID: <630F0B668D03D61189990003470838D301D96F12@ghimail1.ninthave.ghi.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C26986.82E205A0 Content-Type: text/plain; charset="iso-8859-1" I've read what caused this error under 1.0.6 when exporting a key from 1.0.7. But why is it happening under 1.2.0? Am I doing something bizarre? What is with the IDEA message? I don't use IDEA. Christopher C:\###############################>gpg --default-key 403fb2a7 --clearsign gpg: protection algorithm 254 is not supported gpg: the IDEA cipher plugin is not present gpg: please see http://www.gnupg.org/why-not-idea.html for more information gpg: no default secret key: unknown cipher algorithm gpg: [stdin]: clearsign failed: unknown cipher algorithm C:\###############################>gpg --version gpg (GnuPG) 1.2.0 Copyright (C) 2002 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: C:/GnuPG Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160 Compress: Uncompressed, ZIP, ZLIB ------_=_NextPart_001_01C26986.82E205A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable gpg: protection algorithm 254 is not supported

I've read what caused this error under 1.0.6 when = exporting a key from 1.0.7.  But why is it happening under = 1.2.0?

Am I doing something bizarre?  What is with the = IDEA message?  I don't use IDEA.

Christopher

C:\###############################>gpg = --default-key 403fb2a7 --clearsign
gpg: protection algorithm 254 is not = supported
gpg: the IDEA cipher plugin is not present
gpg: please see http://www.gnupg.org/why-not-idea.html for more = information
gpg: no default secret key: unknown cipher = algorithm
gpg: [stdin]: clearsign failed: unknown cipher = algorithm

C:\###############################>gpg = --version
gpg (GnuPG) 1.2.0
Copyright (C) 2002 Free Software Foundation, = Inc.
This program comes with ABSOLUTELY NO = WARRANTY.
This is free software, and you are welcome to = redistribute it
under certain conditions. See the file COPYING for = details.

Home: C:/GnuPG
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, = TWOFISH
Hash: MD5, SHA1, RIPEMD160
Compress: Uncompressed, ZIP, ZLIB

------_=_NextPart_001_01C26986.82E205A0-- From dshaw@jabberwocky.com Tue Oct 1 23:38:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Oct 1 22:38:01 2002 Subject: gpg: protection algorithm 254 is not supported In-Reply-To: <630F0B668D03D61189990003470838D301D96F12@ghimail1.ninthave.ghi.com> References: <630F0B668D03D61189990003470838D301D96F12@ghimail1.ninthave.ghi.com> Message-ID: <20021001203858.GC19884@akamai.com> On Tue, Oct 01, 2002 at 04:09:56PM -0400, Pilkington, Christopher J. wrote: > I've read what caused this error under 1.0.6 when exporting a key from > 1.0.7. But why is it happening under 1.2.0? > > Am I doing something bizarre? What is with the IDEA message? I don't use > IDEA. You can ignore the IDEA message. As for the 254 problem, can you do: gpg --export-secret-key 403fb2a7 | gpg --list-packets After the line that begins "skey[3]: ..." there is a line that says something like "iter+salt S2K, algo: 1...". Can you tell me what the line reads? You can snip off the "salt" if you prefer. Also, what version of GnuPG did you generate the key with? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From adulau@foo.be Tue Oct 1 23:43:02 2002 From: adulau@foo.be (Alexandre Dulaunoy) Date: Tue Oct 1 22:43:02 2002 Subject: Point of view regarding LISA 2002 In-Reply-To: Message-ID: On Tue, 1 Oct 2002, Len Sassaman wrote: > On Sat, 28 Sep 2002, Alexandre Dulaunoy wrote: > > > Did you know the presentation ? the speaker ? > > Lots of people on this list know the speaker. I think I'm the only one who > knows the presentation, though there are many people who could give it > just as well. Do you plan to publish the presentation afterwards ? > > > I don't think that GnuPG have failed in their mission. GnuPG is > > usable, there is more and more user-interface integration > > with GnuPG/OpenPGP and the use is increasing quite well. (Just see the > > message signing in mailing-list and so on...) > > You think so? > > Try this experiment: Take a laptop with PGP on it and go down to your > local bar, coffee shop, cafe, etc, and attempt to explain what GnuPG is > good for, how it works, and how one uses it in 5 minutes or less to 10 > random people who have never heard of PGP, and who are of "average" > computer literacy (i.e., they know how to connect to the Internet and use > email, but don't use Linux/Unix and have never compiled a program in their > lives.) I agree with you but this is a real issue for a vast majority of Free Software project and technical issue in general. Digital signature for example is also a real issue to explain clearly to the "average" computer user. (For example, the FINID initiative is also difficult but they are discussions to put this in real and large use) The problem is real but maybe for OpenPGP but also for the vast majority of concept around cryptography. > > How many of them will walk away understanding what you told them? Of > those, how many will become new OpenPGP users? Of those, how many will use > OpenPGP properly in a manner which will actually secure their messages? Yes, that's true but this is not a general failure of the OpenPGP initiative but a general failure of the promotion of the basics around Security. > I'm not going to say anymore about this until after LISA. If you're > planning on attending, please feel free to disagree with me in the Q&A > session after my talk. > Don't hesitate to provide an electronic version of the presentation after LISA to gnupg-user. Thanks a lot for the respond and your time. adulau -- Alexandre Dulaunoy -- http://www.foo.be/ 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD --- AD993-6BONE "People who fight may lose.People who do not fight have already lost." Bertolt Brecht From douggorley@shaw.ca Wed Oct 2 01:52:01 2002 From: douggorley@shaw.ca (Doug Gorley) Date: Wed Oct 2 00:52:01 2002 Subject: encrypt multiple files into one singlefile and then decrypt back the original multipe files In-Reply-To: <20021001155111.B28141@asmoweb.hqda.pentagon.mil> References: <20021001155111.B28141@asmoweb.hqda.pentagon.mil> Message-ID: <1033512752.4715.3.camel@h24-69-83-179> --=-3kscmKbKN2oBCNJggOaq Content-Type: text/plain Content-Transfer-Encoding: quoted-printable >=20 > zip - file1 file2 file3 file4 file5 | gpg -eat > outfile.zip.asc >=20 Interesting. I'm trying to do this using tar and gzip instead of zip, but I'm running into some trouble. The command I'm trying is: tar -cz *.jpg | gpg -eatr douggorley > files.tar.gz.asc Everything appears to work correctly, but once I decrypt the file, gunzip won't recognise it. Any ideas? --=20 Doug Gorley | douggorley@shaw.ca OpenPGP Key ID: 0xA221559B Fingerprint: D707 DB92 E64B 69DA B8C7 2F65 C5A9 5415 A221 559B Interested in public-key cryptography? http://www.gnupg.org/ --=-3kscmKbKN2oBCNJggOaq Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9micvxalUFaIhVZsRAgMhAJ46zHmlEPfq9jx7ywGSAU+VZtWGXgCg9VIp w3EgYEfZYa6/DGt6kpc2FtM= =Eg4P -----END PGP SIGNATURE----- --=-3kscmKbKN2oBCNJggOaq-- From newton@hammet.net Wed Oct 2 02:14:02 2002 From: newton@hammet.net (Newton Hammet) Date: Wed Oct 2 01:14:02 2002 Subject: encrypt multiple files into one singlefile and then decrypt backthe original multipe files References: <20021001155111.B28141@asmoweb.hqda.pentagon.mil> <1033512752.4715.3.camel@h24-69-83-179> Message-ID: <3D9A3AA1.D3AFAD21@hammet.net> Doug Gorley wrote: > > > > > zip - file1 file2 file3 file4 file5 | gpg -eat > outfile.zip.asc > > > > Interesting. I'm trying to do this using tar and gzip instead of zip, > but I'm running into some trouble. The command I'm trying is: > > tar -cz *.jpg | gpg -eatr douggorley > files.tar.gz.asc > > Everything appears to work correctly, but once I decrypt the file, > gunzip won't recognise it. Any ideas? > > -- > Doug Gorley | douggorley@shaw.ca OpenPGP Key ID: 0xA221559B > Fingerprint: D707 DB92 E64B 69DA B8C7 2F65 C5A9 5415 A221 559B > Interested in public-key cryptography? http://www.gnupg.org/ > > ------------------------------------------------------------------------ > Name: signature.asc > signature.asc Type: application/pgp-signature > Description: This is a digitally signed message part I would say try the following ::: 1. Put all files in one directory, say encrypted_files. 2. In the parent directory: Cmdln> tar -covf - encrypted_files |gzip >encrypted_files.tar.gz Cmdln> gpg -sear localid encrypted_files.tar.gz 3. And to decrypt (to test) Cmdln> gpg -d encrypted_files.tar.gz.asc >decrypted Cmdln> md5sum encrpted_files.tar.gz decrypted (or diff, to check whether they match) I say use any localid for which you have secret to test first this is what i did doing the above and it worked for me. Regards, Newton From christophe.labouisse@dial.oleane.com Wed Oct 2 02:58:01 2002 From: christophe.labouisse@dial.oleane.com (Christophe Labouisse) Date: Wed Oct 2 01:58:01 2002 Subject: Cannot revoke signature Message-ID: I'm trying to revoke a signature with GnuPG 1.2.0 but I didn't succed. First I create a revokation certificat using : $ gpg --output revokation.asc --gen-rev KEYID A revokation certificat is created but when I tried to import it I always get the following error : $ gpg --import revokation.asc gpg: key KEYID: invalid revocation certificate: general error - rejected gpg: error reading `revokation.asc': general error gpg: import from `revokation.asc' failed: general error gpg: Total number processed: 0 What I'm I doing wrong ? From dshaw@jabberwocky.com Wed Oct 2 03:13:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 2 02:13:02 2002 Subject: Cannot revoke signature In-Reply-To: References: Message-ID: <20021002001340.GA2254@akamai.com> --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Oct 02, 2002 at 01:59:11AM +0200, Christophe Labouisse wrote: > I'm trying to revoke a signature with GnuPG 1.2.0 but I didn't > succed. > > First I create a revokation certificat using : > > $ gpg --output revokation.asc --gen-rev KEYID > > A revokation certificat is created but when I tried to import it I > always get the following error : > > $ gpg --import revokation.asc > gpg: key KEYID: invalid revocation certificate: general error - rejected > gpg: error reading `revokation.asc': general error > gpg: import from `revokation.asc' failed: general error > gpg: Total number processed: 0 > > What I'm I doing wrong ? Nothing. This is a bug in 1.2.0. There will be a proper fix soon, but in the meantime you can apply this patch. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="revoke.patch" Index: sig-check.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/sig-check.c,v retrieving revision 1.73.2.2 retrieving revision 1.73.2.3 diff -u -r1.73.2.2 -r1.73.2.3 --- sig-check.c 15 Sep 2002 03:15:56 -0000 1.73.2.2 +++ sig-check.c 28 Sep 2002 17:34:43 -0000 1.73.2.3 @@ -521,8 +521,11 @@ return rc; if( sig->sig_class == 0x20 ) { /* key revocation */ - /* designated revoker? */ - if(pk->keyid[0]!=sig->keyid[0] || pk->keyid[1]!=sig->keyid[1]) + u32 keyid[2]; + keyid_from_pk( pk, keyid ); + + /* is it a designated revoker? */ + if(keyid[0]!=sig->keyid[0] || keyid[1]!=sig->keyid[1]) rc=check_revocation_keys(pk,sig); else { --W/nzBZO5zC0uMSeA-- From dshaw@jabberwocky.com Wed Oct 2 03:14:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 2 02:14:02 2002 Subject: encrypt multiple files into one singlefile and then decrypt back the original multipe files In-Reply-To: <1033512752.4715.3.camel@h24-69-83-179> References: <20021001155111.B28141@asmoweb.hqda.pentagon.mil> <1033512752.4715.3.camel@h24-69-83-179> Message-ID: <20021002001435.GB2254@akamai.com> On Tue, Oct 01, 2002 at 03:52:31PM -0700, Doug Gorley wrote: > > > > zip - file1 file2 file3 file4 file5 | gpg -eat > outfile.zip.asc > > > > Interesting. I'm trying to do this using tar and gzip instead of zip, > but I'm running into some trouble. The command I'm trying is: > > tar -cz *.jpg | gpg -eatr douggorley > files.tar.gz.asc > > Everything appears to work correctly, but once I decrypt the file, > gunzip won't recognise it. Any ideas? The 't' in your gpg command line means "textmode". A tarball isn't text, so remove the 't'. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From mike@xminus1.com Wed Oct 2 04:02:01 2002 From: mike@xminus1.com (Mike Kolcun) Date: Wed Oct 2 03:02:01 2002 Subject: Cannot revoke signature In-Reply-To: <20021002001340.GA2254@akamai.com> Message-ID: Wondering if there is a patch for the windows binary? thanks. /Mike Kolcun -----Original Message----- From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]On Behalf Of David Shaw Sent: Tuesday, October 01, 2002 20:14 To: GnuPG Users Subject: Re: Cannot revoke signature On Wed, Oct 02, 2002 at 01:59:11AM +0200, Christophe Labouisse wrote: > I'm trying to revoke a signature with GnuPG 1.2.0 but I didn't > succed. > > First I create a revokation certificat using : > > $ gpg --output revokation.asc --gen-rev KEYID > > A revokation certificat is created but when I tried to import it I > always get the following error : > > $ gpg --import revokation.asc > gpg: key KEYID: invalid revocation certificate: general error - rejected > gpg: error reading `revokation.asc': general error > gpg: import from `revokation.asc' failed: general error > gpg: Total number processed: 0 > > What I'm I doing wrong ? Nothing. This is a bug in 1.2.0. There will be a proper fix soon, but in the meantime you can apply this patch. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------- + "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Oct 2 05:08:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 2 04:08:01 2002 Subject: Cannot revoke signature In-Reply-To: References: <20021002001340.GA2254@akamai.com> Message-ID: <20021002020849.GE2254@akamai.com> > -----Original Message----- > From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]On > Behalf Of David Shaw > Sent: Tuesday, October 01, 2002 20:14 > To: GnuPG Users > Subject: Re: Cannot revoke signature > > > On Wed, Oct 02, 2002 at 01:59:11AM +0200, Christophe Labouisse wrote: > > I'm trying to revoke a signature with GnuPG 1.2.0 but I didn't > > succed. > > > > First I create a revokation certificat using : > > > > $ gpg --output revokation.asc --gen-rev KEYID > > > > A revokation certificat is created but when I tried to import it I > > always get the following error : > > > > $ gpg --import revokation.asc > > gpg: key KEYID: invalid revocation certificate: general error - rejected > > gpg: error reading `revokation.asc': general error > > gpg: import from `revokation.asc' failed: general error > > gpg: Total number processed: 0 > > > > What I'm I doing wrong ? > > Nothing. This is a bug in 1.2.0. There will be a proper fix soon, > but in the meantime you can apply this patch. On Tue, Oct 01, 2002 at 09:03:15PM -0400, Mike Kolcun wrote: > Wondering if there is a patch for the windows binary? There will be a 1.2.1 release for both Windows and Unix fairly soon that contains the fix. In the meantime, if you have a copy of an older GnuPG still around, you can use that to import the revocation certificate (or send it to a friend with the fix and have them send you back the revoked key if that is possible). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Wed Oct 2 10:15:02 2002 From: wk@gnupg.org (Werner Koch) Date: Wed Oct 2 09:15:02 2002 Subject: Point of view regarding LISA 2002 In-Reply-To: <200210011400.54159.skquinn@speakeasy.net> ("Shawn K. Quinn"'s message of "Tue, 1 Oct 2002 14:00:51 -0500") References: <17wPc4-213OzZC@fwd03.sul.t-online.com> <20021001133055.A27756@asmoweb.hqda.pentagon.mil> <200210011400.54159.skquinn@speakeasy.net> Message-ID: <87it0lqpn5.fsf@alberti.gnupg.de> On Tue, 1 Oct 2002 14:00:51 -0500, Shawn K Quinn said: > Sounds pretty devious, but this will probably take up a noticable amount > of CPU and (in the case of boxes with a proper /dev/random) the effect > on the entropy pool might well be noticed. You don't need good random for bogus keys. > I know KMail at least does not let you encrypt attachments easily; they > have to be encrypted by hand and attached that way. The potential for > this kind of worm may well be part of the reason for this. No the reason is that KMail had no real MIME framework; the way attachment used to be handle was a hack. KDE 3.1 comes with a better working MIME implementation. Salam-Shalom, Werner From wk@gnupg.org Wed Oct 2 10:19:01 2002 From: wk@gnupg.org (Werner Koch) Date: Wed Oct 2 09:19:01 2002 Subject: gpg-agent and other passphrase caching tools In-Reply-To: <200210012038.10091.malte_gell@t-online.de> (malte_gell@t-online.de's message of "Tue, 1 Oct 2002 20:38:10 +0200") References: <200210012038.10091.malte_gell@t-online.de> Message-ID: <87elb9qpi5.fsf@alberti.gnupg.de> On Tue, 1 Oct 2002 20:38:10 +0200, Malte Gell said: > Is gpg-agent stable enough for use in production environments ? It seems I use it daily. > to be part of the Aegypten project, will it find its way into the > "normal" gpg tree as well ? Yes, in will be part of 2.0 > gpg-agent works well as far as I can see, but are there any other > similar tools which may be more mature or what are you using ? There is the old gpg-agent form gpg 1.1.1 and there is Quintuple Agent as a gpg independant passphrase caching system. Shalom-Salam, Werner From pt@radvis.nu Wed Oct 2 11:00:02 2002 From: pt@radvis.nu (Per Tunedal) Date: Wed Oct 2 10:00:02 2002 Subject: GPGV does not find the keyring Message-ID: <5.1.0.14.2.20021002095251.00be14f8@qix.netcorps.com> Hi, GPG works fine, but GPGV is unusable! I cannot make it find my keyring when verifying signatures and thus I get an errormessage. It works OK verifying the signatures with GPG instead. Why does not GPGV use the same settings as used by GPG? I tested on a computer running Windows98SE. Per Tunedal From t.liesner@creativ-consulting.de Wed Oct 2 11:00:06 2002 From: t.liesner@creativ-consulting.de (Thomas Liesner) Date: Wed Oct 2 10:00:06 2002 Subject: .gnupg on FlashDisk with autofs (o.t.?) Message-ID: <1033545688.3555.10.camel@Compaq> --=-7vBnB/7NECHgcp6nGkpW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi all, i'm trying to configure my autofs on a SuSE 8.0 Linux-Box to mount my DiskOnKey-FlashDisk automatically after plugging it to the usb-port. I have .gnupg as symbolic link in my homedir to a directory on my flashdisk. Problem is, i can't get the permissions right. I played with the mount-options suid, guid, user, users and umask, but to no success. I can't get gpg to lock files during import, can't chmod to something like 600 etc. Anyone else here using a similar setup? TIA, //Tom --=20 Thomas Liesner - c/o Creativ Consulting GmbH, Ratingen Email: t.liesner@creativ-consulting.de PGP Fingerprint: 7B6B 8364 D205 0FA2 8753 AEE0 70B7 AB3A 06B5 F368 PGP Public Key: http://www.creativ-consulting.de/keys --=-7vBnB/7NECHgcp6nGkpW Content-Type: application/pgp-signature; name=signature.asc Content-Description: Dies ist ein digital signierter Nachrichtenteil -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9mqfXcLerOga182gRAkeiAKDVF3eCympBX8EcPKqOs3eJ69NTpwCfQQ4G ZzZEFuU5sgoG86Q5u1sdZkk= =eiC+ -----END PGP SIGNATURE----- --=-7vBnB/7NECHgcp6nGkpW-- From eugen@leitl.org Wed Oct 2 12:10:02 2002 From: eugen@leitl.org (Eugen Leitl) Date: Wed Oct 2 11:10:02 2002 Subject: .gnupg on FlashDisk with autofs (o.t.?) In-Reply-To: <1033545688.3555.10.camel@Compaq> Message-ID: I've tried doing exactly the same thing like you, and I failed. I would be also interested in hearing about a solution. On 2 Oct 2002, Thomas Liesner wrote: > Hi all, > > i'm trying to configure my autofs on a SuSE 8.0 Linux-Box to mount my > DiskOnKey-FlashDisk automatically after plugging it to the usb-port. > I have .gnupg as symbolic link in my homedir to a directory on my > flashdisk. Problem is, i can't get the permissions right. I played with > the mount-options suid, guid, user, users and umask, but to no success. > > I can't get gpg to lock files during import, can't chmod to something > like 600 etc. > Anyone else here using a similar setup? From rabbi@abditum.com Wed Oct 2 12:20:02 2002 From: rabbi@abditum.com (Len Sassaman) Date: Wed Oct 2 11:20:02 2002 Subject: Point of view regarding LISA 2002 In-Reply-To: Message-ID: On Sat, 28 Sep 2002, Alexandre Dulaunoy wrote: > Did you know the presentation ? the speaker ? Lots of people on this list know the speaker. I think I'm the only one who knows the presentation, though there are many people who could give it just as well. > I don't think that GnuPG have failed in their mission. GnuPG is > usable, there is more and more user-interface integration > with GnuPG/OpenPGP and the use is increasing quite well. (Just see the > message signing in mailing-list and so on...) You think so? Try this experiment: Take a laptop with PGP on it and go down to your local bar, coffee shop, cafe, etc, and attempt to explain what GnuPG is good for, how it works, and how one uses it in 5 minutes or less to 10 random people who have never heard of PGP, and who are of "average" computer literacy (i.e., they know how to connect to the Internet and use email, but don't use Linux/Unix and have never compiled a program in their lives.) How many of them will walk away understanding what you told them? Of those, how many will become new OpenPGP users? Of those, how many will use OpenPGP properly in a manner which will actually secure their messages? (Note: I could just as easily be picking on almost any of the fruits of the Cypherpunk movement. PGP is the one most attendees of LISA will have used at some point, so that is the one I have chosen.) GnuPG is "encryption for the crypto hackers and Linux elite.[1]" I've never heard a mission statement from Werner, so perhaps GnuPG hasn't failed in its mission, if this is what it was striving for. It is far from "encryption for the masses", however, which is what Phil Zimmermann branded PGP. That's not to say I don't think it ever can be... I'm not going to say anymore about this until after LISA. If you're planning on attending, please feel free to disagree with me in the Q&A session after my talk. --Len. [1] Arguably not even this. I had to personally walk Eric Raymond through using gpg to sign my key, since the --interface-was-confusing. Rodney Thayer (one of the co-authors of the OpenPGP RFC) sends me email full of four-letter words I didn't know existed from time to time, when he tries to make GnuPG and PGP play nicely together. Etc. From t.liesner@creativ-consulting.de Wed Oct 2 13:07:02 2002 From: t.liesner@creativ-consulting.de (Thomas Liesner) Date: Wed Oct 2 12:07:02 2002 Subject: .gnupg on FlashDisk with autofs (o.t.?) In-Reply-To: References: Message-ID: <1033553295.1322.7.camel@Compaq> --=-9Z6aDKrCYm+HjhP9kHr9 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, well, i actually resigned... There is no solution for it. The problem is the filesystem. Those flash-disks come with a vfat filesystem out of their box. Vfat does not know anything about users/permissions etc. (hence no chmod/chown etc.). The only solution is to mount it with umask 777 which is not really an option ;) Changing it's filesystem to to something like ext2nd is not working with my MacOS-X box and ufs is not working with my MacOS-9 box... And now think of ntfs... Okay, i think i stick to vfat and keep my hands securly on the disk... Too bad. //Tom Am Mit, 2002-10-02 um 11.10 schrieb Eugen Leitl: >=20 > I've tried doing exactly the same thing like you, and I failed. I would b= e=20 > also interested in hearing about a solution. >=20 > On 2 Oct 2002, Thomas Liesner wrote: >=20 > > Hi all, > >=20 > > i'm trying to configure my autofs on a SuSE 8.0 Linux-Box to mount my > > DiskOnKey-FlashDisk automatically after plugging it to the usb-port. > > I have .gnupg as symbolic link in my homedir to a directory on my > > flashdisk. Problem is, i can't get the permissions right. I played with > > the mount-options suid, guid, user, users and umask, but to no success. > >=20 > > I can't get gpg to lock files during import, can't chmod to something > > like 600 etc. > > Anyone else here using a similar setup? >=20 --=20 Thomas Liesner - c/o Creativ Consulting GmbH, Ratingen Email: t.liesner@creativ-consulting.de PGP Fingerprint: 7B6B 8364 D205 0FA2 8753 AEE0 70B7 AB3A 06B5 F368 PGP Public Key: http://www.creativ-consulting.de/keys --=-9Z6aDKrCYm+HjhP9kHr9 Content-Type: application/pgp-signature; name=signature.asc Content-Description: Dies ist ein digital signierter Nachrichtenteil -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9msWOcLerOga182gRAklwAJ9CHoa6+25n9D42mydXbM5KQPdbyACg+NxB 614mxPa66HRLxnvpM3jr38Y= =7N/4 -----END PGP SIGNATURE----- --=-9Z6aDKrCYm+HjhP9kHr9-- From mortimer.eulenburg@y-e-p.de Wed Oct 2 13:22:02 2002 From: mortimer.eulenburg@y-e-p.de (Mortimer Graf zu Eulenburg) Date: Wed Oct 2 12:22:02 2002 Subject: AW: Point of view regarding LISA 2002 In-Reply-To: Message-ID: <003101c269fd$e9cfd770$fe78a8c0@32241075G> --=_ybicz1fZ.5XiMkIG0nnxfhpcRy8C.P Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I totally agree. For my Berlin-bound point of view even commercial users who should have a vital interest in encryption don?t know much about it or show an increased amount of interest. But as mailcommunication slowly becomes more important i am shure there will be a point where encryption will become standard. Using X.509 certificates.. If the mission statement goes for widely used encryption then the battle is lost. If GnuPG is planned as building a reliable and forthgoing alternative to PGP then the mission is accomplished so far. A battle for wide useage is gonna be won or lost on Windows platforms. As a user of both systems its a sadness for me that some of the generalissimi go parading elsewhere sneezing at several million huns that don?t even know how a pop3 handshake works. WinPT and GPGRelay go a good job on the Battlefield but would need much more workforce than Timo or Andreas could do on their own. However, i am confident with every mission statement and would definitely like to thank the team of GnuPG for their good work so far. Greetz from sunny Berlin Mortimer -----Ursprungliche Nachricht----- Von: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org] Im Auftrag von Len Sassaman Gesendet: Dienstag, 1. Oktober 2002 20:19 An: Alexandre Dulaunoy Cc: gnupg-users@gnupg.org Betreff: Re: Point of view regarding LISA 2002 On Sat, 28 Sep 2002, Alexandre Dulaunoy wrote: > Did you know the presentation ? the speaker ? Lots of people on this list know the speaker. I think I'm the only one who knows the presentation, though there are many people who could give it just as well. > I don't think that GnuPG have failed in their mission. GnuPG is > usable, there is more and more user-interface integration > with GnuPG/OpenPGP and the use is increasing quite well. (Just see the > message signing in mailing-list and so on...) You think so? Try this experiment: Take a laptop with PGP on it and go down to your local bar, coffee shop, cafe, etc, and attempt to explain what GnuPG is good for, how it works, and how one uses it in 5 minutes or less to 10 random people who have never heard of PGP, and who are of "average" computer literacy (i.e., they know how to connect to the Internet and use email, but don't use Linux/Unix and have never compiled a program in their lives.) How many of them will walk away understanding what you told them? Of those, how many will become new OpenPGP users? Of those, how many will use OpenPGP properly in a manner which will actually secure their messages? GnuPG is "encryption for the crypto hackers and Linux elite.[1]" I've never heard a mission statement from Werner, so perhaps GnuPG hasn't failed in its mission, if this is what it was striving for. It is far from "encryption for the masses", however, which is what Phil Zimmermann branded PGP. --=_ybicz1fZ.5XiMkIG0nnxfhpcRy8C.P Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.90 iD8DBQA9msl88w7YcTfn+90RAp0IAJ94MICWhZFVN2+ETqKi2KLmY505eACdEJw3 bPt9fgaWRV6QwC2pzAemOtc= =6v9b -----END PGP SIGNATURE----- --=_ybicz1fZ.5XiMkIG0nnxfhpcRy8C.P-- From cpilkington@ghi.com Wed Oct 2 13:34:02 2002 From: cpilkington@ghi.com (Pilkington, Christopher J.) Date: Wed Oct 2 12:34:02 2002 Subject: .gnupg on FlashDisk with autofs (o.t.?) Message-ID: <630F0B668D03D61189990003470838D301D96F13@ghimail1.ninthave.ghi.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C269FF.5BF31730 Content-Type: text/plain Is there another variety of the hardware someone could recommend that doesn't suffer from this problem? E.g. Memory smart card, cf card, other usb card? Christopher Note: This email may contain confidential info and is intended only for the person or entity to which it is addressed. If you have received this email in error use is prohibited, please contact the sender and delete and destroy the email and all copies. -----Original Message----- From: Thomas Liesner To: Eugen Leitl CC: GnuPG users Sent: Wed Oct 02 06:08:15 2002 Subject: Re: .gnupg on FlashDisk with autofs (o.t.?) ------_=_NextPart_001_01C269FF.5BF31730 Content-Type: text/html Re: .gnupg on FlashDisk with autofs (o.t.?)

Is there another variety of the hardware someone could recommend that doesn't suffer from this problem?

E.g. Memory smart card, cf card, other usb card?

Christopher

Note: This email may contain confidential info and is intended only for the
person or entity to which it is addressed. If you have received this email in
error use is prohibited, please contact the sender and delete and destroy the email and all copies.

-----Original Message-----
From: Thomas Liesner <t.liesner@creativ-consulting.de>
To: Eugen Leitl <eugen@leitl.org>
CC: GnuPG users <gnupg-users@gnupg.org>
Sent: Wed Oct 02 06:08:15 2002
Subject: Re: .gnupg on FlashDisk with autofs (o.t.?)

------_=_NextPart_001_01C269FF.5BF31730-- From t.liesner@creativ-consulting.de Wed Oct 2 15:49:02 2002 From: t.liesner@creativ-consulting.de (Thomas Liesner) Date: Wed Oct 2 14:49:02 2002 Subject: .gnupg on FlashDisk with autofs (o.t.?) In-Reply-To: <630F0B668D03D61189990003470838D301D96F13@ghimail1.ninthave.ghi.com> References: <630F0B668D03D61189990003470838D301D96F13@ghimail1.ninthave.ghi.com> Message-ID: <1033563069.1540.50.camel@Compaq> --=-aRMHpTuqboWuuBgjLqwB Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, every mountable device suffers from this problem when you need it on different os's... It's not a problem of the device. It's a incompatibilty problem of filesystems. As long as you stick to one or two os's you are absolutly fine with these disks or floppys or hdd's or what ever... As soon as i can get rid of my MacOS 9 box i'll change the fs to ufs and can work happily on both os's (Linux and MacOS X) with permission and user-rights etc. It was my fault to start this thread anyway, because i didn't think... //Tom Am Mit, 2002-10-02 um 12.35 schrieb Pilkington, Christopher J.: >=20 > Is there another variety of the hardware someone could recommend that > doesn't suffer from this problem? >=20 > E.g. Memory smart card, cf card, other usb card? >=20 > Christopher >=20 --=20 Thomas Liesner - c/o Creativ Consulting GmbH, Ratingen Email: t.liesner@creativ-consulting.de PGP Fingerprint: 7B6B 8364 D205 0FA2 8753 AEE0 70B7 AB3A 06B5 F368 PGP Public Key: http://www.creativ-consulting.de/keys --=-aRMHpTuqboWuuBgjLqwB Content-Type: application/pgp-signature; name=signature.asc Content-Description: Dies ist ein digital signierter Nachrichtenteil -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9muu9cLerOga182gRAiKkAKCaKKyRkDvj8+Z5Kye0OmGCM3N3RQCbBhil v8bsUvtNy5okZJNWSf5IX7g= =Loau -----END PGP SIGNATURE----- --=-aRMHpTuqboWuuBgjLqwB-- From cpilkington@ghi.com Wed Oct 2 15:55:02 2002 From: cpilkington@ghi.com (Pilkington, Christopher J.) Date: Wed Oct 2 14:55:02 2002 Subject: gpg: protection algorithm 254 is not supported Message-ID: <630F0B668D03D61189990003470838D301D96F14@ghimail1.ninthave.ghi.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C26A12.FA88F370 Content-Type: text/plain; charset="iso-8859-1" Here is the output. If anything in this compromises my key, I'm guessing I'll need to revoke it... C:\gnupg>gpg --export-secret-key 403fb2a7 | gpg --list-packets :secret key packet: version 4, algo 17, created 1033481372, expires 0 skey[0]: [1024 bits] skey[1]: [160 bits] skey[2]: [1023 bits] skey[3]: [1022 bits] simple S2K, algo: 254, simple checksum, hash: 1 protect IV: 03 03 02 54 4c 6f c7 c2 encrypted stuff follows :user ID packet: "Christopher J. Pilkington (Group Health Incorporated) " :signature packet: algo 17, keyid 6674999F403FB2A7 version 4, created 1033481372, md5len 0, sigclass 13 digest algo 2, begin of digest b7 cf hashed subpkt 2 len 5 (sig created 2002-10-01) hashed subpkt 9 len 5 (key expires after 1y0d0h0m) hashed subpkt 11 len 4 (pref-sym-algos: 7 3 2) hashed subpkt 21 len 3 (pref-hash-algos: 2 3) hashed subpkt 22 len 3 (pref-zip-algos: 2 1) hashed subpkt 30 len 2 (features: 01) hashed subpkt 23 len 2 (key server preferences: 80) subpkt 16 len 9 (issuer key ID 6674999F403FB2A7) data: [159 bits] data: [155 bits] :secret sub key packet: version 4, algo 16, created 1033481385, expires 0 skey[0]: [2048 bits] skey[1]: [3 bits] skey[2]: [2047 bits] simple S2K, algo: 254, simple checksum, hash: 1 protect IV: 03 03 02 54 4c 6f c7 c2 encrypted stuff follows :signature packet: algo 17, keyid 6674999F403FB2A7 version 4, created 1033481385, md5len 0, sigclass 18 digest algo 2, begin of digest d7 97 hashed subpkt 2 len 5 (sig created 2002-10-01) hashed subpkt 9 len 5 (key expires after 1y0d0h0m) subpkt 16 len 9 (issuer key ID 6674999F403FB2A7) data: [156 bits] data: [159 bits] It's all crypto to me... :-) I'm not exactly sure now which version I used. I had 1.0.6, 1.2.0 and Nullify's 1.0.7 R2 binary installed at the same time. (Bad idea.) Any help would be greatly appreciated. -----Original Message----- From: David Shaw [mailto:dshaw@jabberwocky.com] Sent: Tuesday, 01 October 2002 16:39 To: 'gnupg-users@gnupg.org' Subject: Re: gpg: protection algorithm 254 is not supported On Tue, Oct 01, 2002 at 04:09:56PM -0400, Pilkington, Christopher J. wrote: > I've read what caused this error under 1.0.6 when exporting a key from > 1.0.7. But why is it happening under 1.2.0? > > Am I doing something bizarre? What is with the IDEA message? I don't use > IDEA. You can ignore the IDEA message. As for the 254 problem, can you do: gpg --export-secret-key 403fb2a7 | gpg --list-packets After the line that begins "skey[3]: ..." there is a line that says something like "iter+salt S2K, algo: 1...". Can you tell me what the line reads? You can snip off the "salt" if you prefer. Also, what version of GnuPG did you generate the key with? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------- + "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ------_=_NextPart_001_01C26A12.FA88F370 Content-Type: text/html; charset="iso-8859-1" RE: gpg: protection algorithm 254 is not supported

Here is the output.  If anything in this compromises my key, I'm guessing I'll need to revoke it...

C:\gnupg>gpg --export-secret-key 403fb2a7 | gpg --list-packets
:secret key packet:
        version 4, algo 17, created 1033481372, expires 0
        skey[0]: [1024 bits]
        skey[1]: [160 bits]
        skey[2]: [1023 bits]
        skey[3]: [1022 bits]
        simple S2K, algo: 254, simple checksum, hash: 1
        protect IV:  03 03 02 54 4c 6f c7 c2
        encrypted stuff follows
:user ID packet: "Christopher J. Pilkington (Group Health Incorporated) <cpilkington@ghi.com>"
:signature packet: algo 17, keyid 6674999F403FB2A7
        version 4, created 1033481372, md5len 0, sigclass 13
        digest algo 2, begin of digest b7 cf
        hashed subpkt 2 len 5 (sig created 2002-10-01)
        hashed subpkt 9 len 5 (key expires after 1y0d0h0m)
        hashed subpkt 11 len 4 (pref-sym-algos: 7 3 2)
        hashed subpkt 21 len 3 (pref-hash-algos: 2 3)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 1)
        hashed subpkt 30 len 2 (features: 01)
        hashed subpkt 23 len 2 (key server preferences: 80)
        subpkt 16 len 9 (issuer key ID 6674999F403FB2A7)
        data: [159 bits]
        data: [155 bits]
:secret sub key packet:
        version 4, algo 16, created 1033481385, expires 0
        skey[0]: [2048 bits]
        skey[1]: [3 bits]
        skey[2]: [2047 bits]
        simple S2K, algo: 254, simple checksum, hash: 1
        protect IV:  03 03 02 54 4c 6f c7 c2
        encrypted stuff follows
:signature packet: algo 17, keyid 6674999F403FB2A7
        version 4, created 1033481385, md5len 0, sigclass 18
        digest algo 2, begin of digest d7 97
        hashed subpkt 2 len 5 (sig created 2002-10-01)
        hashed subpkt 9 len 5 (key expires after 1y0d0h0m)
        subpkt 16 len 9 (issuer key ID 6674999F403FB2A7)
        data: [156 bits]
        data: [159 bits]

It's all crypto to me... :-)

I'm not exactly sure now which version I used.  I had 1.0.6, 1.2.0 and Nullify's 1.0.7 R2 binary installed at the same time.  (Bad idea.)

Any help would be greatly appreciated.

-----Original Message-----
From: David Shaw [mailto:dshaw@jabberwocky.com]
Sent: Tuesday, 01 October 2002 16:39
To: 'gnupg-users@gnupg.org'
Subject: Re: gpg: protection algorithm 254 is not supported


On Tue, Oct 01, 2002 at 04:09:56PM -0400, Pilkington, Christopher J. wrote:
> I've read what caused this error under 1.0.6 when exporting a key from
> 1.0.7.  But why is it happening under 1.2.0?
>
> Am I doing something bizarre?  What is with the IDEA message?  I don't use
> IDEA.

You can ignore the IDEA message.  As for the 254 problem, can you do:

gpg --export-secret-key 403fb2a7 | gpg --list-packets

After the line that begins "skey[3]: ..." there is a line that says
something like "iter+salt S2K, algo: 1...".  Can you tell me what the
line reads?  You can snip off the "salt" if you prefer.

Also, what version of GnuPG did you generate the key with?

David

--
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

------_=_NextPart_001_01C26A12.FA88F370-- From dshaw@jabberwocky.com Wed Oct 2 16:12:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 2 15:12:02 2002 Subject: gpg: protection algorithm 254 is not supported In-Reply-To: <630F0B668D03D61189990003470838D301D96F14@ghimail1.ninthave.ghi.com> References: <630F0B668D03D61189990003470838D301D96F14@ghimail1.ninthave.ghi.com> Message-ID: <20021002131247.GA15951@akamai.com> On Wed, Oct 02, 2002 at 08:55:26AM -0400, Pilkington, Christopher J. wrote: > Here is the output. If anything in this compromises my key, I'm guessing > I'll need to revoke it... > > C:\gnupg>gpg --export-secret-key 403fb2a7 | gpg --list-packets > :secret key packet: > version 4, algo 17, created 1033481372, expires 0 > skey[0]: [1024 bits] > skey[1]: [160 bits] > skey[2]: [1023 bits] > skey[3]: [1022 bits] > simple S2K, algo: 254, simple checksum, hash: 1 [..] > I'm not exactly sure now which version I used. I had 1.0.6, 1.2.0 and > Nullify's 1.0.7 R2 binary installed at the same time. (Bad idea.) Hmm. What version of gpg were you running for the above message? Are you sure it is not 1.0.6 ? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From cpilkington@ghi.com Wed Oct 2 16:38:02 2002 From: cpilkington@ghi.com (Pilkington, Christopher J.) Date: Wed Oct 2 15:38:02 2002 Subject: gpg: protection algorithm 254 is not supported Message-ID: <630F0B668D03D61189990003470838D301D96F15@ghimail1.ninthave.ghi.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C26A19.12172AB0 Content-Type: text/plain Definately 1.2.0. I uninstalled the others. I also tried this with 1.2.0 under Linux. Note: This email may contain confidential info and is intended only for the person or entity to which it is addressed. If you have received this email in error use is prohibited, please contact the sender and delete and destroy the email and all copies. -----Original Message----- From: David Shaw To: Pilkington, Christopher J. CC: 'gnupg-users@gnupg.org' Sent: Wed Oct 02 09:12:48 2002 Subject: Re: gpg: protection algorithm 254 is not supported On Wed, Oct 02, 2002 at 08:55:26AM -0400, Pilkington, Christopher J. wrote: > Here is the output. If anything in this compromises my key, I'm guessing > I'll need to revoke it... > > C:\gnupg>gpg --export-secret-key 403fb2a7 | gpg --list-packets > :secret key packet: > version 4, algo 17, created 1033481372, expires 0 > skey[0]: [1024 bits] > skey[1]: [160 bits] > skey[2]: [1023 bits] > skey[3]: [1022 bits] > simple S2K, algo: 254, simple checksum, hash: 1 [..] > I'm not exactly sure now which version I used. I had 1.0.6, 1.2.0 and > Nullify's 1.0.7 R2 binary installed at the same time. (Bad idea.) Hmm. What version of gpg were you running for the above message? Are you sure it is not 1.0.6 ? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------- + "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson ------_=_NextPart_001_01C26A19.12172AB0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable Re: gpg: protection algorithm 254 is not supported

Definately 1.2.0.  I uninstalled the others. I = also tried this with 1.2.0 under Linux.

Note: This email may contain confidential info and is = intended only for the
person or entity to which it is addressed. If you = have received this email in
error use is prohibited, please contact the sender = and delete and destroy the email and all copies.

-----Original Message-----
From: David Shaw = <dshaw@jabberwocky.com>
To: Pilkington, Christopher J. = <cpilkington@ghi.com>
CC: 'gnupg-users@gnupg.org' = <gnupg-users@gnupg.org>
Sent: Wed Oct 02 09:12:48 2002
Subject: Re: gpg: protection algorithm 254 is not = supported

On Wed, Oct 02, 2002 at 08:55:26AM -0400, Pilkington, = Christopher J. wrote:
> Here is the output.  If anything in this = compromises my key, I'm guessing
> I'll need to revoke it...
>
> C:\gnupg>gpg --export-secret-key 403fb2a7 | = gpg --list-packets
> :secret key packet:
>         = version 4, algo 17, created 1033481372, expires 0
>         = skey[0]: [1024 bits]
>         = skey[1]: [160 bits]
>         = skey[2]: [1023 bits]
>         = skey[3]: [1022 bits]
>         = simple S2K, algo: 254, simple checksum, hash: 1

[..]

> I'm not exactly sure now which version I = used.  I had 1.0.6, 1.2.0 and
> Nullify's 1.0.7 R2 binary installed at the same = time.  (Bad idea.)

Hmm.  What version of gpg were you running for = the above message?  Are
you sure it is not 1.0.6 ?

David

--
   David Shaw  |  = dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------= -------------+
   "There are two major products that = come out of Berkeley: LSD and UNIX.
      We don't believe this = to be a coincidence." - Jeremy S. Anderson

------_=_NextPart_001_01C26A19.12172AB0-- From agreene@pobox.com Wed Oct 2 16:45:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Wed Oct 2 15:45:02 2002 Subject: Point of view regarding LISA 2002 In-Reply-To: <17wSZL-1hL6bBC@fwd11.sul.t-online.com>; from markus_kampkoetter@t-online.de on Tue, Oct 01, 2002 at 09:20:31PM +0200 References: <20020928160931.GA51380@lightship.internal.homeport.org> <3D978E07.300@tls.msk.ru> <17wPc4-213OzZC@fwd03.sul.t-online.com> <20021001133055.A27756@asmoweb.hqda.pentagon.mil> <17wSZL-1hL6bBC@fwd11.sul.t-online.com> Message-ID: <20021002094528.A29543@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01-Oct-2002/21:20 +0200, markus_kampkoetter wrote: > >WHEN RUN! apart from m$outlook, which mua allows attachments to be run >without asking the user? [snip] >nice hack, so we have to take a close look at the key if an executable is >attached and not run executables until we asked the "original" sender to >confirm "his" action. seems to be easy to avoid this kind of attack >(because hardly anybody will run executables that they do not expect in >advance) - too easy....? You pointed out the two biggest weaknesses in my hack. The current Linux population is not a good target for this kind of attack. I just described one scenario just to point out that encryption and signatures are not necessarily a cure for worms and viruses. Human factors combined with current interface limitations can still allow a worm to propagate. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9mvhzpCpg3WyUI50RAq3AAKDTscFKpNFu4sJt0ZhNnnx47ENWzgCeNkMW FPEl5TDilCO2qT4OzbJ65Ac= =Kn/J -----END PGP SIGNATURE----- From wk@gnupg.org Wed Oct 2 16:45:06 2002 From: wk@gnupg.org (Werner Koch) Date: Wed Oct 2 15:45:06 2002 Subject: gpg: protection algorithm 254 is not supported In-Reply-To: <630F0B668D03D61189990003470838D301D96F14@ghimail1.ninthave.ghi.com> ("Pilkington, Christopher J."'s message of "Wed, 2 Oct 2002 08:55:26 -0400") References: <630F0B668D03D61189990003470838D301D96F14@ghimail1.ninthave.ghi.com> Message-ID: <87r8f9neg3.fsf@alberti.gnupg.de> On Wed, 2 Oct 2002 08:55:26 -0400, Pilkington, Christopher J said: > Here is the output. If anything in this compromises my key, I'm guessing > I'll need to revoke it... No. > simple S2K, algo: 254, simple checksum, hash: 1 You have listed this using gpg < 1.0.7, right? 254 indicates the new SHA1 protection but old versions of GnuPG didn't know about this and assumed this is the protection algorithm. OpenPGP recently changed the meaning of the protection algo 254 which could be done because algorithm numbers > 127 were not defined. If you want to export this key so that 1.0.6 can use it, do a gpg --export-secret-key --simple-sk-checksum 0x12345678 >mykey.sec with gnupg >= 1.0.7 Does it work now? Shalom-Salam, Werner From dshaw@jabberwocky.com Wed Oct 2 18:55:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 2 17:55:01 2002 Subject: gpg: protection algorithm 254 is not supported In-Reply-To: <630F0B668D03D61189990003470838D301D96F15@ghimail1.ninthave.ghi.com> References: <630F0B668D03D61189990003470838D301D96F15@ghimail1.ninthave.ghi.com> Message-ID: <20021002155541.GA1950@akamai.com> On Wed, Oct 02, 2002 at 09:39:03AM -0400, Pilkington, Christopher J. wrote: > > Definately 1.2.0. I uninstalled the others. I also tried this with 1.2.0 > under Linux. I believe you just discovered a bug in 1.0.6. As best as I can tell, you generated the key with 1.0.7 or 1.2.0, used it in 1.0.6, and then used it in 1.0.7 or 1.2.0. There is a bug in 1.0.6 that damaged the key. Unfortunately, I'm afraid the key is now corrupted and is not recoverable. Do you have a backup? If so, import it into 1.0.7 or 1.2.0 and you should be okay. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From cpilkington@ghi.com Wed Oct 2 19:34:04 2002 From: cpilkington@ghi.com (Pilkington, Christopher J.) Date: Wed Oct 2 18:34:04 2002 Subject: gpg: protection algorithm 254 is not supported Message-ID: <630F0B668D03D61189990003470838D301D96F16@ghimail1.ninthave.ghi.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C26A31.9FFC9EB0 Content-Type: text/plain; charset="iso-8859-1" No. This listing is from 1.2.0! I uninstalled the others. I also tried this with 1.2.0 under Linux. I attempted to use the key under PGP 6.5.8 (ugh!) and I didn't get an error, but it pretended like I had the wrong passphrase. I also attempted to use the key under Nullify gnupg 1.1.91-nr1, to no avail, with the same errors and same --list-packets output. I can't seem to find a single version of the software that can read this key! And I was dumb enough to send the public part out to the keyservers already! Christopher -----Original Message----- From: Werner Koch [mailto:wk@gnupg.org] Sent: Wednesday, 02 October 2002 09:44 To: Pilkington, Christopher J. Cc: 'gnupg-users@gnupg.org'; 'David Shaw' Subject: Re: gpg: protection algorithm 254 is not supported On Wed, 2 Oct 2002 08:55:26 -0400, Pilkington, Christopher J said: > Here is the output. If anything in this compromises my key, I'm guessing > I'll need to revoke it... No. > simple S2K, algo: 254, simple checksum, hash: 1 You have listed this using gpg < 1.0.7, right? 254 indicates the new SHA1 protection but old versions of GnuPG didn't know about this and assumed this is the protection algorithm. OpenPGP recently changed the meaning of the protection algo 254 which could be done because algorithm numbers > 127 were not defined. If you want to export this key so that 1.0.6 can use it, do a gpg --export-secret-key --simple-sk-checksum 0x12345678 >mykey.sec with gnupg >= 1.0.7 Does it work now? Shalom-Salam, Werner ------_=_NextPart_001_01C26A31.9FFC9EB0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: gpg: protection algorithm 254 is not supported

No.  This listing is from 1.2.0!  I = uninstalled the others. I also tried this with 1.2.0 under = Linux.

I attempted to use the key under PGP 6.5.8 (ugh!) and = I didn't get an error, but it pretended like I had the wrong = passphrase.

I also attempted to use the key under Nullify gnupg = 1.1.91-nr1, to no avail, with the same errors and same --list-packets = output.

I can't seem to find a single version of the software = that can read this key!  And I was dumb enough to send the public = part out to the keyservers already!

Christopher

-----Original Message-----
From: Werner Koch [mailto:wk@gnupg.org]
Sent: Wednesday, 02 October 2002 09:44
To: Pilkington, Christopher J.
Cc: 'gnupg-users@gnupg.org'; 'David Shaw'
Subject: Re: gpg: protection algorithm 254 is not = supported


On Wed, 2 Oct 2002 08:55:26 -0400, Pilkington, = Christopher J said:

> Here is the output.  If anything in this = compromises my key, I'm guessing
> I'll need to revoke it...

No.

>         = simple S2K, algo: 254, simple checksum, hash: 1

You have listed this using gpg < 1.0.7, = right?

254 indicates the new SHA1 protection but old = versions of GnuPG didn't
know about this and assumed this is the protection = algorithm.  OpenPGP
recently changed the meaning of the protection algo = 254 which could be
done because algorithm numbers > 127 were not = defined.

If you want to export this key so that 1.0.6 can use = it, do a

  gpg --export-secret-key --simple-sk-checksum = 0x12345678 >mykey.sec

with gnupg >=3D 1.0.7

Does it work now?


Shalom-Salam,

   Werner

------_=_NextPart_001_01C26A31.9FFC9EB0-- From johanw@vulcan.xs4all.nl Wed Oct 2 21:36:03 2002 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Wed Oct 2 20:36:03 2002 Subject: Question about random number generation In-Reply-To: from Francis Litterio at "Sep 30, 2002 03:38:25 pm" Message-ID: <200210012007.WAA01129@vulcan.xs4all.nl> Francis Litterio wrote: > On Linux, GnuPG can be configured via --enable-static-rnd=linux to use > /dev/random, the Linux entropy pool, or via --enable-static-rnd=egd to > use the Entropy Gathering Daemon (EGD). I don't know which is the > default, but if you build from source, you have control over this. Yes, but that doesn't answer my question since I created that key with pgp 2.6.3ia, not with GnuPG. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From Weimer@CERT.Uni-Stuttgart.DE Wed Oct 2 21:46:04 2002 From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer) Date: Wed Oct 2 20:46:04 2002 Subject: WARNING: message was not integrity protected Message-ID: <87k7l0oeyt.fsf@Login.CERT.Uni-Stuttgart.DE> This warning is generated if a encrypted + signed message is decrypted. The MDC is probably omitted because the signature is more than sufficient, so nothing bad is going on, but the message is a bit confusing nevertheless (and dilutes the severity of the message in other contexts). -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 From cgordon@clarksville.com Thu Oct 3 00:03:08 2002 From: cgordon@clarksville.com (cgordon) Date: Wed Oct 2 23:03:08 2002 Subject: how do I make my \n newline characters not turn into funky squares? Message-ID: <000001c26a57$26dad5d0$6601a8c0@cool> This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C26A2D.3E065470 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit I am using php to encode a text file stored in a string variable. When I go to decode the email in outlook, all the newline characters(\n) are displayed as wierd square boxes and the line returns are not present. What can I use to trigger a newline that actually works. Chris ------=_NextPart_000_0001_01C26A2D.3E065470 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message
I am = using php to=20 encode a text file stored in a string variable.  When I go to = decode the=20 email in outlook, all the newline characters(\n) are displayed as = wierd=20 square boxes and the line returns are not present.  What can I use = to=20 trigger a newline that actually works.
Chris
------=_NextPart_000_0001_01C26A2D.3E065470-- From cwsiv_home1@juno.com Thu Oct 3 00:18:07 2002 From: cwsiv_home1@juno.com (carl w spitzer) Date: Wed Oct 2 23:18:07 2002 Subject: FREE Virus And Spam Protection for Windows Users Message-ID: <20021002.141608.12711.0.cwsiv_home1@juno.com> AVG 6.0 http://www.grisoft.com (FREE) ZoneAlarm http://www.zonelabs.com (FREE) MailWasher http://www.mailwasher.net (FREE) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- FPROT http://www.F-PROT.com DOS/Windows, Win32 & Linux If anyone has more to recommend Please add to the collection & reply to all. CWSIV ________________________________________________________________ GET INTERNET ACCESS FROM JUNO! Juno offers FREE or PREMIUM Internet access for less! Join Juno today! For your FREE software, visit: http://dl.www.juno.com/get/web/. From dshaw@jabberwocky.com Thu Oct 3 00:22:05 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 2 23:22:05 2002 Subject: Confused about sub-keys. In-Reply-To: <87wup3ee0l.fsf@lgh163a.kemisten.nu> References: <87it0paqol.fsf@lgh163a.kemisten.nu> <1033371554.854.23.camel@altfrangg> <87wup3ee0l.fsf@lgh163a.kemisten.nu> Message-ID: <20021002212253.GH1950@akamai.com> On Mon, Sep 30, 2002 at 04:41:14PM +0200, Alfred M. Szmidt wrote: > "Adrian 'Dagurashibanipal' von Bidder" writes: > > On Sun, 2002-09-29 at 15:08, Alfred M. Szmidt wrote: > > > Hi, > > > > > > Is it possible to store a sub-key separate from the "master" key (for > > > the purpose to store the master key off-line, and then only using the > > > sub-key for encryption, or something along those lines)? > > > > Hi! > > > > It is possible, but the solution is not very elegant and has some > > implications on people verifying your signatures. > > > See the notice in my email .sig, look at my key, and look at > > http://fortytwo.ch/gpg/subkeys > > Oh, now that is great. Now the only thing left is to get > --list-secret-keys to output some useful information if the master > key is not present. Or is this already implemented in GnuPG 1.2.0? It's in 1.2.1: sec# 4096R/99242560 2002-01-28 David M. Shaw ssb 2048g/1643B926 2002-01-28 Look for the '#'. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Thu Oct 3 02:17:13 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 3 01:17:13 2002 Subject: gnupg on FlashDisk with autofs (o.t.?) In-Reply-To: <1033553295.1322.7.camel@Compaq> References: <1033553295.1322.7.camel@Compaq> Message-ID: <20021002231810.GN1950@akamai.com> On Wed, Oct 02, 2002 at 12:08:15PM +0200, Thomas Liesner wrote: > Hi, > > well, i actually resigned... There is no solution for it. > The problem is the filesystem. Those flash-disks come with a vfat > filesystem out of their box. Vfat does not know anything about > users/permissions etc. (hence no chmod/chown etc.). The only solution is > to mount it with umask 777 which is not really an option ;) Changing > it's filesystem to to something like ext2nd is not working with my > MacOS-X box and ufs is not working with my MacOS-9 box... And now think > of ntfs... > Okay, i think i stick to vfat and keep my hands securly on the disk... > Too bad. There is a solution. The problem is in locking, so if you use --lock-never then GnuPG will not try and lock the keyrings. However, you will need to make very sure you never run two copies of GnuPG at the same time :) One good way to do it is to keep the pubring online as it is the one people generally need to write to when importing new keys, and only keeping the secring on the flash disk. No locking issues in that system unless you want to add a new secret key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From kromJx@myrealbox.com Thu Oct 3 12:16:02 2002 From: kromJx@myrealbox.com (kromJx) Date: Thu Oct 3 11:16:02 2002 Subject: encrypt multiple files into one singlefile and then decrypt back the original multipe files In-Reply-To: <1033512752.4715.3.camel@h24-69-83-179> References: <20021001155111.B28141@asmoweb.hqda.pentagon.mil> <1033512752.4715.3.camel@h24-69-83-179> Message-ID: <200210022206.g92M61Vn025904@bsdshell.dyndns.org> Doug Gorley: > Interesting. I'm trying to do this using tar and gzip instead of zip, > but I'm running into some trouble. The command I'm trying is: > > tar -cz *.jpg | gpg -eatr douggorley > files.tar.gz.asc > > Everything appears to work correctly, but once I decrypt the file, > gunzip won't recognise it. Any ideas? Try the following instead: tar -c *.jpg | gpg -ear douggorley > files.tar.gz.asc No need to compress the tar file with -z; gnupg will compress its input. Don't use the -t (text) option of gnupg. From 1984 <1-9-8-4@gmx.net> Thu Oct 3 12:16:06 2002 From: 1984 <1-9-8-4@gmx.net> (1984) Date: Thu Oct 3 11:16:06 2002 Subject: existing keys as subkey Message-ID: <753030675.20021003012722@gmx.net> Hello, I want to install a pgp/gpg secured mailinglist. The best possibility is to generate a new key, includes every key of the entered users. Every mail to the list must be encrypted with this public key. My question is: how can I build a key and implement other existing keys as subkeys of this one? So that every mail encrypted by the key is encrypted by the keys of all users. The only way, I think, is to use ADK of PGP, because in GnuPG you cannot take existing keys as a subkey, you can only generate a new one. bye Sören From ingo.kloecker@epost.de Thu Oct 3 12:38:02 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu Oct 3 11:38:02 2002 Subject: how do I make my \n newline characters not turn into funky squares? In-Reply-To: <000001c26a57$26dad5d0$6601a8c0@cool> References: <000001c26a57$26dad5d0$6601a8c0@cool> Message-ID: <200210031126.50059@erwin.ingo-kloecker.de> --Boundary-02=_a1An9Qvst9ZUdWq Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 02 October 2002 23:03, cgordon wrote: > I am using php to encode a text file stored in a string variable.=20 > When I go to decode the email in outlook, all the newline > characters(\n) are displayed as wierd square boxes and the line > returns are not present. What can I use to trigger a newline that > actually works. Did you encrypt in textmode (command line option --textmode)? Regards, Ingo --Boundary-02=_a1An9Qvst9ZUdWq Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9nA1ZGnR+RTDgudgRAgC5AJ9SvIsVmOYp01eX2e20EHHnrhfxZwCdGzOx WFJZ2/Q+yv3AOmL2j2+VJp4= =vZ7f -----END PGP SIGNATURE----- --Boundary-02=_a1An9Qvst9ZUdWq-- From ingo.kloecker@epost.de Thu Oct 3 12:57:02 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu Oct 3 11:57:02 2002 Subject: existing keys as subkey In-Reply-To: <753030675.20021003012722@gmx.net> References: <753030675.20021003012722@gmx.net> Message-ID: <200210031149.51868@erwin.ingo-kloecker.de> =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 03 October 2002 01:27, 1984 wrote: > Hello, > I want to install a pgp/gpg secured mailinglist. The best possibility > is to generate a new key, includes every key of the entered users. > Every mail to the list must be encrypted with this public key. > My question is: how can I build a key and implement other existing > keys as subkeys of this one? So that every mail encrypted by the key > is encrypted by the keys of all users. > > The only way, I think, is to use ADK of PGP, because in GnuPG you > cannot take existing keys as a subkey, you can only generate a new > one. All you have to do is generate a new key which is used to encrypt=20 messages which are sent by the subscribers to the mailinglist and which=20 is used to sign the subscribers' keys. This is how the encrypted mailinglist works: When someone what's to sent a message to the mailinglist he encrypts the=20 message with the mailinglist key. The mailinglist manager receives the message, decrypts it, re-encrypts=20 it for all subscribers and then sends it to the subscribers. In order=20 to protect the privacy of the subscribers the message should be=20 encrypted for each subscriber separately. BTW, you have to handle at least two cases. Old-skool inline encrypted=20 messages and PGP/MIME encrypted messages. Regards, Ingo =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9nBK+GnR+RTDgudgRAiqgAKDb35awaQrgzRzZWT/grE5qLsBb6ACfV/VI rKdTOe5ddLIXqKJE4Sl/nZs=3D =3D8bMI =2D----END PGP SIGNATURE----- From 1984 <1-9-8-4@gmx.net> Thu Oct 3 14:52:12 2002 From: 1984 <1-9-8-4@gmx.net> (1984) Date: Thu Oct 3 13:52:12 2002 Subject: existing keys as subkey Message-ID: <38667933.20021003135316@gmx.net> Hello, I want to install a pgp/gpg secured mailinglist. The best possibility is to generate a new key, includes every key of the entered users. Every mail to the list must be encrypted with this public key. My question is: how can I build a key and implement other existing keys as subkeys of this one? So that every mail encrypted by the key is encrypted by the keys of all users. The only way, I think, is to use ADK of PGP, because in GnuPG you cannot take existing keys as a subkey, you can only generate a new one. bye Sören From Weimer@CERT.Uni-Stuttgart.DE Thu Oct 3 15:09:01 2002 From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer) Date: Thu Oct 3 14:09:01 2002 Subject: GPGV does not find the keyring In-Reply-To: <5.1.0.14.2.20021002095251.00be14f8@qix.netcorps.com> (Per Tunedal's message of "Wed, 02 Oct 2002 09:57:09 +0200") References: <5.1.0.14.2.20021002095251.00be14f8@qix.netcorps.com> Message-ID: <87smznn2os.fsf@Login.CERT.Uni-Stuttgart.DE> Per Tunedal writes: > Why does not GPGV use the same settings as used by GPG? gpgv uses a different trust model and stores its keys in a separate file under a different name. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 From njpc@ozemail.com.au Thu Oct 3 15:47:03 2002 From: njpc@ozemail.com.au (Nick Coleman) Date: Thu Oct 3 14:47:03 2002 Subject: Can't install 1.2 over 1.06 (prob a Make question) Message-ID: <200210032247.45929.njpc@ozemail.com.au> I tried to install (as root) 1.2 source over 1.06. The configure, make,=20 make install all seemed to run ok, but the gpg executable in /usr/bin=20 didn't update. gpg --version still showed 1.06. I deleted the gpg=20 executable and ran make install again. Now gpg is 1.2, but gpgv=20 (whatever that does) is 1.06. I'm concerned that other gpg-related=20 files haven't been updated to 1.2. Is there a way to _force_ a make and make install? I read the man, but=20 couldn't find a switch to do it, and I only know Make well enough to=20 execute it, not to change the makefile. thanks, Nick From dshaw@jabberwocky.com Thu Oct 3 15:50:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 3 14:50:02 2002 Subject: existing keys as subkey In-Reply-To: <200210031149.51868@erwin.ingo-kloecker.de> References: <753030675.20021003012722@gmx.net> <200210031149.51868@erwin.ingo-kloecker.de> Message-ID: <20021003125054.GB1907@akamai.com> On Thu, Oct 03, 2002 at 11:49:50AM +0200, Ingo Kl=F6cker wrote: > On Thursday 03 October 2002 01:27, 1984 wrote: > > Hello, > > I want to install a pgp/gpg secured mailinglist. The best possibility > > is to generate a new key, includes every key of the entered users. > > Every mail to the list must be encrypted with this public key. > > My question is: how can I build a key and implement other existing > > keys as subkeys of this one? So that every mail encrypted by the key > > is encrypted by the keys of all users. > > > > The only way, I think, is to use ADK of PGP, because in GnuPG you > > cannot take existing keys as a subkey, you can only generate a new > > one. >=20 > All you have to do is generate a new key which is used to encrypt=20 > messages which are sent by the subscribers to the mailinglist and which= =20 > is used to sign the subscribers' keys. >=20 > This is how the encrypted mailinglist works: > When someone what's to sent a message to the mailinglist he encrypts th= e=20 > message with the mailinglist key. > The mailinglist manager receives the message, decrypts it, re-encrypts=20 > it for all subscribers and then sends it to the subscribers. In order=20 > to protect the privacy of the subscribers the message should be=20 > encrypted for each subscriber separately. That would be a lot of messages, and you lose the nice mailing list ability to send in bulk (i.e. you have more than one subscriber at a given domain, so you send one copy to that domain and let their mail system deliver it multiple times). You can use --throw-keyid to remove the key IDs of the subscribers, so the only thing that an attacker would know about the subscribers is how many of them there are. You can throw some extra fake "subscribers" into the mix as well to throw off the count as well ;) The only catch is that PGP does not implement speculative keyids, so all of the subscribers must be using GnuPG. Or you could only use --throw-keyid on the GnuPG users. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Thu Oct 3 15:55:03 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 3 14:55:03 2002 Subject: Can't install 1.2 over 1.06 (prob a Make question) In-Reply-To: <200210032247.45929.njpc@ozemail.com.au> References: <200210032247.45929.njpc@ozemail.com.au> Message-ID: <20021003125524.GC1907@akamai.com> On Thu, Oct 03, 2002 at 10:47:45PM +1000, Nick Coleman wrote: > I tried to install (as root) 1.2 source over 1.06. The configure, make, > make install all seemed to run ok, but the gpg executable in /usr/bin > didn't update. gpg --version still showed 1.06. I deleted the gpg > executable and ran make install again. Now gpg is 1.2, but gpgv > (whatever that does) is 1.06. I'm concerned that other gpg-related > files haven't been updated to 1.2. It sounds like your original gpg installation was in /usr. The source distribution installs in /usr/local by default. Which sort of system is it - if it is something with some notion of package management (Redhat, Debian, etc.) you can probably just delete the old 1.0.6 package and have it all go away at once. That will leave you with only the 1.2.0 install. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From samael-gnupg@lists.manxome.org Thu Oct 3 16:59:02 2002 From: samael-gnupg@lists.manxome.org (Ricardo SIGNES) Date: Thu Oct 3 15:59:02 2002 Subject: FREE Virus And Spam Protection for Windows Users In-Reply-To: <20021002.141608.12711.0.cwsiv_home1@juno.com> References: <20021002.141608.12711.0.cwsiv_home1@juno.com> Message-ID: <20021003140037.GB28781@manxome.org> --i9LlY+UWpKt15+FH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 30, 2002 at 11:34:27AM -0700, carl w spitzer wrote: > AVG 6.0 > ZoneAlarm > MailWasher >=20 > If anyone has more to recommend Please add to the collection & reply to > all. 1) Why are you crossposting this?=20 =20 2) Why are you crossposting this to lists that don't discuss network protocol security? 3) ZoneAlarm, at least, is only free of charge, not free. Please move this traffic onto an appropriate list, if one exists. --=20 rjbs --i9LlY+UWpKt15+FH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9nE2F3bSmE+TdcacRAkJ7AKDHSXN/TPnA27YcgkY1StO0hVDxuwCfcg9e qTR3V5KA8OLo/aKGVAdBQXE= =ApRN -----END PGP SIGNATURE----- --i9LlY+UWpKt15+FH-- From ingo.kloecker@epost.de Thu Oct 3 17:05:11 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu Oct 3 16:05:11 2002 Subject: existing keys as subkey In-Reply-To: <20021003125054.GB1907@akamai.com> References: <753030675.20021003012722@gmx.net> <200210031149.51868@erwin.ingo-kloecker.de> <20021003125054.GB1907@akamai.com> Message-ID: <200210031601.30009@erwin.ingo-kloecker.de> =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 03 October 2002 14:50, David Shaw wrote: > On Thu, Oct 03, 2002 at 11:49:50AM +0200, Ingo Kl=F6cker wrote: > > This is how the encrypted mailinglist works: > > When someone what's to sent a message to the mailinglist he > > encrypts the message with the mailinglist key. > > The mailinglist manager receives the message, decrypts it, > > re-encrypts it for all subscribers and then sends it to the > > subscribers. In order to protect the privacy of the subscribers the > > message should be encrypted for each subscriber separately. > > That would be a lot of messages, and you lose the nice mailing list > ability to send in bulk (i.e. you have more than one subscriber at a > given domain, so you send one copy to that domain and let their mail > system deliver it multiple times). > > You can use --throw-keyid to remove the key IDs of the subscribers, > so the only thing that an attacker would know about the subscribers > is how many of them there are. You can throw some extra fake > "subscribers" into the mix as well to throw off the count as well ;) And in order to avoid too large messages (at least one encrypted session=20 key per subscriber) one could combine both ideas by encrypting each=20 message with --throw-keyid for every group of subscribers in the same=20 domain (and for every PGP user) separately. Regards, Ingo =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9nE24GnR+RTDgudgRAugpAJ9+67vfQiLtzMgkIiJviRv6NEXsKQCdFJQh 1SUTbcf1a3afmhdNS6Jib7k=3D =3D4+iZ =2D----END PGP SIGNATURE----- From dshaw@jabberwocky.com Thu Oct 3 17:31:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 3 16:31:01 2002 Subject: existing keys as subkey In-Reply-To: <200210031601.30009@erwin.ingo-kloecker.de> References: <753030675.20021003012722@gmx.net> <200210031149.51868@erwin.ingo-kloecker.de> <20021003125054.GB1907@akamai.com> <200210031601.30009@erwin.ingo-kloecker.de> Message-ID: <20021003143148.GB8387@akamai.com> On Thu, Oct 03, 2002 at 04:01:23PM +0200, Ingo Kl=F6cker wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > On Thursday 03 October 2002 14:50, David Shaw wrote: > > On Thu, Oct 03, 2002 at 11:49:50AM +0200, Ingo Kl=F6cker wrote: > > > This is how the encrypted mailinglist works: > > > When someone what's to sent a message to the mailinglist he > > > encrypts the message with the mailinglist key. > > > The mailinglist manager receives the message, decrypts it, > > > re-encrypts it for all subscribers and then sends it to the > > > subscribers. In order to protect the privacy of the subscribers the > > > message should be encrypted for each subscriber separately. > > > > That would be a lot of messages, and you lose the nice mailing list > > ability to send in bulk (i.e. you have more than one subscriber at a > > given domain, so you send one copy to that domain and let their mail > > system deliver it multiple times). > > > > You can use --throw-keyid to remove the key IDs of the subscribers, > > so the only thing that an attacker would know about the subscribers > > is how many of them there are. You can throw some extra fake > > "subscribers" into the mix as well to throw off the count as well ;) >=20 > And in order to avoid too large messages (at least one encrypted sessio= n=20 > key per subscriber) one could combine both ideas by encrypting each=20 > message with --throw-keyid for every group of subscribers in the same=20 > domain (and for every PGP user) separately. Good idea. I don't think anybody has ever really implemented something like this. It would be interesting to see how encryption interacts with the usual mailing list stuff like VERP (where you must send a single copy per user). What does the usual "many bounce messages =3D=3D removed from list" rule mean when a remailer is used? Will the messages be flagged as viruses (unreadable binary gibberish)? David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Thu Oct 3 17:39:01 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Oct 3 16:39:01 2002 Subject: WARNING: message was not integrity protected In-Reply-To: <87k7l0oeyt.fsf@Login.CERT.Uni-Stuttgart.DE> (Florian Weimer's message of "Wed, 02 Oct 2002 20:47:22 +0200") References: <87k7l0oeyt.fsf@Login.CERT.Uni-Stuttgart.DE> Message-ID: <87it0jmvw5.fsf@alberti.gnupg.de> On Wed, 02 Oct 2002 20:47:22 +0200, Florian Weimer said: > This warning is generated if a encrypted + signed message is > decrypted. The MDC is probably omitted because the signature is more > than sufficient, so nothing bad is going on, but the message is a bit Many folks would ignore a BAD signature and assume that it is due to a faulty MUA on the sender's side. Another reason for issuing this warning is to get people to use the MDC feature. If you don't like it: --no-mdc-warning Shalom-Salam, Werner From malte_gell@t-online.de Thu Oct 3 18:19:01 2002 From: malte_gell@t-online.de (Malte Gell) Date: Thu Oct 3 17:19:01 2002 Subject: gpg-agent and other passphrase caching tools In-Reply-To: <87elb9qpi5.fsf@alberti.gnupg.de> References: <200210012038.10091.malte_gell@t-online.de> <87elb9qpi5.fsf@alberti.gnupg.de> Message-ID: <200210031720.17197.malte_gell@t-online.de> > > to be part of the Aegypten project, will it find its way into the > > "normal" gpg tree as well ? > > Yes, in will be part of 2.0 That's good news ! > > gpg-agent works well as far as I can see, but are there any other > > similar tools which may be more mature or what are you using ? > > There is the old gpg-agent form gpg 1.1.1 and there is Quintuple > Agent as a gpg independant passphrase caching system. I used --default-cache-ttl 3600 with gpg-agent to keep the passphrase=20 for 1 h in memory, but it seem not to work as I thought, after some=20 time (<1h) I had to enter the pf again, does this option have a=20 different meaning than I thought ? BTW, I found a nice and easy way to start gpg-agent for an X session via=20 ~/.xsession : if test -e ~/.gpg_agent_info; then . ~/.gpg_agent_info else gpg-agent --daemon --pinentry-program=3D/usr/local/bin/pinentry-gtk --sh = \ --default-cache-ttl 3600 >> ~/.gpg_agent_info =2E ~/.gpg_agent_info fi and in /etc/init.d/halt.local a simple rm -f /home/malte_gell/.gpg_agent_info That way gpg-agent is stared automatically and if I leave X and log on=20 later it is still running and can be used without being startet again=20 and GPG_AGENT_INFO is set correctly at log on, gpg-agent only gets=20 restarted after the machine gets rebooted. Malte From cpilkington@ghi.com Thu Oct 3 21:51:02 2002 From: cpilkington@ghi.com (Pilkington, Christopher J.) Date: Thu Oct 3 20:51:02 2002 Subject: gnupg on FlashDisk with autofs (o.t.?) Message-ID: <630F0B668D03D61189990003470838D301D96F28@ghimail1.ninthave.ghi.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C26B0D.D766A350 Content-Type: text/plain; charset="iso-8859-1" If there is a problem with locking on FAT12 filesystems (and other similar filesystems) under Linux, how is locking handled in OSes where FAT is the native fs? Christopher -----Original Message----- From: David Shaw [mailto:dshaw@jabberwocky.com] Sent: Wednesday, October 02, 2002 7:18 PM To: GnuPG users Subject: Re: gnupg on FlashDisk with autofs (o.t.?) On Wed, Oct 02, 2002 at 12:08:15PM +0200, Thomas Liesner wrote: > Hi, > > well, i actually resigned... There is no solution for it. > The problem is the filesystem. Those flash-disks come with a vfat > filesystem out of their box. Vfat does not know anything about > users/permissions etc. (hence no chmod/chown etc.). The only solution is > to mount it with umask 777 which is not really an option ;) Changing > it's filesystem to to something like ext2nd is not working with my > MacOS-X box and ufs is not working with my MacOS-9 box... And now think > of ntfs... > Okay, i think i stick to vfat and keep my hands securly on the disk... > Too bad. There is a solution. The problem is in locking, so if you use --lock-never then GnuPG will not try and lock the keyrings. However, you will need to make very sure you never run two copies of GnuPG at the same time :) One good way to do it is to keep the pubring online as it is the one people generally need to write to when importing new keys, and only keeping the secring on the flash disk. No locking issues in that system unless you want to add a new secret key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------- + "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ------_=_NextPart_001_01C26B0D.D766A350 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: gnupg on FlashDisk with autofs (o.t.?)

If there is a problem with locking on FAT12 = filesystems (and other similar filesystems) under Linux, how is locking = handled in OSes where FAT is the native fs?

Christopher

-----Original Message-----
From: David Shaw [mailto:dshaw@jabberwocky.com]<= /FONT>
Sent: Wednesday, October 02, 2002 7:18 PM
To: GnuPG users
Subject: Re: gnupg on FlashDisk with autofs = (o.t.?)


On Wed, Oct 02, 2002 at 12:08:15PM +0200, Thomas = Liesner wrote:
> Hi,
>
> well, i actually resigned... There is no = solution for it.
> The problem is the filesystem. Those = flash-disks come with a vfat
> filesystem out of their box. Vfat does not know = anything about
> users/permissions etc. (hence no chmod/chown = etc.). The only solution is
> to mount it with umask 777 which is not really = an option ;) Changing
> it's filesystem to to something like ext2nd is = not working with my
> MacOS-X box and ufs is not working with my = MacOS-9 box... And now think
> of ntfs...
> Okay, i think i stick to vfat and keep my hands = securly on the disk...
> Too bad.

There is a solution.  The problem is in locking, = so if you use
--lock-never then GnuPG will not try and lock the = keyrings.  However,
you will need to make very sure you never run two = copies of GnuPG at
the same time :)

One good way to do it is to keep the pubring online = as it is the one
people generally need to write to when importing new = keys, and only
keeping the secring on the flash disk.  No = locking issues in that
system unless you want to add a new secret = key.

David

--
   David Shaw  |  = dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------= -------------+
   "There are two major products that = come out of Berkeley: LSD and UNIX.
      We don't believe this = to be a coincidence." - Jeremy S. Anderson

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

------_=_NextPart_001_01C26B0D.D766A350-- From dscribner@yahoo.com Fri Oct 4 00:00:01 2002 From: dscribner@yahoo.com (David Scribner) Date: Thu Oct 3 23:00:01 2002 Subject: MUAs supporting GnuPG FAQ update Message-ID: <20021003210141.8628.qmail@web13508.mail.yahoo.com> A few weeks back I had posted a message to the list mentioning MUAs that support, either natively or with plug-ins/tools, the ability to use GnuPG for encrypting/decrypting and signing/verifying. Thanks to all those that responded, and I include a brief summary here: John A. Martin mentioned that XEmacs support should be added to the list, and also brought to my attention another site with information on using GnuPG/PGP with MUAs (http://www.bretschneidernet.de/tips/secmua.html). I also added Apple Mail from your list. Thanks John! Ingo Klöcker brought to my attention that PGP/MIME support in KMail prior to that which will be released in KDE 3.1 is available only through a plug-in. Although clearsigning is native, a correction has been made. Thanks Ingo! Martin Christensen suggested that the table be added to the FAQ instead of just being summarized. Done! Andreas John mentioned that for Win32 MUAs that lack support, a possible alternative is GPGrelay and enables many email-clients to send and receive emails that conform to PGP-MIME (RFC 2015). I'll work this in there Andreas. Thanks! Janusz A. Urbanowicz mentioned that Elm ME+ suports PGP/GPG natively for clearsigned messages. That MUA has now been added to the list. Thanks Janusz! Heiko Teichmeier mentioned that Postme, a small MUA for Win32, supports GPG with a plug-in, so that MUA has now been added as well. Thanks Heiko! Werner Koch also suggested that, although the GNU project does not generally mention non-free stuff, for interoperabilty reasons we should do it (and to split the table as such). Thanks Werner! Following this advice, the table now stands at: MUA OpenPGP ASCII How? (N,P,T) --------------------------------------------------------------- Calypso N Y P (Unixmail) Elm N Y T (mailpgp,morepgp) Elm ME+ N Y N Emacs/Gnus Y Y T (Mailcrypt,gpg.el) Emacs/Mew Y Y N Emacs/VM N Y T (Mailcrypt) Evolution Y Y N GNUMail.app Y Y P (PGPBundle) GPGMail Y Y N KMail Y(P) Y(N) P/N Mozilla Y Y P (Enigmail) Mulberry Y Y P Mutt Y Y N Sylpheed Y Y N Sylpheed-claws Y Y N TkRat Y Y N XEmacs/Gnus Y Y T (Mailcrypt) XEmacs/Mew Y Y N XEmacs/VM N Y T (Mailcrypt) XFmail Y Y N OpenPG - PGP/MIME, ASCII - Clearsign N - Native, P - Plug-in, T - External Tool The following table lists proprietary MUAs. The GNU projects suggests against the use these programs, but they are listed for interoperability reasons for your convenience. MUA OpenPGP ASCII How? (N,P,T) --------------------------------------------------------------- Apple Mail Y Y P (GPGMail) Becky2 Y Y P (BkGnuPG) Eudora Y Y P (EuroraGPG) Eudora Pro Y Y P (EudoraGPG) Lotus Notes N Y P Netscape 4.x N Y P Netscape 7.x Y Y P (Enigmail) Novell Groupwise N Y P Outlook N Y P (G-Data) Outlook Express N Y P (GPGOE) Pegasus N Y P (QDPGP,PM-PGP) Pine N Y T (pgpenvelope,(gpg|pgp)4pine) Postme N Y P (GPGPPL) The Bat! N Y P (Ritlabs) Josh Huber, Per Tunedal and others also contributed good information so I thank all of you as well for your assistance and suggestions! Take care, and have a GREAT day! David ===== David D. Scribner IT Consulting & Services CompTIA Linux+, Network+, A+ Certified Ph: (817) 461-4018 eFax: (630) 214-7769 dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/ GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06 __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com From avbidder@fortytwo.ch Fri Oct 4 00:36:02 2002 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Oct 3 23:36:02 2002 Subject: MUAs supporting GnuPG FAQ update In-Reply-To: <20021003210141.8628.qmail@web13508.mail.yahoo.com> References: <20021003210141.8628.qmail@web13508.mail.yahoo.com> Message-ID: <1033681037.2540.43.camel@altfrangg> --=-S38adBcHHp2XUOTmW99O Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi David, Great list, thanks. On Thu, 2002-10-03 at 23:01, David Scribner wrote: > MUA OpenPGP ASCII How? (N,P,T) Hmmm. OpenPGP means PGP/MIME, ASCII means Clearsigned, I assume. I'd change the terminology, as clearsigned is specified in the OpenPGP RFC iirc. > Evolution Y Y N I don't know about other mailers, but I think the list should include notes if some mailer has issues. Specifically: - evolution doesn't properly handle clearsigned messages - 80% of the time the signature doesn't verify, and sometimes the message is not recognized as a signature. The deveolpers do *not* intend to fix this (at least that's when I last looked on the evo mailing list). - in 1.0.x versions, signed messages with attachments very often do not verify and/or the generated signatures are corrupt. Haven't tried the 1.1.x versions. cheers -- vbi --=20 secure email with gpg http://fortytwo.ch/gpg NOTICE: subkey signature! request key 92082481 from keyserver.kjsl.com --=-S38adBcHHp2XUOTmW99O Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iHQEABECADQFAj2cuI0tGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt YWlsLjIwMDIwODIyAAoJEIukMYvlp/fWLbsAoJCbLctWOY+R7lmb8+uHfe9iV/2L AKDLEZJC0NGUOQHv8dxwe6bFveY6ag== =9/Pi -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/gpg/policy/email.20020822 --=-S38adBcHHp2XUOTmW99O-- From dshaw@jabberwocky.com Fri Oct 4 00:51:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 3 23:51:01 2002 Subject: MUAs supporting GnuPG FAQ update In-Reply-To: <1033681037.2540.43.camel@altfrangg> References: <20021003210141.8628.qmail@web13508.mail.yahoo.com> <1033681037.2540.43.camel@altfrangg> Message-ID: <20021003215154.GA8522@akamai.com> On Thu, Oct 03, 2002 at 11:37:17PM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > Hi David, > > Great list, thanks. > > On Thu, 2002-10-03 at 23:01, David Scribner wrote: > > > MUA OpenPGP ASCII How? (N,P,T) > > Hmmm. OpenPGP means PGP/MIME, ASCII means Clearsigned, I assume. I'd > change the terminology, as clearsigned is specified in the OpenPGP RFC > iirc. Adrian is right - this should be changed. OpenPGP does not mean PGP/MIME. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From ingo.kloecker@epost.de Fri Oct 4 02:08:02 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Fri Oct 4 01:08:02 2002 Subject: MUAs supporting GnuPG FAQ update In-Reply-To: <20021003210141.8628.qmail@web13508.mail.yahoo.com> References: <20021003210141.8628.qmail@web13508.mail.yahoo.com> Message-ID: <200210040048.55608@erwin.ingo-kloecker.de> --Boundary-02=_XlMn9B8bk8wsNQr Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Thursday 03 October 2002 23:01, David Scribner wrote: > Ingo Kl=F6cker brought to my attention that PGP/MIME support in > KMail prior to that which will be released in KDE 3.1 is > available only through a plug-in. Although clearsigning is > native, a correction has been made. Thanks Ingo! Hmm, maybe I don't understand the above sentence correctly [it's really=20 convoluted ;-)]. But I think you got it wrong. Therefore I'd like to=20 clarify this. Up to KDE 3.0 (which is the current stable version of KDE) KMail only=20 supports clearsigning and inline encryption. This support is native. The upcoming version of KMail (in KDE 3.1) will also support PGP/MIME=20 through a plugin. So more precisely the entry for KMail should look like this: MUA PGP/MIME ASCII How? (N,P,T) =2D-------------------------------------------------------------- [...] KMail (<=3D1.4.x) N Y N KMail (1.5.x) Y(P) Y(N) N/P Regards, Ingo --Boundary-02=_XlMn9B8bk8wsNQr Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9nMlXGnR+RTDgudgRAqe2AJ9vcU892v8OV1QOKTRx/8Dcxzub3QCeJCRu HdJk8mZzCDJZzNHxLV/cj0I= =w9CU -----END PGP SIGNATURE----- --Boundary-02=_XlMn9B8bk8wsNQr-- From dscribner@yahoo.com Fri Oct 4 03:31:02 2002 From: dscribner@yahoo.com (David Scribner) Date: Fri Oct 4 02:31:02 2002 Subject: MUAs supporting GnuPG FAQ update In-Reply-To: <200210040048.55608@erwin.ingo-kloecker.de> Message-ID: <20021004003217.70591.qmail@web13506.mail.yahoo.com> --- Ingo Klöcker wrote: > Hmm, maybe I don't understand the above sentence correctly > [it's really > convoluted ;-)]. But I think you got it wrong. Therefore I'd > like to > clarify this. > Up to KDE 3.0 (which is the current stable version of KDE) > KMail only > supports clearsigning and inline encryption. This support is > native. > The upcoming version of KMail (in KDE 3.1) will also support > PGP/MIME > through a plugin. > > So more precisely the entry for KMail should look like this: > > MUA PGP/MIME ASCII How? (N,P,T) > --------------------------------------------------------------- > [...] > KMail (<=1.4.x) N Y N > KMail (1.5.x) Y(P) Y(N) N/P Actually that was what I meant, so I apologize for the convoluted sentence. :/ I have KDE 3.0.3 installed, but still prefer Mutt for my MUA so I'm not as "up" on KMail versions as I guess I should be. However, I appreciate your clarification and table addition (once again)! BTW, do you know if KMail 1.5.x will include the ability to encrypt attachments, or will they still need to be manually encrypted beforehand and prior to being attached to the mail message? Thanks again! David ===== David D. Scribner IT Consulting & Services CompTIA Linux+, Network+, A+ Certified Ph: (817) 461-4018 eFax: (630) 214-7769 dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/ GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06 __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com From dscribner@yahoo.com Fri Oct 4 03:55:03 2002 From: dscribner@yahoo.com (David Scribner) Date: Fri Oct 4 02:55:03 2002 Subject: MUAs supporting GnuPG FAQ update In-Reply-To: <1033681037.2540.43.camel@altfrangg> Message-ID: <20021004005618.21247.qmail@web13505.mail.yahoo.com> --- Adrian 'Dagurashibanipal' von Bidder wrote: > On Thu, 2002-10-03 at 23:01, David Scribner wrote: > > > MUA OpenPGP ASCII How? (N,P,T) > > Hmmm. OpenPGP means PGP/MIME, ASCII means Clearsigned, I > assume. I'd > change the terminology, as clearsigned is specified in the > OpenPGP RFC > iirc. I sure will, and is good point confirmed by David Shaw as well. Change has been made. Thanks! > > Evolution Y Y N > > I don't know about other mailers, but I think the list should > include > notes if some mailer has issues. Specifically: > > - evolution doesn't properly handle clearsigned messages - > 80% of the > time the signature doesn't verify, and sometimes the message > is not > recognized as a signature. The deveolpers do *not* intend to > fix this > (at least that's when I last looked on the evo mailing list). > - in 1.0.x versions, signed messages with attachments very > often do not > verify and/or the generated signatures are corrupt. Haven't > tried the > 1.1.x versions. Another good point, but I think keeping up with issues various MUAs have with supporting GnuPG/PGP properly would be better left to those lists that specifically deal with that (such as http://www.bretschneidernet.de/tips/secmua.html and the others that are mentioned in the FAQ). However, I'm glad you brought Evolution's possible issues to my attention. I will look into this further tonight, and if that client's problems still include mangling the messages in the 1.1.x versions a large percentage of the time I'll just drop it from the list. Thanks again! David ===== David D. Scribner IT Consulting & Services CompTIA Linux+, Network+, A+ Certified Ph: (817) 461-4018 eFax: (630) 214-7769 dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/ GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06 __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com From ambassadorsean@juno.com Fri Oct 4 04:01:02 2002 From: ambassadorsean@juno.com (Sean M McMahon) Date: Fri Oct 4 03:01:02 2002 Subject: Newbie question Message-ID: <20021003.210239.-178779.0.ambassadorsean@juno.com> I FIGURED IT OUT!!! Thanks to everyone who helped!!! If you check out my site (using the link below) please keep in mind that I have not uploaded yet and the finished results won't be displayed for some time yet...I need to get my act together and complete my website first. And nope, don't mind if you check it out at all. Keep in mind that the material is copyrighted, trademarked, all that lovely stuff, by either myself or the "Amazon Herb Company", despite the fact that I haven't gotten to actually making the correct "TM" and "C" signs. Oh, and PLEASE keep in mind that it is a VERY rough representation of what the actual site is supposed to look like. Banners are the wrong size/out of place, etc., but I am happy with any feedback anyone wants to give. Hopefully within a month the site will actually be completed- the website is www.amazondefenders.com. Hope you enjoy what's there! On Mon, 30 Sep 2002 11:42:12 PDT carl w spitzer writes: > I am also studied in site design. > Mind if I check it out? > I dont have the URL. > ________________________________________________________________ GET INTERNET ACCESS FROM JUNO! Juno offers FREE or PREMIUM Internet access for less! Join Juno today! For your FREE software, visit: http://dl.www.juno.com/get/web/. From pt@radvis.nu Fri Oct 4 10:35:01 2002 From: pt@radvis.nu (Per Tunedal) Date: Fri Oct 4 09:35:01 2002 Subject: FREE Virus And Spam Protection for Windows Users In-Reply-To: <20021002.141608.12711.0.cwsiv_home1@juno.com> Message-ID: <5.1.0.14.2.20021004083207.00be3818@qix.netcorps.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, A. Command Antivirus used to offer a free scanner for Linux, but I cannot find it right now. It is not possible to buy it either, I can only find some information: http://www.commandcom.com/enterprise/linux.html B. Several antivirus manufacturers offer free scanning online (Active-X) that works at least for Windows (all scanners does not work on all Windows-systems - some causes crashes BSOD - I have found Panda to be the most unreliable). This is not a protection against infection, only a way to check for infections. It can be used in addition to a free scanner (some free scanners are not effective against the latest viruses): Panda Active scan http://www.pandasoftware.es/activescan/com/default.asp Trend Micro House Call http://housecall.antivirus.com/housecall/start_corp.asp Symantec Norton Security check http://securityresponse.symantec.com/ (click on the "check for Security Riscs"-icon) Per Tunedal -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPZ0w4FfloxV5BaqpEQI1AQCgliK9iwC31ePG3eWeDwUK1P5GDUIAoOGD /CkAQ+l8rt4UgZntXhYCW4PO =turi -----END PGP SIGNATURE----- At 11:34 2002-09-30 -0700, you wrote: >AVG 6.0 >http://www.grisoft.com >(FREE) > >ZoneAlarm >http://www.zonelabs.com >(FREE) > >MailWasher >http://www.mailwasher.net >(FREE) >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- >FPROT >http://www.F-PROT.com >DOS/Windows, Win32 & Linux > >If anyone has more to recommend Please add to the collection & reply to >all. >CWSIV > > >________________________________________________________________ >GET INTERNET ACCESS FROM JUNO! >Juno offers FREE or PREMIUM Internet access for less! >Join Juno today! For your FREE software, visit: >http://dl.www.juno.com/get/web/. > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users From graham.todd@ntlworld.com Fri Oct 4 11:19:02 2002 From: graham.todd@ntlworld.com (Graham) Date: Fri Oct 4 10:19:02 2002 Subject: FREE Virus And Spam Protection for Windows Users In-Reply-To: <5.1.0.14.2.20021004083207.00be3818@qix.netcorps.com> References: <5.1.0.14.2.20021004083207.00be3818@qix.netcorps.com> Message-ID: <200210040926.34080.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 04 Oct 2002 8:11 am, Per Tunedal wrote: > Hi, > A. > Command Antivirus used to offer a free scanner for Linux, but I > cannot find it right now. It is not possible to buy it either, I can > only find some information: > http://www.commandcom.com/enterprise/linux.html If its any help, there is an OpenAntivirus group in Lunux, which has its=20 own java based VirusHammer package. More details at: http://www.openantivirus.org and you can get Clam Antivirus at http://clamav.elektrapro.com/ This is a fast (written in C) GPL program which uses the OpenAntivirus=20 virus list. The above is given as a balance and to give information; now, a plea. =20 This subject is OT for a gnupg list, and discussing proprietary=20 software that is not GPL'd goes against the philosophy of this list. =20 Windows is not free (it is encumbered by restrictive licences) and=20 software that runs on it is not free. The discussion of Windows based=20 GnuPG subjects has a place here, but this doesn't. Can we have no more=20 of these postings? - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9nVC3IwtBZOk1250RAq65AJ9Y3Prxo0lch176sdeJGB6A22G9OQCgtbCT KC6mNZhJbhyoJQzMPfDTyYs=3D =3DyD4j -----END PGP SIGNATURE----- From info@nakawe.se Fri Oct 4 11:45:02 2002 From: info@nakawe.se (Veronica Loell) Date: Fri Oct 4 10:45:02 2002 Subject: FREE Virus And Spam Protection for Windows Users Message-ID: <200210040846.g948k2I20991@d1o1018.telia.com> I know this is off topic but I would still like a clarification on the non-freeness of programs that run on windows. What exactly does that mean? An open source program that runs on Windows is not OS? I was under the impression that OS programs including gnupg when run on a mswin machine was still OS. - Veronica > >Subject: Re: FREE Virus And Spam Protection for Windows Users > From: Graham > Date: Fri, 4 Oct 2002 09:26:31 +0100 > To: Per Tunedal > Cc: "GnuPG-Users" > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 >The above is given as a balance and to give information; now, a plea. >This subject is OT for a gnupg list, and discussing proprietary >software that is not GPL'd goes against the philosophy of this list. >Windows is not free (it is encumbered by restrictive licences) and >software that runs on it is not free. The discussion of Windows based >GnuPG subjects has a place here, but this doesn't. Can we have no more >of these postings? >- -- > >Graham >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.0 (GNU/Linux) >Comment: Please sign and encrypt for internet privacy > >iD8DBQE9nVC3IwtBZOk1250RAq65AJ9Y3Prxo0lch176sdeJGB6A22G9OQCgtbCT >KC6mNZhJbhyoJQzMPfDTyYs= >=yD4j >-----END PGP SIGNATURE----- > From graham.todd@ntlworld.com Fri Oct 4 12:46:02 2002 From: graham.todd@ntlworld.com (Graham) Date: Fri Oct 4 11:46:02 2002 Subject: FREE Virus And Spam Protection for Windows Users In-Reply-To: <200210040846.g948k2I20991@d1o1018.telia.com> References: <200210040846.g948k2I20991@d1o1018.telia.com> Message-ID: <200210041053.39271.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 04 Oct 2002 10:45 am, Veronica Loell wrote: > I know this is off topic but I would still like a clarification on > the non-freeness of programs that run on windows. What exactly does > that mean? An open source program that runs on Windows is not OS? I > was under the impression that OS programs including gnupg when run on > a mswin machine was still OS. > > - Veronica Packages that run on Windows under the GPL have their source code freely=20 available for amendment and improvement provided the source code is=20 also passed on amended for others to use; but Windows itself cannot be=20 recompiled, debugged, and made secure except by Microsoft because of=20 its closed source policy, and its use is even restricted by their EULA. =20 So, although you can get programs that are for the most part free, they=20 run in an environment which is not free and so they cannot really be=20 said to be free of restrictions. GnuPG is available under the GPL, and is available to Windows users. =20 When used in the Windows environment, GnuPG cannot really be said to be=20 free. However, this list is an appropriate place to discuss GnuPG=20 versions on any OS, because users should be able to decide for=20 themselves how restrictive or free they wish their OS and software to=20 be, and because it deals with GnuPG specifically. It is not an=20 appropriate place to discuss virus scanners, free or proprietary. GNU has been around before Linux came on the scene, so this is not a=20 Linux-specific point, and it has always taken the philosophical stand=20 that software should be free of restrictions as well as free of cost. =20 This is the philosophical stand of this list (as I understand it to=20 be), so discussion of software which is proprietary and does not relate=20 in any way to GnuPG is out of place here. - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9nWTuIwtBZOk1250RAmQpAKDj+yht2AXdY7Uh4ee/6kDD825bwQCg3jDK /WQsT0g4ar7zTAfzk5mOBHw=3D =3DftlN -----END PGP SIGNATURE----- From disastry@saiknes.lv Fri Oct 4 13:22:02 2002 From: disastry@saiknes.lv (disastry@saiknes.lv) Date: Fri Oct 4 12:22:02 2002 Subject: existing keys as subkey Message-ID: <3D9C7EAE.59AC4257@saiknes.lv> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 1984 wrote: > Hello, > I want to install a pgp/gpg secured mailinglist. The best possibility > is to generate a new key, includes every key of the entered users. > Every mail to the list must be encrypted with this public key. > My question is: how can I build a key and implement other existing > keys as subkeys of this one? So that every mail encrypted by the key > is encrypted by the keys of all users. this is not good idea, and even if you did it wouldn't help - if the key have multiple subkeys, and you encrypt to that key, message is encrypted to only one of these subkeys, normaly to newest one. > The only way, I think, is to use ADK of PGP, because in GnuPG you > cannot take existing keys as a subkey, you can only generate a new > one. some time ago I added key to another as subkey as an experiment (with hex editor and hacked PGP6.5.8), so it is possible, but there are several problems, most important of them is that original key and key converted to subkey cannot coexist in the same keyring, at least not in PGP, some PGP versions chrashed when I tried to import both, others didn't crashed, bot imported only one of keys. (I didn't tried to import both keys in GPG..) __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes) -----BEGIN PGP SIGNATURE----- Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1 iQA/AwUBPZxiTDBaTVEuJQxkEQPsoACfTD5mc+tHw4/6YVD1PZ21kSS0WNAAnjER 5xiqRBSTulkVBFj31CNX+lC4 =Xzpb -----END PGP SIGNATURE----- From ingo.kloecker@epost.de Fri Oct 4 17:25:03 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Fri Oct 4 16:25:03 2002 Subject: MUAs supporting GnuPG FAQ update In-Reply-To: <20021004003217.70591.qmail@web13506.mail.yahoo.com> References: <20021004003217.70591.qmail@web13506.mail.yahoo.com> Message-ID: <200210041526.39365@erwin.ingo-kloecker.de> --Boundary-02=_PcZn9keyczGNhO9 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 04 October 2002 02:32, David Scribner wrote: > BTW, do you know if KMail 1.5.x will include the ability to > encrypt attachments, or will they still need to be manually > encrypted beforehand and prior to being attached to the mail > message? Together with the PGP/MIME plugin KMail 1.5.x will also sign/encrypt=20 attachments. So manual encryption isn't necessary anymore (as long as=20 one uses the PGP/MIME plugin). Regards, Ingo --Boundary-02=_PcZn9keyczGNhO9 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9nZcPGnR+RTDgudgRArXGAJ0eiaxTrPhXRiQIdb9lufEh41HklQCdEMy7 /VveJXi+vQbbRVF3qLuyn0E= =ZnVj -----END PGP SIGNATURE----- --Boundary-02=_PcZn9keyczGNhO9-- From p@dirac.org Sat Oct 5 03:41:02 2002 From: p@dirac.org (Peter Jay Salzman) Date: Sat Oct 5 02:41:02 2002 Subject: how to delete a signature? Message-ID: <20021005004149.GA13815@dirac.org> hi all, my friend's public key expired, so i removed his key from my keyring. however, his signature is still on my public key: p@satan% gpg --list-sigs salzman pub 1024D/67EA951D 2000-12-08 Peter Jay Salzman sig 3 67EA951D 2000-12-08 Peter Jay Salzman sig 58D7BA3C 2000-12-12 [User id not found] that "user id not found" is my friend's expired key that i deleted from my keyring. i'm having no luck at all getting delsig to work: p@satan% gpg --edit-key salzman Secret key is available. pub 1024D/67EA951D created: 2000-12-08 expires: never trust: u/u sub 2048g/BA20F792 created: 2000-12-08 expires: never (1). Peter Jay Salzman Command> delsig 58D7BA3C You must select at least one user ID. i'm not exactly sure what a user ID is. :( how do i remove 58D7BA3C [User id not found] from the list of people who have signed my key? pete -- Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D From dshaw@jabberwocky.com Sat Oct 5 04:27:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 5 03:27:02 2002 Subject: how to delete a signature? In-Reply-To: <20021005004149.GA13815@dirac.org> References: <20021005004149.GA13815@dirac.org> Message-ID: <20021005012714.GA1265@akamai.com> On Fri, Oct 04, 2002 at 05:41:49PM -0700, Peter Jay Salzman wrote: > i'm not exactly sure what a user ID is. :( > > how do i remove 58D7BA3C [User id not found] from the list of people who > have signed my key? The user id in your case is "Peter Jay Salzman ". Since you only have one, enter "1" before using the "delsig" command. Delsig will prompt you for which signature you want to delete. However, note that this signature will come back if you ever refresh your key from a keyserver or another user. Why bother to delete it? It doesn't have any effect since the key that made it is expired. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From sutton@attbi.com Sat Oct 5 16:24:01 2002 From: sutton@attbi.com (Harry A. Sutton) Date: Sat Oct 5 15:24:01 2002 Subject: Recent problem Message-ID: <1033824271.1430.22.camel@toby.thesuttons.org> Hi folks, I've scanned through the FAQs and the archives of this group, but didn't see anything obvious to address this question. I do apologize if I've overlooked a source of information, but I've come to depend on GnuPG to sign my mail messages, and it's frustrating me that I can't right now. I was recently away on vacation, and when I returned I found a couple of updates (from RedHat) waiting to be applied. (The most recent of these have been glibc, nss_ldap, unzip and tar.) Although I can't confirm this with empirical evidence (without backing out those updates, which I'm reluctant to do), I believe my GnuPG stuff stopped working around the time of these updates. One symptom, which I can't find any data on, is the following: when I attempt to locally sign a key (e.g., Werner Koch's), I get the an error message I haven't seen before. Here's the way it goes: $gpg --lsign Werner pub 1024D/57548DCD created: 1998-07-07 expires: 2002-12-29 trust: -/- (1). Werner Koch (gnupg sig) pub 1024D/57548DCD created: 1998-07-07 expires: 2002-12-29 trust: -/- Primary key fingerprint: 6BD9 050F D8FC 941B 4341 2DCC 68B7 AB89 5754 8DCD Werner Koch (gnupg sig) This key is due to expire on 2002-12-29. Do you want your signature to expire at the same time? (Y/n) How carefully have you verified the key you are about to sign actually belongs to the person named above? If you don't know what to answer, enter "0". (0) I will not answer. (default) (1) I have not checked at all. (2) I have done casual checking. (3) I have done very careful checking. Your selection? Are you really sure that you want to sign this key with your key: "Harry A. Sutton " The signature will be marked as non-exportable. Really sign? y gpg: secret key parts are not available gpg: signing failed: general error It's that "secret key parts are not available" thing that's throwing me. Can anyone point me to a solution? Thanks, /Harry From dshaw@jabberwocky.com Sat Oct 5 17:56:12 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 5 16:56:12 2002 Subject: Recent problem In-Reply-To: <1033824271.1430.22.camel@toby.thesuttons.org> References: <1033824271.1430.22.camel@toby.thesuttons.org> Message-ID: <20021005145704.GA2369@akamai.com> On Sat, Oct 05, 2002 at 09:24:30AM -0400, Harry A. Sutton wrote: > One symptom, which I can't find any data on, is the following: when I > attempt to locally sign a key (e.g., Werner Koch's), I get the an error > message I haven't seen before. Here's the way it goes: [..] > It's that "secret key parts are not available" thing that's throwing me. > Can anyone point me to a solution? "secret key parts are not available" is the error that is returned when a user tries to make a signature with a key that was created via --export-secret-subkeys. These keys have all their subkeys, but no primary key, which is generally the key used for signing. Did you use --export-secret-subkeys? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From sutton@attbi.com Sat Oct 5 19:07:02 2002 From: sutton@attbi.com (Harry A. Sutton) Date: Sat Oct 5 18:07:02 2002 Subject: Recent problem In-Reply-To: <20021005145704.GA2369@akamai.com> References: <1033824271.1430.22.camel@toby.thesuttons.org> <20021005145704.GA2369@akamai.com> Message-ID: <1033834082.1430.27.camel@toby.thesuttons.org> Hi David, Thanks for the quick response - I recently (within the last three months) upgraded my version of RedHat by installing 7.3 on a new disk; I then did an export-secret-key from my old system disk to install my key on the new system. To the best of my recollection, I didn't do an export-secret-subkeys. And anyway, since that new install, I've been able to sign and encrypt outgoing mail messages using Ximian Evolution, but now I can't. /Harry On Sat, 2002-10-05 at 10:57, David Shaw wrote: > On Sat, Oct 05, 2002 at 09:24:30AM -0400, Harry A. Sutton wrote: > > > One symptom, which I can't find any data on, is the following: when I > > attempt to locally sign a key (e.g., Werner Koch's), I get the an error > > message I haven't seen before. Here's the way it goes: > > [..] > > > It's that "secret key parts are not available" thing that's throwing me. > > Can anyone point me to a solution? > > "secret key parts are not available" is the error that is returned > when a user tries to make a signature with a key that was created via > --export-secret-subkeys. These keys have all their subkeys, but no > primary key, which is generally the key used for signing. Did you use > --export-secret-subkeys? > > David > > -- > David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ > +---------------------------------------------------------------------------+ > "There are two major products that come out of Berkeley: LSD and UNIX. > We don't believe this to be a coincidence." - Jeremy S. Anderson > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From sutton@attbi.com Sat Oct 5 19:19:02 2002 From: sutton@attbi.com (Harry A. Sutton) Date: Sat Oct 5 18:19:02 2002 Subject: Recent problem In-Reply-To: <1033824271.1430.22.camel@toby.thesuttons.org> References: <1033824271.1430.22.camel@toby.thesuttons.org> Message-ID: <1033834805.1430.32.camel@toby.thesuttons.org> Here's another data point: I've got another system, also running RedHat 7.3, which I haven't yet applied the most recent security updates. Signing (as described below) appears to work fine on that system; both of my other systems (a tower running RedHat 7.3 stock and a laptop running RedHat 7.3 with Ximian Desktop) have had the latest updates applied, and both exhibit the error behavior described below. All three systems have the identical secret key (verified by fingerprint). /Harry On Sat, 2002-10-05 at 09:24, Harry A. Sutton wrote: > Hi folks, > > I've scanned through the FAQs and the archives of this group, but didn't > see anything obvious to address this question. I do apologize if I've > overlooked a source of information, but I've come to depend on GnuPG to > sign my mail messages, and it's frustrating me that I can't right now. > > I was recently away on vacation, and when I returned I found a couple of > updates (from RedHat) waiting to be applied. (The most recent of these > have been glibc, nss_ldap, unzip and tar.) Although I can't confirm this > with empirical evidence (without backing out those updates, which I'm > reluctant to do), I believe my GnuPG stuff stopped working around the > time of these updates. > > One symptom, which I can't find any data on, is the following: when I > attempt to locally sign a key (e.g., Werner Koch's), I get the an error > message I haven't seen before. Here's the way it goes: > > $gpg --lsign Werner > > pub 1024D/57548DCD created: 1998-07-07 expires: 2002-12-29 trust: -/- > (1). Werner Koch (gnupg sig) > > > pub 1024D/57548DCD created: 1998-07-07 expires: 2002-12-29 trust: -/- > Primary key fingerprint: 6BD9 050F D8FC 941B 4341 2DCC 68B7 AB89 5754 > 8DCD > > Werner Koch (gnupg sig) > > This key is due to expire on 2002-12-29. > Do you want your signature to expire at the same time? (Y/n) > How carefully have you verified the key you are about to sign actually > belongs > to the person named above? If you don't know what to answer, enter "0". > > (0) I will not answer. (default) > (1) I have not checked at all. > (2) I have done casual checking. > (3) I have done very careful checking. > > Your selection? > Are you really sure that you want to sign this key > with your key: "Harry A. Sutton " > > The signature will be marked as non-exportable. > > Really sign? y > gpg: secret key parts are not available > gpg: signing failed: general error > > > > It's that "secret key parts are not available" thing that's throwing me. > Can anyone point me to a solution? > > Thanks, > > /Harry > > From farshadas@excite.com Sun Oct 6 00:40:03 2002 From: farshadas@excite.com (Farshad) Date: Sat Oct 5 23:40:03 2002 Subject: (no subject) Message-ID: <20021005214126.63242BF97@xmxpita.excite.com> Hello, Is there anything like PGP SDK for gpg? thanks, Farshad ------------------------------------------------ Changed your e-mail? Keep your contacts! Use this free e-mail change of address service from Return Path. Register now! From ingo.kloecker@epost.de Sun Oct 6 01:47:02 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Oct 6 00:47:02 2002 Subject: Is there anything like PGP SDK for gpg? In-Reply-To: <20021005214126.63242BF97@xmxpita.excite.com> References: <20021005214126.63242BF97@xmxpita.excite.com> Message-ID: <200210060024.50565@erwin.ingo-kloecker.de> --Boundary-02=_ya2n9s5GUz0bbU+ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Saturday 05 October 2002 23:41, Farshad wrote: > Is there anything like PGP SDK for gpg? Did you check out gpgme? You should find a link on www.gnupg.org. Regards, Ingo --Boundary-02=_ya2n9s5GUz0bbU+ Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9n2ayGnR+RTDgudgRArGcAJ49yEtAE5jJAImSeBCzBfrRIPZ1DQCg2Q3T FQMyEa5rZm+PFsBuUPv9v+M= =yfhl -----END PGP SIGNATURE----- --Boundary-02=_ya2n9s5GUz0bbU+-- From farshadas@excite.com Sun Oct 6 03:49:01 2002 From: farshadas@excite.com (Farshad) Date: Sun Oct 6 02:49:01 2002 Subject: GPGME Message-ID: <20021006004957.E576739DE@xprdmailfe27.nwk.excite.com> Hello, Thanks Ingo for directing me to GPGME. Unfortunately, I'm lost in the documentation of GPGME!!! In PGP SDK there are a couple of manuals that explain the APIs and provide some examples. What about GPGME? I did notice doc and tests folders but I cannot figure them out! - Where is the manual for GPGME APIs? - What about some simple examples? (e.g. for encrypting/signing a file and decrypting/verification? thanks a lot, Farshad ------------------------------------------------ Changed your e-mail? Keep your contacts! Use this free e-mail change of address service from Return Path. Register now! From jharris@widomaker.com Mon Oct 7 01:25:02 2002 From: jharris@widomaker.com (Jason Harris) Date: Mon Oct 7 00:25:02 2002 Subject: intermediate (2002-10-06) keyanalyze results Message-ID: <20021006222618.GB367@pm3-16.lft.widomaker.com> --bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable New intermediate keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2002-10-06/ Earlier intermediate reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9oLiGSypIl9OdoOMRAmElAJ45NnMQ6tA2LT0jo97X9OafZuK4vwCdGAj+ htF+YQUGVHBu2VHRplWz6LM= =R+KK -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE-- From skquinn@speakeasy.net Mon Oct 7 06:14:02 2002 From: skquinn@speakeasy.net (Shawn K. Quinn) Date: Mon Oct 7 05:14:02 2002 Subject: {www,ftp}.gnupg.org down?! Message-ID: <200210062214.05980.skquinn@speakeasy.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It seems to me that both www.gnupg.org and ftp.gnupg.org have been down=20 for at least the past few hours if not an entire day. Would anyone know=20 what the situation is? - --=20 Shawn K. Quinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9oPv8QVXDBVmaIp0RAo7OAKCFQ9w1nRmvg1EmyqpJzIJf8WfHfgCg0GPp bsrV2BM/QpZJDjixQ6MAfJA=3D =3DPCHS -----END PGP SIGNATURE----- From eleuteri@myrealbox.com Mon Oct 7 12:55:02 2002 From: eleuteri@myrealbox.com (=?Windows-1252?Q?David_Pic=F3n_=C1lvarez?=) Date: Mon Oct 7 11:55:02 2002 Subject: RSA sign and encrypt Message-ID: <000501c26de8$1c326460$c6a19fd4@enterprise> --QhLez1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Hello, I've upgraded my gpg version to 1.2. I'm using the official Windows binaries and I was trying to generate a key for a friend. I found out that ElGamal sign and encrypt is no longer available by default, but it is available with --expert. This brought to my attention that there is now the possibility of creating RSA sign and encrypt keys. Are these keys v3 keys? Is there something wrong with them? Are they secure and so on? Thanks for your time, and thanks to the developers for their continued contributions, --David. --QhLez1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPaFa2oVy4iYQ9LKqFAJAsQ/+MzVQC48pbW/7faCMqKqFHsGjU6WFjaQb TS7/giIcnDZro1DFrIt2LJA+u1gZQVXm2PNuGt+VRs/RUrhkL1CaYSCP/gPMYS9/ h1neXQj6JY7w9Xaem5aQGTKYrAM+rQbnMDIfzRBZdApfvM2PRTrzzQd0u9ytqZkg WcywTEaTJDoWS9CtTkp+ZHFBbjErOUvb20g5XyLaethpNetS7n2lx8bTdDx6NV06 qb2xvyWzR4EHCadP1PwMyiGgtREArQ+DxG+ZeGBbgYRubyiPDqfxgorAIfMxWymu hyWkqExPCjG5/h9+oIM1+AX0ka2P+nF9FOmRIEZT7M6qjNWvM5H/hErJCOW/GX33 ZC+UoJuq8rTgJbE8QsIUHrl8+QmtACJRetB+OJUg/eGNmnDw2JD/52Nar3oOPLm/ i3SsL3kZN8ygATmHocOQjV83nFHrAQYBu6/aZf9iGDJbN4umz9/SnbpJC1PvF5hF NV2xekAfeSIV8SXwQJUwHAlzaf/sfE7mVHzZ4zmkS8VQVAE90pIbdR1mvVZ++Rmu uN23pYg3zrqJhZ+pwUxYy4QymIcGQ6a8M92D2mWv/WKxG3uhxbcO/nU3OVYirei7 qNOXVOnrvWk/QShPO2MWlA+vQmXiFQoqKpqA0yiDgjox5MEVC5tiZS4YqZzbYgOv l5Hmz8DffGUQAIkClSqt0gx3eCn9v1jqX5vZsaZUSaF5+KWluxHiXekXd9k57zCv u1cFjROWimzCbf+toV7fJoNpSzogmualmaa+YLFIGXtFexVqMFOBfTEBC/hUyrJr M5kujyasIHZWUzDNrCVv+V0t0vNVqbm31uFHWdrfPafvX5c1LgPC49ZwgU+V6c0L /s5ZuAKh5uxvPwLR3PxkBN7V1uT9paYucCN1wWH5RVvIUgjqfemHDMhVteDnaKRw P52eTP4rReqnUQ+cBKd9lF9gGeGTS01/Inq21NLrP7pZBafpNmfgHmhiXb03jqgz rqc5K97IFtaT784oxB5vcDxZBFFv/zxgslwe3zKja2DwbxMrika6nEZ08OuCczXn U8DyEyMd7H1+Ts0QXiEP1whUTFuhMmMHaaLFBKwFGK/wopzfQWzRbLo4eZbUWbRX YtlsKZvD0LDN8Z+cHauikne4hLw/Pkp6eNgfyapLMSbZL82PJO3rlGZFMm0Y+eXy SWkmuooSdFOB6d8uV+B08ogHl+SfnC7NaIHNL8gibhaV5WHmXwGnRB/9PewnkHWn MdgEZmf7P1Ls8nPYit8BS3Zg0OKPcptz5se7evMipeNqJKqMEApm61lR9PFQavIO 0Et5/Q87DO5pdrLx038DQlvd/qDhJuyUPX0wSM6QsjB3y+gnB7jmCHMz =IK91 -----END PGP SIGNATURE----- --QhLez1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From dshaw@jabberwocky.com Mon Oct 7 13:37:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Oct 7 12:37:02 2002 Subject: RSA sign and encrypt In-Reply-To: <000501c26de8$1c326460$c6a19fd4@enterprise> References: <000501c26de8$1c326460$c6a19fd4@enterprise> Message-ID: <20021007103803.GB16374@akamai.com> On Mon, Oct 07, 2002 at 10:55:19AM +0100, David Pic=F3n =C1lvarez wrote: > Hello, >=20 > I've upgraded my gpg version to 1.2. I'm using the official Windows bin= aries > and I was trying to generate a key for a friend. I found out that ElGam= al > sign and encrypt is no longer available by default, but it is available > with --expert. This brought to my attention that there is now the > possibility of creating RSA sign and encrypt keys. Are these keys v3 ke= ys? > Is there something wrong with them? Are they secure and so on? These are v4 RSA keys. They do not have the problems that v3 keys have. The regular "RSA" that you see without --expert is v4 as well. The key you saw under --expert is a RSA sign+encrypt key (i.e. do both with one key). David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Mon Oct 7 14:13:01 2002 From: wk@gnupg.org (Werner Koch) Date: Mon Oct 7 13:13:01 2002 Subject: GPGME In-Reply-To: <20021006004957.E576739DE@xprdmailfe27.nwk.excite.com> ("Farshad"'s message of "Sat, 5 Oct 2002 20:49:57 -0400 (EDT)") References: <20021006004957.E576739DE@xprdmailfe27.nwk.excite.com> Message-ID: <87elb2v715.fsf@alberti.g10code.de> On Sat, 5 Oct 2002 20:49:57 -0400 (EDT), Farshad said: > - Where is the manual for GPGME APIs? Install it and type "info gpgme" or in the distribution "info -f doc/gpgme.info" > - What about some simple examples? (e.g. for encrypting/signing a file and decrypting/verification? There are a lot of examples under the tests directory - or get one of the applications using gpgme. If you need custom examples or more documentation, feel free to contact us at g10code.com. Salam-Shalom, Werner From gnupg@xonx.de Mon Oct 7 14:25:02 2002 From: gnupg@xonx.de (Fred Bowman) Date: Mon Oct 7 13:25:02 2002 Subject: gnupg.org up again - but buglist links to 404 References: <200210062214.05980.skquinn@speakeasy.net> Message-ID: <3DA16F94.3080808@xonx.de> Up again, isn't it? The buglist http://bugs.guug.de/cgi-bin/pkgreport.cgi?pkg=gnupg&archive=no links to 404. maybe OT, because the content is not hosted at gnupg.org, but linked. Greetz, Fred From pt@radvis.nu Mon Oct 7 19:38:02 2002 From: pt@radvis.nu (Per Tunedal) Date: Mon Oct 7 18:38:02 2002 Subject: Verify a signature on Windows98SE Message-ID: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> Hi, I have problems with verifying files with detached signatures on a computer with Windows98SE. It works OK on WindowsXP. gpg --verify filename.asc or gpgv filename.asc doesn't work. It gives an error message. When used on a computer with WindowsXP the file "filename" is checked against the signature in the file filename.asc Maybe it has something to do with MS-DOS filenames in Windows 98? Per Tunedal From pt@radvis.nu Mon Oct 7 19:38:09 2002 From: pt@radvis.nu (Per Tunedal) Date: Mon Oct 7 18:38:09 2002 Subject: Create keyring-file for GPGV Message-ID: <5.1.0.14.2.20021007183418.00c4a918@localhost> Hi, I would like to suggest some improvements for GPGV: - an option to create a trustedkeys.gpg keyring in the home directory. - an option to import keys from a file to the trustedkeys.gpg keyring. Then it would be easy to export trusted public keys from the GPG keyring to a file, and then import them for use with GPGV. Per Tunedal From wk@gnupg.org Mon Oct 7 21:33:02 2002 From: wk@gnupg.org (Werner Koch) Date: Mon Oct 7 20:33:02 2002 Subject: Verify a signature on Windows98SE In-Reply-To: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> (Per Tunedal's message of "Mon, 07 Oct 2002 18:39:11 +0200") References: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> Message-ID: <873crit83g.fsf@alberti.g10code.de> On Mon, 07 Oct 2002 18:39:11 +0200, Per Tunedal said: > gpg --verify filename.asc or gpgv filename.asc doesn't work. It gives > an error message. Well, what error message? We need a somewhat more detailed bug report to analyze your problem. Please show use the output of "gpg --version" too. Shalom-Salam, Werner From ARustad@Online-can.com Tue Oct 8 18:24:01 2002 From: ARustad@Online-can.com (Rustad, Aaron) Date: Tue Oct 8 17:24:01 2002 Subject: Determining the type of file. Message-ID: <35199F5CEFCED311B69A009027DCD2550156E31F@cgyexchange.online-can.com> Since both encrypted files and signed files have the same extension ( *.gpg), how is one to tell what each file is. Is there a flag/option that checks the status of a gpg file? Thanks for your help. Aaron. From t.bandh@gmx.de Tue Oct 8 19:20:02 2002 From: t.bandh@gmx.de (Tobias Bandh) Date: Tue Oct 8 18:20:02 2002 Subject: Using keys in Windows ans Linux Message-ID: <3DA30646.2000607@gmx.de> Hi, I'm currently using Gnupg running on a Windows PC. Now I'd like to use my keys on my Linux notebook. How can I import my secret keys to GnuPG in Linux??? thanks a lot Tobias From pt@radvis.nu Tue Oct 8 19:22:02 2002 From: pt@radvis.nu (Per Tunedal) Date: Tue Oct 8 18:22:02 2002 Subject: Verify a signature on Windows98SE In-Reply-To: <873crit83g.fsf@alberti.g10code.de> References: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> Message-ID: <5.1.0.14.2.20021008181630.00be6a80@localhost> At 20:30 2002-10-07 +0200, you wrote: >On Mon, 07 Oct 2002 18:39:11 +0200, Per Tunedal said: > >> gpg --verify filename.asc or gpgv filename.asc doesn't work. It gives >> an error message. > >Well, what error message? We need a somewhat more detailed bug report >to analyze your problem. Please show use the output of "gpg >--version" too. > > >Shalom-Salam, > > Werner Hi, 1) version: 1.2.0 2) it is a DOS-problem! I made a bat-file in WindowsXP and made a shortcut= =20 in the folder "SEND TO". Thus I could easily check signatures from Windows= =20 Explorer by right-clicking and chosing send-to the bat-file. It worked as=20 expected in WindowsXP, but not in Windows98. 3) Content of bat-file: gpgv %1 pause 4) Error message: gpgv: no signed data gpgv: can't hash datafile: fel vid =F6ppnande av fil (=3Derror on opening of= file) 5) Yes, I know GPG is Win32 and not DOS! Maybe there is a workaround= solution? Per From sbutler@fchn.com Tue Oct 8 19:55:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Tue Oct 8 18:55:02 2002 Subject: Using keys in Windows ans Linux Message-ID: <9A86613AB85FF346BB1321840DB42B4BDF2E1D@jupiter.fchn.com> export both your public and secret keys (perhaps in two passes) On windows: gpg --output my_public.key --export my-key-id gpg --output my_secret.key --export-secret-key my-key-id On Linux (after gpg all set up): gpg --allow-secret-key-import --import my_*.key Note: Not sure which version of GnuPG you have. My man pages state: --allow-secret-key-import This is an obsolete option and is not used anywhere. Be sure you use BINARY when you ftp the files from Windows to Linux. --Steve Butler Oracle Administrator First Choice Health Network -----Original Message----- From: Tobias Bandh [mailto:t.bandh@gmx.de] Sent: Tuesday, October 08, 2002 9:23 AM To: gnupg-users@gnupg.org Subject: Using keys in Windows ans Linux Hi, I'm currently using Gnupg running on a Windows PC. Now I'd like to use my keys on my Linux notebook. How can I import my secret keys to GnuPG in Linux??? thanks a lot Tobias _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From newton@hammet.net Tue Oct 8 20:50:02 2002 From: newton@hammet.net (Newton Hammet) Date: Tue Oct 8 19:50:02 2002 Subject: RH8.0 does it include gnupg1.0.7? References: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> Message-ID: <3DA32945.161E3A1A@hammet.net> Hello All, I know I should read the FM, but I am testing my new email settup since having fired yahoo from being my mailbox. Regards, Newton From Todd Tue Oct 8 21:06:03 2002 From: Todd (Todd) Date: Tue Oct 8 20:06:03 2002 Subject: RH8.0 does it include gnupg1.0.7? In-Reply-To: <3DA32945.161E3A1A@hammet.net> References: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> <3DA32945.161E3A1A@hammet.net> Message-ID: <20021008180647.GT1223@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, RH 8.0 includes gnupg 1.0.7 - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.talos4.net/~tmz/pgp ============================================================================ Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs. -- P.J. O'Rourke -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE9ox63uv+09NZUB1oRAmrpAJ94Pkl1tzdkIp2sX8yOboyJGzF1cgCeJpD7 jm6zXMJuqLe3yNXB9rwxy2I= =iJfz -----END PGP SIGNATURE----- From pt@radvis.nu Tue Oct 8 21:17:02 2002 From: pt@radvis.nu (Per Tunedal) Date: Tue Oct 8 20:17:02 2002 Subject: SV: Verify a signature on Windows98SE In-Reply-To: References: <5.1.0.14.2.20021008181630.00be6a80@localhost> Message-ID: <5.1.0.14.2.20021008200233.00be67f0@localhost> Hi, I prefer to use software with available source code, if possible. And the=20 maker of GPG-shell will neither publish the code, nor let me use the=20 program freely. It's not under the GNU-license. But it seems to work= alright. Per Tunedal At 18:40 2002-10-08 +0200, you wrote: >This mail was signed (Inlined PGP-Message). > >,-----GnuPG output follows (current time: Tue, Oct 08 2002 - 19:55:22)-- >| >| Signature made 10/08/02 18:40:24 using DSA key ID C08CC46D >| Can't check signature: public key not found >| >`----------------------------------------------------BEGIN PGP SIGNED >MESSAGE----- >Hash: SHA1 > >Why not use GPG-shell with file assosiation? > >- -----Opprinnelig melding----- >Fra: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]P=E5 >vegne av Per Tunedal >Sendt: 8. oktober 2002 18:23 >Til: GPG Users >Emne: Re: Verify a signature on Windows98SE > > >At 20:30 2002-10-07 +0200, you wrote: > >On Mon, 07 Oct 2002 18:39:11 +0200, Per Tunedal said: > > > >> gpg --verify filename.asc or gpgv filename.asc doesn't work. It >gives > >> an error message. > > > >Well, what error message? We need a somewhat more detailed bug report > >to analyze your problem. Please show use the output of "gpg > >--version" too. > > > > > >Shalom-Salam, > > > > Werner >Hi, >1) version: 1.2.0 >2) it is a DOS-problem! I made a bat-file in WindowsXP and made a >shortcut >in the folder "SEND TO". Thus I could easily check signatures from >Windows >Explorer by right-clicking and chosing send-to the bat-file. It worked >as >expected in WindowsXP, but not in Windows98. >3) Content of bat-file: >gpgv %1 >pause >4) Error message: >gpgv: no signed data >gpgv: can't hash datafile: fel vid =F6ppnande av fil (=3Derror on opening= of >file) >5) Yes, I know GPG is Win32 and not DOS! Maybe there is a workaround >solution? >Per > > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.0-nr2 (Windows XP) - GPGshell v2.60 > >iD8DBQE9owp4n1hjZcCMxG0RAmI0AJ9ryR/fij4gDmsgsRKxdXGL2JHZMwCdF/VG >mgPEGx5yFI2JytuYYS2IORI=3D >=3DYvaH >-----END PGP SIGNATURE----- > >__________________________________________________ > >Do you Yahoo!? > >Faith Hill - Exclusive Performances, Videos & More > >http://faith.yahoo.com From farshadas@excite.com Thu Oct 10 09:54:05 2002 From: farshadas@excite.com (Farshad) Date: Thu Oct 10 08:54:05 2002 Subject: gpgme sample Message-ID: <20021009001712.D543E3D0D@xmxpita.excite.com> Hello, GPGME examples in GPGME tests folder do not have any kind of readmes or comments on the code! (or maybe I code not find them). Anyway, I wonder if anybody has some simple examples for using gpgme (for example a program that takes a file and en/de-crypts it). thanks, Farshad ------------------------------------------------ Join Excite! - http://www.excite.com The most personalized portal on the Web! From jbwiebe@cnx.net Thu Oct 10 09:54:12 2002 From: jbwiebe@cnx.net (jbwiebe@cnx.net) Date: Thu Oct 10 08:54:12 2002 Subject: Verify a signature on Windows98SE In-Reply-To: <5.1.0.14.2.20021008181630.00be6a80@localhost> References: <873crit83g.fsf@alberti.g10code.de> Message-ID: <3DA31903.3036.20091A7@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Verily, on 8 October, 2002, a scroll of the prophet Per Tunedal arrived, saying, > Hi, > 1) version: 1.2.0 > 2) it is a DOS-problem! I made a bat-file in WindowsXP and made a > shortcut in the folder "SEND TO". Thus I could easily check > signatures from Windows Explorer by right-clicking and chosing > send-to the bat-file. It worked as expected in WindowsXP, but not in > Windows98. > 3) Content of bat-file: > gpgv %1 > pause Try gpgv "%1" Quotation marks are often necessary in Win9x to pass long file names as parameters. Regards, Jonathan B. Wiebe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) iD8DBQE9o3foHjG5JBuJlTURAnJzAJ0d0pqeamInPlgw14WLz9Wz4M0nbwCgj6V+ jPpVaNEkWSmj+g8W1HOFCeg= =xIx7 -----END PGP SIGNATURE----- Jonathan & Shandra Wiebe From burns@runbox.com Thu Oct 10 09:54:28 2002 From: burns@runbox.com (R Burns) Date: Thu Oct 10 08:54:28 2002 Subject: RH8.0 does it include gnupg1.0.7? In-Reply-To: <20021008180647.GT1223@psilocybe.teonanacatl.org> References: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> <3DA32945.161E3A1A@hammet.net> <20021008180647.GT1223@psilocybe.teonanacatl.org> Message-ID: <200210082228.34833.burns@runbox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Why not just go right to version 1.2.0?=0D =0D The tarball worked without a hitch for me (with Red Hat 7.3.)=0D =0D All the best,=0D Randy=0D =0D =0D [START README FILE HERE]=0D =0D GnuPG - The GNU Privacy Guard =0D - ------------------------------- =0D Version 1.2=0D =0D Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.=0D =0D This file is free software; as a special exception the author gives =0D unlimited permission to copy and/or distribute it, with or without =0D modifications, as long as this notice is preserved.=0D =0D This file is distributed in the hope that it will be useful, but WITHOUT = =0D ANY WARRANTY, to the extent permitted by law; without even the implied =0D warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.=0D =0D Intro =0D - -----=0D =0D GnuPG is GNU's tool for secure communication and data storage. It can be = =0D used to encrypt data and to create digital signatures. It includes an =0D advanced key management facility and is compliant with the proposed =0D OpenPGP Internet standard as described in RFC2440.=0D =0D GnuPG works best on GNU/Linux or *BSD systems. Most other Unices are also= =0D supported but are not as well tested as the Free Unices. See =0D http://www.gnupg.org/gnupg.html#supsys for a list of systems which are =0D known to work.=0D =0D See the file COPYING for copyright and warranty information.=0D =0D Because GnuPG does not use use any patented algorithm it cannot be =0D compatible with PGP2 versions. PGP 2.x uses IDEA (which is patented =0D worldwide).=0D =0D The default algorithms are DSA and ElGamal. ElGamal for signing is still = =0D available, but because of the larger size of such signatures it is =0D deprecated (Please note that the GnuPG implementation of ElGamal =0D signatures is *not* insecure). Symmetric algorithms are: AES, 3DES, =0D Blowfish, CAST5 and Twofish Digest algorithms available are MD5, RIPEMD16= 0 =0D and SHA1.=0D =0D Installation =0D - ------------ =0D Please read the file INSTALL and the sections in =0D this file related to the installation. Here is a quick summary:=0D =0D 1) Check that you have unmodified sources. The below on how to do this. =0D Don't skip it - this is an important step!=0D =0D 2) Unpack the TAR. With GNU tar you can do it this way: "tar xzvf =0D gnupg-x.y.z.tar.gz"=0D =0D 3) "cd gnupg-x.y.z"=0D =0D 4) "./configure"=0D =0D 5) "make"=0D =0D 6) "make install"=0D =0D 7) You end up with a "gpg" binary in /usr/local/bin.=0D =0D 8) To avoid swapping out of sensitive data, you can install "gpg" as suid= =0D root. If you don't do so, you may want to add the option =0D "no-secmem-warning" to ~/.gnupg/gpg.conf=0D =0D [SNIP README FILE HERE]=0D =0D =0D =0D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Keys- http://www.geocities.com/burns98/rb_pub_keys.txt iD8DBQE9o6DYhNLaTSzsrh8RA140AJ90ExijvCtPsz1uUVLhi7wAsmCYZQCeOry+ 0lcIjpeXdJuZmynzKFQnKsc=3D =3DpN/I -----END PGP SIGNATURE----- From Vit Sykacek" Hello, I'm using gpgme to use some functions of gpg in my code. All other functions are working good, but deleting of key doesn't work. It returns gpgme_no_error, but key stays in keyring. Here's line of my code: err = gpgme_op_delete(ctx, key, 1); Context and key are not null. Does anyone know, where is the prob ? Vit From hans@lugsp.at Thu Oct 10 09:55:01 2002 From: hans@lugsp.at (Hans Klonner) Date: Thu Oct 10 08:55:01 2002 Subject: Delete a key in win98 Message-ID: <3DA48579.40408@lugsp.at> Hi all! I have a serious problem in using GnuPG. I deleted the first key I created on the win98 box by deleting the folder \windows\anwenderdaten\gnugp\ (secring, pubring, options,), for the key was too complicated (Now I know it's a serious mistake). I created a new key-pair . Now I can encrypt everything, but when I try do decryt an error message appears: "No secret key". And above apears the very first key I created, but don't want to use. I tried the item "default key" -to use the new key-pair. No success. I tried to re-install the program an deleting every registry key containing "gpg and gnupg and the number of the key" with no success. Can smb. be so kind to tell me where win98 stores the secret-key entrys ? I suppose it's hidden in the registry. Hans Klonner From farshadas@excite.com Thu Oct 10 09:55:12 2002 From: farshadas@excite.com (Farshad) Date: Thu Oct 10 08:55:12 2002 Subject: FW: gpgme sample Message-ID: <20021009225037.812883E0D@xmxpita.excite.com> Hello, GPGME examples in GPGME tests folder do not have any kind of readmes or comments on the sample codes! (or maybe I code not find them). Anyway, I wonder if anybody has some simple examples for using gpgme. (for example a program that takes a file and en/de-crypts it.) thanks, Farshad ------------------------------------------------ Join Excite! - http://www.excite.com The most personalized portal on the Web! From farshadas@excite.com Thu Oct 10 09:55:17 2002 From: farshadas@excite.com (Farshad) Date: Thu Oct 10 08:55:17 2002 Subject: signing problem Message-ID: <20021010005012.18F803E0D@xmxpita.excite.com> --EXCITEBOUNDARY_000__788f50c70485cfda2c7aaf2446bcba92 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello, When I run t-sign program from tests/gpg with a user account, I get the following error message: "t-sign.c:127: GpgmeError No Data" That is, everything is fine up to: err = gpgme_op_sign (ctx, in, out, GPGME_SIG_MODE_NORMAL ); It works very fine if I run is as the 'root' user! The access privilages are fine under gpgme-0.3.11, where should I set other access rights for gpg...? thanks, Farshad ------------------------------------------------ Join Excite! - http://www.excite.com The most personalized portal on the Web! --EXCITEBOUNDARY_000__788f50c70485cfda2c7aaf2446bcba92 Content-Type: message/rfc822; name=""; Content-Description: Return-Path: Delivered-To: farshadas@xprdmailbe.nwk.excite.com Received: (qmail 15571 invoked from network); 7 Oct 2002 11:13:55 -0000 Received: from unknown (HELO xprdmx17.nwk.excite.com) ([10.50.30.93]) (envelope-sender ) by 0 (qmail-ldap-1.03) with SMTP for ; 7 Oct 2002 11:13:55 -0000 Received: by xprdmx17.nwk.excite.com (Postfix) id A4B4D18026; Mon, 7 Oct 2002 07:13:54 -0400 (EDT) Delivered-To: farshadas@excite.com Received: from porta.u64.de (porta.u64.de [194.77.88.106]) by xprdmx17.nwk.excite.com (Postfix) with ESMTP id 0830D18011 for ; Mon, 7 Oct 2002 07:13:54 -0400 (EDT) Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.32 #1 (Debian)) id 17yXAz-0006E1-00; Mon, 07 Oct 2002 14:39:57 +0200 Received: from wk by alberti.g10code.de with local (Exim 3.35 #1 (Debian)) id 17yVmQ-0002Ic-00; Mon, 07 Oct 2002 13:10:30 +0200 To: farshadas@excite.com Cc: gnupg-users@gnupg.org Subject: Re: GPGME References: <20021006004957.E576739DE@xprdmailfe27.nwk.excite.com> From: Werner Koch Organisation: g10 Code GmbH X-Request-PGP: finger://wk@g10code.com X-PGP-KeyID: 621CC013 X-FSFE-Info: http://fsfeurope.org Mail-Followup-To: farshadas@excite.com, gnupg-users@gnupg.org Date: Mon, 07 Oct 2002 13:10:30 +0200 In-Reply-To: <20021006004957.E576739DE@xprdmailfe27.nwk.excite.com> ("Farshad"'s message of "Sat, 5 Oct 2002 20:49:57 -0400 (EDT)") Message-ID: <87elb2v715.fsf@alberti.g10code.de> User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii On Sat, 5 Oct 2002 20:49:57 -0400 (EDT), Farshad said: > - Where is the manual for GPGME APIs? Install it and type "info gpgme" or in the distribution "info -f doc/gpgme.info" > - What about some simple examples? (e.g. for encrypting/signing a file and decrypting/verification? There are a lot of examples under the tests directory - or get one of the applications using gpgme. If you need custom examples or more documentation, feel free to contact us at g10code.com. Salam-Shalom, Werner --EXCITEBOUNDARY_000__788f50c70485cfda2c7aaf2446bcba92-- From reg@dwf.com Thu Oct 10 09:55:21 2002 From: reg@dwf.com (Reg Clemens) Date: Thu Oct 10 08:55:21 2002 Subject: Anyone having problems with RedHat up2date and gpg 1.2.0? Message-ID: <200210100914.g9A9Ew6N015374@orion.dwf.com> Ive been using RedHat's up2date to keep my system up to date with respect to bugs and security problems. I just tried it tonight, and Im getting an error popup that says that it cant find GPG, even though 'where' finds it ok. My only thought is that I recently updated from 1.0.6 to 1.2.0. Putting symbolic links in all the reasonable places doesnt help. Anyone else see this problem???? -- Reg.Clemens reg@dwf.com From newton@hammet.net Thu Oct 10 09:55:25 2002 From: newton@hammet.net (Newton Hammet) Date: Thu Oct 10 08:55:25 2002 Subject: MUA's that support gnuPG References: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> <3DA32945.161E3A1A@hammet.net> <20021008180647.GT1223@psilocybe.teonanacatl.org> Message-ID: <3DA50076.775A428F@hammet.net> Hello All, I have download and configure and made and installed sylpheed nice little mailer but doesn't support gnupg (as yet, apparently). I searched through all my past messages from this mailgroup and it says that netscape7.0 supports openGPG (or whatever it is called). but I can't get that stuff to work. (I have gnupg.1.0.7 rpm installed on my RH7.3 box) Also some other confusing stuff ... apparently my Mozilla icon now points to all my netscape7.0 configure files (don't know how that happened, but that is another story.). So there seems to some missing pieces... I have my public key all installed on my keyring in it's default location: /home/nhammet/.gnupg/pubring.gpg and of course my secret keyring (for decryption and signing). /home/nhammet/.gnupg/secring.gpg maybe I need some more sessions of RTFM for awhile to see where the missing pieces are. Hopefully gnupg's nameservers will be updated soon to point my newton@hammet.net email addy to my ISP. (I changed it over from yahoo! about 36 hours ago.) So hopefully this msg will post correctly and I will see it. Regards, Newton From newton@hammet.net Thu Oct 10 09:55:32 2002 From: newton@hammet.net (Newton Hammet) Date: Thu Oct 10 08:55:32 2002 Subject: Chosen CipherText Vulnerability Message-ID: <3DA52694.20D75579@hammet.net> Hello All, I am still struggling with the paper co-authored by Bruce Schneier, among others, of "Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG. I have concluded that a key part of the vulnerability lies in the recipient being snookered into sending back to "Mallory" the garbled decrypted text as a quote. If one never sends back the decrypted text but a secure-hash of the decrypted text instead wouldn't this defeat this type of attack? I propose the following rules to increase security when using GnuPG: 1. Never send back a decryption of anything to anybody, esp. if it is tied back to a specific ciphertext. 2. Always have 2 different public keys one for signing and one for encrpytion. (and never swap their roles) 3. Never sign messages, only secure hashes of messages. (I think GnuPG does this by default). Would appreciate some discussion of this, or, opinions, on whether or not my proposals are sound. Regards, Newton From graham.wildridge@bt.com Thu Oct 10 11:45:02 2002 From: graham.wildridge@bt.com (graham.wildridge@bt.com) Date: Thu Oct 10 10:45:02 2002 Subject: GnuPG FAQ 4.14 automated environment Message-ID: <491EE9408F57D211946E0000F8FA61900CCAABD9@mrylcrnt02.nat.bt.com> Dear All I followed the instructions in FAQ 4.14 to get automatic signing. I managed to remove the passphrase alright, but only by changing the name of secring.auto to secring.gpg in the test directory. It is the part about installing secring.auto as the secret keyring on the target machine that is failing me. I thought that all I would have to do would be to copy the keyrings into the appropriate directory on the target machine. I do this then try and sign but I get the following error messages gpg: secret key parts are not available gpg: no default secret key: general error gpg: test.txt: clearsign failed: general error Can someone please provide me the detailed instructions that I need to get it to work. Thank you ! Regards Graham Wildridge Remedy ARS Development BT Computing Partners Tel: 020 8633 2265 graham.wildridge@bt.com From sutton@attbi.com Thu Oct 10 11:58:02 2002 From: sutton@attbi.com (Harry A. Sutton) Date: Thu Oct 10 10:58:02 2002 Subject: Anyone having problems with RedHat up2date and gpg 1.2.0? In-Reply-To: <200210100914.g9A9Ew6N015374@orion.dwf.com> References: <200210100914.g9A9Ew6N015374@orion.dwf.com> Message-ID: <1034240298.1429.91.camel@toby.thesuttons.org> I had a similar problem; I had tried upgrading to 1.2.0 when I found my signing and encryption wasn't working, but up2date complained afterwards. I even tried building an RPM package from the tarball source, but it wouldn't build correctly. I'm still stuck without a working GnuPG right now :-( /Harry On Thu, 2002-10-10 at 05:14, Reg Clemens wrote: > Ive been using RedHat's up2date to keep my system up to date > with respect to bugs and security problems. > > I just tried it tonight, and Im getting an error popup > that says that it cant find GPG, even though 'where' finds > it ok. > > My only thought is that I recently updated from 1.0.6 to 1.2.0. > > Putting symbolic links in all the reasonable places doesnt help. > > Anyone else see this problem???? > > -- > Reg.Clemens > reg@dwf.com > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From graham.todd@ntlworld.com Thu Oct 10 12:09:02 2002 From: graham.todd@ntlworld.com (Graham) Date: Thu Oct 10 11:09:02 2002 Subject: MUA's that support gnuPG In-Reply-To: <3DA50076.775A428F@hammet.net> References: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> <20021008180647.GT1223@psilocybe.teonanacatl.org> <3DA50076.775A428F@hammet.net> Message-ID: <200210101016.58989.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 10 Oct 2002 5:22 am, Newton Hammet wrote: > Hello All, > > I have download and configure and made and installed sylpheed nice > little > mailer but doesn't support gnupg (as yet, apparently). You have to install GPGME and when you compile the latest version of=20 sylpheed, you use the switch =2E/configure --enable-gpgme which will bring the options to use GPG with Slpheed. > > I searched through all my past messages from this mailgroup and it > says > that netscape7.0 supports openGPG (or whatever it is called). but I > can't get > that stuff to work. > > (I have gnupg.1.0.7 rpm installed on my RH7.3 box) Install Enigmail from http://enigmail.mozdev.org and then it will work. - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9pUWIIwtBZOk1250RAokGAJ9y0RdHGx/jubjE0mOeVhC5X0yMugCg9oAA Nk+EgRx9B+BbgTApt4aA/ac=3D =3DIrjZ -----END PGP SIGNATURE----- From agreene@pobox.com Thu Oct 10 12:18:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Thu Oct 10 11:18:02 2002 Subject: GnuPG FAQ 4.14 automated environment In-Reply-To: <"from graham.wildridge"@bt.com> References: <491EE9408F57D211946E0000F8FA61900CCAABD9@mrylcrnt02.nat.bt.com> Message-ID: <20021010051832.A11005@cp5340.hyatsv01.md.comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09-Oct-2002/17:41 +0100, graham.wildridge@bt.com wrote: >I followed the instructions in FAQ 4.14 to get automatic signing. > >I managed to remove the passphrase alright, but only by changing the name of >secring.auto to secring.gpg in the test directory. > >It is the part about installing secring.auto as the secret keyring on the >target machine that is failing me. I thought that all I would have to do >would be to copy the keyrings into the appropriate directory on the target >machine. > >I do this then try and sign but I get the following error messages > >gpg: secret key parts are not available >gpg: no default secret key: general error >gpg: test.txt: clearsign failed: general error > >Can someone please provide me the detailed instructions that I need to get >it to work. Did you use the --homedir option on the command line? - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Messenger: TonyG05 HomePage: Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9pUXmpCpg3WyUI50RAhogAJ4hZ4TuqmXiWjnIT8p0vcs8jp9JYwCfbvbr YcvFrV6uiFbAc8GYRM1tcvg= =W5n0 -----END PGP SIGNATURE----- From graham.wildridge@bt.com Thu Oct 10 14:37:02 2002 From: graham.wildridge@bt.com (graham.wildridge@bt.com) Date: Thu Oct 10 13:37:02 2002 Subject: GnuPG FAQ 4.14 automated environment Message-ID: <491EE9408F57D211946E0000F8FA61900CCAABDB@mrylcrnt02.nat.bt.com> Dear All I followed the instructions in FAQ 4.14 to get automatic signing. I managed to remove the passphrase alright, but only by changing the name of secring.auto to secring.gpg in the test directory. It is the part about installing secring.auto as the secret keyring on the target machine that is failing me. I thought that all I would have to do would be to copy the keyrings into the appropriate directory on the target machine. I do this then try and sign but I get the following error messages gpg: secret key parts are not available gpg: no default secret key: general error gpg: test.txt: clearsign failed: general error Can someone please provide me the detailed instructions that I need to get it to work. Thank you ! Regards Graham Wildridge Remedy ARS Development BT Computing Partners Tel: 020 8633 2265 graham.wildridge@bt.com From graham.wildridge@bt.com Thu Oct 10 14:45:02 2002 From: graham.wildridge@bt.com (graham.wildridge@bt.com) Date: Thu Oct 10 13:45:02 2002 Subject: GnuPG FAQ 4.14 automated environment Message-ID: <491EE9408F57D211946E0000F8FA61900CCAABDD@mrylcrnt02.nat.bt.com> Dear All I followed the instructions in FAQ 4.14 to get automatic signing. I managed to remove the passphrase alright, but only by changing the name of secring.auto to secring.gpg in the test directory. It is the part about installing secring.auto as the secret keyring on the target machine that is failing me. I thought that all I would have to do would be to copy the keyrings into the appropriate directory on the target machine. I do this then try and sign but I get the following error messages gpg: secret key parts are not available gpg: no default secret key: general error gpg: test.txt: clearsign failed: general error Can someone please provide me the detailed instructions that I need to get it to work. Thank you ! Regards Graham Wildridge Remedy ARS Development BT Computing Partners Tel: 020 8633 2265 graham.wildridge@bt.com From twoaday@freakmail.de Thu Oct 10 14:51:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Thu Oct 10 13:51:02 2002 Subject: GnuPG FAQ 4.14 automated environment In-Reply-To: <491EE9408F57D211946E0000F8FA61900CCAABDD@mrylcrnt02.nat.bt.com> References: <491EE9408F57D211946E0000F8FA61900CCAABDD@mrylcrnt02.nat.bt.com> Message-ID: <20021010115349.GA6956@daredevil.joesixpack.net> On Thu Oct 10 2002; 12:45, graham.wildridge@bt.com wrote: > I do this then try and sign but I get the following error messages If you export only the secret subkeys, which means you don't have a primary key, you cannot sign something until you add a '!' to the keyid which forces GPG to use a this key (the subkey) for signing. > gpg: secret key parts are not available > gpg: no default secret key: general error > gpg: test.txt: clearsign failed: general error See above. Timo From heiko.teichmeier@sw-meerane.de Thu Oct 10 15:34:02 2002 From: heiko.teichmeier@sw-meerane.de (Heiko Teichmeier) Date: Thu Oct 10 14:34:02 2002 Subject: message was not integrity protected Message-ID: <01C27069.B035FB80.heiko.teichmeier@sw-meerane.de> Hi list, I use gpg 1.1.91-nr1 with GnuPP 1.1. If I get a encrypted mail from a = user=20 with PGP 7.x. I can decrypt the message, but the I get the message=20 "Warning: messsage was not integrity protected". How dangerous is this problem to trust the mail? What way exist to get a = clean message - no failure? Thanks for your help Mit freundlichen Gr=FC=DFen Stadtwerke Meerane GmbH Teichmeier Netzmeister NB Elt Tel.: (03764)7917-20 Fax: (03764)7917-21 heiko.teichmeier@sw-meerane.de PS: immer aktuell im Internet www.sw-meerane.de From newton@hammet.net Thu Oct 10 17:55:02 2002 From: newton@hammet.net (Newton Hammet) Date: Thu Oct 10 16:55:02 2002 Subject: Chosen CipherText Vulnerability Message-ID: <3DA5A347.5606369A@hammet.net> Hello All, I am still struggling with the paper co-authored by Bruce Schneier, among others, of "Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG. I have concluded that a key part of the vulnerability lies in the recipient being snookered into sending back to "Mallory" the garbled decrypted text as a quote. If one never sends back the decrypted text but a secure-hash of the decrypted text instead wouldn't this defeat this type of attack? I propose the following rules to increase security when using GnuPG: 1. Never send back a decryption of anything to anybody, esp. if it is tied back to a specific ciphertext. 2. Always have 2 different public keys one for signing and one for encrpytion. (and never swap their roles) 3. Never sign messages, only secure hashes of messages. (I think GnuPG does this by default). Wondering if anyone has some thoughts on this, or opinions, on whether or not these proposals are sound. Regards, Newton From haller@fmi.uni-passau.de Thu Oct 10 18:24:02 2002 From: haller@fmi.uni-passau.de (Michael Haller) Date: Thu Oct 10 17:24:02 2002 Subject: Compiling problems on HP-UX 10.20 Message-ID: <20021010151002.GA6542@fmi.uni-passau.de> Hello! I'm trying to compile GnuPG 1.2 on HP-UX 10.20 (PA-RISC) without success. I configured with "--disable-asm --disable-nls --enable-static-rnd=egd" and everything was fine. But make raises the following errors: Making all in mpi make[2]: Entering directory `/temp/gnupg-1.2.0/mpi' source='mpi-pow.c' object='mpi-pow.o' libtool=no \ depfile='.deps/mpi-pow.Po' tmpdepfile='.deps/mpi-pow.TPo' \ depmode=gcc3 /bin/sh ../scripts/depcomp \ gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c `test -f 'mpi-pow.c' || echo './'`mpi-pow.c cc1: warning: -g is only supported when using GAS on this processor, cc1: warning: -g option disabled /var/tmp//ccBsDG7c.s: Assembler messages: /var/tmp//ccBsDG7c.s:346: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:347: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:348: Warning: rest of line ignored; first ignored character is `1' /var/tmp//ccBsDG7c.s:349: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:350: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:351: Warning: rest of line ignored; first ignored character is `8' /var/tmp//ccBsDG7c.s:352: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:353: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:354: Warning: rest of line ignored; first ignored character is `4' /var/tmp//ccBsDG7c.s:355: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:356: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:357: Warning: rest of line ignored; first ignored character is `2' /var/tmp//ccBsDG7c.s:358: Warning: rest of line ignored; first ignored character is `%' /var/tmp//ccBsDG7c.s:359: Warning: rest of line ignored; first ignored character is `%' /var/tmp//ccBsDG7c.s:437: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:437: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:438: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:438: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:439: Error: symbol `ldo' is already defined /var/tmp//ccBsDG7c.s:439: Warning: rest of line ignored; first ignored character is `1' /var/tmp//ccBsDG7c.s:440: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:440: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:441: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:441: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:442: Error: symbol `ldo' is already defined /var/tmp//ccBsDG7c.s:442: Warning: rest of line ignored; first ignored character is `8' /var/tmp//ccBsDG7c.s:443: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:443: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:444: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:444: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:445: Error: symbol `ldo' is already defined /var/tmp//ccBsDG7c.s:445: Warning: rest of line ignored; first ignored character is `4' /var/tmp//ccBsDG7c.s:446: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:446: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:447: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:447: Warning: rest of line ignored; first ignored character is `,' /var/tmp//ccBsDG7c.s:448: Error: symbol `ldo' is already defined /var/tmp//ccBsDG7c.s:448: Warning: rest of line ignored; first ignored character is `2' /var/tmp//ccBsDG7c.s:449: Error: symbol `extru' is already defined /var/tmp//ccBsDG7c.s:449: Warning: rest of line ignored; first ignored character is `%' /var/tmp//ccBsDG7c.s:450: Error: symbol `sub' is already defined /var/tmp//ccBsDG7c.s:450: Warning: rest of line ignored; first ignored character is `%' make[2]: *** [mpi-pow.o] Error 1 make[2]: Leaving directory `/temp/gnupg-1.2.0/mpi' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/temp/gnupg-1.2.0' make: *** [all] Error 2 I'm using GCC 3.2, GNU Make 3.79.1 and GNU as 2.12.91. Any suggestions are appreciated. Thanks, Michael From tatyanasutina@discoverfinancial.com Thu Oct 10 19:19:02 2002 From: tatyanasutina@discoverfinancial.com (tatyanasutina@discoverfinancial.com) Date: Thu Oct 10 18:19:02 2002 Subject: make issues Message-ID: Hello everyone, I need somebody's help. I am trying to install gnupg on AIX 4.3.3 and I am getting an error in "make" step. First, I ran configuration command with the following options: configure --enable-static-rnd=unix --prefix=/u/ipp0etl/tatyana . Make failed with the following errors cc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -DIS_MODULE -o rndlinux ./rndlinux.c ld: 0711-317 ERROR: Undefined symbol: .main ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. make: 1254-004 The error code from the last command is 8. Second time, I ran configuration like that configure --enable-static-rnd=unix --disable-dynload --prefix=/u/ipp0etl/tatyana and make failed with following: gpg: out of memory while allocating 0 bytes make: 1254-004 The error code from the last command is 2. Thanks. Tatyana. From farshadas@excite.com Thu Oct 10 20:01:02 2002 From: farshadas@excite.com (Farshad) Date: Thu Oct 10 19:01:02 2002 Subject: Anyone having problems with RedHat up2date and gpg 1.2.0? Message-ID: <20021010170140.39A40B6CE@xmxpita.excite.com> Hi, Do you mean that even your GPG is not working anymore? I encountered a similar problem too. Then as far as I remember, I did something similar to this (on RedHat 7.3 and GPG 1.0.7): I removed up2date package and another package, that I do not remember its name!, and installed GPG 1.2 by using force option upon rpm install. Now my GPG 1.2 works fine, although I have not tried installing back up2date package yet! Farshad --- On Thu 10/10, Harry A. Sutton wrote: From: Harry A. Sutton [mailto: sutton@attbi.com] To: reg@dwf.com Cc: gnupg-users@gnupg.org Date: 10 Oct 2002 04:58:18 -0400 Subject: Re: Anyone having problems with RedHat up2date and gpg 1.2.0? > I had a similar problem; I had tried upgrading to 1.2.0 when I found my > signing and encryption wasn't working, but up2date complained > afterwards. I even tried building an RPM package from the tarball > source, but it wouldn't build correctly. > > I'm still stuck without a working GnuPG right now :-( > > /Harry > > On Thu, 2002-10-10 at 05:14, Reg Clemens wrote: > > Ive been using RedHat's up2date to keep my system up to date > > with respect to bugs and security problems. > > > > I just tried it tonight, and Im getting an error popup > > that says that it cant find GPG, even though 'where' finds > > it ok. > > > > My only thought is that I recently updated from 1.0.6 to 1.2.0. > > > > Putting symbolic links in all the reasonable places doesnt help. > > > > Anyone else see this problem???? > > > > -- > > Reg.Clemens > > reg@dwf.com > > > > > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users@gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ------------------------------------------------ Join Excite! - http://www.excite.com The most personalized portal on the Web! From kai.raven@t-online.de Thu Oct 10 20:35:02 2002 From: kai.raven@t-online.de (Kai Raven) Date: Thu Oct 10 19:35:02 2002 Subject: Anyone having problems with RedHat up2date and gpg 1.2.0? In-Reply-To: <200210100914.g9A9Ew6N015374@orion.dwf.com> References: <200210100914.g9A9Ew6N015374@orion.dwf.com> Message-ID: <20021010193658.5aad55e8.kai.raven@t-online.de> Hello Reg, On Thu, 10 Oct 2002 03:14:58 -0600 you wrote: > Ive been using RedHat's up2date to keep my system up to date > with respect to bugs and security problems. > I just tried it tonight, and Im getting an error popup > that says that it cant find GPG, even though 'where' finds > it ok. > My only thought is that I recently updated from 1.0.6 to 1.2.0. > Putting symbolic links in all the reasonable places doesnt help. > Anyone else see this problem???? have already posted a reply in linux.redhat.misc ;o), perhaps it is interesting for others: I had the same problem with every self compiled GnuPG version until i added the RedHat GPG Key in /etc/sysconfig/rhn to root's GPG pubring (simlply do a gpg --import up2date-keyring.gpg) and changed the line gpgKeyRing= in /etc/sysconfig/rhn/up2date to the location of root's pubring. (RedHat 7.3) Ciao Kai -- WWW:http://kai.iks-jena.de/ ICQ:146714798 From wk@gnupg.org Thu Oct 10 21:29:02 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Oct 10 20:29:02 2002 Subject: make issues In-Reply-To: (tatyanasutina@discoverfinancial.com's message of "Thu, 10 Oct 2002 11:17:22 -0500") References: Message-ID: <87n0pmno8y.fsf@alberti.g10code.de> On Thu, 10 Oct 2002 11:17:22 -0500, tatyanasutina said: > cc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g > -DIS_MODULE -o rndlinux ./rndlinux.c Upgrade to gnupg 1.2, it won't build any dynalically linked modules anymore. > configure --enable-static-rnd=unix --disable-dynload > --prefix=/u/ipp0etl/tatyana and make failed with following: This shoudl also work. > gpg: out of memory while allocating 0 bytes This has been fixed in gnupg 1.2. Salam-Shalom, Werner From websurfer@navegants.com Thu Oct 10 22:42:01 2002 From: websurfer@navegants.com (Josep M.) Date: Thu Oct 10 21:42:01 2002 Subject: Eudora plugin Message-ID: <5.1.1.6.2.20021010213934.039f0c68@pop1> Hello. I would like if there is any plugin for Eudora and GPG,and url for download. Thanks Josep From newton@hammet.net Thu Oct 10 22:58:02 2002 From: newton@hammet.net (Newton Hammet) Date: Thu Oct 10 21:58:02 2002 Subject: cannot get sylpheed to do encryption Message-ID: <3DA5EA52.942AEF9C@hammet.net> Hello All, Need some help.... I have done the following things already: 1. downloaded sylpheed.0.8.5 2. downloaded and compiled and installed gpgme (latest) 3. compiled and installed sylpheed in the follow manner: cd ~/downloads/sylpheed.0.8.5 ./configure --enable-gpgme # the output says that GPGME is 'enabled'. (=y) make # no errors make install # no errors 4. then I run sylpheed from command line and it pops up ok, and I configure some things, but there are no buttons for encrypting, signing, verifying or decrypting email. Am i doing something wrong? Do i need a later version of sylpheed? (I already have my public and secret keys on the rings at: /home/nhammet/.gnupg/pubring.gpg /home/nhammet/.gnupg/secring.gpg From Jedi@idej.org Thu Oct 10 23:29:01 2002 From: Jedi@idej.org (Jedi) Date: Thu Oct 10 22:29:01 2002 Subject: Eudora plugin In-Reply-To: <5.1.1.6.2.20021010213934.039f0c68@pop1> References: <5.1.1.6.2.20021010213934.039f0c68@pop1> Message-ID: <20021011052830.9359.JEDI@idej.org> There is a EudoraGPG, you can find it at http://www.adobner.de/eudoragpg/english/ btw, I think that you can wathc those two webpage for more information: http://www.geocities.com/openpgp/courrier_en.html http://www.bretschneidernet.de/tips/secmua.html They listed and compared each GnuPG/PGP solution. From joseph@xtenit.com Fri Oct 11 00:33:02 2002 From: joseph@xtenit.com (Joseph Shraibman) Date: Thu Oct 10 23:33:02 2002 Subject: gpg run from .procmailrc can't find secret keyring Message-ID: <3DA5F254.9030006@xtenit.com> I'm running: gpg (GnuPG) 1.0.7 I set up a script to be called from my .procmailrc to decrypt incoming pgp mail, but it doesn't work. I put in my script to call gpg --list-secret-keys and here is the output: gpg: Warning: using insecure memory! gpg: [don't know]: invalid packet (ctb=00) gpg: read_keyblock: read error: invalid packet gpg: enum_keyblocks(read) failed: invalid keyring I have no problem running gpg --list-secret-keys from the command line. What is going on? I can run md5sum on my .gnupg/secring.gpg so the file can be read. From RDuVall@ahs.llumc.edu Fri Oct 11 00:47:02 2002 From: RDuVall@ahs.llumc.edu (DuVall, Rick) Date: Thu Oct 10 23:47:02 2002 Subject: gpg - PGP compatibility ? Message-ID: <6847E95BEA17D844993BB0C6C4C7069408FEB9@mars.LLUMC.edu> We are having intermittent problems with files encrypted using GPG 1.0.6 = being sent to another party using PGP 6.5. They get PGP errors every = once and a while that say "problem expanding" data. Has anyone seen a similar problem? Rick DuVall Loma Linda University Medical Center Information Systems (909) 558 3265 ext. 32830=20 RDuVall@ahs.llumc.edu From pta@psaconsultants.com Fri Oct 11 00:52:01 2002 From: pta@psaconsultants.com (Peter T. Abplanalp) Date: Thu Oct 10 23:52:01 2002 Subject: gpg run from .procmailrc can't find secret keyring In-Reply-To: <3DA5F254.9030006@xtenit.com> References: <3DA5F254.9030006@xtenit.com> Message-ID: <20021010215253.GC9488@psaconsultants.com> --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * On Thu, Oct 10, 2002 at 05:34:12PM -0400, Joseph Shraibman wrote: > I'm running: > gpg (GnuPG) 1.0.7 >=20 >=20 > I set up a script to be called from my .procmailrc to decrypt incoming pg= p=20 > mail, but it doesn't work. I put in my script to call gpg=20 > --list-secret-keys and here is the output: > gpg: Warning: using insecure memory! > gpg: [don't know]: invalid packet (ctb=3D00) > gpg: read_keyblock: read error: invalid packet > gpg: enum_keyblocks(read) failed: invalid keyring i suspect the script is not run as your user id. --=20 Peter Abplanalp PGP: pgp.mit.edu --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9pfa1ggA8sH0iRXQRAqwSAKCnuqJi+ZTkKJPXO7gPTqewDVVKHgCdFlS5 EjIBXi1eCk4DS36gMxcH0WE= =Q5EU -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW-- From sbutler@fchn.com Fri Oct 11 01:18:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Fri Oct 11 00:18:02 2002 Subject: gpg - PGP compatibility ? Message-ID: <9A86613AB85FF346BB1321840DB42B4BDF2E55@jupiter.fchn.com> I'm having a different problem from GnuPG 1.0.7 to PGP 6.5.8. Their end does not error out, it writes a file, but the output file is identical to the encrypted file I send them. We had a problem receiving files from them (unknown packets) until we discovered that their mainframe was adding about 80 bytes of data to the file. As for Rick's problem, wonder if GPG is using a compression algo that PGP doesn't handle well. Can you try it without any compression? --Steve Butler Oracle Administrator First Choice Health Network -----Original Message----- From: DuVall, Rick [mailto:RDuVall@ahs.llumc.edu] Sent: Thursday, October 10, 2002 2:48 PM To: gnupg-users@gnupg.org Subject: gpg - PGP compatibility ? We are having intermittent problems with files encrypted using GPG 1.0.6 being sent to another party using PGP 6.5. They get PGP errors every once and a while that say "problem expanding" data. Has anyone seen a similar problem? Rick DuVall Loma Linda University Medical Center Information Systems (909) 558 3265 ext. 32830 RDuVall@ahs.llumc.edu _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From douggorley@shaw.ca Fri Oct 11 01:20:02 2002 From: douggorley@shaw.ca (Doug Gorley) Date: Fri Oct 11 00:20:02 2002 Subject: Why subkeys? Message-ID: <1034288437.9158.5.camel@h24-69-83-179> --=-jeRwCrmcKmqFU7pS6lNs Content-Type: text/plain Content-Transfer-Encoding: quoted-printable After watching this list for a weekor so now, I'm curious about the use of subkeys with GnuPG. I don't have any subkeys, or at least I haven't explicitly created any. What is to be gained by subkeys on a key ring?=20 What is the relationship between subkeys and the "master" key? Any insight here would be greatly appreciated. Thanks, --=20 Doug Gorley | douggorley@shaw.ca OpenPGP Key ID: 0xA221559B Fingerprint: D707 DB92 E64B 69DA B8C7 2F65 C5A9 5415 A221 559B Interested in public-key cryptography? http://www.gnupg.org/ --=-jeRwCrmcKmqFU7pS6lNs Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9pf00xalUFaIhVZsRAt15AJ449bvBWtrrXVFXZrNg91jCidEiFwCgoaDO M0VI6NVc8d/8P2nGxot+oyk= =bsj2 -----END PGP SIGNATURE----- --=-jeRwCrmcKmqFU7pS6lNs-- From kai.raven@t-online.de Fri Oct 11 02:04:02 2002 From: kai.raven@t-online.de (Kai Raven) Date: Fri Oct 11 01:04:02 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <3DA5EA52.942AEF9C@hammet.net> References: <3DA5EA52.942AEF9C@hammet.net> Message-ID: <20021011010557.22bdc91a.kai.raven@t-online.de> Hello Newton, On Thu, 10 Oct 2002 15:00:02 -0600 you wrote: > 4. then I run sylpheed from command line and it pops up ok, without an error message about GnuPG? Than it works :) Is "GnuPG" in the about dialog? > and I configure > some things, but there are no buttons for encrypting, signing, > verifying > or decrypting email. Am i doing something wrong? No, decrypting/verifying does sylpheed automatically for PGP/MIME messages, for PGP-Inline messages you can add a user defined action *gpg --no-tty --command-fd 0 --passphrase-fd 0 --decrypt %f| under settings/actions and an icon for the toolbar, read the docs in the source for more examples. You can find the more general GnuPG settings in the settings/general settings/private menu and for signing/encryption in the 'private' tab of the account settings (which key, ascii armored etc.) You sign and/or encrypt in the message window over the 'message' menu Read the FAQ (help menu>FAQ) and the docs (see above), they are very useful for the daily work with sylpheed :) > Do i need a later > version of sylpheed? No ;o) Ciao Kai -- WWW:http://kai.iks-jena.de/ ICQ:146714798 From newton@hammet.net Fri Oct 11 03:17:02 2002 From: newton@hammet.net (Newton Hammet) Date: Fri Oct 11 02:17:02 2002 Subject: cannot get sylpheed to do encryption References: <3DA5EA52.942AEF9C@hammet.net> <20021011010557.22bdc91a.kai.raven@t-online.de> Message-ID: <3DA626F4.B6DE806B@hammet.net> Kai Raven wrote: > > Hello Newton, > > On Thu, 10 Oct 2002 15:00:02 -0600 you wrote: > > > 4. then I run sylpheed from command line and it pops up ok, > > without an error message about GnuPG? Than it works :) > Is "GnuPG" in the about dialog? when i run "./configure --enable-gpgme", the following messages say yes to GPGME. > > > and I configure > > some things, but there are no buttons for encrypting, signing, > > verifying > > or decrypting email. Am i doing something wrong? > > No, decrypting/verifying does sylpheed automatically for PGP/MIME > messages, for PGP-Inline messages you can add a user defined action > *gpg --no-tty --command-fd 0 --passphrase-fd 0 --decrypt %f| > under settings/actions and an icon for the toolbar, read the docs in the > source for more examples. The docs in faq and manual did not mention encryption and how to do it > You can find the more general GnuPG settings in the settings/general > settings/private menu and for signing/encryption in the > 'private' tab of the account settings (which key, ascii armored etc.) There is no 'private' tab in the sylpheed I downloaded and installed. > You sign and/or encrypt in the message window over the 'message' menu > Read the FAQ (help menu>FAQ) and the docs (see above), they are very See above. I have more information if you need it ... > useful for the daily work with sylpheed :) > > > Do i need a later > > version of sylpheed? > > No ;o) > > Ciao > Kai > > -- > WWW:http://kai.iks-jena.de/ > ICQ:146714798 > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From dscribner@yahoo.com Fri Oct 11 03:48:02 2002 From: dscribner@yahoo.com (David Scribner) Date: Fri Oct 11 02:48:02 2002 Subject: Eudora plugin In-Reply-To: <5.1.1.6.2.20021010213934.039f0c68@pop1> Message-ID: <20021011004942.81139.qmail@web13504.mail.yahoo.com> --- "Josep M." wrote: > Hello. > > I would like if there is any plugin for Eudora and GPG,and url > for download. Thanks to the information provided at http://www.bretschneidernet.de/tips/secmua.html, I see that there's a plug-in listed for Eudora to integrate GnuPG at: http://www.adobner.de/eudoragpg/english/ HTH David ===== David D. Scribner IT Consulting & Services CompTIA Linux+, Network+, A+ Certified Ph: (817) 461-4018 eFax: (630) 214-7769 dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/ GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06 __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com From joseph@xtenit.com Fri Oct 11 03:50:02 2002 From: joseph@xtenit.com (Joseph Shraibman) Date: Fri Oct 11 02:50:02 2002 Subject: gpg run from .procmailrc can't find secret keyring References: <3DA5F254.9030006@xtenit.com> <20021010215253.GC9488@psaconsultants.com> Message-ID: <3DA62060.2030900@xtenit.com> Peter T. Abplanalp wrote: > * On Thu, Oct 10, 2002 at 05:34:12PM -0400, Joseph Shraibman wrote: > >>I'm running: >>gpg (GnuPG) 1.0.7 >> >> >>I set up a script to be called from my .procmailrc to decrypt incoming pgp >>mail, but it doesn't work. I put in my script to call gpg >>--list-secret-keys and here is the output: >>gpg: Warning: using insecure memory! >>gpg: [don't know]: invalid packet (ctb=00) >>gpg: read_keyblock: read error: invalid packet >>gpg: enum_keyblocks(read) failed: invalid keyring > > > i suspect the script is not run as your user id. > It is. I checked. The output of id is the same as the command line, the $HOME variable is the same too. From dshaw@jabberwocky.com Fri Oct 11 03:55:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 11 02:55:02 2002 Subject: gpg run from .procmailrc can't find secret keyring In-Reply-To: <3DA62060.2030900@xtenit.com> References: <3DA5F254.9030006@xtenit.com> <20021010215253.GC9488@psaconsultants.com> <3DA62060.2030900@xtenit.com> Message-ID: <20021011005543.GA1212@akamai.com> On Thu, Oct 10, 2002 at 08:50:40PM -0400, Joseph Shraibman wrote: > Peter T. Abplanalp wrote: > >* On Thu, Oct 10, 2002 at 05:34:12PM -0400, Joseph Shraibman wrote: > > > >>I'm running: > >>gpg (GnuPG) 1.0.7 > >> > >> > >>I set up a script to be called from my .procmailrc to decrypt incoming > >>pgp mail, but it doesn't work. I put in my script to call gpg > >>--list-secret-keys and here is the output: > >>gpg: Warning: using insecure memory! > >>gpg: [don't know]: invalid packet (ctb=00) > >>gpg: read_keyblock: read error: invalid packet > >>gpg: enum_keyblocks(read) failed: invalid keyring > > > > > >i suspect the script is not run as your user id. > > > It is. I checked. The output of id is the same as the command line, the > $HOME variable is the same too. Could you possibly have more than one copy of gpg installed? What happens if you do gpg --version in your procmail script? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From joseph@xtenit.com Fri Oct 11 04:33:02 2002 From: joseph@xtenit.com (Joseph Shraibman) Date: Fri Oct 11 03:33:02 2002 Subject: gpg run from .procmailrc can't find secret keyring References: <3DA5F254.9030006@xtenit.com> <20021010215253.GC9488@psaconsultants.com> <3DA62060.2030900@xtenit.com> <20021011005543.GA1212@akamai.com> Message-ID: <3DA62A5C.8060402@xtenit.com> Yup, I just figured it out. It was using 1.0.6. I fixed my script. David Shaw wrote: > > Could you possibly have more than one copy of gpg installed? What > happens if you do gpg --version in your procmail script? > > David > From rdmyers@netzon.net Fri Oct 11 04:36:01 2002 From: rdmyers@netzon.net (Rodney D. Myers) Date: Fri Oct 11 03:36:01 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <3DA5EA52.942AEF9C@hammet.net> References: <3DA5EA52.942AEF9C@hammet.net> Message-ID: <20021010183449.1bfbe6ca.rdmyers@netzon.net> --=.1rWM_JldOZ9gZ1 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 10 Oct 2002 15:00:02 -0600 Newton Hammet wrote: > Hello All, > > Need some help.... > > I have done the following things already: > > 1. downloaded sylpheed.0.8.5 > 2. downloaded and compiled and installed gpgme (latest) > 3. compiled and installed sylpheed in the follow manner: > > cd ~/downloads/sylpheed.0.8.5 > ./configure --enable-gpgme # the output says that GPGME is 'enabled'. > (=y) > make # no errors > make install # no errors > > > 4. then I run sylpheed from command line and it pops up ok, and I > configure > some things, but there are no buttons for encrypting, signing, > verifying > or decrypting email. Am i doing something wrong? Do i need a later > version of sylpheed? > > (I already have my public and secret keys on the rings at: The problem. You installed gpg in /usr/local, while looks in /usr. Recompile gpg with the --prefix=/usr and that will "fix" the problem -- Rodney D. Myers ICQ# : 18002350 Have A NORML Day AIM#: mailman452 Yahoo Chat: Mailman42_5 They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Ben Franklin - 1759 --=.1rWM_JldOZ9gZ1 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9piq8RzSENXJW+i8RAr+TAJ9LS/v1L2n00+Q9jnuczM6VHgHq2gCcDfmK gxrP0A8sc9Q3tjcuXxTXrZM= =/j8I -----END PGP SIGNATURE----- --=.1rWM_JldOZ9gZ1-- From newton@hammet.net Fri Oct 11 05:11:02 2002 From: newton@hammet.net (Newton Hammet) Date: Fri Oct 11 04:11:02 2002 Subject: cannot get sylpheed to do encryption References: <3DA5EA52.942AEF9C@hammet.net> <20021010183449.1bfbe6ca.rdmyers@netzon.net> Message-ID: <3DA641E0.2191481D@hammet.net> SEE BELOW FOR MORE DETAILS: (Maybe someone has instructions for compiling gpgme... I don't have a bin executable of 'gpgme' anywhere, but have all the libs, etc. again see below): "Rodney D. Myers" wrote: > > On Thu, 10 Oct 2002 15:00:02 -0600 > Newton Hammet wrote: > > Hello All, > > > > Need some help.... > > > > I have done the following things already: > > > > 1. downloaded sylpheed.0.8.5 > > 2. downloaded and compiled and installed gpgme (latest) > > 3. compiled and installed sylpheed in the follow manner: > > > > cd ~/downloads/sylpheed.0.8.5 > > ./configure --enable-gpgme # the output says that GPGME is 'enabled'. > > (=y) > > make # no errors > > make install # no errors > > > > > > 4. then I run sylpheed from command line and it pops up ok, and I > > configure > > some things, but there are no buttons for encrypting, signing, > > verifying > > or decrypting email. Am i doing something wrong? Do i need a later > > version of sylpheed? > > > > (I already have my public and secret keys on the rings at: > > The problem. You installed gpg in /usr/local, while looks in /usr. > > Recompile gpg with the --prefix=/usr and that will "fix" the problem No don't think so .... this is what is in /usr/bin: /usr/bin/gpg /usr/bin/gpg-check /usr/bin/gpg-encrypt /usr/bin/gpgkeys_ldap /usr/bin/gpgkeys_mailto /usr/bin/gpg-sign /usr/bin/gpg-sign+encrypt /usr/bin/gpgsplit /usr/bin/gpgv /usr/bin/gpgverify AND ( 'grep -i gpgm M*' run at the head of the sylpheed source tree ): Makefile:GPGME_CFLAGS = -I/usr/local/include Makefile:GPGME_CONFIG = /usr/local/bin/gpgme-config Makefile:GPGME_LIBS = -L/usr/local/lib -lgpgme Makefile.in:GPGME_CFLAGS = @GPGME_CFLAGS@ Makefile.in:GPGME_CONFIG = @GPGME_CONFIG@ Makefile.in:GPGME_LIBS = @GPGME_LIBS@ /usr/local/include: gpgme.h /usr/local/lib: gnupg gpgme libgpgme.a libgpgme.la libgpgme.so libgpgme.so.6 libgpgme.so.6.3.0 /usr/local/lib/gnupg: rndegd rndunix tiger /usr/local/lib/gpgme: gpgme-openpgp.a gpgme-openpgp.la gpgme-openpgp.so gpgme-smime.a gpgme-smime.la gpgme-smime.so > -- > Rodney D. Myers > ICQ# : 18002350 Have A NORML Day > AIM#: mailman452 Yahoo Chat: Mailman42_5 > > They that can give up essential liberty to obtain a > little temporary safety deserve neither liberty nor safety. > Ben Franklin - 1759 > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature From newton@hammet.net Fri Oct 11 05:55:02 2002 From: newton@hammet.net (Newton Hammet) Date: Fri Oct 11 04:55:02 2002 Subject: cannot get sylpheed to do encryption References: <3DA5EA52.942AEF9C@hammet.net> <20021010183449.1bfbe6ca.rdmyers@netzon.net> <3DA641E0.2191481D@hammet.net> <20021010192223.4ed52918.rdmyers@netzon.net> Message-ID: <3DA64C02.AC3A22D0@hammet.net> "Rodney D. Myers" wrote: > > as root, did you change the /etc/ld.so.conf to show the /usr/local, and > then run "ldconf -v". Hello Rodney, I went back and did the following. 1. added 1 line containing '/usr/local' to last line of /etc/ld.so.conf and ran "ldconfig -v" (did not find ldconf as a command). 2. went back to gpgme-0.3.9 and did the following: ./configure --enable-gpgmeplug make make install 3. went back to sylpheed-0.8.5 and did the following: ./configure --enable-gpgme make make install 4. when I ran sylpheed after the above, no privacy button found in "Common Preferences". 5. I have read through all the faqs and nothing hits home about what else I need. One thing i did notice... there is no path to GPGsm ... I cannot find out what that is and where i download it and install it. I don't know if I need that or not. > -- > Rodney D. Myers > ICQ# : 18002350 Have A NORML Day > AIM#: mailman452 Yahoo Chat: Mailman42_5 > > They that can give up essential liberty to obtain a > little temporary safety deserve neither liberty nor safety. > Ben Franklin - 1759 > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature From heiko.teichmeier@sw-meerane.de Fri Oct 11 10:27:02 2002 From: heiko.teichmeier@sw-meerane.de (Heiko Teichmeier) Date: Fri Oct 11 09:27:02 2002 Subject: gpg - PGP compatibility ? Message-ID: <01C27108.0137B3E0.heiko.teichmeier@sw-meerane.de> Hi Steve, what MUA you use? I had a problem near yours. On my side whas it the GDATA-Outlook-Plugin, = but only if I sign messages with Attachement. On so mails you must use a = "detached" signature - and this can't the Outlook-Plugin, it uses=20 Inline-Signatures and crashes the attachement. Please excuse, I'm a fresh newbie with bad english. Mit freundlichen Gr=FC=DFen Stadtwerke Meerane GmbH Teichmeier Netzmeister NB Elt Tel.: (03764)7917-20 Fax: (03764)7917-21 heiko.teichmeier@sw-meerane.de PS: immer aktuell im Internet www.sw-meerane.de -----Original Message----- From: Steve Butler [SMTP:sbutler@fchn.com] Sent: Friday, October 11, 2002 12:19 AM To: 'DuVall, Rick'; gnupg-users@gnupg.org Subject: RE: gpg - PGP compatibility ? I'm having a different problem from GnuPG 1.0.7 to PGP 6.5.8. Their end does not error out, it writes a file, but the output file is identical = to the encrypted file I send them. We had a problem receiving files from them (unknown packets) until we discovered that their mainframe was adding about 80 bytes of data to the file. As for Rick's problem, wonder if GPG is using a compression algo that = PGP doesn't handle well. Can you try it without any compression? --Steve Butler Oracle Administrator First Choice Health Network -----Original Message----- From: DuVall, Rick [mailto:RDuVall@ahs.llumc.edu] Sent: Thursday, October 10, 2002 2:48 PM To: gnupg-users@gnupg.org Subject: gpg - PGP compatibility ? We are having intermittent problems with files encrypted using GPG 1.0.6 being sent to another party using PGP 6.5. They get PGP errors every = once and a while that say "problem expanding" data. Has anyone seen a similar problem? Rick DuVall Loma Linda University Medical Center Information Systems (909) 558 3265 ext. 32830 RDuVall@ahs.llumc.edu _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, = is=20 for the sole use of the intended recipient(s) and may contain = confidential=20 and privileged information. Any unauthorized review, use, disclosure or = distribution is prohibited. If you are not the intended recipient, = please=20 contact the sender by reply e-mail and destroy all copies of the = original=20 message. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From ian@pairowoodies.com Fri Oct 11 10:49:02 2002 From: ian@pairowoodies.com (Ian Scott) Date: Fri Oct 11 09:49:02 2002 Subject: Signed Keys Still Have Problems Message-ID: <1034322840.1938.168.camel@desk69.pairowoodies.com> --=-m/H9/sZh4v/ALL7xMfCH Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I'm using Evolution. Trying to send encrypted mail to someone whom I have their keys, and have signed it. When I try to send the email, I get the following error message: gpg:using secondary key ******** instead of primary key ******** gpg: ********: There is no indication that this key really belongs to the owner gpg: [stdin]: encryption failed: unusable public key I also try to send encrypted email to myself, and get the same error message. =20 >From the command line, when attempting to encrypt a file, I get a similar message: It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes" But I have signed the key. I've checked the FAQ's, done a search on this, and nothing seems to be a suitable response, mostly all of the solutions I have found suggest I sign the key. But, I've done that: gpg --lsign-key wendy@pairowoodies.com "Wendy Woudstra " was already signed by key 319CE936 Nothing to sign with key 319CE936" Key not changed so no update needed." So, I'm confused here! =20 Any suggestions? Ian Scott --=-m/H9/sZh4v/ALL7xMfCH Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9poOY3TmndDGc6TYRAizBAJ98fVI+SVFLUw/cDk4/IX1Nc5GwBgCgmMlU mOOM9c0N+x+RbbgftUb9KZI= =A0+i -----END PGP SIGNATURE----- --=-m/H9/sZh4v/ALL7xMfCH-- From wk@gnupg.org Fri Oct 11 11:45:02 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Oct 11 10:45:02 2002 Subject: Signed Keys Still Have Problems In-Reply-To: <1034322840.1938.168.camel@desk69.pairowoodies.com> (Ian Scott's message of "11 Oct 2002 03:54:00 -0400") References: <1034322840.1938.168.camel@desk69.pairowoodies.com> Message-ID: <878z15nz5a.fsf@alberti.g10code.de> On 11 Oct 2002 03:54:00 -0400, Ian Scott said: > It is NOT certain that the key belongs to the person named > in the user ID. If you *really* know what you are doing, > you may answer the next question with yes" > "Wendy Woudstra " was already signed by key > 319CE936 Make sure that your key is ultimately trusted: gpg --edit-key 319CE936 trust 5 y Shalom-Salam, Werner From senux@senux.com Fri Oct 11 11:56:02 2002 From: senux@senux.com (Brian Lee) Date: Fri Oct 11 10:56:02 2002 Subject: Key e-mail address In-Reply-To: <199782826.20020817202332@mark-kirchner.de> References: <20020816143759.463662d8.j-schroeder@myrealbox.com> <199782826.20020817202332@mark-kirchner.de> Message-ID: <20021011085506.GA16214@mercury.senux.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, In my case, someone who is in my gpg list chaned his email address. I have to choose his old email address when I want to mail him by gpg. I tried follow action to add his new email address in my gpg list. But gpg --edit-key [his id] prompt says like this. Command> adduid his_new_id@new_domain.com Need the secret key to do this. How can I add his new email address to my gpg list so that I can send him encrypted mail easily? (not choosing his old address) On Sat, Aug 17, 2002 at 08:23:32PM +0200, Mark Kirchner wrote: > Hi Jacob, > > On Friday, August 16, 2002, 9:37:59 PM, Jacob wrote: > > Isn't there a way to list multiple e-mail addresses for one public key? > > Yes, definitely. > > > Would this be by adding subkeys, > > No, subkeys are not necessary. > > > or is there another way? > > You have to add another user-id: > - edit the key ("gpg --edit YOUR_KEY_ID" e.g. "gpg --edit 0x19DC86D3" > for my key) > - add a user-id ("adduid") > - enter the necessary information > - save changes ("save") > > Of course, this is only possible for your own keys (you'll need the > secret key). > > Regards, > Mark Kirchner > > -- > Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc - -- Brian Lee - http://www.senux.com/en/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9ppHpXGOdoUbHY6MRAgBlAJ40nRwz524Nu/WSSEa3hvYl2hxJVgCgsUwY LgbU/y2i0RJpZTreAKbz8oA= =CEh5 -----END PGP SIGNATURE----- From simon+kde@josefsson.org Fri Oct 11 12:54:02 2002 From: simon+kde@josefsson.org (Simon Josefsson) Date: Fri Oct 11 11:54:02 2002 Subject: Hash selection defaults Message-ID: Any chance the hash guessing defaults could be modified to work on messages without "Hash: FOO"? I guess it would require hashing data using all supported algorithms. Or is the sender non-conformant somehow? Verifying the message below generates the following: gpg: Signature made Tue Oct 8 11:49:54 2002 CEST using DSA key ID 797A9091 gpg: WARNING: signature digest conflict in message gpg: BAD signature from "[?]" but if I insert Hash: SHA1 it works. I'm using gpg 1.3 from CVS a week ago or so if it matters. -----BEGIN PGP SIGNED MESSAGE----- Hello, I have run into some trouble with KMail, gpg and pgp5i. I will expose the case: I usually use pgp5i and have exported my public key to a keyserver. Before doing that I checked that using PGP5i in different machines and with different identities KMail worked fine, detecting the validity of signatures. The problem arises when people who only use GnuPG import my public key from the keyserver. All emails from my address appear in Red in their Mail folders and with a "Warning: The signature is bad" message. These people use, under KMail -> Settings -> Security -> OpenPGP option "Select encryption tool to use: GnuPG". If the previous option is set to: "Autodetect", then the email will appear in yellow with a "The validity of the signature can't be verified" message. However if one only uses KMail with PGP5 (for which one imports my public key from the keyserver) the emails appear in green and with a "The signature is valid and the key is fully trusted" message. Is there some kind of incompatibilty between GnuPG and PGP5i?. Is this a KMail problem which, when using GnuPG does not recognize the validity of messages signed with PGP5i?. On the other hand Kmail works fine the other way round, that is messages signed with GnuPG are correctly verified. Any ideas? Pablo de Vicente. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: BS2TIf27uBlIHFXSqOHkx4HLS4m+jkER iQA/AwUBPaKqQkiLVKR5epCREQKbsgCeIze34+vRYoXdBZtHRTYtD1wVNS4AnRri Qw/P43ZbiiXYQ62ZcXhoAyLW =p6dB -----END PGP SIGNATURE----- From treeflyr@io.com Fri Oct 11 12:54:08 2002 From: treeflyr@io.com (Newton Hammet) Date: Fri Oct 11 11:54:08 2002 Subject: cannot get sylpheed to do encryption References: <5.1.0.14.2.20021007165114.02f1ab08@qix.netcorps.com> <3DA32945.161E3A1A@hammet.net> <20021008180647.GT1223@psilocybe.teonanacatl.org> <3DA50076.775A428F@hammet.net> Message-ID: <3DA5E950.A621541E@hammet.net> Hello All, Need some help.... I have done the following things already: 1. downloaded sylpheed.0.8.5 2. downloaded and compiled and installed gpgme (latest) 3. compiled and installed sylpheed in the follow manner: cd ~/downloads/sylpheed.0.8.5 ./configure --enable-gpgme # the output says that GPGME is 'enabled'. (=y) make # no errors make install # no errors 4. then I run sylpheed from command line and it pops up ok, and I configure some things, but there are no buttons for encrypting, signing, verifying or decrypting email. Am i doing something wrong? Do i need a later version of sylpheed? (I already have my public and secret keys on the rings at: /home/nhammet/.gnupg/pubring.gpg /home/nhammet/.gnupg/secring.gpg From bmc@crustytoothpaste.ath.cx Fri Oct 11 12:54:16 2002 From: bmc@crustytoothpaste.ath.cx (Brian M. Carlson) Date: Fri Oct 11 11:54:16 2002 Subject: gpg - PGP compatibility ? In-Reply-To: <6847E95BEA17D844993BB0C6C4C7069408FEB9@mars.LLUMC.edu> References: <6847E95BEA17D844993BB0C6C4C7069408FEB9@mars.LLUMC.edu> Message-ID: <20021011015633.GB1373@stonewall> --s/l3CgOIzMHHjg/5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 10, 2002 at 02:48:04PM -0700, DuVall, Rick wrote: > We are having intermittent problems with files encrypted using GPG 1.0.6 = being sent to another party using PGP 6.5. They get PGP errors every once = and a while that say "problem expanding" data. >=20 I haven't used PGP in years, ever since I started using Linux, but what it sounds like is that you are using zlib (compression algorithm 2) and PGP cannot handle any algorithm but zip (algo 1) with <=3D 13 bits of compression. So you either need to use --compress-algo 1 on the command line or "compress-algo 1" in your options file (in 1.2, gpg.conf). gpg should not compress to an algorithm that the recipient does not support. You can tell what compression algorithms a recipient supports by looking at a dump of the key. Export the key and run it through www.pgpdump.net, which dumps pgp packet data. Part of the output should look like the below: Hashed Sub: preferred compression algorithms(sub 22)(3 bytes) Comp alg - ZLIB (comp 2) Comp alg - ZIP (comp 1) Comp alg - Uncompressed(comp 0) The algorithms are listed in order. zlib should not be listed if the recipient is using PGP, because it does not support it. If there is no such section, then the default is [ZIP, Uncompressed], and there is probably a bug in gpg. --=20 Brian M. Carlson 0x560553= E7 It is better to kiss an avocado than to get in a fight with an aardvark. --s/l3CgOIzMHHjg/5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Ubi libertas, ibi patria. iQFKBAEBAwA0BQI9pi/RLRpodHRwOi8vZGVjb3kud294Lm9yZy9+Ym1jL29wZW5w Z3AvcG9saWN5LnRleAAKCRDlkf/JVgVT51NwB/9djf/oBxGhhtXPq/vOvulrDcdz N0Q7hvCcUNMkVonxQ8wxLUL9AxbH6ZCmA2jpAqUpGToWF9Bp3xWYnJ1DvmDVjw4Z /vAatL6FB/uXETTPPknlOIyPj4/qAFEy2aSUVE8ekw+EAPisvx4fRpfbMAN6y9hj lRUPkFKPWcFA3N9YQL/IgeKdiXPNFnZPPYHkFhNTzGhefkeZ91AyB/6OMcyJa5jx 53LcbKEBDz8v8j8DkVtmvL9R6CW0ywkLjINgZ7ZYVW2gIrhHOY5M8Lr3sJ+Yks+S FIo4ExjMOjBr3UkuDp9DABUvAU3wbFjefGgFVB5L0mRHjPbSDjuVBw4jgCPQ =9bLn -----END PGP SIGNATURE----- Signature policy: http://decoy.wox.org/~bmc/openpgp/policy.tex --s/l3CgOIzMHHjg/5-- From bmc@crustytoothpaste.ath.cx Fri Oct 11 12:54:25 2002 From: bmc@crustytoothpaste.ath.cx (Brian M. Carlson) Date: Fri Oct 11 11:54:25 2002 Subject: Why subkeys? In-Reply-To: <1034288437.9158.5.camel@h24-69-83-179> References: <1034288437.9158.5.camel@h24-69-83-179> Message-ID: <20021011020603.GC1373@stonewall> --E/DnYTRukya0zdZ1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 10, 2002 at 03:20:37PM -0700, Doug Gorley wrote: > After watching this list for a weekor so now, I'm curious about the use > of subkeys with GnuPG. I don't have any subkeys, or at least I haven't > explicitly created any. What is to be gained by subkeys on a key ring?= =20 > What is the relationship between subkeys and the "master" key? Any > insight here would be greatly appreciated. Subkeys are keys that are attached to a primary key. Your key, A221559B, has a subkey. pub 1024D/A221559B 2001-12-09 Doug Gorley sub 1024g/FE0E7CFB 2001-12-09 If you look at the line "pub", it lists the public primary key. This key is a DSA key (note the "D"). DSA keys can only sign, because DSA is only capable of signing. If you look at the line "sub", you see the public subkey. Subkeys can be capable of signing, or encryption, or both, depending on their algorithms. This particular subkey is an Elgamal encrypt-only (note the small g). If it were a capital G, it would be capable of signing too (I know, I know, I just had to get it in there). Subkeys can be revoked independently of each other and independently of the primary key. They can also be set to expire after a certain time. Some keyservers (notably pksd < 0.9.6) tend to butcher keys with multiple subkeys. You're fine. Your key does what it needs to, I'm sure, and there's probably no need to change it. --=20 Brian M. Carlson 0x560553= E7 Lo! Men have become the tool of their tools. -- Henry David Thoreau --E/DnYTRukya0zdZ1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Ubi libertas, ibi patria. iQFKBAEBAwA0BQI9pjILLRpodHRwOi8vZGVjb3kud294Lm9yZy9+Ym1jL29wZW5w Z3AvcG9saWN5LnRleAAKCRDlkf/JVgVT59LOB/0TXoMZeNbdvy6N+yOmwexEcX+T PyhT1SMf7wwdMuilu1lBTZ8jb8yn+2hpCgZdXNjyzRwsnQC3TBSuHyI28CBfUPRi PN7nfSwfioroXSdU5f/uzMPXgA0ug58votusJUpmCorZbQeW7piTaWd2vtUcGzag oxjMgvdmx90gO/MOF3jV2s4DomLtI2Pf/t0wYsWZ6Dr6VODy8zPwGla711BHZcq/ 017lse2bfCDcazMRcpzXadN+Fj7jSMru+a1bDVwGnXlOphKEOjqBdpWru5PHt4lQ 3hCkFx2nCqrryd1kcgaxEKS+piXXpvfPpxbtayZllDtGUlw7EyBjglfK4ibd =aDKF -----END PGP SIGNATURE----- Signature policy: http://decoy.wox.org/~bmc/openpgp/policy.tex --E/DnYTRukya0zdZ1-- From rkworld-lists@mindspring.com Fri Oct 11 13:54:02 2002 From: rkworld-lists@mindspring.com (Ron Ostrander) Date: Fri Oct 11 12:54:02 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <3DA626F4.B6DE806B@hammet.net> References: <3DA5EA52.942AEF9C@hammet.net> <20021011010557.22bdc91a.kai.raven@t-online.de> <3DA626F4.B6DE806B@hammet.net> Message-ID: <20021011065839.571ffa91.rkworld-lists@mindspring.com> On Thu, 10 Oct 2002 19:18:44 -0600 Newton Hammet wrote: > > You can find the more general GnuPG settings in the > > settings/general settings/private menu and for signing/encryption > > in the'private' tab of the account settings (which key, ascii > > armored etc.) > > There is no 'private' tab in the sylpheed I downloaded and > installed. Not to cast doubts, but: are you certain of this? I ask because, depending on your theme, the tab may not appear unless you click on the arrows to scroll further to the right in those Preferences boxes. -- Ron Ostrander ronroy@mindspring.com http://rkworld.home.mindspring.com interim .sig From kawasakiwombatrider@ntlworld.com Fri Oct 11 14:49:02 2002 From: kawasakiwombatrider@ntlworld.com (wombat) Date: Fri Oct 11 13:49:02 2002 Subject: keysever-options honor-http-proxy? Message-ID: <1034337091.1851.12.camel@kawasakiwombatrider-debian> --=-x0/VQ6s+Qn5PbDNwVgj2 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi ok I am new at this so loads of silly newbie mistakes. I am using Evolution, how ever as the subject suggests I have the following. gpg: /home/wombat/.gnupg/option:112:deprecated option "honor-http-proxy" gpg: please use "keysever-options honor-http-proxy" instead Any ideas would be greatfull wombat --=-x0/VQ6s+Qn5PbDNwVgj2 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9prtCoTcxO5ojlIMRAhbGAJ9BHd4SQNzOVosAMHWMvK24Xmx4zwCfWv7p NOW6We+xOSS3okFVA50NXuE= =hOxo -----END PGP SIGNATURE----- --=-x0/VQ6s+Qn5PbDNwVgj2-- From dshaw@jabberwocky.com Fri Oct 11 15:14:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 11 14:14:01 2002 Subject: Hash selection defaults In-Reply-To: References: Message-ID: <20021011121454.GB7713@akamai.com> On Thu, Oct 10, 2002 at 08:08:58PM +0200, Simon Josefsson wrote: > Any chance the hash guessing defaults could be modified to work on > messages without "Hash: FOO"? I guess it would require hashing data > using all supported algorithms. Or is the sender non-conformant > somehow? The sender is non-conformant. RFC2440 dictates that the Hash header is present, and if it is not then MD5 is the hash. > Verifying the message below generates the following: > > gpg: Signature made Tue Oct 8 11:49:54 2002 CEST using DSA key ID 797A9091 > gpg: WARNING: signature digest conflict in message I added this warning message for this exact case. Perhaps it should be something stronger than a "WARNING" :) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From d_well@isuisse.com Fri Oct 11 15:17:03 2002 From: d_well@isuisse.com (d_well@isuisse.com) Date: Fri Oct 11 14:17:03 2002 Subject: problem with signature verify Message-ID: <200210111218.0320@th00.opsion.fr> I have a problem when i would verify a signature.=20 I do a signature with "gpgme_op_sign (ctx, in, out, GPGME_SIG_MODE_CLEAR );" (in is teh message and out the signature)and after i take exactly the text of the result of signature. Exemple of signature : -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iEYEARECAAYFAj2mvS4ACgkQLXJ8x2hpdzTY7wCfTifkRJHvoUfUy QbillayFXkG 3BMAn3sfBJweibbwyCLRW2kYbqkSMx8/ =3Dnlgf -----END PGP SIGNATURE----- And whith this signature i do a verification with "gpgme_op_verify (ctx, sig, text, &status );" (sig is the signature, and text is the message). And everytime i have the result "Verification Status: Bad" (GPGME_SIG_STAT_BAD). I would like know how to have the result good. From twoaday@freakmail.de Fri Oct 11 16:26:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Fri Oct 11 15:26:02 2002 Subject: keysever-options honor-http-proxy? In-Reply-To: <1034337091.1851.12.camel@kawasakiwombatrider-debian> References: <1034337091.1851.12.camel@kawasakiwombatrider-debian> Message-ID: <20021011132918.GB530@daredevil.joesixpack.net> On Fri Oct 11 2002; 12:51, wombat wrote: > gpg: /home/wombat/.gnupg/option:112:deprecated option "honor-http-proxy" > gpg: please use "keysever-options honor-http-proxy" instead > > Any ideas would be greatfull GPG presents you a solution for the 'problem': just replace ""honor-http-proxy" with ... "keysever-options honor-http-proxy". Timo From twoaday@freakmail.de Fri Oct 11 16:30:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Fri Oct 11 15:30:02 2002 Subject: problem with signature verify In-Reply-To: <200210111218.0320@th00.opsion.fr> References: <200210111218.0320@th00.opsion.fr> Message-ID: <20021011133312.GB710@daredevil.joesixpack.net> On Fri Oct 11 2002; 12:18, d_well@isuisse.com wrote: [IMHO this is a question for gnupg-devel or gpa-dev...] > And whith this signature i do a verification with > "gpgme_op_verify (ctx, sig, text, &status );" (sig is > the signature, and text is the message). And > everytime i have the result "Verification Status: If you verify a cleartext signature, you need to set the text parameter to zero: gpgme_op_verify (ctx, sig, NULL, &status ); The cleartext signature itself contains the sig so there is no need to separate it before you can check the signature (with GPGME). Timo From pt@radvis.nu Fri Oct 11 17:05:02 2002 From: pt@radvis.nu (Per Tunedal) Date: Fri Oct 11 16:05:02 2002 Subject: Why subkeys? Message-ID: <5.1.0.14.2.20021011160313.00c3dba0@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Subkeys are very useful. You kan create a subkey for encryption with a shorter validity than the primary (signing) key. Thus you can create a new encryption key shortly before the subkey expires and keep the signatures on your primary key. Implication: - - If someone ever will be able to attack one of your encryption keys, that person will only be able to read documents encrypted to you during a limited time. - - People you communicate with can trust your new encryption keys, because they have already signed your primary key. Per Tunedal At 15:20 2002-10-10 -0700, you wrote: >This mail was signed (PGP-MIME). > >,-----GnuPG output follows (current time: Fri, Oct 11 2002 - 09:55:31)-- >| >| Signature made 10/11/02 00:20:36 using DSA key ID A221559B >| Can't check signature: public key not found >| >`-----------------------------------------------After watching this list for >a weekor so now, I'm curious about the use >of subkeys with GnuPG. I don't have any subkeys, or at least I haven't >explicitly created any. What is to be gained by subkeys on a key ring? >What is the relationship between subkeys and the "master" key? Any >insight here would be greatly appreciated. > >Thanks, > >-- >Doug Gorley | douggorley@shaw.ca OpenPGP Key ID: 0xA221559B >Fingerprint: D707 DB92 E64B 69DA B8C7 2F65 C5A9 5415 A221 559B >Interested in public-key cryptography? http://www.gnupg.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.90 iD8DBQE9ptrEV+WjFXkFqqkRAonFAKCoW8Gcy+YszhbyHfdzKi/J2OtEKgCg2YLW dOQJ5C6keyxm+e+WJudoMoY= =m3wx -----END PGP SIGNATURE----- From pt@radvis.nu Fri Oct 11 17:05:08 2002 From: pt@radvis.nu (Per Tunedal) Date: Fri Oct 11 16:05:08 2002 Subject: Verify a signature on Windows98SE: Why not a VBS-script Message-ID: <5.1.0.14.2.20021011160420.00c4c788@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 17:42 2002-10-08 -0700, you wrote: > >Verily, on 8 October, 2002, > a scroll of the prophet Per Tunedal arrived, > saying, > >> Hi, >> 1) version: 1.2.0 >> 2) it is a DOS-problem! I made a bat-file in WindowsXP and made a >> shortcut in the folder "SEND TO". Thus I could easily check >> signatures from Windows Explorer by right-clicking and chosing >> send-to the bat-file. It worked as expected in WindowsXP, but not in >> Windows98. >> 3) Content of bat-file: >> gpgv %1 >> pause > >Try gpgv "%1" > >Quotation marks are often necessary in Win9x to pass long file names >as parameters. > >Regards, > >Jonathan B. Wiebe Hi Jonathan, well I tried that as my second guess. But that didn't work either. Short names work OK. Thus: GPG cannot figure out the name of the signed file because the DOS-names are completely different. Does any one have a VBS-script instead? Per -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.90 iD8DBQE9ptrNV+WjFXkFqqkRAmExAKCGHDaoIEYIrkznU9aKGYxjPeoBYQCgpioV vF6TN/9meqb8rNhiQI5onrI= =1k2g -----END PGP SIGNATURE----- From d_well@isuisse.com Fri Oct 11 17:07:02 2002 From: d_well@isuisse.com (d_well@isuisse.com) Date: Fri Oct 11 16:07:02 2002 Subject: problem with signature verify Message-ID: <200210111408.08a9@th00.opsion.fr> It doesn't work when i use NULL for the variable text "gpgme_op_verify (ctx, sig, NULL, &status );", ther is an error : "GpgmeError Invalid Value". From twoaday@freakmail.de Fri Oct 11 17:31:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Fri Oct 11 16:31:02 2002 Subject: problem with signature verify In-Reply-To: <200210111408.08a9@th00.opsion.fr> References: <200210111408.08a9@th00.opsion.fr> Message-ID: <20021011143357.GB3562@daredevil.joesixpack.net> On Fri Oct 11 2002; 14:08, d_well@isuisse.com wrote: > It doesn't work when i use NULL for the variable text > "gpgme_op_verify (ctx, sig, NULL, &status );", ther > is an error : "GpgmeError Invalid Value". Oops, then it was the other value: (ctx, NULL, signed_text, &status ). Timo From d_well@isuisse.com Fri Oct 11 18:01:02 2002 From: d_well@isuisse.com (d_well@isuisse.com) Date: Fri Oct 11 17:01:02 2002 Subject: problem with signature verify Message-ID: <200210111501.2771@th00.opsion.fr> It doesn't work. This time i have the error message "GpgmeError No Data" with values (ctx, NULL, signed_text, &status ).=20 my code : #include #include #include #include #include static const char test_text1[] =3D "Hello\n"; static const char test_sig1[] =3D /*"-----BEGIN PGP SIGNED MESSAGE-----\n" "Hash: SHA1\n" "\n" "Hello\n" "-----BEGIN PGP SIGNATURE-----\n" "Version: GnuPG v1.0.6 (GNU/Linux)\n" "\n" "iEYEARECAAYFAj2m2YEACgkQLXJ8x2hpdzR50wCeO7Luf+azOEo/ N9SwiXX1cT43\n" "ngEAnR/o4HhUtINhERN0fpu5yhN3EYXO\n" "=3DOq6V\n" "-----END PGP SIGNATURE-----\n"; */ "-----BEGIN PGP SIGNATURE-----\n" "Version: GnuPG v1.0.6 (GNU/Linux)\n" "\n" "iEYEARECAAYFAj2mjY4ACgkQLXJ8x2hpdzTQOQCeJ+mok17WBu1e un+E1Xh+UdC6\n" "tY0AoIfp83caXGQfKGFzlrSs/QlbkvZH\n" "=3Dv37E\n" "-----END PGP SIGNATURE-----\n"; #define fail_if_err(a) do { if(a) { =20 \ fprintf (stderr, "%s:%d: GpgmeError %s\n", \ __FILE__, __LINE__, gpgme_strerror(a)); \ exit (1); } =20 \ } while(0) static const char * status_string (GpgmeSigStat status) { const char *s =3D "?"; switch ( status ) { case GPGME_SIG_STAT_NONE: s =3D "None"; break; case GPGME_SIG_STAT_NOSIG: s =3D "No Signature"; break; case GPGME_SIG_STAT_GOOD: s =3D "Good"; break; case GPGME_SIG_STAT_BAD: s =3D "Bad"; break; case GPGME_SIG_STAT_NOKEY: s =3D "No Key"; break; case GPGME_SIG_STAT_ERROR: s =3D "Error"; break; case GPGME_SIG_STAT_DIFF: s =3D "More than one signature"; break; } return s; } static void print_sig_stat ( GpgmeCtx ctx, GpgmeSigStat status ) { const char *s; time_t created; int idx; GpgmeKey key; printf ("Verification Status: %s\n", status_string (status)); for(idx=3D0; (s=3Dgpgme_get_sig_status (ctx, idx, &status, &created)); idx++ ) { printf ("sig %d: created: %lu status: %s\n", idx, (unsigned long)created, status_string(status) ); printf ("sig %d: fpr/keyid=3D`%s'\n", idx, s ); if ( !gpgme_get_sig_key (ctx, idx, &key) ) { char *p =3D gpgme_key_get_as_xml ( key ); printf ("sig %d: key object:\n%s\n", idx, p ); free (p); gpgme_key_release (key); } } } int main (int argc, char **argv ) { GpgmeCtx ctx; GpgmeError err; GpgmeData sig, text; GpgmeSigStat status; char *nota; int n =3D 0; int i, j; err =3D gpgme_new (&ctx); fail_if_err (err); do { err =3D gpgme_data_new_from_mem ( &text, test_text1, strlen (test_text1), 0 ); fail_if_err (err); err =3D gpgme_data_new_from_mem ( &sig, test_sig1, strlen (test_sig1), 0 ); fail_if_err (err); err =3D gpgme_op_verify (ctx, NULL, sig, &status ); fail_if_err (err); print_sig_stat (ctx, status); if (status !=3D GPGME_SIG_STAT_GOOD) { fprintf (stderr, "%s:%d: Wrong sig stat\n", __FILE__, __LINE__); exit (1); } if ( (nota=3Dgpgme_get_notation (ctx)) ) printf ("---Begin Notation---\n%s---End Notation---\n", nota ); puts ("checking a normal signature:"); gpgme_data_release (sig); gpgme_data_release (text); } while ( argc > 1 && !strcmp( argv[1], "--loop" ) && ++n < 20 ); gpgme_release (ctx); return 0; } From dgc@uchicago.edu Fri Oct 11 18:28:02 2002 From: dgc@uchicago.edu (David Champion) Date: Fri Oct 11 17:28:02 2002 Subject: Why subkeys? In-Reply-To: <20021011020603.GC1373@stonewall> References: <1034288437.9158.5.camel@h24-69-83-179> <20021011020603.GC1373@stonewall> Message-ID: <20021011152844.GC4069@dust.uchicago.edu> * On 2002.10.10, in <20021011020603.GC1373@stonewall>, * "Brian M. Carlson" wrote: > > Subkeys can be revoked independently of each other and independently of > the primary key. They can also be set to expire after a certain time. > Some keyservers (notably pksd < 0.9.6) tend to butcher keys with > multiple subkeys. I'm interested in making better use of subkeys. (I would have begun already if I could attach extant primary keys as subkeys, rather than having to go through the whole business of retiring one key and replacing its functionality with another. I'd love to see that directly supported in gpg, since I'm not sure I understand the bit-tweaking you have to do if you manually reorder packets.) I've long heard about certain servers' habits of munging subkeys, though. This doesn't bother me much if I can just deprecate those servers, but can I ensure that the correct key gets onto the servers which fully support subkeys, without intra-keyserver propagations transmitting a bungled copy of my key? What's the risk -- should I just not upload such a key to the servers at this time? -- -D. We establised a fine coffee. What everybody can say Sun Project, APC/UCCO TASTY! It's fresh, so-mild, with some special coffee's University of Chicago bitter and sourtaste. "LET'S HAVE SUCH A COFFEE! NOW!" dgc@uchicago.edu Please love CAFE MIAMI. Many thanks. From markus_kampkoetter@t-online.de Fri Oct 11 19:48:02 2002 From: markus_kampkoetter@t-online.de (markus_kampkoetter) Date: Fri Oct 11 18:48:02 2002 Subject: Why subkeys? References: <1034288437.9158.5.camel@h24-69-83-179> <20021011020603.GC1373@stonewall> <20021011152844.GC4069@dust.uchicago.edu> Message-ID: <1802xq-1d0zujC@fwd07.sul.t-online.com> hi David, (snip) > > I've long heard about certain servers' habits of munging subkeys, > though. This doesn't bother me much if I can just deprecate those > servers, but can I ensure that the correct key gets onto the servers > which fully support subkeys, without intra-keyserver propagations > transmitting a bungled copy of my key? What's the risk -- should I just > not upload such a key to the servers at this time? there are keyservers that do not mangle this kind of keys (keyserver.kjsl.com i.e.). the problem is that the different servers are synchronizing your key and then some of them ´destroy´ your key. the only solution for this is to tell everybody where they can get a valid copy. have a look at the mail archive (Subject: using various subkeys [HOWTO] From: Adrian 'Dagurashibanipal' von Bidder ) > -- > -D. We establised a fine coffee. What everybody can say (snip) markus (c: -- markus kampkoetter praxis für chinesische medizin soesterstr. 42 d-48155 münster www.ChinesischeMedizin-online.de # meine e-mails enthalten keine anhänge, die nicht im textkörper namentlich mit ihrer dateiendung aufgeführt werden, ausführbare programme (.exe) verschicke ich grundsätzlich nicht. # From sbutler@fchn.com Fri Oct 11 19:57:02 2002 From: sbutler@fchn.com (Steve Butler) Date: Fri Oct 11 18:57:02 2002 Subject: gpg - PGP compatibility ? Message-ID: <9A86613AB85FF346BB1321840DB42B4BDF2E58@jupiter.fchn.com> I try to avoid sending encrypted data files via email. So, the problems = I run into involve GnuPG and ftp on a Linux box plus whatever the group on = the other end is using. In some cases the other end is using a Windows ftp server (which makes for interesting problems sending an encrypted data = file with record marks from Linux and having them read them after decrypting = on a Windows box). Coming the other way we have to strip the "^M" character = off the end of the records. -----Original Message----- From: Heiko Teichmeier [mailto:heiko.teichmeier@sw-meerane.de] Sent: Friday, October 11, 2002 12:25 AM To: Gnupg-Users-Mailinglist (E-Mail) Subject: RE: gpg - PGP compatibility ? Hi Steve, what MUA you use? I had a problem near yours. On my side whas it the GDATA-Outlook-Plugin, = but only if I sign messages with Attachement. On so mails you must use a = "detached" signature - and this can't the Outlook-Plugin, it uses=20 Inline-Signatures and crashes the attachement. Please excuse, I'm a fresh newbie with bad english. Mit freundlichen Gr=FC=DFen Stadtwerke Meerane GmbH Teichmeier Netzmeister NB Elt Tel.: (03764)7917-20 Fax: (03764)7917-21 heiko.teichmeier@sw-meerane.de PS: immer aktuell im Internet www.sw-meerane.de -----Original Message----- From: Steve Butler [SMTP:sbutler@fchn.com] Sent: Friday, October 11, 2002 12:19 AM To: 'DuVall, Rick'; gnupg-users@gnupg.org Subject: RE: gpg - PGP compatibility ? I'm having a different problem from GnuPG 1.0.7 to PGP 6.5.8. Their end does not error out, it writes a file, but the output file is identical = to the encrypted file I send them. We had a problem receiving files from them (unknown packets) until we discovered that their mainframe was adding about 80 bytes of data to the file. As for Rick's problem, wonder if GPG is using a compression algo that = PGP doesn't handle well. Can you try it without any compression? --Steve Butler Oracle Administrator First Choice Health Network -----Original Message----- From: DuVall, Rick [mailto:RDuVall@ahs.llumc.edu] Sent: Thursday, October 10, 2002 2:48 PM To: gnupg-users@gnupg.org Subject: gpg - PGP compatibility ? We are having intermittent problems with files encrypted using GPG 1.0.6 being sent to another party using PGP 6.5. They get PGP errors every = once and a while that say "problem expanding" data. Has anyone seen a similar problem? Rick DuVall Loma Linda University Medical Center Information Systems (909) 558 3265 ext. 32830 RDuVall@ahs.llumc.edu _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, = is=20 for the sole use of the intended recipient(s) and may contain = confidential=20 and privileged information. Any unauthorized review, use, disclosure or = distribution is prohibited. If you are not the intended recipient, = please=20 contact the sender by reply e-mail and destroy all copies of the = original=20 message. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, = is for the sole use of the intended recipient(s) and may contain = confidential and privileged information. Any unauthorized review, use, = disclosure or distribution is prohibited. If you are not the intended = recipient, please contact the sender by reply e-mail and destroy all = copies of the original message. From dshaw@jabberwocky.com Fri Oct 11 20:04:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 11 19:04:02 2002 Subject: Why subkeys? In-Reply-To: <20021011152844.GC4069@dust.uchicago.edu> References: <1034288437.9158.5.camel@h24-69-83-179> <20021011020603.GC1373@stonewall> <20021011152844.GC4069@dust.uchicago.edu> Message-ID: <20021011170421.GA11723@akamai.com> On Fri, Oct 11, 2002 at 10:28:44AM -0500, David Champion wrote: > * On 2002.10.10, in <20021011020603.GC1373@stonewall>, > * "Brian M. Carlson" wrote: > > > > Subkeys can be revoked independently of each other and independently of > > the primary key. They can also be set to expire after a certain time. > > Some keyservers (notably pksd < 0.9.6) tend to butcher keys with > > multiple subkeys. > > I'm interested in making better use of subkeys. (I would have begun > already if I could attach extant primary keys as subkeys, rather > than having to go through the whole business of retiring one key and > replacing its functionality with another. I'd love to see that directly > supported in gpg, since I'm not sure I understand the bit-tweaking you > have to do if you manually reorder packets.) While it is possible, it's not a very safe thing to do if the original primary key that you want to make into a subkey has been distributed at all. There can be odd problems with PGP if a primary key and subkey on the same keyring have the same keyid. There really isn't much of an advantage - aside from convenience - in doing this anyway - you don't get to keep any signatures made on the old key. > I've long heard about certain servers' habits of munging subkeys, > though. This doesn't bother me much if I can just deprecate those > servers, but can I ensure that the correct key gets onto the servers > which fully support subkeys, without intra-keyserver propagations > transmitting a bungled copy of my key? What's the risk -- should I just > not upload such a key to the servers at this time? You can upload the key to one of the good keyservers: hkp://keyserver.kjsl.com ldap://keys.pgp.com ldap://pgp.surfnet.nl:11370 If you upload to those three first, then they will get the good copy of the key. They do all synchronize with the others (though keys.pgp.com seems to be behind), so when the other keyservers learn the key it will be corrupted on those servers, but not the good three. Personally, I'd just not upload the key to the servers yet (which is exactly what I did do - I have a signing subkey that isn't used yet) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From hans@lugsp.at Fri Oct 11 21:54:02 2002 From: hans@lugsp.at (Hans Klonner) Date: Fri Oct 11 20:54:02 2002 Subject: 941670 Delete a key in win98 Message-ID: <3DA71FB7.6020106@lugsp.at> Hi all! I got this mail back with the hint: "user unknown". Hopefully I'm subscribed this list with the number 941670 I have a serious problem in using GnuPG. I deleted the first key I created on the win98 box by deleting the folder \windows\anwenderdaten\gnugp\ (secring, pubring, options,), for the key was too complicated (Now I know it's a serious mistake). I created a new key-pair . Now I can encrypt everything, but when I try do decrypt an error message appears: "No secret key". And above appears the very first key I created, but don't want to use. I tried the item "default key" -to use the new key-pair. No success. I tried to re-install the program an deleting every registry key containing "gpg and gnupg and the number of the key" with no success. Can smb. be so kind to tell me where win98 stores the secret-key entries ? I suppose it's hidden in the registry. Hans Klonner From sbutler@fchn.com Fri Oct 11 22:42:01 2002 From: sbutler@fchn.com (Steve Butler) Date: Fri Oct 11 21:42:01 2002 Subject: 941670 Delete a key in win98 Message-ID: <9A86613AB85FF346BB1321840DB42B4BDF2E5B@jupiter.fchn.com> I'd be inclined to do: gpg --list-secret-keys -----Original Message----- From: Hans Klonner [mailto:hans@lugsp.at] Sent: Friday, October 11, 2002 12:00 PM To: GnuPG Mailing list Subject: 941670 Delete a key in win98 Hi all! I got this mail back with the hint: "user unknown". Hopefully I'm subscribed this list with the number 941670 I have a serious problem in using GnuPG. I deleted the first key I created on the win98 box by deleting the folder \windows\anwenderdaten\gnugp\ (secring, pubring, options,), for the key was too complicated (Now I know it's a serious mistake). I created a new key-pair . Now I can encrypt everything, but when I try do decrypt an error message appears: "No secret key". And above appears the very first key I created, but don't want to use. I tried the item "default key" -to use the new key-pair. No success. I tried to re-install the program an deleting every registry key containing "gpg and gnupg and the number of the key" with no success. Can smb. be so kind to tell me where win98 stores the secret-key entries ? I suppose it's hidden in the registry. Hans Klonner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From websurfer@navegants.com Sat Oct 12 01:28:01 2002 From: websurfer@navegants.com (Josep M.) Date: Sat Oct 12 00:28:01 2002 Subject: Rsa or Rsa Legacy with PGP 7.0 Message-ID: <5.1.1.6.2.20021012002433.038f39a8@pop1> Hello. I would like know if GNUPG supports "RSA" pgp keys of PGP 7.0 or MUST be created as "RSA Legacy". Thanks Josep From chrish@gmx.co.uk Sat Oct 12 01:54:02 2002 From: chrish@gmx.co.uk (Chris Howells) Date: Sat Oct 12 00:54:02 2002 Subject: Weird error after moving .gnupg to new machine Message-ID: <200210112350.44660.chrish@gmx.co.uk> Hi, I've attempted to migrate my gpg keyring from an old machine to a new machi= ne=20 by simply copying the .gnupg directory from the old to new machine. Howeve= r,=20 this does not appear to work: gpchris@gandalf:~$ gpg --list-keys gpg: [don't know]: invalid packet (ctb=3D00) gpg: read_keyblock: read error: invalid packet gpg: enum_keyblocks(read) failed: invalid keyring What does this mean? Is there a better way to migrate the stuff over to the= =20 new machine? Sadly I do not have access to the old machine at the moment, it's currently= =20 200 miles away :( Cheers, Chris Howells =2D-=20 Cheers, Chris Howells -- chris@chrishowells.co.uk, howells@kde.org Web: http://chrishowells.co.uk, PGP key: http://chrishowells.co.uk/pgp.txt KDE: http://www.koffice.org, http://edu.kde.org, http://usability.kde.org From dshaw@jabberwocky.com Sat Oct 12 03:01:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 12 02:01:02 2002 Subject: Rsa or Rsa Legacy with PGP 7.0 In-Reply-To: <5.1.1.6.2.20021012002433.038f39a8@pop1> References: <5.1.1.6.2.20021012002433.038f39a8@pop1> Message-ID: <20021012000115.GA24286@akamai.com> On Sat, Oct 12, 2002 at 12:25:55AM -0100, Josep M. wrote: > I would like know if GNUPG supports "RSA" pgp keys of PGP 7.0 or > MUST be created as "RSA Legacy". It supports both. However, regular RSA (not "legacy") is a better key type to use unless you must be compatible with very old PGP programs. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Sat Oct 12 03:01:09 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 12 02:01:09 2002 Subject: Weird error after moving .gnupg to new machine In-Reply-To: <200210112350.44660.chrish@gmx.co.uk> References: <200210112350.44660.chrish@gmx.co.uk> Message-ID: <20021012000208.GB24286@akamai.com> On Fri, Oct 11, 2002 at 11:50:44PM +0100, Chris Howells wrote: > Hi, > > I've attempted to migrate my gpg keyring from an old machine to a new machine > by simply copying the .gnupg directory from the old to new machine. However, > this does not appear to work: > > gpchris@gandalf:~$ gpg --list-keys > gpg: [don't know]: invalid packet (ctb=00) > gpg: read_keyblock: read error: invalid packet > gpg: enum_keyblocks(read) failed: invalid keyring > > What does this mean? Is there a better way to migrate the stuff over to the > new machine? It means the new machine is running an older version of GnuPG than the old machine. You need to run at least 1.0.7 on the new machine. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From chrish@gmx.co.uk Sat Oct 12 03:47:02 2002 From: chrish@gmx.co.uk (Chris Howells) Date: Sat Oct 12 02:47:02 2002 Subject: Weird error after moving .gnupg to new machine In-Reply-To: <20021012000208.GB24286@akamai.com> References: <200210112350.44660.chrish@gmx.co.uk> <20021012000208.GB24286@akamai.com> Message-ID: <200210120142.59499.chrish@gmx.co.uk> =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, On Saturday 12 October 2002 1:02 am, David Shaw wrote: > It means the new machine is running an older version of GnuPG than the > old machine. You need to run at least 1.0.7 on the new machine. Ah of course, so obvious when you know the answer :) (I'm running Debian wo= ody=20 and had pulled a newer version of gpg out of sid on the old machine, but ha= d=20 not yet done this on the new machine) Thanks =2D --=20 Cheers, Chris Howells -- chris@chrishowells.co.uk, howells@kde.org Web: http://chrishowells.co.uk, PGP key: http://chrishowells.co.uk/pgp.txt KDE: http://www.koffice.org, http://edu.kde.org, http://usability.kde.org =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9p3ATF8Iu1zN5WiwRAv8sAJwMFWRhcDb8/bQJq/SVbm6CH6NyvACfSXHC zfN8Y4ztZdh+DQeGAJLA5Do=3D =3DGDOy =2D----END PGP SIGNATURE----- From claws@thewildbeast.co.uk Sat Oct 12 11:44:02 2002 From: claws@thewildbeast.co.uk (Paul) Date: Sat Oct 12 10:44:02 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <3DA626F4.B6DE806B@hammet.net> References: <3DA5EA52.942AEF9C@hammet.net> <20021011010557.22bdc91a.kai.raven@t-online.de> <3DA626F4.B6DE806B@hammet.net> Message-ID: <20021012094739.6080e6ba.claws@thewildbeast.co.uk> Hello Newton, On Thu, 10 Oct 2002 19:18:44 -0600 Newton Hammet wrote: > > without an error message about GnuPG? Than it works :) > > Is "GnuPG" in the about dialog? > > when i run "./configure --enable-gpgme", the following messages say > yes to GPGME. So, do you see any mention of GnuPG or gpgme in the /Help/About window? Look in the 'Compiled-in features:...' list. best regards Paul From maui@betastation.de Sat Oct 12 12:59:02 2002 From: maui@betastation.de (Sebastian Mauer) Date: Sat Oct 12 11:59:02 2002 Subject: How to export gpg keys to use in PGP 8.0 beta Message-ID: <200210121159.35766.maui@betastation.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, i'm from Germany, so please excuse my really worse english. I'm new to gpg an generated myself a key a month ago. now i want to use encrypted mail under windows too. so I downloaded pgp 8.0 beta from the new PGP Corporation. But when I exprt my secret key by the following comm= and: $ gpg --output secretkey.asc --armor --export-secret-key maui PGP won't be able to import it. Why ? Are they key fornats incompatible. = Can anyone help me ? I'm Using SuSE Linux 8.1 with gpg 1.0.7 Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Hash: MD5, SHA1, RIPEMD160 And Windows with the newest PGP 8.0 Beta I hope someone can help me to solve my problem. Sincerely Sebastian Mauer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9p/KGRR5S0See5KQRAufDAJ0UiBpP85+AsY8MqCOB9WFmTmWAtACgpFRJ TlxfRgpzisMeM1bN9COmt8c=3D =3DG9Bv -----END PGP SIGNATURE----- From hhekim@mail.com Sat Oct 12 15:11:02 2002 From: hhekim@mail.com (Hakan Hekim) Date: Sat Oct 12 14:11:02 2002 Subject: Biometric passphrase Message-ID: <20021012121203.1087.qmail@mail.com> Hello Do you have any experience with implementing biometric into gpg as passphrase. I mean to give user's biometric data from (for example fingerprint) scanner as passphrase during key generation and use it when she want to sign or decrypt something??? Advantages: -Maybe the passphrase would be more random(???) -Even she won't know the passphrase Disadvanteges: -Maybe the passphrases would be in a predetermined format (according to the biometric algorithm) -she will allways need a scanner to sign or decrypt -she can loose her finger or iris ;--)) what do you think?? -------------------------------- If there is no wind, row.... -------------------------------- -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup "Free price comparison tool gives you the best prices and cash back!" http://www.bestbuyfinder.com/download.htm From ingo.kloecker@epost.de Sat Oct 12 15:20:02 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sat Oct 12 14:20:02 2002 Subject: How to export gpg keys to use in PGP 8.0 beta In-Reply-To: <200210121159.35766.maui@betastation.de> References: <200210121159.35766.maui@betastation.de> Message-ID: <200210121420.19611@erwin.ingo-kloecker.de> --Boundary-02=_DOBq9SWRcPLNykG Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Description: signed data Content-Disposition: inline On Saturday 12 October 2002 11:59, Sebastian Mauer wrote: > hi, > i'm from Germany, so please excuse my really worse english. > I'm new to gpg an generated myself a key a month ago. now i want to > use encrypted mail under windows too. so I downloaded pgp 8.0 beta > from the new PGP Corporation. But when I exprt my secret key by the > following command: > > $ gpg --output secretkey.asc --armor --export-secret-key maui > > PGP won't be able to import it. Why ? Are they key fornats > incompatible. Can anyone help me ? I think this is a FAQ and the answer is that you have to remove the passphrase (set it to an empty string) before exporting the secret key. BTW, why do you want to use PGP on Windows instead of GnuPG? Regards, Ingo --Boundary-02=_DOBq9SWRcPLNykG Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9qBODGnR+RTDgudgRAqzNAKCewuQn3MDpY5VayIX0LJRpyFaO/gCbBqtB nMtuTv2CdQl2eX1JVWJ15e4= =ca3D -----END PGP SIGNATURE----- --Boundary-02=_DOBq9SWRcPLNykG-- From eleuteri@myrealbox.com Sat Oct 12 15:28:02 2002 From: eleuteri@myrealbox.com (David Picón Álvarez) Date: Sat Oct 12 14:28:02 2002 Subject: Biometric passphrase References: <20021012121203.1087.qmail@mail.com> Message-ID: <020601c271eb$4d44c140$0207a8c0@168.7.1> --oO2gz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Hi, > Do you have any experience with implementing biometric into gpg as passphrase. I mean to give user's biometric data from (for example fingerprint) scanner as passphrase during key generation and use it when she want to sign or decrypt something??? > > Advantages: > -Maybe the passphrase would be more random(???) > -Even she won't know the passphrase > > Disadvanteges: > -Maybe the passphrases would be in a predetermined format (according to the biometric algorithm) > -she will allways need a scanner to sign or decrypt > -she can loose her finger or iris ;--)) > > what do you think?? Biometry is apt for certain things, but it's not good as a passphrase. The ideal passphrase is both unique and secret. Biometric data are unique, but not secret. Moreover, if you're going to encrypt a pgp key with biometric data, make sure the data does not change at all, because exactness is required, which points at biometry not being the right solution. If you're just thinking of consulting the biometric device each time user wants to sign or decrypt and have the key unencrypted or not encrypt the key with the biometric data, then it's a completely different issue. If you don't encrypt the key, then it's vulnerable. If you do, then the biometry is just a further annoying bump on the way, like a UNIX login prompt. --David. --oO2gz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPagWM4Vy4iYQ9LKqFAKkaA/9G2sb0fOsomMmJnUmwZo0Uk76Y1wfq+2y KephHhTBuDRNtWD3y3jSYtgyT0zd1Hal7wi/zd7eAbtqoNR9egDsHGszD+4xSkgb qBG/TTAGwD0rJqP5aagQcQazBJdgn7nkPIeeZp1tjiOS7FNUnhIEjom6c7RThv1v EiEeY7RmCNFW2FjETWj0Fn0raFYdDoyJWB4P0fqjYbXWiPPkO/+ShPqbUjGHgzXn pWKEyaseVKsY7CksJwvxaaDgeMa8L3ITtxzUPItv39f1u62a0LFbFC3bkHR4CEGh o5FiW6aGfU5yxxf7BKmpu9H1RDQ00E2UVXz3PiKEyk6AjNaC20OPJafepeUibVpY LSlzsq0lo0b9zQFHYXL7ZxBU9zRaG0FVmTtpbifsTay8y0v5mSagyV39/cSUef/R OYFsw17cR3zKl3mujubmppGemBupk1pfo9z6gV2YAe/ifGsPDBs5S0pG6N1kHVaR CVUXLZIJdrT05w4JEWAQGkHbRzwoYTTbJg4n4NWfvndJLyCyIjkuBe0rZLxprHXr Sz7zmSGJEB2EOhxAoCW5RE0YrNaZzZ23SSI7NlV2g/Vji3vtSKjDy+DaCKwApQdE n2Q8F86xDtbw5UhmoY4C+hSZXFLe3XXrv1/JO/PymORfD1GQG5KaRQUm4Y/GAXG+ ctD1FJMTlY8P/iSDaAxplqLHt3Lda3v3v+D88656c1IeFIuF6TnQBcaMvMzuQboT RjNm7j2k8wBmg61MLbYCySuFsBzfrVAJ1gbJI5RQivSSxpGME9ZngCAZ0RzjkXAX XER1uu+J5lWEG9Ok37znQovJhqi5xDXObCrlRh+nYzrTM6hEVBuGiacqhw5z1tkc eZyOQSV8af4SF44xoMIMkIeSRzTc/N4Ni4Xwh5yNPZSMFgrcpnVgjrMiYnycmHfO rqhXm5KZ35iTswNQK0tzZ5/HV+Tguiqo9WVB+DzTSRJriAANd7rJKPFQ9VItH9C/ x8PeOE+QnlyirZr+nGkGhdx8AuGOekli+e8fw+VVCfkyxtAjTqEVvsLcJGbrA6B9 bOEoCcCRUjoOnEMh5emlKmWDibMB37k6jqPbzChIhRNyzONIeeu06MnvqRyz4xRZ R4GNzlWcQGtTndzx0iI03LmchoAh7tsaOoUJ/BBiLwCTzrhNXwLYYWD5k1cIdkfH FPyF1JsHaXhx/zab7POv20Lc8ajfhVWiJnF5OKXgJ13lEZRz9EQOnY1eJL1xnk6G BFH/ws85hxaHx6a0LpQIsKa3arOBvc2NuZuHw+53ks5UygNrgMx0aMIg55lr42qN d16Yb+7rooxWM634mVBw1MiDwsqc93X3ShRqp267Vgikixu3RMMOm0Jq =lff/ -----END PGP SIGNATURE----- --oO2gz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From martin@evobb.com Sat Oct 12 17:56:02 2002 From: martin@evobb.com (Martin Galpin) Date: Sat Oct 12 16:56:02 2002 Subject: GPGME Message-ID: <3DA8469A.6050300@evobb.com> --------------060106080703020208030601 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hello, I'm working on a project which involves interfacing with either GPGME or GPG directly, and I am wondering if anyone has any experience with working with the libraries. I have found the documentation very poor, and examples no where to be seen. Is there anyone out there? :-) --------------060106080703020208030601-- From wk@gnupg.org Sat Oct 12 18:37:02 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Oct 12 17:37:02 2002 Subject: How to export gpg keys to use in PGP 8.0 beta In-Reply-To: <200210121420.19611@erwin.ingo-kloecker.de> (Ingo =?iso-8859-1?q?Kl=F6cker's?= message of "Sat, 12 Oct 2002 14:20:16 +0200") References: <200210121159.35766.maui@betastation.de> <200210121420.19611@erwin.ingo-kloecker.de> Message-ID: <878z13llgj.fsf@alberti.g10code.de> On Sat, 12 Oct 2002 14:20:16 +0200, Ingo Klöcker said: > I think this is a FAQ and the answer is that you have to remove the > passphrase (set it to an empty string) before exporting the secret key. I can't believe that they still use IDEA for protecting a secret key. Phil told me several times that IDEA should never be the default for PGP. Shalom-Salam, Werner From newton@hammet.net Sat Oct 12 21:18:03 2002 From: newton@hammet.net (Newton Hammet) Date: Sat Oct 12 20:18:03 2002 Subject: GPGME References: <3DA8469A.6050300@evobb.com> Message-ID: <3DA875D7.D5FA0E34@hammet.net> Martin Galpin wrote: > > Hello, > I'm working on a project which involves interfacing with either GPGME or > GPG directly, and I am wondering if anyone has any experience with > working with the libraries. I have found the documentation very poor, > and examples no where to be seen. > > Is there anyone out there? :-) Hello Martin, I tend to agree. the doc is not the best. I am now dealing with the issue of trying to get sylpheed to compile with gpg option which does require 'gpgme' to be compiled and installed. Regards, Newton From dshaw@jabberwocky.com Sat Oct 12 22:24:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 12 21:24:02 2002 Subject: How to export gpg keys to use in PGP 8.0 beta In-Reply-To: <878z13llgj.fsf@alberti.g10code.de> References: <200210121159.35766.maui@betastation.de> <200210121420.19611@erwin.ingo-kloecker.de> <878z13llgj.fsf@alberti.g10code.de> Message-ID: <20021012192501.GB3252@akamai.com> On Sat, Oct 12, 2002 at 05:34:52PM +0200, Werner Koch wrote: > On Sat, 12 Oct 2002 14:20:16 +0200, Ingo Kl=F6cker said: >=20 > > I think this is a FAQ and the answer is that you have to remove the=20 > > passphrase (set it to an empty string) before exporting the secret ke= y. >=20 > I can't believe that they still use IDEA for protecting a secret key. > Phil told me several times that IDEA should never be the default for > PGP. PGP uses whatever the config option "Preferred Algorithm" is set to to protect secret keys. It defaults to AES256. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Sat Oct 12 22:33:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 12 21:33:02 2002 Subject: How to export gpg keys to use in PGP 8.0 beta In-Reply-To: <200210121159.35766.maui@betastation.de> References: <200210121159.35766.maui@betastation.de> Message-ID: <20021012193325.GC3252@akamai.com> On Sat, Oct 12, 2002 at 11:59:29AM +0200, Sebastian Mauer wrote: > hi, > i'm from Germany, so please excuse my really worse english. > I'm new to gpg an generated myself a key a month ago. now i want to use > encrypted mail under windows too. so I downloaded pgp 8.0 beta from the > new PGP Corporation. But when I exprt my secret key by the following command: > > $ gpg --output secretkey.asc --armor --export-secret-key maui > > PGP won't be able to import it. Why ? Are they key fornats incompatible. Can > anyone help me ? This has come up fairly often, so here's the HOWTO: PGP can (for most key types) use secret keys generated by GnuPG. The problems that come up occasionally are generally because GnuPG supports a few more features from the OpenPGP standard than PGP does. If your secret key has any of those features in use, then PGP will reject the key or you will have problems communicating later. Note that PGP doesn't do Elgamal signing keys at all, so they are not usable with any version. These instructions should work for GnuPG 1.0.7 and later, and PGP 7.0.3 and later. Start by editing the key. Most of this line is not really necessary as the default values are correct, but it does not hurt to repeat the values, as this will override them in case you have something else set in your options file. ->> gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3 --simple-sk-checksum --edit THEKEYID Turn off some features. Set the list of preferred ciphers, hashes, and compression algorithms to things that PGP can handle. (Yes, I know this is an odd list of ciphers, but this is what PGP itself uses, minus IDEA). ->> setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0 Now put the list of preferences onto the key. ->> updpref Finally we must decrypt and re-encrypt the key, making sure that we encrypt with a cipher that PGP likes. We set this up in the --edit line above, so now we just need to change the passphrase to make it take effect. You can use the same passphrase if you like, or take this opportunity to actually change it. ->> passwd Save our work. ->> save Now we can do the usual export: ->> gpg --export THEKEYID > mypublickey.pgp ->> gpg --export-secret-key THEKEYID > mysecretkey.pgp Sometimes I wonder if a --convert-to-pgp command for GnuPG to automate all of that would be useful. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From newton@hammet.net Sat Oct 12 22:53:01 2002 From: newton@hammet.net (Newton Hammet) Date: Sat Oct 12 21:53:01 2002 Subject: cannot get sylpheed to do encryption References: <3DA5EA52.942AEF9C@hammet.net> <20021011010557.22bdc91a.kai.raven@t-online.de> <3DA626F4.B6DE806B@hammet.net> <20021012094739.6080e6ba.claws@thewildbeast.co.uk> Message-ID: <3DA88C2B.84CFCFDA@hammet.net> Paul wrote: > > Hello Newton, > > On Thu, 10 Oct 2002 19:18:44 -0600 > Newton Hammet wrote: > > > > without an error message about GnuPG? Than it works :) > > > Is "GnuPG" in the about dialog? > > > > when i run "./configure --enable-gpgme", the following messages say > > yes to GPGME. > > So, do you see any mention of GnuPG or gpgme in the /Help/About > window? Look in the 'Compiled-in features:...' list. > > best regards > > Paul > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello All, Still determined to get this to work. (sylpheed with privacy option) Still having problems. Here is the cureent situation: I am right now pursuing the problem by attempting the gpgme installed and configured correctly. checking for gpg... /usr/bin/gpg checking for gpgsm... no configure: WARNING: Could not find GpgSM, install GpgSM or use \ --with-gpgsm=PATH to enable it I can't find GpgSM anywhere on my system. I cannot seem to find a place where I can download and install it. Is it something I need to have present in order for gpgme to be installed correctly so that sylpheed can be installed with privacy enabled? Right now when I configure and install sylpheed, it says that it knows that gpgme is there. But there is no privacy button on the Common Preferences page, even after going all the way to right with the cursor. there is a "Other" button, and that is the rightmost button. This is currently how I am attempting to install sylpheed : gpgme-0.3.9 ./configure --enable-gpgmeplug make make --install sylpheed-0.8.5 ./configure --enable-gpgme make make-install Everything is put into /usr/local, and /usr/local has all the gpg stuff, including all the gpgme stuff as compiled above. I have also attached a gzipped tarball that contains the script file of make configure,make,make-install output for building all 3 systems, in this order: gpg gpgme sylpheed Hope all this stuff helps ... Regards, Newton From newton@hammet.net Sat Oct 12 22:58:02 2002 From: newton@hammet.net (Newton Hammet) Date: Sat Oct 12 21:58:02 2002 Subject: [Fwd: cannot get sylpheed to do encryption] Includes attachment Message-ID: <3DA88D35.60D28724@hammet.net> This is a multi-part message in MIME format. --------------E98180B039877C8C89DE9688 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Newton Hammet wrote: > > Paul wrote: > > > > Hello Newton, > > > > On Thu, 10 Oct 2002 19:18:44 -0600 > > Newton Hammet wrote: > > > > > > without an error message about GnuPG? Than it works :) > > > > Is "GnuPG" in the about dialog? > > > > > > when i run "./configure --enable-gpgme", the following messages say > > > yes to GPGME. > > > > So, do you see any mention of GnuPG or gpgme in the /Help/About > > window? Look in the 'Compiled-in features:...' list. > > > > best regards > > > > Paul > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users@gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Hello All, > > Still determined to get this to work. (sylpheed with privacy option) > > Still having problems. > > Here is the cureent situation: > > I am right now pursuing the problem by attempting the gpgme installed > and configured correctly. > > checking for gpg... /usr/bin/gpg > checking for gpgsm... no > configure: WARNING: Could not find GpgSM, install GpgSM or use \ > --with-gpgsm=PATH to enable it > > I can't find GpgSM anywhere on my system. I cannot seem to find > a place where I can download and install it. > > Is it something I need to have present in order for gpgme to be > installed correctly so that sylpheed can be installed with privacy > enabled? > > Right now when I configure and install sylpheed, it says that it > knows that gpgme is there. > > But there is no privacy button on the Common Preferences page, even > after going all the way to right with the cursor. > > there is a "Other" button, and that is the rightmost button. > > This is currently how I am attempting to install sylpheed : > > gpgme-0.3.9 > > ./configure --enable-gpgmeplug > make > make --install > > sylpheed-0.8.5 > ./configure --enable-gpgme > make > make-install > > Everything is put into /usr/local, and /usr/local has all the gpg stuff, > including all the gpgme stuff as compiled above. > > I have also attached a gzipped tarball that contains the script file > of make configure,make,make-install output for building all 3 systems, > in this order: > > gpg > gpgme > sylpheed > > Hope all this stuff helps ... > > Regards, Newton --------------E98180B039877C8C89DE9688 Content-Type: message/rfc822 Content-Transfer-Encoding: base64 Content-Disposition: inline X-Mozilla-Status2: 00000000 Message-ID: <3DA88C2B.84CFCFDA@hammet.net> Date: Sat, 12 Oct 2002 14:55:07 -0600 From: Newton Hammet Reply-To: newton@hammet.net Organization: Treeflyer GLobal Resources X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.18-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Paul CC: gnupg-users@gnupg.org Subject: Re: cannot get sylpheed to do encryption References: <3DA5EA52.942AEF9C@hammet.net> <20021011010557.22bdc91a.kai.raven@t-online.de> <3DA626F4.B6DE806B@hammet.net> <20021012094739.6080e6ba.claws@thewildbeast.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit UGF1bCB3cm90ZToKPiAKPiBIZWxsbyBOZXd0b24sCj4gCj4gT24gVGh1LCAxMCBPY3QgMjAw MiAxOToxODo0NCAtMDYwMAo+IE5ld3RvbiBIYW1tZXQgPG5ld3RvbkBoYW1tZXQubmV0PiB3 cm90ZToKPiAKPiA+ID4gd2l0aG91dCBhbiBlcnJvciBtZXNzYWdlIGFib3V0IEdudVBHPyBU aGFuIGl0IHdvcmtzIDopCj4gPiA+IElzICJHbnVQRyIgaW4gdGhlIGFib3V0IGRpYWxvZz8K PiA+Cj4gPiB3aGVuIGkgcnVuICIuL2NvbmZpZ3VyZSAtLWVuYWJsZS1ncGdtZSIsIHRoZSBm b2xsb3dpbmcgbWVzc2FnZXMgc2F5Cj4gPiB5ZXMgdG8gR1BHTUUuCj4gCj4gU28sIGRvIHlv dSBzZWUgYW55IG1lbnRpb24gb2YgR251UEcgb3IgZ3BnbWUgaW4gdGhlIC9IZWxwL0Fib3V0 Cj4gd2luZG93PyBMb29rIGluIHRoZSAnQ29tcGlsZWQtaW4gZmVhdHVyZXM6Li4uJyBsaXN0 Lgo+IAo+IGJlc3QgcmVnYXJkcwo+IAo+IFBhdWwKPiAKPiBfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fXwo+IEdudXBnLXVzZXJzIG1haWxpbmcgbGlz dAo+IEdudXBnLXVzZXJzQGdudXBnLm9yZwo+IGh0dHA6Ly9saXN0cy5nbnVwZy5vcmcvbWFp bG1hbi9saXN0aW5mby9nbnVwZy11c2VycwoKSGVsbG8gQWxsLAoKU3RpbGwgZGV0ZXJtaW5l ZCB0byBnZXQgdGhpcyB0byB3b3JrLiAoc3lscGhlZWQgd2l0aCBwcml2YWN5IG9wdGlvbikK ClN0aWxsIGhhdmluZyBwcm9ibGVtcy4KCkhlcmUgaXMgdGhlIGN1cmVlbnQgc2l0dWF0aW9u OgoKSSBhbSByaWdodCBub3cgcHVyc3VpbmcgdGhlIHByb2JsZW0gYnkgYXR0ZW1wdGluZyB0 aGUgZ3BnbWUgaW5zdGFsbGVkCmFuZCBjb25maWd1cmVkIGNvcnJlY3RseS4KCmNoZWNraW5n IGZvciBncGcuLi4gL3Vzci9iaW4vZ3BnCmNoZWNraW5nIGZvciBncGdzbS4uLiBubwpjb25m aWd1cmU6IFdBUk5JTkc6IENvdWxkIG5vdCBmaW5kIEdwZ1NNLCBpbnN0YWxsIEdwZ1NNIG9y IHVzZSBcCiAgICAgICAgICAtLXdpdGgtZ3Bnc209UEFUSCB0byBlbmFibGUgaXQKCkkgY2Fu J3QgZmluZCBHcGdTTSBhbnl3aGVyZSBvbiBteSBzeXN0ZW0uICBJIGNhbm5vdCBzZWVtIHRv IGZpbmQKYSBwbGFjZSB3aGVyZSBJIGNhbiBkb3dubG9hZCBhbmQgaW5zdGFsbCBpdC4KCklz IGl0IHNvbWV0aGluZyBJIG5lZWQgdG8gaGF2ZSBwcmVzZW50IGluIG9yZGVyIGZvciBncGdt ZSB0byBiZQppbnN0YWxsZWQgY29ycmVjdGx5IHNvIHRoYXQgc3lscGhlZWQgY2FuIGJlIGlu c3RhbGxlZCB3aXRoIHByaXZhY3kKZW5hYmxlZD8KClJpZ2h0IG5vdyB3aGVuIEkgY29uZmln dXJlIGFuZCBpbnN0YWxsIHN5bHBoZWVkLCBpdCBzYXlzIHRoYXQgaXQKa25vd3MgdGhhdCBn cGdtZSBpcyB0aGVyZS4gIAoKQnV0IHRoZXJlIGlzIG5vIHByaXZhY3kgYnV0dG9uIG9uIHRo ZSBDb21tb24gUHJlZmVyZW5jZXMgcGFnZSwgZXZlbgphZnRlciBnb2luZyBhbGwgdGhlIHdh eSB0byByaWdodCB3aXRoIHRoZSBjdXJzb3IuCgp0aGVyZSBpcyBhICJPdGhlciIgYnV0dG9u LCBhbmQgdGhhdCBpcyB0aGUgcmlnaHRtb3N0IGJ1dHRvbi4KClRoaXMgaXMgY3VycmVudGx5 IGhvdyBJIGFtIGF0dGVtcHRpbmcgdG8gaW5zdGFsbCBzeWxwaGVlZCA6CgpncGdtZS0wLjMu OQoKLi9jb25maWd1cmUgLS1lbmFibGUtZ3BnbWVwbHVnCm1ha2UKbWFrZSAtLWluc3RhbGwK CnN5bHBoZWVkLTAuOC41Ci4vY29uZmlndXJlICAtLWVuYWJsZS1ncGdtZQptYWtlIAptYWtl LWluc3RhbGwKCkV2ZXJ5dGhpbmcgaXMgcHV0IGludG8gL3Vzci9sb2NhbCwgYW5kIC91c3Iv bG9jYWwgaGFzIGFsbCB0aGUgZ3BnIHN0dWZmLAppbmNsdWRpbmcgYWxsIHRoZSBncGdtZSBz dHVmZiBhcyBjb21waWxlZCBhYm92ZS4KCgpJIGhhdmUgYWxzbyBhdHRhY2hlZCBhIGd6aXBw ZWQgdGFyYmFsbCB0aGF0IGNvbnRhaW5zIHRoZSBzY3JpcHQgZmlsZQpvZiBtYWtlIGNvbmZp Z3VyZSxtYWtlLG1ha2UtaW5zdGFsbCBvdXRwdXQgZm9yIGJ1aWxkaW5nIGFsbCAzIHN5c3Rl bXMsCmluIHRoaXMgb3JkZXI6CgpncGcKZ3BnbWUKc3lscGhlZWQKCkhvcGUgYWxsIHRoaXMg c3R1ZmYgaGVscHMgLi4uCgpSZWdhcmRzLCBOZXd0b24K --------------E98180B039877C8C89DE9688 Content-Type: application/octet-stream; name="sylpheedNgpg.tar.gz" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="sylpheedNgpg.tar.gz" H4sIAMyLqD0AA+w9/XPbtpL97eY0k7/g/YLJdOokE0qWZEuOO+08W5ZTz3MST5xe567XUWAS kljzqwRox7l397ffLghS/AA/ZClO+8aaxKKIxWJ3sdgPAAT5nRMsGbPeLoJF75sv89mFz3i8 H3+P9nLf6vPN7nh/f9Df3R8NB3B/PBiNvyH7X4iex8/qw7P9P3Et/gXawA4eFfp91f/94W5/ nPb//j7oQn93d9D/hnwBUh4/hc+lGdqBIFzQUDCL+B65pIK8MwXpD0h/73AwPtzbJQPokM7f ftv93ltS12Xi745vUmfpc3H4f//2a+kmUXd++5aYFrH8W8/xqcV7Cy96MX5ShaiXAwwWRr+7 2x3r0GeKoYluz/S9ub2IQkZ+7C19l/VUlV5Ou1970cXrrh8JMvjxu/7WyXDpNSPkx69Nge1B XzrOVyUEOr3b7UFDLjN2u8Puq1YtrMC1LayKC31uGMyjVw4zJEjgRIt6NQgWb6br8b4OZW3U 4AEoMB1Gvb8iGe3w/u3X/Yuvz127sfZlCYnHGrb4Yr8N8oQ2QHDQ3dfhz0PUDrbagXaJP7rv FONfhrSVkj3pvKHXtrdQKmd7pNvB0l/7vx2SqSdYiIWWHTJT+OEd+ZinvIqKnRWSt75YIg7h kysGXs1jZO6H5KNs0KDuTqbBc0Zv7tlekY05/WMbjPQATxm5InmwBdQporZyGmwiJz07ttgW Pz1btGVpa/zINkvdH26NpXn48Cxhm0WWGN8aS4w/PEvYZoklb3sseV+BJa/MksW2xpLFHp6l tM2NzLHezLjUi6izFasco/pShjnB/sC2uYqp3+kWuer9Th9WqzLNlof/k21yBsPxSWvWnmyR t1XDm40apQDlmIyH5pOtjBtABOgFg6DQ+EyeJqVPyT//SUKXGPM0VnzSwd/hnHQd+4qTGf6N 783Ji65PTB/C2hdd/MrcXl06/lZEEhNcClg84WxHIIhpZ0U1RcqpZBBZiLnEP90XCRAIAit1 l8Rc0pAz0aWOTTkJ2dygltXlzJLXFnPwOqlmhHlJbkE2ivaicAJ/O6IJ/FQwGTGAXAL/U6om 8APueOy2GySdH8aKsAUGJQVF9uiWhgI1s4O2nbXYjB3Z4pfL5+rz6Xxa+SXpSNL7PwE9plWJ uH7+lX2yxZNOR03zSnUozfEOx4f743iO92tPRz9+Hvijn6rabhv16z/7/b3hMFn/Ge7t7uP6 z3j3cf3nQT7mkpnSLaGToOT48sQwfTegwr5yUgvY7XZJL+JhDwKGXmIVDbOTVr5dMrFkIbmK bMeCaPjGDn3PZZ4gNiecegwx3EHen2tuQW+vsQC/y7ikCYaohJNv/+fN0T+m/1vCkUCCq4sn JaEOhBLwn4UGD5hpz20ToohQ2L7HiT8n4ILZ3HYYR1yeXyDHNCU1ppm/PyEoEagVQk48p5Ej CAyRIBIITXG4aEhasmy9Wz+85pX03zJCMSwJfc5VHSjWkcij+dz+hJywT8yMBDIt8VaB+Ve/ g28nKc9+ZesRl1ED0P367c8Z2iupBjlBCGOyAHrIWGg7mIs76BQgw/ZMJ7KwEYgpr+5k32IN aGpVw2IB8yzmmXeriqs+Ga4AYy3jd1wwl4i7QKKyRwcjIzANEF30yVh40QpeudS24Eg54E9o fT2Z5PTfsVag9lxKDJBcg0SeZWCeo+ajJB1LK5oMKPEDVFBU45BhhFDqNSPMVy6MUs/NEehB 7HrcKQxsZEYsKYYAjINeCSLCyDOpYBllltUBstzZjkcMXqHGS/82pt30F57NmepICqMfMoSQ hnbMRUA5n4HlWNUEHiBTtLB2gBlIgYcMZf51ub3IU8MsCFkQ+ibj3A+VthBjmpfA0dvLMwBd MmoBO6lkyyp7x3uoI7y7rCwH+yeqioUFPFcWYoRfUegyF0Lw2ppVNIHNqyVZWABRURhBjwlL U2g5c9OD3DDi9ArskbirhADxcxi1ehuvgLRlIfVQWFAUX5V5DrBQXuTLYIBA1oKFMhUt2fHM kALNsCKTkYszOYyNOVzkBjCCwz0yd+giLq7QcwWLvQ9uJQZXP+orRAH6ILCSoJa+1L2uvw6w 0wJ67vlGKIQdX7FPaJfR61U7zSq7leLkS/ALVn4M6wY+gFmmbzEFeQdjWSw5aqWU/iKkrqxr Q0pi2WBxysTILg7wTtoa2s8AHCJauLLq3XnUBbkrBnD+gpqYQHPoDa48S+8cbTsaYO7nJAdt CN931uA0E2ko57N+jVhTmmsYDvTr0o+gDiTw7FPg2KYtnLuYWQvkmkQGIQOUscyQn/woQN9z IZa6KCIQS6hqzSQCDPKgTXVPO06v7gAKLQyEPzp8EZAbiixE2cw4PkYXdRD9UW0bw0Ftscft hSelI0rouf1ZBhNFoL2iwQnMoGzmsOiG8gAssNCTPvfB35m+f21XxLnBIueg4XcJgLsJW8lS +yH55ej927O3rw/JRGoDOu25De4S0rTLNy/T6Qn5k8h+wPX5W1ssDYnxh4ujDz9lomNbZLGn 6pMs73dRRSPeyf3KwCXBcyUA+PeIer1GOLl1oBkMJ3d5WzBMX9uDcrcZ2PLNZqAr3/Ov/GY4 jNacqAU36R6mtmKMd4PEMDXNy/vLEoC6j8YWosEl9RYY/eWB4lRDRegyckoCN97p/Pvri9dv puRGbkcBV8DBaDGPpHpmgVaAjjuOf8sPOx2iPnIDGrlhIQcndUhcMGpE7h4DhLIIfcghQuZG zaq+1Pl8fSThAOrLorQ+DKmEyEl4F4gLkO2hHKOdeLIRhpABsWsEqG7Y/SZkMzty0rUhHJlg WWXR/daGMljj650MxdSNkQ63g1TiqZo6jttLFtGG600dVzW45nqVBk1e0HJsby5oiUbTiZtL OzU+7SS+BXHrWtxQLg+nK9kGN9AVbX+Cad9cUwBJi/XnTE9uwIVsS2NY0FFsybggqgfjR9fi vQ3uhsTcb5uIzuSnK3uFvtnAnWQlVV7GXq1/x1UwDg0WAS78xje4a7uQP9LMsngDpFonLSHs cX+G60syqXyah0rqamEKS+yZZfVN5Z6VTWnzUjLCN5G9HHUaqWcE2aWQYcZXZpBecHVl3djq au6lF0nh9R35b4hn4h+Or+K5bpBeJIDCTTAL30yugkzlmzAr1fjyRthYcWMZZy1PKt2Mr91E vnnbnB09W/Ljse9bbRJhppyAg7skiK7SaxFGXFhXeJ3dP9IMrVOObs+9tpjrA70csjHJ1Yod jKVvgkOShTokFyx0bY6hLITYng0heFrhxYsX5Nd4d5Zc3v2NTMMQDHF/MN6Ob8zEB/18e2lQ nLa5sTZlnHqbph6D88fg/MGD82zCCQMYKwMy0oVr28X5Qhi8YA9w9HYpNzsAdkh+oaEHzR7i HBOdMxKkI5rjfosVNU+7T+Ma1+xOEvqx28tYmp04ZwcLUATKmKACULeXMUmHiX0qISKjg9Gr 8Xi4d4jmzLFNeTNmKQvWPzo9OToeTRrATo+mp6OT/nED2MHpZHAwmI4awHb3BvuvRuNxA9je cDI42Z00gR29mg6Pd48HDWDT41cnk1eNtI2H48F0sDdsABvuTUbT4Wm/AexkMHr1athvwnY8 ftXfHZ4eNIFN9yenBwdNLAx3J9PJ6KCp60cnr8bDwVFT1w9PT/vDwW5jo5PRqD9pbHQ8Hp8e T0+aBHI0PJoOp0dN4j3YPzronw6b5DbaHw729k6aWBj1T3f3xo0sgGzHJ8cn0waw/RFwOtw7 alLy437/eLB/2oRt72hyMtirY+GDL6hDvMi9YiFRS6TMOiSDUVye/yR1ZXmNFaQ4mWeg0WLC gEYTs5jaxyMnWNLepQSQIdN/RU6U+X1fk9lQA6cmAThrKZ/qrF9MeaNUK8EqpZoV6qo2bqil 2eJsUUbmj9M9j9M9Dz3dw/0oNNkPO/ls39xRO1CKBY6/kyw2/nDHOKSgakXgh50uXCXNJOAX CA9JaC3QBwklMUE6xH7ArT5qI8oSn2yF+7h4AhCZm8kKrmHIOmqvUrzx4+Sno/+Yzibv3p6e vZ79RIyzbvI//hO3j2PUAMv2bkCMX+R2tl9MygUYN3vhwQ++pCA9vBChbQoDxrnw5S4LtTJf lAz5GOeZc1KWJuSUzFz6ZKfb2/lYKO1AImirLfWddRi4P/UFCojx5kOZHePNCfy/gP+npKrf iNovYZzIv37MRa+I6y/HVql7ffIjKOJNz4uAKPk0s3uDXa3nt9Rqjerior7U2/syTjTKSIkR 4gJYvHgm5w2w3UTC0HAEo8WgN75tGWoRrSyqpEuwqpqloiR5MkLLOdXefqG/G2uF2khRbh2Y dV4aig+8bm3aevF0TKl+ThZkxV5MXcok94lqnPseRXnBdZ487lcpO/c7NITUK9KW0iKfPshT bn3Sg3fya70ZQXee4XP/ks/vvqua2YWSeN9eehhHadp3deN5wRnEk7olV6Dmets5ghi41g3E IH9tJ5DIpOQCUhlqHIAqU9O12e5P0D2o2VTkZIxmylWVyVx1Xa0f+AuyU+jZNtY/RV9g+mEs f7ICc3+7n9Lf2uqnbZZvvtDd09n7tNU/o7WPiSvb+uS+ztLHZZQU9Edn5RVo0canC3GVFj4V fNm+p0X5n88fF2y1ywDJDrr8UsDGy7WbyyjBk7Ee7rWiVi4sZdQbQDq6p3OUDsQ7sQoV8rvG 2rSC27NJtTFLmtXRQbKWpGCZMkUdXd3SaO2OQD67lWgSADl6CjYgHUY56NUoKreSu/O8Lc6W GJ+3Ydih9oYiqxY5TaxSNYC5hN4lo729GhjcZPrD02/x67DHgZinxLGU1hleUYeMrXw65+k2 8SW9YfGeQyUDub/3sJNsHVw13Tmbkzs/Igw8H1QLIPTF+ZtbfFAFvqU/pguKaDK40g3bHXxk myzsG5aZnHxJzs+OT87ev5SY3QiqMltu48bNuGqQvCTUszrxA2l3cuP9HCMJ9FXS5fjJU0Ry +/zLZCsv3vtonMcN7HTkAwdWFMY7vr14csjD4xUJFcRhEDUQ+XhvjC3ec4nTpSgKg1DLUrQi sxL3+ckM7rw/ev+fM+y9ndyDezfANO4ajrdcqnbVVlDfq8P5/ue3bfEpPmJsK54LvlxJINnt j4KIa8i+B8GHydNd1HJtfKAlpAKfesqR97HHhNmTTwN0UT13Op1LxkCEdwSyoDD2wQqP5ZsR Ui23shB6hae3Fbf844Rfx8WdLbYHl66EfUl4ZC5xz6vsUetZ/7nsJNnss4Pn6ugY6PsF491t jYY2Blw9gqd3FYYrB3k8pJeaaj1V1KopKakeNeWvFg26e5W1ewnEttalt7LnSBdAfJE9MfkA Zau7Yh50P6viw0D7UVgvaKpiUUG3uMSQIXiLO2e2sKnhwZZs/jx9sbXlni1tSyoPuu1tI3yg 9ady57bzDXO/1k6r/LKLgMWKmaLWOIx+DRaj3x7PoA7PoD2eYR2eYXs8e3V4NndiKyXY0pbO Yga89U3L21ytbJmnxlXuna2WZsp12Evz6R3VxGEi0kNILNR2hZAl8frHYrWdOKlcRw7f1zAW txRPgd9zBvUBF5Oer70EVJjUM84LdwwnmdffYAGnOqkugn5ooxtrYNRk+xXa1hZjK+2tmgjQ w1bOCejB15oeUEN3S2nRPSYJFAGPUwWPUwX/mlMFm3nFdH2hZuinCxjreMSk0p/XH37hJTat L6xZHtvUEzYubjV5mASw1geuia3B/6Wa1Q5bCy1t4/nSdbo2fi8BfvR6j17v0ev9abxe63mT wgzXFlfMt/Oc6+ZPwG1x+X7NGcYHlf8WNgl87aM5H+Sjfy3YdtuoPf+1P9rdH6Xvfxz28SzY /u54MHg8//UhPg91qKag4YKtewqnPI+WPNh5tK46j9a953m0WRzPTAr3reclZDZ4P3UWHMSe lu8SlTOASQQHj3XVKbNlEjAAgOhFbkZUlW18vOiPiIFYy4e3FeqxT4J58eNSrapRzpl7hefX xiRyeVBsc734KEuyiGholVryNEfQYihwfnJ0IZ+JYiGGnzZ6pzk1WTtSEQNzqe3cH4Va6bbI Z0wI2pCtxGrSID4iU51a2Mzu5ucV1yplqntaPtc8o/nPfyjy6ihkdfBx+UBkdaDuqvhf4hzk ex2EC5F83n7ijdLJq0yewiBPhjQDn8dCK51GjSoLsXqmT+NzVznxIKQAFuVRymj5SeWp27PT s/Pp7N3p6eX0w+z47MMlJEJOxGowjArnNs7Oj96/nko8zZWLzd/bxbQw9vL8W9+88v1rQ/gG ZDY6Cub0DzwltRs4ulJVfyDYJ1uvWwvXkcklABBMpvXnGq91ZHT7c5lL7cxQCfHwcdtLtAKj CvdKEVbkb3VQrzqNVH9Or1L1ZIoAUgs0k4Y6B1ZWwJw4f7t4pDcNZpD8ilit8adeoDD40JOk AuLxqdjx3XVOMG575nT+wOLYlqjKsci8RKMLuuspKLmRFzLsuO9AWSuOiQYLGodd8urx4Gvt wddSK+fzmV6IeJZsRRH6Mznn5ODEWgVmVdgkQr0LL9JdDQWxtpxBAWpraYVxXh4FDR7xXB3z POj2cSbOY7ca7yh5DRefK8Tg2K4tqvpNzkuyikLPmdX1uSsFXK0QeH5wswZXCzarypt2Eg4p sK/UraBozvz5LPKAn2tN3CohoJ95PQhAmLeVRWxhV5dF1WU11apqwTivPF/ZjTydIsp4JYKk 5abCUtcVKS3Sd3UlJdC/5lKvzlhEOTPdCr8hQiuqLBJ+5GjLBGcUmtQ70xkOoZnpR5pTrTMA sVKCY6wD8iD901tRcBl6KcoSiEdNCKLk7K2MrNMDQzCfDD1lEhXwM/kFP03rpTyXnbwgL2zv Kpq/TADx551g3GFzsYKBmCIHhL8TqOffl2yAQ4Fh3I2Gccrk3ckUwkctD+eT2Zvp5eXR6+ll paF7e365Zo4Ieg4Bl6hN92I7p96xp6UN7WmKyUNgUwtnmQpKP3j4Yu6KXDwX3yoMzZZwnzJt pYDJzTzolc1jnZAXq7Jk3RMSlxSk3x3uv8y9xwMxmBQCa3/B1YRwuqqENYjJiUVB/QiDhNkh kF0zQebAiUNsi0Ag9zsFVSAB/BOz4/fwl/AbIsKSScK5qiuMCSvMARhRMKAQguml7+Buljhq tPSDuCLS29RBJEpeoT4Cz7+pKsw60eoW6kPI6nqrWDKF0QaVabSkRxWCuwALgg4dlQWP54d8 cgljGpJJKUJcRy95zRkAOiDArGmSbxeV9btLUhffQSBvUw9yZCxxbCGcAtF/pdcdSFJKDZRe eJCCDSrwbPDahLQYeW5GkkDVYVkDVQp6oJsUkHMLl+9+fj+Zrj0zMOeMXZffvIJFNzUvg5hZ fhDGgiq9d8O2KlKHdubgBv5cd7Wv9JAlWlIrS5IUIAGobjeBvGkGTaaOGsKuWgScVUZRzm2o 415u24nDsmKRQNdJhagM6ZLArJokbY6kIlrXv6mYNwV/absQwFtUH5UBQBhxyNGqXFIocyRt KT4bdT1TTei4BsqqBEJxokiPNqQ2r+Qmm07Wdt88IUqXuqUerTFor1FHaougIsnAsr2KxH1B zSSG1ZXizKlLuX6w4GqLPj2xg6ocg1aEa9eWYBU5BMYqYWWnYq9XhqayFOPRq9C/Zp52mOSm cDYNTuLl9LI5suckPtJK0GvG5Y4bMLRyt0gVUXZQmbEjyUtdgpzwfXYxmb1/c3YiZ1ZuoUEe XXEMyT0Bui6Q+upFhsuf3szO303+gXKjN9R2qO5tU4kC+C4EHDd2xZvO5BqmWparfuHZCgmx fVPow0k3sDOLb/PIM9N3eeGWiTzw5+p5N4geHBjvZ54tBrM4gP2cAn7JNwFhztP8Aptg9eKc ru1VgkXCboEMZNbiNTx2AN3e4tU6/d1moHSlcR3QRbDAHzOcSxb+GhXwGbXN3lUkFweawVCf WkgS9awFto3ePJTs4uv2sHft4cEIL5b4dvp+9xJzRryfudUWgRs5RQTxrTUQDMoIBmshGJYR DNsjcPjSnosCiuRmWyShDkm4JhIwuEVhxrfqESyYxyBsw2uDctcAY8VBH1ZoMnfrTMjFuw9y 6a+NmenAwFbt5PRuNaelPpPV+6vAkB5mXif4rLRn5fn/s/clUHYc5bk2u+bAAQLm2QZDMyge L7p3FmkkW0KypdFYDB4t1sgb2Ix7uvve25rurqvuvrMYO3mYsAYeSdjhkTzgRAZiAj5gSMzm xCxxwmrHD2yW4BifGIeYB8FgMMurtbuql1vd994Zd05qjq3b/dfff9X/11dVf+34671kzgm2 QtFNfXTVxHbN90zYpq6gX6tpaqHdtHwS5RxeCZL3EY4Crasc13zXHN86prnm5NAQOhgIX/9w +ukaPUkLW2Ane3vR9O6904fndkaF7AoSW7RQvmA9rwqvKrwDKLw5hW5wNzx4nXazhq+PSx6b ixyRHpe8xkJHkZS1Pfw3FZmoBmqT+1cDSVk3NUhkohrIk+tfDSSFO7p4fKwjHFOJ3rnjKT2Q cTol4jmUfSolCjpyqOtplIHh2+0w4E6lLHS0ITnfkC0Boi+hkz6E0ogPkiTaJc6PxLTIAA5o wuaENwGlSIxAubLNQAOrYwimpWgKRo2MgXRA+ODNEdEkBon4sk0SBVfHKLG2olliemQY1w6M pGEimsQwEV+2YaLg6hgm1lY0TEyPDBOEfjNpmIgmMUzEl22YKLg6hom1FQ0T0yPDhOGqDXir EILEJIQp2x4krDrGoBqKlqDEyAy638Rr4HhLRDSJMSK+bHtEwdUxSaytaJWYHtcoZN0WX58Q iqw2IVw5dQkJrI5BmJaJeoRS41rEMiBNqEMIRVaDEK6c+oMEVscYTMtE3UGpkTHwDFDAG4NS JMagXNnGoIHVMQbTUjQGo0bGsMFCp8HbghAkpiBM2ZYgYdUxBNVQtAMlRmYwQYinLzhDMJLE FIwt2xgstDrmiDQVDRKRI5O0wlC4awW/S4yBebItgYOqYwainWgDQosrTdttO1aNrTfiK08x RFaJitw5lanIVB1DJa2QqFwToZHxljdP+FaTNxqlSIxFubKNRAOrYxympWgURh2Kzl7GvqvO TmSPCKT/DFjvEcQ9JhD3EUDsFQPqE4LYEQLMBQCs+QOs6ge06gNRmQcE9iCZqYApEh8FHye6 35EWMh4ijrS4bbv/gRYoJB5nwWN6pin4e5Qkc/goW47HR0PXA3NJpImeHlMw4eoxsmCJBTtM WgKRClgCseVbAoVWwhJYwbQlMFmwBFpmkrAEIhWwBGLLtwQKrYQlsIJpS2CyYAnTXkpaApEK WAKx5VsChVbCEljBtCUwWbBE00jVE4hUwBKILd8SKLQSlsAKpi2ByYIl6DrZhDEotYA9KGe+ SShDJazClE0bhoUkbJMqL4hUyCrdygsKrYg9MssLJguWcDtO0hKIVMASiC3fEii0EpbACqYt gcmCJdpgOWkJRCpgCcSWbwkUWglLYAXTlsBkERMZpnAL2sLtbgy3MtZwc8zhpu0RGLqXtAem FbAH5su3Bw6uhD2Ikml7EDpvDwMm0k/Yg9Dk9iB8ufYgwVWwB1UyZQ9K5+3RynBEWwU90VZ3 V7RVGV+0leOMttLeaCvDHW0V9Edb3R3SVmU80laOS9pK+6StjEa2VbCVbXVvZluVaWdbOQ1t K93SpuaCKUlujW4zwTS0CrbInP5lZH71iJtYPSKds8E8uatH1me+pqv2RKnUohE0RUNOhMka jkvEz6+0u0Zr+lZbqy1pIy97wYi2S5uPQwveWS1PvSCT3K/JkQCXIFBei4muWkysgRYTaS0m OC0metFic1ctNq+BFpvTWmzmtNhcWgu6+DNHCxw6YC2oTF4LTAJcgspqQRdN5miBQwesBZXJ a4FJgEtQWS2iRag5etDwAWsSSeV1oUQgJKysPr5EH39N9PGz9PEFfdhbPF0BycJsBX6PRqBB NAILohFIEI3AgWgECvCjLuyFMWDXJupygri7BeKeBoidbBD7lyB2reKiTh7pJAlpJfkqma/Y +OqBL2Q8VLWMbI+Mxk2REEP1O0PiookMcYKE7ATqf46EyBnhFjPrbo93eWVIZW4KeecdFUqR uCqUK9tZoYHVmexjWoqeC6NGxmh3FhYtYeERpUiMQbmyjUEDq2MMpqVoDEaNXXlxpF0+yJ47 vr4+Q+vFlHfTw+v8yLq5isuMsJiEkmSLSShbzmISGlodQ0SaJhaTMHJsEktYcIVeZaaw8pZa oZAKmcBKLbLCpHih6jJo2EFLWKpKSRITMLac5ao0tDqmiDRNLFll5MgkCw5YTtokokmMEvFl WyUKro5ZYm1Fu8T0uCHVg3BSaEcxQdaMYqacVhSHVccYVMNEG0qIkRl8+6hn6pYwAhTRJMaI +LLtEQVXxySxtqJVYnq8dNVp6q4u2IWRJGZhbDmrV2lodYwSaZpYv8rIMVYCXYAJfJUhBLLk gAOGVMcEWLMEJBAp9jR927WaljDvFNFk3ibjy/E3WXB1zBFrm/A5I3qMCXLKBQ8LQpEhg3Dl gIMEVscgTMsERCg1dr3EAmLKC4iZW0DMShUQM11ATKGANMfHjMTwuVFg+NzIHz43KqQ+0S41 jm7wS5jRebO4gAjLl2OqxBgcZ86y5ZihOobhtU4sV+ZCYqcLnSfodwxhyWRMlDlfEWOOAxaF V8dAnMYJRywOiCtTetCDUJ0ymqxCZXw5VSoLro5pYm0T1WpEjwtXSx8XihV6lxUoxJNTlFBQ dQxBtEsUH0yLkYEP/RBwQSgyVBCuHEyQwOoYgmmZwAOlciNdk+JQl7TbhljyBruq1GXDmiWH uyb57Q10DJSfMmAkNmoK2IghQKNnIBo5AngABURjByDuLgPaWQRxDwlE/QKA3WMQe4WA+UMA +wWANI+AbwwAV/GBuKQDgnXAchpgjQE3zB/pN1gb752Zm99/cO/Fs9PRzar4Xgl06Sk7k6c+ Sp/Y7Ph6xY5OAsKRwwcY91U489cvBfgQIpgA/Ivgp5FDgtDNNDVLGwlGawdfOlE7N7jyLPg0 2hzRrornNXqch+EnS/qZz2FyxCkdfL5Z/zM6WAx3vki7GbQdcbtHRJO5uowvx91lwdWpimJt E25vRMdxJyZD6S3JmEOLZeCbjumRe3yNVSdnCEXznvAdn/EXb9vCJ22jf68W1jzqjpFc8ohI BVY8Irb8BY8otDp5EGmaXveIyXk5QBm0SMBA7b/QQOkTBpQJRTacTLhyBpNJYHVsz7RMDCRT ap7lSbjGvh6o3Q3H0r1aoIudp4go6zxFjDmdpyi8OnnAaZzoPMUBeTkRsWicGJBZnyzWQnTb rFChMJqsRmF8OVUKC66OTWNtE5VKRM+tVSiHFsvItGfQcpMVBCNJu2xulyqChVbHlpGmyb6b 272WoAxaJGAg9US/vhR1d0RXCrr2/TtSUIhwTFtioLDAOGH+MGGF4IA1Sw0S8pOx6MLNWls3 Fi2x/eTpslaU581pS3mW6phH1D7Rrgph3Hih2/bRBR3CcCGlSUcLKV/eYCENro6BYm2TQ4WM Hp9u51tWBpB4ssQ8PGvOMXccR3WMJGieOOyOD4rrGytMLBKjFFmtQ7hyKh4SWB2zMC0T1Q+l RsaAb+YCbwtCkJiCMGVbgoRVxxBUQ9EOlMibAV/eJxoCk+SmwGy5xsChlTIH0TRlEELmzi0L EsWEUmQ+G+HKO7csqFYxYVomzy0LEsVkwYMJFeBBKDJ0EK4ccJDA6hiDaZmABqXG/SPd9tCV KEL/iNFk/SPGl9M/YsHVMUqsbaJ/FNG5AyFdICzFJgSJSQhT3jmQKKw6xqAaJk+AxERuOgaq ECb2IDOadGKG8uXNztDg6pgk1jY5T8Po8XJUayVMm4ajSozDceasS40ZqmMgXuvE6lQuRDiO OHkUcZFjiLscQVwhYxDt0kcPcwZAV0oiDXgjRDSJISK+bGNEwdUxSKytaJSYzjtptplw0Wzp un7ClOue2VVa0081TLlmNr+eHx8+l9HXE+gSowi8OcsQeZbqmEjUPrEcUQjjBw3wFWPimAEm yYcMMFvuiAEOrY5xIk1T4wWEzB1tjq7uEA82xxSZc0+4cpx7ElgdczAtkweaE2pcoBzoyiXP GY2JsqIUMeaUoyi8OobhNE6UoDiAO4u1WcN3eonHsDKiDDERYw5oovDqmIfTOHnkahTAt0ro wuFEu4RJ8pYJs+W2TTi0OmaJNE21T4TMI8YTd0pQihwrXu4+CRpYHXMwLVMQ8YRNEu1FI4kP RpLVLJQtp16hodUxSKRpok5h5BgfaZMExUwSdDVJUDmTBNkmCVImISv0apYn9H04qgwrMWe3 XcyYoTrm4bXO2s1MQjjPNwjaLV8Xr9zgqFKvN+LM83kjhgoZidM66e/GIfx9E8hyhuWLBYwj S0dwY9a8YdyYozqGEjRPXUQRB8Vb+jzDryVXesREiZlixpyNfVF4dUzEaZzY3BcHqKMlso6W gAZKzABQihwl+TMANLA6xmBapsAhzgAgJyfp3hVx7rq4dhUyAtEu7dZxBliyfLshTI5RisQI lCvbDDSwOoZgWoqmYNR4L4q1BBaFokEpEmNQrpy9KCSwOsZgWib2olAqd9qG4a+2haaXkSTm YGx5J2+Q0OoYJNI0eQIHJfM9ZMu0kz1kTJL3kDFbbg8Zh1bHJJGmqR4yIXMoSc0VMpIUJd3m C1lodUwSaZpESXLW0HbbQHRZKUViEMqVbQ8aWB1zMC0TV2JRauxtrCSNQSkyb2OlizFoYHWM wbRMeBuUOsQetmszntboeEZoA0+7ygTzJGQ+CH1Ld0e2x5zj49u2a8u679lec7t2FVq4MKK5 drMVoouMO2gHUweG2aGtO/bV8A1tDmrZQSQ+voJrUbyBa1F+Addi7v1bi5W6fmsxffvWIn9G dOh3glBcFcZIsglqypYzO01Dq2OKSNPEvDQjxyYxF8yOeIo4I8lMQtlyTEJDK2QSpmnCJIzM myRxCSwmyM2RfwksDquUKTIugSVEriV3EsvkKEXajjv5y+RoYHVMwbRMNuJOajVp4kwcSpH7 efnn4dDA6hiDaZly8sSTcNp223ITYwYRTTZSyfhyxilZcHWMEmubGKOM6HHTajnt5HRrRJM1 sowvp6VlwdUxTKxtos2N6HzxCSx/SRxzi4nyQkQZc8sRDa+OcTiNU6WJBcQFqgVCIK4AYiRZ caJsOaWJhlbHLJGmibLEyFw/wTLEXoIlnSrCPHk9BKtK00NEu2TvwMrZ6Fy71NlUIz2Bmrnq 6a5t0N3nGt6JBcQNRyDeXgOETSSA7Z0AdO8AiBbNA7ZeHLC10iBeHwzo6lgQLwkF/OJHcq8o /IkX89EFX0Bc1QSidTyALWEB3JINwK1PANGkPGDz0SCahwXR9CPgZ9oAP6MEhFkTwE0QgPj4 EDbSTUZGARsXBGxMDERjQSAaAgFRzx+wTi9gHT6A+yAgcr9B5HUC6nQB5nEA1tqCuIUBcZ0K uBoERMUGEOT0sYkyYxcrxJFwaw5+lxQ1zJN7wsP63JRTrKgR7VInOyyVLWpLGhH136awRWVh EFjrd8cu3lcr7teNykf/u3YjUcIRKIg675h6O1E4Yrq8kMS8uYUlZlmbQhOVF0kp4dRNlRYu rMtZKBGXJsoDEAKYDH8WLB/+wPICnCWtb1hwGSeCow36R0UbcKf2HABhC8kIARpvM4FnaQ3g a1fB+EbqfeuBohIVMIHRvwZQyKBvaYhEYildrAJjY4bp4/SkOLo+rIuFJK7CQPXeAA5OInJG hkhpecHzaXEd0XbVUdmep64CCR+GhRFWZChAq9U8UANtNDIbkJcmbDxClARyJlX0hwPJNew1 OgAMaQt6aLTgL41gWNuViNFowUpE2zY5qYl04U3bBUOhB4WbJZSsF3LvemBkcMOUCNzsPZsb tze1cSKXPIOurBMc60R31s0c6+ZcVqpMe9EXlIPvEgUD+gX3jr8w9BBSadbVIZZ2RW9DMIPx 2RKj8Qki2uTYmKbtQi81+JjFcu5YzIKeM3g2T3A8+CWD6Zwxjgm/0MRCVlgGRl+0e+rCmQP7 KMAi8t7pI7tnZueS5At2X7RB20XM6+h+0xoS4IsKBywsGmxkasc6tgWbkdqqhbBMnGJiaxM6 tshqGzRSBELbhS2ODlsvaDXoNrXRAW11TOn/hDRaFvst1H1XOFTAeB8CaG1le9A0pMZCjm4s t9f6CkkZGbLR3jXY8A/joGFtJ3yyQuQWDhMUnH46YRgZgWEj6KMacjnw2Us7tLBleZiPOSfo rH1LG2YOirtI0w0TFwyjxI+edSZxKPJ4duzQIhbO1UlzWYFuXKWNdgLojQJDx/4m/0qdnR0k fYiO0sjsCF2emqtt3bIF+W1IrXor4+PRKJCIOX92Zs+Rgwdnz4fgxp4ZE0dKTIFY9ESKoxh0 FIPlQOshWds19Nqwowwa8QDKAViuqmd1YpvQcts7E8qFsFuBeiJhXXdsPSCMJtQnyZjBxjSH Pml35sgcmgZ8u1lAND3nES14aeA7x9DrRvQxrPc3IkV2yHMU82kbkTaMm5xYygmI8jNWB9WM OzUPCOmmKc9MavHElk1uRoI1rWGTJ/ZbBYzh0zvJs8XAlkIGz0R/iCGpYrAmS8JD9gns/OBP 6kJgNtwFWWEt/UES9rmRE/ZimV4mwxOZnV/XZDQGFat0iO1o4nBTJjXHJdOH52YOHuguZZRy SaVNtXSvac2CZh2FSYRGzBQIdhAGO4enDh66HPpgddikQF9XeKuPa7DZt/CYDuqiAK9hN+u0 dtAEoEb4gHzo2bQc/EwTAFs1+nQIPrb0oFULQuzEtlCTBDOatn3oJfoEeQu21wDwEapvIiq5 CsI0GBN8jh/jpwZkh6zQU4QvSIwbNA18liFJNU40fKMiKd/4mNege0islbYDG1ZPx6frm4bN RWh43Av3zD22nY6vO/VVEh2rTw2Nd1yMYVrDQTcfmRhhdSPOlB2w4yqv+OujG/FnVwxt2BCx 5mY+5qUZD3vF5Il0yfSzVyQfizkvwIdqWkgZrimlycGlGZavnfUdpJGiz6zW716zQOb+bUD1 WEGjlzUIE1zF4SOzo7c2mAgXHPSIi4EelspCUt+VTlm6XuzTh6eudtqRvxoWuv4deSSl/65O UkzeeA5Nfg3NPnADO0U+wZ1R8ZMeDcqltY9sIVLS2YIGrfvPFiRlANmSEFPpbOHS2ke2ECnp bHHbdv+5gu/C7TtTRCmVzpM4qX1kCX+DMJcj/C3C/WRK6mD8fgVlTJUITmWyQ4ll5Dh87KaE rE/Y5Qn5n6JrDvK+hGE5H5LbCTK/w0GPBpCETOoDS4nbCzg4cTcY9IMmeqTvoG5CKIMlyJqT o9H9ACJ3dAnCo5GjvKH6yFDxCGUuP6NjlPvJTTzdO5jDmAeWkxmZmM+8lMG9VCot1G3FdVTX bgmbiQgWLQd75huypQiMg5mQ7xdE/Kw+B6HEzH4/QOImiAe5SmBgoIqnzNN4icLKR9ctNtj9 dmA1kxMfCX00KqZkVvWBq/SyAA5dbGlAP7BC8/WVGREbomxIDyOoN12g6RlVCR1zNILR2an5 /dNzc7v3Tc8Rreou4IWYukyIqcuFWFIhllSIBWRCLCAX4kiFOHIhUsNacsNaoVRIKBXS8GVC Gr5USFNqk6bcJrYpE2KbciFSm9hymxyVIvaoHLGe1Cae3CZtqZB2ASHh/J7DUjmIqYAouRyp kGBJJiRYkgoJpbgN83D7X3SGog2kMwr1UW7IHw13kqHVLiITH6zN2CW3Ho1rOaM1af00neKK rsFIKT4WU8aTQnMh2a5UlHl4RTDiS34Xh5SK0tU99P+4PNr6eNZ3JKRIonM/h0E991O6xXvB 7otyPkMrjbp+2tCP1Vuh6+R9z8IHs1Cw37LDrzbkh824FYd9DZsNaJVTWlClRzSF1PYzEJWU 0/8isf4lVNnyA1jMdkLF/oJVp92yLPMArO5G59BL/WAnHGwcaPXl1q1b8O+2xO/YxNYtk5Nj J4xtm5ycGB/bMrZ5/ISx8fGxsc0naINNhfrL+iMLHWBnWYe1AWwQ2Xw7eh3CFQTuZ8Hi5AGv tu/AxZpj1ut17QzMYZ4Zt1WOGfMjLxWKg77uouVrZ3A8Z2p2oGWIWbWC+PMWgB5usBqElquF q20Lcdpbz9laaxs1Mj8Oy1TMHqIVuWU+wLuWSvAj9XVtz9xejcy+2wt4wh3XLtnGiBvuWMpy y4JG8Wnslrdk+8BDm5KQSQLdw6kQ7MC+wNsWAisMtI0v37/7wulr802HkroMfLK+38D+Aax6 tqAPGqDjmTmcnRCgnC/AhtJSUGLL0k3LlzAieXilTZqNqR+izYk6sjlaLhPC/y2/FrQtw27Y hoYWWOOdA6ARrRkKkDQPiDE2DUOwG3zPiAvCdgpnMxQDoYt3+JyJUxvk5k/ORzBbdc3wQRDU WFgyXUzCsqVBH07rBIiIisdUfhazb1AsumFY0CXVas3ukECH6Pg+fIDeV80x2iCwV4QvMoyl kUFyZH4Sjbb7wNxMImUeam092IBYZvHyUqiYODClQWz47rYoUUJaYBmp5Hc8mm9o6b0PDCsI gJ8EiFabFtVqOJZoOEQozbK6uuzrbZIZDSc/rfBDDXTCdicki3x8AEKBG0W1upq2x+oq6iIT BLYB2ubodwfIgh0AT2DBFK22KvJNrTaXYbK52qsrjFz4sLx5ojA/rBjx+U0Lq9q+qansunWA DQ2KkvuGQ7xvoZaRbnXUojolElPzRSkQ7DUO7J6bnXbP1Wp7kgUFKRy29BC6rlYATRKiPdOe oYcWzXxRFu6Q8sWNIdoyQNOz0VI2q215JmpZHHvB1307kXi0NXweljsxIVTXoNNoJCqHRCYh F7wT4go5g5nPUrTrVvdMlDq8HzdhiCz1wKIYmek0DK/e6p6Hvu5BTQUeQkrVgnZb4MKUlBmg U4+46lBA0K1ahNWG2TEs7dCMCFV+x1oDBgp4RSIgDdYKejPFKavv6PdoDzNs+rCIGn0p+GWn jRrMAA8pAI1smu7pK6fMZw0P1PwwtMmTtYKaEzwB261JzSzVkUw86mGKCM+q6CGbiU42oJyr EIlhK0DrYXEGNn3dxd/aLtrEBQtdOjEYJW1cIbPYUO0CW9EAlfZUzGy3PFUALV7VDdQxDmBG 4chgxTQ6ixxNVD0FQLAc3UZdQlPOUaKubfkvCIjkX0DvAYoHHfgN7Gyjxcq2YYfOKlEWnbWX qg18Sw+p8ZBiYomC+YA88EBWxIMQ9lNCGVfHQ3v2keoARQj/kUjlDbWKnQIED7zpIaEJGlfo qdYhXpNGvOGMpiTXf4ceeRB2Z7VhdKTjEPEQUqJOazTmJZIC+2pLxhM59w7qWMjygnJJ8guW CVMmCfbu2nrTQkkslkDY6rTzOTOdblThYMdbm6VgQJsQUL/XWu7mPDFhyMdCa9ZMe8kOUPsA XZirLR82yzpskgNtbmbfBYemZbkpLwt8BRnza4cOz6wcOAD9YNTfwGot+GDRShdGwTsLmg03 4V2wupaEJfKh7AcrbF9C5hcsNJUo14Id+txYcGgCan7zahmIHNu1Q2k1Q7eWSLg8Z75QpeXi MlCgajOtRgEuVNtIucjelkEUu2AVXxCnuzLGhgUa8x0PqgpbAAkrzPOgIC9kNUqwLst5rKZd gKlTgKmIIKkc13LbRntVwtTxutZmiAc60bCHJclNqxAPLQASkMmTDYGIJp8NV5J0yGd25Dwh 9Di6M4WBpfuGBKnz86iqmDdAx5O0dZSTlCd0+E8Rbi9Z16WreNioSzIBs6DDthxY9pCXLLDH B2LAuCzfow03/eoM/ANfDXMT9ju1s7SzbG+h09jEGNHramgFjtUIYx7YExOY0DvjOnNHqvZz dGgUNNeLendTB/dOz00f6a4Vt5qhp5GImGnJ8nEDCxox73h98+Qmoe/I2skDs3PIV/etYx0r CEk9ktOA4w3vJtvLl/oq2XoibyHi9ZAPaUiqBMhSowPsmY0bx5CIanZmj1aLNN+1Eyo8Ud+a 0gXHEi52jyQKT8Rx5MLCUZiLtba9AgHTPaYkWyLCvRfOH5q5bM/FF4jxjtXPqY9167F0Auiq Hdq3fzo7cW3oIeSmS1jlGfElEoZkJ9O0uT4pS9OLD9kOGZ/LGuKlTLN7dx+SsBxsW97c3GwW 5joeGmRq6IZFR3LpW1c37yiuE7ArMo9rCfzp0VRNlPwuag3IByvt5pZc/oQKYQt2+szUMHyC a+bQ0tY8FgTHZT1go+qmtmzDftllM/tZv7h7WUPzsqi7SAfWrAbsEwXa3pnD3T9DWzHRSS5Y YToMlGuf0h075FAt63aULFjDHDo4N3MZ7GjEY4cS/8nAu5Xl8eAxmoG4gXi8ZGC+ImLshAHe 3lyANbAcy5B2+5dRMyZnwlN9Mq7ine8Cveq2bfbb8eYGoTpGqIUugg3EJ7IOOkKojkYrNPIk SCGkhHawyyhLUGfzBJ4URX2SPPijRKMGOBpvCVrJIjnRhdtOeF9buvCmBnG2ZGfY4AYlYKOO ZqAxRLu75ovJKiKDBWdDdwQAfEilzAWG/8ld7paEZ9kIpHIgz7IhqcrsYFl3vI4r5QrayeYp 7bmDZQd0HWShqXIS4xlZPNKOCeTxpEwdeeY3UL9UOpiw2JBYyLPCeT0EEsUIm2lKbNTAxyrI EImWPaR7XJ22SYZpMTG1FIQN4kZ0co5qHMDm3mMKW1tUR3P1MRkfO5Dm1o0MorjGlxPtG6PU PUNVHE9OC2nox3KoppUTYHl5AUFOQMPPCbDDjABX9zp6lhVoQGb8NOyonhFGMwXagj6gVgJ6 i/jgFVMw6KGDRy6YmZ2ey7Ty0BDLNeyHTw4N2a7etJjTpW3HxzedEbv2Zw7t8zqH9kW9Usww RFzhmAbbDuT4appAoo4uT4rc25gEO0XYV+VIyHFMyBo6AkEL/Xo0crtsOw6anaDLC8gNQIl9 YUNT2FAd30JHttgBLAebcLOnjaDFBCPR1EidOzXUt4wOBN2S1duaSWbaGjZt8hxOvcdTTkWp o3qR1eC9H9WaEdtgjptNCF7jE2czYhPViM8Y7FMRcvbJ+qkinLVClYH14kB0gXJGCpy0vHff /OzBffN7D+7fPXNg5xXDc1TKFcPahvikcviIyyQ7aRANTIzXJ7QkGQ2KcHR8EgD6Jz77HNMv Gx8/vDUibkiLj0cjxutjqVgGGjnj5k9SzKFCa80enNo9Ow37ptBUwzkbgoax7fbu333g4t2z eawst0ZJS0G/uWD3RdIPYENFuY/sPrxv+sj87tmZ3XPom9SySMo3d/kcyv20ZCs0EEt0LLah kUOuFG4UbsrjBnZYYW2k0KPQUxY9DeCYlr9kWwo9Cj2l0RN0XBd2JRR8FHx6arqsIIDdZgUf BZ9e4EOmlBR6FHp6QQ9akaCwo7DTC3bwaK8CjwJPT16P7SrsKOz00+Gap6s4FYIUgnrrcykE KQT1iCADOMB39AXLUehR6OltwFkhRyGnLHLQ8RPoxhcFHQWdHqBDz9lR6FHoKdtk2U6okKOQ 04ur7LZBYCnoKOiUhQ60bdDyO46qeBR6ekOPEfqWqnoUeHoCD7knVWFHYafs8LLXUbhRuCk9 sRUCY3Ee2h6d4qLwo/BTeoTHagQKOAo4PQFnHh3BCtT2G4WfHvGjhggVfvrBj26Qw9YUgBSA equA8LT6vB1argKRAlFvIDLtoO3oq/NqqlThqC9vugO7865CkUJRPyhia50N4HRc1TdTOOoR R+gcL0cP1VSYQlDPvTNyDYsCkAJQSQCpjr2CTo/Qob0x5UYrAPW4+lB1wxR++johQTnOCjs9 +j2m6VtBsADAooKPgk8v8EGT8m21x1Shpyf0qJkwhZ1esYMP81fgUeDpBTzK5VHY6bnR8kxr RYFHgaf0totmJ7QdNUOhoFMaOkuG7psKOAo4ZYHjmHZD4UbhpixubBfdkaXQo9DTC3qOtvH1 wQo5CjklkQNjMdXmUoWc8sixTDtUwzoKO71ip+mDjqp4FHh6Ag+dSVfwUfDpBT5qeEeBp2fw qM6WQk/v6FHdLYWdfrAzv6AHlql2/ikI9br8FP4o9Cj0lEVPw3asQF1voqDTA3TwOSwKPAo8 PR2CqYedYEFXu7UUeMovxwDNZdszgbpXUoGnfM0DOr5hKfwo/PS4/lT30KWSCkAKQL0BqAOB o3CjcFN6oMex/LCte6rDpdDTw1JUr90JTVuHvrOCj4JPWfi0fdBEw8wKQQpBPV61hFaGOXag KiEFoV49oAXQUUs0FHDKj/lYoVqVqoDTQ19dbTVWwOnxYkmFHYWdHq/SNi0DeEsKOwo75QeX XdtVBzop5JRGDlqBunWLQo5CTuk6p2N5qM1S2FHYKT2bbk4q2CjYlF/EYyxaaihQIac8cgI1 fa5gU37qoRMCVw/VxdkKPL1MPwSBraCjoNMDdNxQTVwp3JRfrwMUbBRsynfHWwo1CjWlUbMA 1FHuCjc9+MWeOrRA4aY0bnzLUJPjCjelcQNVVbBRsCkNG3yKu0KOQk5Z5FgrCjkKOb0gx/PU uJ/CTQ+4sZbVmmOFmx58HHWAqcJNedysuGo5hYJNadi0QoUbhZsepjV9YKgNDgo7PY0aN4yJ sXG13FhBp3y1owdBu+Xrgap4FHp6mOZ0LCOsLVqrqmuu4FMePnaTnJaswKPAUx48btuxak0r DK0VNROhEFR+cRdOjUKOQk7puif0ba8Z6guOcpsVfErD51gHhNZ8ww3nHUstL1UA6gNAbd3H XffRBduDSdAgFKAxQwAcrVZzgWnthNEsaghh7HutBjSWTA02grZXB/iHHvwO6P03S7aFXoKO 6+r+Kn1z0YVcTYu+tSw9ZkRuGH203ZgHDWqKouYDS/eNViwtJhjAAb6jL1hOlAz4gMdGgyZ9 IpGicNsJ8YMB3DaAZgDocKqg5XccTEYvRuhbLAD7iShSr4MSEwJjcR7iF80PIslWI2C/81Ci C7zoNYqJvOqGATpeGAfjhM7boeVGNNMO2o6+Oh+llgruwHjdBJHZBWrfceNYoTgoIrS4eEMb eCiVcQpoPJHERAScDHqdGr4DnbwhNdsOfaGpR4+GDo1Mnzl2CA9YXUEDNskBYEAj99ICzTHt Bs52tCiIvtBrRzHWTGzi6AZ2wF2oDYT7kQF33S3gby8F8WWUIHW3IOCvigPRzV+Au8gJcPfy AO6aFSDemgESlyAAcqY94I8oB8KJ0yB5gDBInQcL6PGegJ7WCDRmv+gsNRAfjQXYSUeAHVwD 4nNIAD5WArBTAgDe9A24Pbwg2pIJyA47gDdMAbT/BZDtDICsTgdksTHAa0dZ3iHjrtAHvFAH kHUXgEyjAzwrCsgkF4jnLEA0BA34EUUgDBABrr8Pkt03wLxxIDhXINFWglTVBzRYd86ypkSj j6T1wAQHGhn9a8J/fXPV013bQO+wcoT1BHoibCasMZ3LbPQPTBD6GR+H/7q44eMiQJLmSbOn rXHETDxuBajMdtNFbfGQu2javlaH1ID4D7Rx4Op2VbWrql1V7apq/69btXP1ZvQkqXRza1N5 UG541FGB/8e1fz0AwpdZ/0ilhYucmAJxl+EmDU30hRAG/5eISjU+4iuWghojLOZSZ1Ot5rf1 sIWfk81W1+AhV1+0Xjpx5XZt1tKXID5gxQfxGwJ/VbtqtAVca9Rr6a5rhaOw3HoO0M0g6mfV xurn1CdHA98YGdqvL6KvdceBwKegi4VPe7Ce7006EZWMwPKI8M2DED5qeSOxuAMgbCFpIawo LM0EngXrO1+7CsY8Uo/ZercXF6mo1FF9kEod1R8FpYRIB5DrRRSo6e4gdRgZRJnIRm1DPzaQ MgHlJEWb1kDsDiWPmtZ6AofFuCblGwlf38LNYkyoEwxOnWDd1QlSOPYHpk7DX291UIyiOnY4 MHXscL3VEWLst05Z1+o2jrG/ulaU07sJBpEYKmO8PxkUnrYH3XoCUd2IBfeRyboxEEuJcvKw QpNfs1YsgwNNkU9MPdQTn/SOjyixfeUKFpPOmDYYSMa0wUg0jXCVATt52nB91F2kEUF5wTCK bfSsMzXLaIGM0B07tDiwPpoVbgW6cZWWnDYZomwo4UZQhz0XTQ9SXHTiZtQIRmen5vdPz83t 3jc9F6lRdwEvx9Rlcky9kBxLKscqIsdyZHIsp5AcqX2sQvaxQqmcsIichi+T0/CLyGlJ5bSK yelI5XSKyLGl9rEL2eeoFIdHC+FwEcjkLIIicjwpDr1COGxL5bSLyQnn9xyWikJMRaT5Uiv5 hazkS1HkF0JRILVSUMhKwZJUzlIROaG0lIWFStnVrfmpAzJRmKmgtCOX1vfYzckCIilnvtyG FlpBqA0z4rC2Uxumo5HDO7SwZXnaFUOa9ig1dqM0KbDB3UHSgRhQWlibXjO0mqtt3bJFq4/C 5t5Co95124P/Qf4NG7RuIhMfoBgsB6qHItquodeGPQhXBHkLaVcELUMZiDOCBI1IshLrpJ1+ OuEZGYFhI+i7Gpr70MM6GHlUMzsxZkqXp0izHH6GlKi3Mj4ejQJ3CEqlV30wudhERaLTM8Z3 SUA2hFjWjHgAGX7VCh5tYxOToFmxnQlVwprRQjMKYV13bD0gjCZMfZIxg43pWWskDZRgjpTX NODbzQKiNS2wTCTYtxo1NL+FXjeij7Vd2kakyA55/mE+bSPShnH7LhLKCYhyL1YH5hfMNQ8I 6aYpz0xq8cSWTW5GgjWtYZMn9vto1dWk2WHQSuFAaJvIDzEbVQNWTkkwyD655hrySV0IzAa3 2HDX0h8kQZ4bOWEvlsVlsjeRtfn1SOVba1QZSvW/ZPrw3MzBA92ljFIuqbSplu41rVnQrKMw idCImea8HYTBzmHOG9AM4DXsZp0Wb03AXpTlkA89m7C7ip7ZJG6LPR2Cjy09aNXIXC58QxOB Xoe2Wegl+gS17LbXAPARKmgiqgncuqGZRrRtQzPjx/ipAdkhK1rAYmAxbtA09BC/oFTjRMM3 KpLyjY95DTQ5X8fnUzmwHfR0tKMaxmdzERoe98I9c49tp+PrTn2VRMcqREPj3QtjmFZRwMfr EhACN2Kz79BMIK+566Mb8WfEpevi1OHsxbw0a4FHn4wWbOw1/ewVycdizgsAoZoWUoZrC2ly cOmEJWhnfQdpZegzq7a7VxaQuX8bUD1WQNvyamgpEaq1yNpa9tYGE+GCgx5xMdDDUllIqrDS KVsTr5u4xWm/O/AHMziL59EHMTqLBXHuqVDd8saELENZfmzSkc3CUbzUTRQYJWYo6yvpR4/O EHFs+v4gwi+F4BDCL4foEySJiWUuEjZlOpD1FuKs6TqtsEhPGHDY7IbjzP0CMM6h7k1AlNTx Olp5VURi8pvCMYz1EsVYuTh6UqOkHhO9xDFRLo7NvcSxuVwcW3qJY0u5OCZ7iWOyXBxbe4lj a7k4tvUSx7ZycZzTSxznlIvj3F7iOLdUHL0Uj3KlY6KXmmSiXE3SSwEsV/56KX7lSl8vha9c 2eul6JUreb0UvHLlrpdiV67U9VLoSpW58vKJ9MGu5BzYmkF+9Rjn3bG1oYPx7ga7TLPYUtMB e3fQIAP27o7qa+7dCVGskXcnxLFG3p0Qxxp5d0Ica+TdCXGskXcnxLFG3p0Qxxp5d0Ica+Td CXGskXcnxFHSu+ulnJf0vXopguVKYC8FcG28Oz6GtfHu+BjWxrvjY1gb746PYW28Oz6GtfHu +BjWwrvj5JeSHjTLSkdfrMWGmYH4joK0QW6/WY+tPDnrhYt8khgMrtw2oAEMLecP/Ea7ivoc WuZ3FXHi2c6i/vcsiTuL1mOX0qD6HCTCopUi5JZ3OojIrI/KRCP1FrKiKecuoC+kLkNWNOV8 BvhFD5EMrCsvQKrv/Sj8jrbBT9GkdrWtxw65QRal4jMzhYsSP3y0hkUpGc0aFaVkNGtSlBKR DLQoDWhILLGbki9KweCKUjDAolRkd+ZAi1Iw+KIUrE9RCtanKAXrUZSCNSxKweCKUpDpP/oD K0rCbt712Bk8yKIE7TDootTw16UoJaNZo6KUjGZNilIikoEWpQhS/Rclbhc5vwUjHFhRGuC+ 7mK70gdZlKAdBl2U7HBdilIymjUqSslo1qQoJSIZaFGKINV/URJEDewEgzU/CqEqw1WDP0ah v4EqUc5AjmMYiJCKH1MwmJMjTqjoH0vngWa7OTrlmkEdPgw4jjH4t3XrFvy7jf7CP/Y7sXVy 4oSxbZOTE+Njk+ObYTj8nZw8QRtwMtRfxt+rTnzyY8Pbn/ehh2765iUnPvHXQzef/ZzrN15y /LxX3Gm9fnb7WRf96uDT333N9qFX/2wivOxxT3J+9+3jN//hvXdsfO9JF7/udTddCN74mX97 4flTP33Gby86+Ye3fuSGn/7rpsf8/JxTG7e8Z+Nln3XOu/n1L/ny008Bl97VvuXmXeGrfnXn nm98Jvz+zCPPnF0xP3zjQ7cf/+0H3vU3tdtefd+N39lz5RtfcYf1rH85uO3YvZ0XfeOWOy94 0w//4rI/fe23b946/Oabf7zwo7/+x5E3PP6hs+9e6Lzr+weXf/PhW+9930u/1rp8+rP6G35v z+Xzt9z1sfbnTrnm8Oi5X/3Wl59w5t88cNqnT/36yIHPPefPLpnSNi9+4ZL3X/fGT/zx3eNf uPJJP7jpr4+/4DTwP0a+OPPOpZve8JP/d+JpI+O777r8cdou9/YHTvynV25756Vnf/pJEy/+ /GPfcYp/1wOvevZz7nnKDW9YvFs7f/fxv7/jjnc88PBrz3vzvf5b/NMnn+A8eNPZV373vudv eNoPf/rvKw/80Q+nznvwonv0X3zmx9o79SvP/vgvrh97xD/vbRuOPf+t+95x+ml/fOyp/3zT T/WVjfX/e/2pJ+178P+88oqHnv21j1373us2t5//mDf+48u2fHrDOSf/ybbHvveh63/++1/5 0E077v6rV39+7q1nvdC57vhrz9eGX7T883M//+APfrn453/3pmO3//pZ3/nOjve97W3ND9/w 0c++4qnPAK9+zcnH37Xj91+x9/D/OvfQaVff+KuTf7zrW9vev+/tX7pqcf+fvuH1b37bX37o H+695fee+puH61csmi+5b+NJ9z91+iW/m7z9xZ+89KPvuuwXOxc+smf0k4f/efWauxa+e9LT xu+87qvfu++Glz3+my/7yLW/u/nefed/59UXe8efc9EpZ++75Um3+p/4zYu/+sV/+sMHnvaM bbX7h1ZOMqdecLtzw7O2P/k+8Jalf3nwnqXtf3byU+5tPfsl24+/efaUf3jSD+7cMfuRjx6b +MpjnrDyo7d/5W8/ftqR62/bd93DTzv5mxcfs1r6kVMfPuWeq+9/3cZ3f0K/4qQtt+467T07 /+3f77zzkV/f+Pq3nnH6F867Jnxw5LvHL73jxytfnfiPnz7lra3Wa1638RuvGvv24SdveeKP tr7vlR/43qbLrvnd97Y9Y7Q+M/LtR05886suP+Vae7r2R19+5q+/tumlty3f/83ndeY+9pXr H3dL6G658+gvL3xIO/SBl3/qxnO++56Pv/vtf/Wt8Re88Pj3HlM/9bkzXzzr0mf9+PbpkZOf ee31nzh//23v/PqBuz44feCr99zyyF9+7ZVT3/rYgvHcC0/64oNfuvpTi62/H3+5c/n39l/4 9HcNv2niPb8MfvEf7//PB9s/+bufv/ErTww+8et7nvm7TW+Z/tcXnjH1s9dc+/xdd/zJL+vv /uT8f3761s9d+Qcfevi2//34r204dufdu070bvrJdb896cDlb59553NOePfPbnn5jhO+9LyL L7J/9cSfn/qwfu4jf3DSb+678dMv/4hz6ys+98lvffDKpanbvv6Lbz71tuea93/20N9+bNsH P/U/z/jZ2156/4e/v+3zv9zfbm7q3H3dDa//We3/z3u/ao3x8cgnmZ9vCSz+5qxZHf/J++yX BdmvniWf3a3PklnzY6Zw22/Dy7MDJxpM3lJ7YY9z2K29oW1Xbs7vbbiZG+0u/G+2x1JrHbtN LK/qnko0Xd+fFC9+vONA8PugXcE77VcIdjX/++7fbiOv+mJijS7Dm2DPTY5s7iVdzDYp/zzf eIRwFZ7f6c33o+r0dqu4E0c1nZ+qNKnrTtrAeKBlqWK0Vf7ebZNlVwevvryMdW8i0/2ujVMu pzio5rxoN7kh9OiRVfEhbsOpKjuqp0+q/GVW/irz+e/1Ki8fnyvyswqdM2GJiAV7ZOHCgPo3 ly0CzAsVum0bmH2k16n7zTy/9Y1w5ukVDxYJOMzUae89+XPDDSfWzmdhPc/KJ9/t/ed0J2eG 5PGGbbWBLV1Sb9P2pTxP+apkIjfjzfr9bkdF8yeqWB67Po/nUvAN3x/rVh5uqsw11Lb0vZEX IiQRtPysUOvHWU2K5yMstSY6vXfeO6vz4Ywbm2MMTh/Wvb7qXteD38Zsi+4H+k5/FHqcb6uA 6KXLjkbi25VD+9zOhKTm1joJrhGJXrs7/8YnudydGqxRxlfXCiyYKuBcytHS/FRWy/f1rs+H Tx0qXS0kPGXWt0UVct3LX1x3l6RN+Y9S/we5Orr4ulLdDmz1P1I7wMDExBxe/5sZG4HqfwNz k9H6nx6AC9TmU8gsVlBIVChOLsosKIHs+ctPAx/CV5KRCjptPDcxD6iqFLRtENTkLs3MSYHv GNMBnQcAPokBfFAVeFNlaVGqAqjVrADUBx+GyU+z4krPKy1IB12MomfOBT4oF9g+Ntaz5EJt LnNxeeYBrU4sAZ0DnpxZDHROUUpqkY5CclFqYgnEmqKi1OKC/DwkS4tAtoIsBNucX1pSUFpS bMXF5Z5XGuCu519awuVekO7rCmYFg+wDs7g88gtSgZYBgyAjNaegWEFPT4+LKyg1PbEopVhH wS+1vCQ/b9A230fBKBgFo2AUjIJRMApGwSgYBaNgFIyCUTAKRsEoGAWjYBSMglEwCkbBKBgF o2AUjIJRMApGwSgYBaNgFIyCUTAKRsEIAwDTtGCfAPgCAA== --------------E98180B039877C8C89DE9688-- From ian@pairowoodies.com Sun Oct 13 00:09:02 2002 From: ian@pairowoodies.com (Ian Scott) Date: Sat Oct 12 23:09:02 2002 Subject: [Fwd: Re: Biometric passphrase] Message-ID: <1034457244.13106.10.camel@desk69.pairowoodies.com> >=20 > On Sat, 2002-10-12 at 08:31, David Pic=C3=B3n =C3=81lvarez wrote: > > Hi, > >=20 > >=20 > > > Do you have any experience with implementing biometric into gpg as > > passphrase. I mean to give user's biometric data from (for example > > fingerprint) scanner as passphrase during key generation and use it whe= n she > > want to sign or decrypt something??? > > > > > > Advantages: > > > -Maybe the passphrase would be more random(???) > > > -Even she won't know the passphrase > > > > > > Disadvanteges: > > > -Maybe the passphrases would be in a predetermined format (according = to > > the biometric algorithm) > > > -she will allways need a scanner to sign or decrypt > > > -she can loose her finger or iris ;--)) > > > > > > what do you think?? > >=20 > >=20 > >=20 > > Biometry is apt for certain things, but it's not good as a passphrase. = The > > ideal passphrase is both unique and secret. Biometric data are unique, = but > > not secret. Moreover, if you're going to encrypt a pgp key with biometr= ic > > data, make sure the data does not change at all, because exactness is > > required, which points at biometry not being the right solution. If you= 're > > just thinking of consulting the biometric device each time user wants t= o > > sign or decrypt and have the key unencrypted or not encrypt the key wit= h the > > biometric data, then it's a completely different issue. If you don't > > encrypt the key, then it's vulnerable. If you do, then the biometry is = just > > a further annoying bump on the way, like a UNIX login prompt. > >=20 > > --David. >=20 > Another thing I was thinking about - it's perhaps an extreme example, > but if the content of your encrypted text is so secret that you'd be > willing to suffer to not compromise it, a passphrase in your head is > much more difficult to compel you to provide, whereas biometric data > would be much easier to compel you to provide, with physical force. >=20 > I believe there is a legal case that is or was before the courts in the > U.S., where someone has been asked to provide their passphrase in > court. The most that can be done to the person who refuses is to > possibly be found in contempt of court and perhaps sent to jail. >=20 > If biometric data was used, such as a thumb print, then the courts could > conceivably order that force be used upon you in order to obtain the > information they want. The courts do this all the time with other > matters. >=20 From ingo.kloecker@epost.de Sun Oct 13 01:00:01 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Oct 13 00:00:01 2002 Subject: [Fwd: cannot get sylpheed to do encryption] Includes attachment In-Reply-To: <3DA88D35.60D28724@hammet.net> References: <3DA88D35.60D28724@hammet.net> Message-ID: <200210130000.32858@erwin.ingo-kloecker.de> --Boundary-02=_huJq97ayJ4xQck2 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Description: signed data Content-Disposition: inline On Saturday 12 October 2002 22:59, Newton Hammet wrote: > Newton Hammet wrote: > > I am right now pursuing the problem by attempting the gpgme > > installed and configured correctly. > > > > checking for gpg... /usr/bin/gpg > > checking for gpgsm... no > > configure: WARNING: Could not find GpgSM, install GpgSM or use \ > > --with-gpgsm=PATH to enable it > > > > I can't find GpgSM anywhere on my system. I cannot seem to find > > a place where I can download and install it. gpgsm is part of newpg. > > Is it something I need to have present in order for gpgme to be > > installed correctly so that sylpheed can be installed with privacy > > enabled? I don't know. > > This is currently how I am attempting to install sylpheed : > > > > gpgme-0.3.9 > > > > ./configure --enable-gpgmeplug > > make > > make --install Did you try without the '--enable-gpgmeplug' option? The gpgme plugins are currently only supported by KMail and mutt. You don't need them for Sylpheed. The following might help you: http://www.gnupg.org/aegypten/development.en.html It tells you how to compile gpgme for KMail and mutt. But the generic part of these instructions should solve your problems with compiling gpgme. Regards, Ingo --Boundary-02=_huJq97ayJ4xQck2 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9qJuhGnR+RTDgudgRAnd8AJ9wpX3sLw4U2L5B5hbVlFoQcqoj4gCeLf24 dosgFbN/qpQMRYBLFo2k8jc= =Avve -----END PGP SIGNATURE----- --Boundary-02=_huJq97ayJ4xQck2-- From newton@hammet.net Sun Oct 13 06:04:02 2002 From: newton@hammet.net (Newton Hammet) Date: Sun Oct 13 05:04:02 2002 Subject: cannot get sylpheed to do encryption/trying another approach References: <3DA88D35.60D28724@hammet.net> Message-ID: <3DA8F148.DA83E86@hammet.net> Hello All, For the moment giving up on sylpheed but I may get back to it. trying to understand mime types and all that ... I have had some moderate success in 'Preferences' pulldown adding application types to netscape. Does anyone know what the standard Content-type for OpenPG encrypted messages would be? Would it be something like: Content-Type: application/OpenPG I figure I can just add an application type and suffix (perhaps '.gpg') to my browser,.... The thing is, I am an old-style stdin stdout type bird, and gui-challenged... I would like to maybe just figure out how to do all the graphics myself (e.g., prompting for passwords, where to place the decrypted result, ... etc.). Thanks for listening gnupg people. Regards, Newton From maui@betastation.de Sun Oct 13 11:27:01 2002 From: maui@betastation.de (Sebastian Mauer) Date: Sun Oct 13 10:27:01 2002 Subject: How to export gpg keys to use in PGP 8.0 beta In-Reply-To: <20021012193325.GC3252@akamai.com> References: <200210121159.35766.maui@betastation.de> <20021012193325.GC3252@akamai.com> Message-ID: <200210131028.01738.maui@betastation.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I get the message that the 16bit encoding of the secret key is unsecure. I don't think that this is a positive message. Can I change my key back to the original format when I'm done with export= ing=20 to PGP ? sincerely, Sebastian Mauer Am Samstag, 12. Oktober 2002 21:33 schrieb David Shaw: > On Sat, Oct 12, 2002 at 11:59:29AM +0200, Sebastian Mauer wrote: > > hi, > > i'm from Germany, so please excuse my really worse english. > > I'm new to gpg an generated myself a key a month ago. now i want to u= se > > encrypted mail under windows too. so I downloaded pgp 8.0 beta from t= he > > new PGP Corporation. But when I exprt my secret key by the following > > command: > > > > $ gpg --output secretkey.asc --armor --export-secret-key maui > > > > PGP won't be able to import it. Why ? Are they key fornats incompatib= le. > > Can anyone help me ? > > This has come up fairly often, so here's the HOWTO: > > PGP can (for most key types) use secret keys generated by GnuPG. The > problems that come up occasionally are generally because GnuPG > supports a few more features from the OpenPGP standard than PGP does. > If your secret key has any of those features in use, then PGP will > reject the key or you will have problems communicating later. Note > that PGP doesn't do Elgamal signing keys at all, so they are not > usable with any version. > > These instructions should work for GnuPG 1.0.7 and later, and PGP > 7.0.3 and later. > > Start by editing the key. Most of this line is not really necessary > as the default values are correct, but it does not hurt to repeat the > values, as this will override them in case you have something else set > in your options file. > > ->> gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3 > --simple-sk-checksum --edit THEKEYID > > Turn off some features. Set the list of preferred ciphers, hashes, > and compression algorithms to things that PGP can handle. (Yes, I > know this is an odd list of ciphers, but this is what PGP itself uses, > minus IDEA). > > ->> setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0 > > Now put the list of preferences onto the key. > > ->> updpref > > Finally we must decrypt and re-encrypt the key, making sure that we > encrypt with a cipher that PGP likes. We set this up in the --edit > line above, so now we just need to change the passphrase to make it > take effect. You can use the same passphrase if you like, or take > this opportunity to actually change it. > > ->> passwd > > Save our work. > > ->> save > > Now we can do the usual export: > > ->> gpg --export THEKEYID > mypublickey.pgp > ->> gpg --export-secret-key THEKEYID > mysecretkey.pgp > > Sometimes I wonder if a --convert-to-pgp command for GnuPG to automate > all of that would be useful. > > David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9qS6QRR5S0See5KQRApLkAJ9l5D/FjnJT8GbNK8KyPFQZn5dqiACfQblR IgMoNKdWdLk65QB3rkJQ8BQ=3D =3Dp6tq -----END PGP SIGNATURE----- From gnupg-users@gnupg.org Sun Oct 13 12:43:02 2002 From: gnupg-users@gnupg.org (Erik) Date: Sun Oct 13 11:43:02 2002 Subject: How to export gpg keys to use in PGP 8.0 beta In-Reply-To: <200210131028.01738.maui@betastation.de> References: <200210121159.35766.maui@betastation.de> <20021012193325.GC3252@akamai.com> <200210131028.01738.maui@betastation.de> Message-ID: <173125113036.20021013054330@mochamail.com> Hello Sebastian, On Sun, 13 Oct 2002, at 10:27:56 [GMT +0200] you wrote in the message: > I get the message that the 16bit encoding of the secret key is > unsecure. I don't think that this is a positive message. Can I change > my key back to the original format when I'm done with exporting to > PGP? Yes. Just change the password again, once you have successfully imported your secret key into pgp. gpg --edit keyid passwd enter password change password (using the same password again is fine) save If you need to verify it... gpg --export-secret-key keyid | gpg --list-packets HTH -- Best regards, Erik From ingo.kloecker@epost.de Sun Oct 13 18:36:03 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Oct 13 17:36:03 2002 Subject: cannot get sylpheed to do encryption/trying another approach In-Reply-To: <3DA8F148.DA83E86@hammet.net> References: <3DA88D35.60D28724@hammet.net> <3DA8F148.DA83E86@hammet.net> Message-ID: <200210131718.21382@erwin.ingo-kloecker.de> --Boundary-02=_96Yq9wz5X+MCsYF Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Description: signed data Content-Disposition: inline On Sunday 13 October 2002 06:06, Newton Hammet wrote: > Hello All, > > For the moment giving up on sylpheed but I may get back to it. > > trying to understand mime types and all that ... > > I have had some moderate success in 'Preferences' pulldown adding > application types to netscape. > > Does anyone know what the standard Content-type for OpenPG encrypted > messages would be? A PGP/MIME message should look like this: ======================================== [normal email headers snipped] MIME-Version: 1.0 Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="Boundary-02=_IyYq9UdhT8BJKcw"; charset="" Content-Transfer-Encoding: 7bit --Boundary-02=_IyYq9UdhT8BJKcw Content-Type: application/pgp-encrypted Content-Description: version code Content-Disposition: attachment Version: 1 --Boundary-02=_IyYq9UdhT8BJKcw Content-Type: application/octet-stream Content-Description: encrypted data Content-Disposition: inline; filename="msg.asc" -----BEGIN PGP MESSAGE----- Version: GnuPG v1.2.0 (GNU/Linux) hQEOA2BUJH0Zv2n8EAP/Y9AtViwHI5Gcduei5GBAyHwaF0Wotncse1NWGQpERh2n 2HUYM2kHRZ99+3LEISIX/YQQjphmU5BOACMKjYNjNUyR5jSx1VJJjZ8xfDJPAEHt Wwbn9NOnOhoLWMMtoJAOalwgzUkCnc1AzgyLwq0O9BhRmMS5vFqpKbrHfRgC1N4D /0FG/IV2d8iBwnjNPEKaoMJ3IeiZ5WZZHtbkKdNRj5DPst3mt/9fr00T7lqQ0Ehv 4FdQjZRnvBGtgDWSMTSHrtJE9npB2NReAEA2H4BsQz6OJ4tkR8ELyRcKpo+4ssK0 3BnyMv6fxFUenaFq+QejMbLdUjxjN0tFpbSJt+0wOACd0r8BbRgQoPFtQYvgzmFt uIGTp3GHVg4h4sxA/PCB3dwDXCxRGJCD3cSF85TnpapCRodmlepKtF4FFYikDtFi nGBUJRkTs1+RFsvTwOI6uYIBbM6ORRlml0Fhoe6iP1QdYJR95llopsplzb1+jqFe UUdpMHuoc93GepppiT3sxq6ZraqQiqSTvPbi/PTH94XnncIIVjO78sdPkWau80ms hGXoucBYRzEZuAC/Rsl/J1hnWQS6CkPiQNnht1ljQEFaMw== =cGfE -----END PGP MESSAGE----- --Boundary-02=_IyYq9UdhT8BJKcw-- ======================================== Regards, Ingo --Boundary-02=_96Yq9wz5X+MCsYF Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9qY69GnR+RTDgudgRApFuAKDgad21BXregVfLoiS8Dfie0huZCQCdGmC0 3HqdjMYG0s+HnpQtLRp5KFc= =RsJk -----END PGP SIGNATURE----- --Boundary-02=_96Yq9wz5X+MCsYF-- From ingo.kloecker@epost.de Sun Oct 13 18:36:16 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Oct 13 17:36:16 2002 Subject: Key e-mail address In-Reply-To: <20021011085506.GA16214@mercury.senux.com> References: <20020816143759.463662d8.j-schroeder@myrealbox.com> <199782826.20020817202332@mark-kirchner.de> <20021011085506.GA16214@mercury.senux.com> Message-ID: <200210131737.24948@erwin.ingo-kloecker.de> --Boundary-02=_0MZq9eiuwZTuCxM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Description: signed data Content-Disposition: inline On Friday 11 October 2002 10:55, Brian Lee wrote: > In my case, someone who is in my gpg list chaned his email > address. I have to choose his old email address when I want > to mail him by gpg. > > I tried follow action to add his new email address in my > gpg list. But gpg --edit-key [his id] prompt says like this. > > Command> adduid his_new_id@new_domain.com > Need the secret key to do this. > > How can I add his new email address to my gpg list so that I > can send him encrypted mail easily? (not choosing his old address) One possible solution would be to use KMail instead of mutt because with KMail you can associate each email address with an arbitrary list of pgp keys. But that's not what you wanted to hear. ;-) GnuPG 1.2.0 supports aliases/groups. You could try to setup an alias with the new email address pointing to the old key. This is from gpg's man page: ===== --group name=value1 [value2 value3 ...] Sets up a named group, which is similar to aliases in email programs. Any time the group name is a receipient (-r or --recipient), it will be expanded to the values specified. The values are key IDs or fingerprints, but any key description is accepted. Note that a value with spaces in it will be treated as two different values. Note also there is only one level of expansion - you cannot make an group that points to another group. ===== The best solution would be to tell your correspondent to add his new email address to his key. Regards, Ingo --Boundary-02=_0MZq9eiuwZTuCxM Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9qZM0GnR+RTDgudgRArEqAJ9qGG1+XlmLOIftim372aOBfRVOrgCgySo9 z/cDeEblFITszZiEXCTvPVY= =VTcz -----END PGP SIGNATURE----- --Boundary-02=_0MZq9eiuwZTuCxM-- From ingo.kloecker@epost.de Mon Oct 14 01:35:03 2002 From: ingo.kloecker@epost.de (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Mon Oct 14 00:35:03 2002 Subject: Fwd: RE: Key e-mail address Message-ID: <200210131841.52263@erwin.ingo-kloecker.de> --Boundary-03=_QJaq9zzycOBJNEN Content-Type: multipart/mixed; boundary="Boundary-01=_NJaq978H777y0yZ" Content-Transfer-Encoding: 7bit Content-Description: signed data Content-Disposition: inline --Boundary-01=_NJaq978H777y0yZ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Description: body text Content-Disposition: inline Hi, I guess Richard wanted to send this to the list. Regards, Ingo --Boundary-01=_NJaq978H777y0yZ Content-Type: message/rfc822; name="forwarded message" Content-Transfer-Encoding: 8bit Content-Description: "Richie Laager" : RE: Key e-mail address Return-Path: Received: from localhost (localhost [127.0.0.1]) by erwin.ingo-kloecker.de (8.12.3/8.12.3/SuSE Linux 0.6) with ESMTP id g9DGd9NS012546 for ; Sun, 13 Oct 2002 18:39:09 +0200 Received: from mail.epost.de by localhost with POP3 (fetchmail-5.9.0) for ingo@localhost (single-drop); Sun, 13 Oct 2002 18:39:09 +0200 (CEST) Received: from maild1.wiktel.com (204.221.145.237) by mail.epost.de (5.5.056) id 3DA99D7800000083 for ingo.kloecker@epost.de; Sun, 13 Oct 2002 18:22:51 +0200 Received: from virus3.wiktel.com (virus3.wiktel.com [204.221.145.233]) by maild1.wiktel.com (8.11.6/8.11.6) with SMTP id g9DGMpo17544 for ; Sun, 13 Oct 2002 11:22:51 -0500 Received: from smtp1.wiktel.com ([204.221.145.236]) by virus3.wiktel.com (NAVGW 2.5.2.9) with SMTP id M2002101311143905427 for ; Sun, 13 Oct 2002 11:14:39 -0500 Received: from NB1131 ([146.57.166.16]) (authenticated) by smtp1.wiktel.com (8.11.6/8.11.6) with ESMTP id g9DGMou07258 for ; Sun, 13 Oct 2002 11:22:50 -0500 From: "Richie Laager" To: "=?iso-8859-1?Q?'Ingo_Kl=F6cker'?=" Subject: RE: Key e-mail address Date: Sun, 13 Oct 2002 11:22:46 -0500 Organization: Wikstrom Telecom Internet Message-ID: <000b01c272d4$c3e76430$10a63992@umcrookston.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <200210131737.24948@erwin.ingo-kloecker.de> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Status: RO X-Status: U X-KMail-EncryptionState: N X-KMail-SignatureState: F -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 11 October 2002 10:55, Brian Lee wrote: > In my case, someone who is in my gpg list chaned his email > address. I have to choose his old email address when I want > to mail him by gpg. ...snipped... > How can I add his new email address to my gpg list so that I > can send him encrypted mail easily? (not choosing his old address) While it would be easy to add another user ID using a hex editor on his key, you can't create a self-signature without his secret key. Without a self-signature, GPG will (rightly) complain whenever you try to use the key. My advise would be to alert your friend to the issue, and have him add his new user ID to the key. (If he uses GPG/PGP with people other than you, they're likely to be experiencing the same problem.) Then, he can either upload the key to a keyserver (so that you can download it) or get it to you by e-mail, etc. Good luck, Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPamd1W31OrleHxvOEQLFmQCgmcZ26JBNcM+03sQ9viL1qQMbILoAnjKE zIY4EjvUkyCs5pxCIWxDiFVZ =Tj2q -----END PGP SIGNATURE----- --Boundary-01=_NJaq978H777y0yZ-- --Boundary-03=_QJaq9zzycOBJNEN Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQA9qaJQGnR+RTDgudgRAuL2AKDUCkSXq5MojpFWvgXfOCW1gsYk2ACfQNrK rbJOZf5cc916T6m1sR9QfUA= =m4kb -----END PGP SIGNATURE----- --Boundary-03=_QJaq9zzycOBJNEN-- From rlaager@wiktel.com Mon Oct 14 02:24:02 2002 From: rlaager@wiktel.com (Richie Laager) Date: Mon Oct 14 01:24:02 2002 Subject: Key e-mail address In-Reply-To: <200210131841.52263@erwin.ingo-kloecker.de> Message-ID: <000301c2730f$c73729a0$10a63992@umcrookston.edu> =20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: gnupg-users-admin@gnupg.org=20 > [mailto:gnupg-users-admin@gnupg.org] On Behalf Of Ingo Kl=F6cker > Sent: Sunday, October 13, 2002 11:42 AM > To: gnupg-users@gnupg.org > Subject: Fwd: RE: Key e-mail address > =20 > I guess Richard wanted to send this to the list. Yeah, I did. Sorry about that. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPaoA1231OrleHxvOEQJ/sQCdG7Sk8ukMJ/mx28Jmnewf0M4LvNgAnik0 YzMWg3EL/KyyIP0W5BGsfumf =3DJvnB -----END PGP SIGNATURE----- From ulrich.weis@svsbr.de Mon Oct 14 07:32:02 2002 From: ulrich.weis@svsbr.de (Ulrich Weis) Date: Mon Oct 14 06:32:02 2002 Subject: Antw:Re: How to export gpg keys to use in PGP 8.0 beta (Away from my Email / Abwesend (10.10.-27.10.02)) Message-ID: Vom 10.10.02 - 27.10.02 bin ich nicht im B=FCro (Wehr=FCbung). Bitte = wenden Sie sich in dringenden Angelegenheiten an Jan Schluckebier (Jan.Schluckebier=40svsbr.de, Tel. 0681-506-4340) oder Juergen Roland (Juergen.Roland=40svsbr.de, Tel. -/-/4346). ---------------------------------------------------------------------------= ----------------------------- I=27m away from my office Oct., 10th to Oct. 27th 2002 (mil. training). I=27ll answer your email immediatly after my return. In urgent matters, please contact the persons listet above. Thank you=21 -uw Ulrich Weis Hauptamtlicher P=E4dagogischer Mitarbeiter From eleuteri@myrealbox.com Mon Oct 14 10:13:02 2002 From: eleuteri@myrealbox.com (=?Windows-1252?Q?David_Pic=F3n_=C1lvarez?=) Date: Mon Oct 14 09:13:02 2002 Subject: bug Message-ID: <000701c27351$b7e24600$f92489c3@137.36.248> --H.cgz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Hi, I want to report what I think is a bug in gnupg. I don't know what the right way of doing this is, so I'll just post it here. In order to reach the bug do the following: Take gnupg 1.2 compiled for Windows (official version). gpg --edit-key blahblahblah addrevoker keyid whatever y until it crashes. Is this only on my system? I'm using Windows 98. --David. --H.cgz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPapvkoVy4iYQ9LKqFAJOFA//RGhpIH6rsVd/RgU3htKLqSNBUlb0763k cR9m47h3RcgR1MqknstnDntssfCbVySmGEiIVqz4kkGqXHyIvbOEwenyneprwJNP 51gV7/QywZuHAfAvKULeEWb00JpM4hhNKr21wkCR5b/bqRbQe0atdEeiN2R8d1lA fb4J9VCj05DjofFjYO3CS4Hz9IMHKbEOWWqEEd9ycx24Ftckl+2WJ1R/RO7CjyQG QsmWax23lpnSE9SdKu7tIOWsM4QcKkRVc31FyfSVdaH8GMdyqBKSCa/4vlULctGD 8zVGf3m0yYjMxXED00OnYTDQk1XP0PDaAlZ8ibR9J3/IpPgEwMxetswsDd9Wviby /Ui1aGRcz5HoDmI0tkiws+UKcmQU5z8no453u+vGlW78Nyd541oSzQUGMA1fOU2p 93nxXK2TeTEcRfCrgvfb00GVjYY5pxptg7ZdTReJrKvxkyGR9WpTqv8vsv+TAYQu XlKiJgocP++7RBI7D9pFKO4LsNRwkbf2g4uumG2klV4HpVPIH/IPhrMet740lq8B y4JgD7H93xPOEV+ieDlWwwHLkGVIXftt0YeT6BNEr//upmTYBdCgUfUKFjh6cnBl ecb52+5Ogv4VfEWToeF7cDnlwbsYhqqpu4Alc+X3Ntjo7liM8OcUA6qb0NEx2X1h b4YjwjByKL8P/jO31QeMnHaEu9xVhCMewvGGmvi7nGw7UOMnwFLOKWDb7Hk43SNx Q3bkQVXFa7p0m7n8d/WIcJE20CBeSX+u8h+oYAD2B1RwJuBN/bxHHc4umpeIax4n ttT55hdMd+M8gYsOULodUhjPwNJD44tBt/GCqALTKOcM+LZxb3Nj8jyWL7fktr+5 yMOGCmJh2qORYoKHBtrpfCdJCqyGRNz4tioPnzS6Ab3JrCujhs1R4j5MXko5ev2s TQysHENJJW7zwa+pUbdR8e4Klv/ssS8mTBAqD4cWbCGlcr6hCpBe2yJmKSz7NPva yj7LM68U5FmRa404Z4W8nQknxMDnOa2wbQiOXwqGc7ZEGIVyR4/ZekbNyCNuUmYT GLRNoZ2QuoWxluaVpvuUrULVpYUpEkPd++CpaH3g8+wfl/r0I7KeYC8M6EzxrcFa kPqczpn1xnibPynn25wJz3TBHnaB58F+hGmSjWb+kOH6MuW79zcS24U1rTmyMngT Y88kikfp9k2bCgtFS291WRDYqsFsIkzYwHaKb6eLyJ7ra+tmGJUtiVfyVUQqitzs MO/GnbVQk+0RDVXNyc9g1d6JkDede45y7334+cKiAWbYTctBbErib8BJj3xZ7pjY Vtk4ps8VaVt/vmA0Jh+pGZgPC5pjVlgVErfVNnXUiVoYsT9ThbKjGRRG =pt3r -----END PGP SIGNATURE----- --H.cgz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From claws@thewildbeast.co.uk Mon Oct 14 11:27:02 2002 From: claws@thewildbeast.co.uk (Paul) Date: Mon Oct 14 10:27:02 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <3DA88C2B.84CFCFDA@hammet.net> References: <3DA5EA52.942AEF9C@hammet.net> <20021011010557.22bdc91a.kai.raven@t-online.de> <3DA626F4.B6DE806B@hammet.net> <20021012094739.6080e6ba.claws@thewildbeast.co.uk> <3DA88C2B.84CFCFDA@hammet.net> Message-ID: <20021014092811.3de18be9.claws@thewildbeast.co.uk> Hello Newton, On Sat, 12 Oct 2002 14:55:07 -0600 Newton Hammet wrote: > I have also attached a gzipped tarball that contains the script file > of make configure,make,make-install output for building all 3 systems, > in this order: There was nothing attached! Could you send me your config.log? Off-list would probably be most appropriate. best regards Paul From rabbi@abditum.com Mon Oct 14 12:09:02 2002 From: rabbi@abditum.com (Len Sassaman) Date: Mon Oct 14 11:09:02 2002 Subject: Rsa or Rsa Legacy with PGP 7.0 In-Reply-To: <5.1.1.6.2.20021012002433.038f39a8@pop1> Message-ID: On Sat, 12 Oct 2002, Josep M. wrote: > Hello. > > I would like know if GNUPG supports "RSA" pgp keys of PGP 7.0 or MUST > be created as "RSA Legacy". This question is usually the other way around. GnuPG has full support for v4 RSA keys, and while it also supports "legacy" v3 keys generated with other programs, GnuPG itself cannot generate them. --Len. From rabbi@abditum.com Mon Oct 14 12:09:10 2002 From: rabbi@abditum.com (Len Sassaman) Date: Mon Oct 14 11:09:10 2002 Subject: Rsa or Rsa Legacy with PGP 7.0 In-Reply-To: <20021012000115.GA24286@akamai.com> Message-ID: On Fri, 11 Oct 2002, David Shaw wrote: > On Sat, Oct 12, 2002 at 12:25:55AM -0100, Josep M. wrote: > > > I would like know if GNUPG supports "RSA" pgp keys of PGP 7.0 or > > MUST be created as "RSA Legacy". > > It supports both. However, regular RSA (not "legacy") is a better key > type to use unless you must be compatible with very old PGP programs. "Very old" in this context means any version of PGP prior to 7.0, including 6.5.8. --Len. From maui@betastation.de Mon Oct 14 12:09:17 2002 From: maui@betastation.de (Sebastian Mauer) Date: Mon Oct 14 11:09:17 2002 Subject: how to export gpg keys to use in pgp 8.0 beta Message-ID: <200210121007.26633.maui@betastation.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, i'm from Germany, so please excuse my really worse english. I'm new to gpg an generated myself a key a month ago. now i want to use=20 encrypted mail under windows too. so I downloaded pgp 8.0 beta from the new PGP Corporation. But when I exprt my secret key by the following comm= and: $ gpg --output secretkey.asc --armor --export-secret-key maui PGP won't be able to import it. Why ? Are they key fornats incompatible. = Can=20 anyone help me ? I'm Using SuSE Linux 8.1 with gpg 1.0.7 Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Hash: MD5, SHA1, RIPEMD160 And Windows with the newest PGP 8.0 Beta I hope someone can help me to solve my problem. Sincerely Sebastian Mauer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9p9g2RR5S0See5KQRAuRkAJ92szOxIGQUCGkhKZdUT/edXb7OKACcCrQ2 dRYOf0ZaA/olHIiWgVx3yTw=3D =3DAwB8 -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Mon Oct 14 15:55:03 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Oct 14 14:55:03 2002 Subject: bug In-Reply-To: <000701c27351$b7e24600$f92489c3@137.36.248> References: <000701c27351$b7e24600$f92489c3@137.36.248> Message-ID: <20021014125242.GA2799@akamai.com> On Mon, Oct 14, 2002 at 08:17:05AM +0100, David Pic=F3n =C1lvarez wrote: > Hi, >=20 > I want to report what I think is a bug in gnupg. I don't know what the = right > way of doing this is, so I'll just post it here. > In order to reach the bug do the following: > Take gnupg 1.2 compiled for Windows (official version). > gpg --edit-key blahblahblah > addrevoker > keyid whatever > y > until it crashes. >=20 > Is this only on my system? I'm using Windows 98. That is a known bug - it is fixed in 1.2.1. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From bast@altern.org Mon Oct 14 16:00:02 2002 From: bast@altern.org (bast@altern.org) Date: Mon Oct 14 15:00:02 2002 Subject: decryption failed : secret key not available Message-ID: Hi, I'm new on the list and I have a problem ... I'm also new to gpg and wonder if i've made all the required steps in order to encrypt/decrypt files between two machines. Machine A : RedHat Linux 8.0; gnupg-1.2.0 Machine B : Windows 2000; gnupg-w32cli-1.2.0 I generated keys on both machines, 2048 bits using DSA & ElGamal, exported public keys (still on both) and imported public keys A on B and B on A. Then I tried encrypting a file.txt on Machine A like this : # gpg -r "Machine A" -o file.gpg -a --encrypt file.txt On Machine B : # gpg -o file.txt --decrypt file.gpg gpg: encrypted with 2048-bit ELG-E key, ID 012345ABC, created 2002-10-10 "Machine B (B) " gpg: decryption failed: secret key not available ?? I din't find any valuable information on lists and searches, so I wonder if I did all the required steps (traditionally, when I don't find a lot of information on my problems, it's a misunderstanding from me ...) Could someone helps me ? Thanks, Bast. From dshaw@jabberwocky.com Mon Oct 14 16:23:03 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Oct 14 15:23:03 2002 Subject: Rsa or Rsa Legacy with PGP 7.0 In-Reply-To: References: <20021012000115.GA24286@akamai.com> Message-ID: <20021014132338.GB2799@akamai.com> On Fri, Oct 11, 2002 at 05:26:07PM -0700, Len Sassaman wrote: > On Fri, 11 Oct 2002, David Shaw wrote: > > > On Sat, Oct 12, 2002 at 12:25:55AM -0100, Josep M. wrote: > > > > > I would like know if GNUPG supports "RSA" pgp keys of PGP 7.0 or > > > MUST be created as "RSA Legacy". > > > > It supports both. However, regular RSA (not "legacy") is a better key > > type to use unless you must be compatible with very old PGP programs. > > "Very old" in this context means any version of PGP prior to 7.0, > including 6.5.8. No, 6.5.8 works with v4 RSA keys. It won't generate them, of course, but it can encrypt to them and verify sigs from them if they are not too large (4096 doesn't work, 2048 seems to). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Mon Oct 14 17:02:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Oct 14 16:02:02 2002 Subject: message was not integrity protected In-Reply-To: <01C27069.B035FB80.heiko.teichmeier@sw-meerane.de> References: <01C27069.B035FB80.heiko.teichmeier@sw-meerane.de> Message-ID: <20021014140302.GB16768@akamai.com> On Thu, Oct 10, 2002 at 02:31:13PM +0200, Heiko Teichmeier wrote: > Hi list, > > I use gpg 1.1.91-nr1 with GnuPP 1.1. If I get a encrypted mail from a user > with PGP 7.x. I can decrypt the message, but the I get the message > "Warning: messsage was not integrity protected". > How dangerous is this problem to trust the mail? What way exist to get a > clean message - no failure? GnuPG supports integrity protected messages which adds a hash (sort of a mini-signature) inside the encrypted message to alert the user if the message was tampered with. That warning message means that the message you received did not have integrity protection enabled. PGP 7 does not generate messages with integrity protection, though it does understand them when a GnuPG user sends messages to a PGP 7 user. This feature is to help combat message modification attacks such as the one given in http://www.counterpane.com/pgp-attack.html You can make the warning go away with --no-mdc-warning. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From kai.raven@t-online.de Mon Oct 14 17:24:02 2002 From: kai.raven@t-online.de (Kai Raven) Date: Mon Oct 14 16:24:02 2002 Subject: Antw:Re: How to export gpg keys to use in PGP 8.0 beta (Away from my Email / Abwesend (10.10.-27.10.02)) In-Reply-To: References: Message-ID: <20021014162530.41cafb2d.kai.raven@t-online.de> Hello, On Mon, 14 Oct 2002 06:31:22 +0100 you wrote: >I'm away from my office ....and now you are in my killfilter Ciao Kai -- WWW:http://kai.iks-jena.de/ ICQ:146714798 From Todd Mon Oct 14 17:32:02 2002 From: Todd (Todd) Date: Mon Oct 14 16:32:02 2002 Subject: Key e-mail address In-Reply-To: <200210131737.24948@erwin.ingo-kloecker.de> References: <20020816143759.463662d8.j-schroeder@myrealbox.com> <199782826.20020817202332@mark-kirchner.de> <20021011085506.GA16214@mercury.senux.com> <200210131737.24948@erwin.ingo-kloecker.de> Message-ID: <20021014143318.GK27402@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ingo Klöcker wrote: > One possible solution would be to use KMail instead of mutt because with > KMail you can associate each email address with an arbitrary list of > pgp keys. You can use a pgp-hook to do this in mutt. From the Mutt manual: Usage: pgp-hook pattern keyid When encrypting messages with PGP, you may want to associate a certain PGP key with a given e-mail address automatically, either because the recipient's public key can't be deduced from the destination address, or because, for some reasons, you need to override the key Mutt would normally use. The pgp-hook command provides a method by which you can specify the ID of the public key to be used when encrypting messages to a certain recipient. If you end up using this, you might also be interested in a patch from Dale Woolridge that helps make the use of pgp-hooks easier. See http://www.woolridge.org/mutt/ for the details. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.talos4.net/~tmz/pgp ============================================================================ There are three ways to get something done: do it yourself, hire someone, or forbid your kids to do it. -- Monta Crane -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE9qtWtuv+09NZUB1oRAlkZAKCcMJDIqN4sCsDsTbTDOYkEVa8YcQCeO2zT 6RAZUBrTQUIIVrDxQibCy7I= =FGmb -----END PGP SIGNATURE----- From vedaal@lok.com Mon Oct 14 22:14:02 2002 From: vedaal@lok.com (vedaal@lok.com) Date: Mon Oct 14 21:14:02 2002 Subject: deletion of a photo-id Message-ID: <200210141915.g9EJFBib015937@compute3.lok.com> is there a way to delete a photo id completely from a key? [ gnupg 1.2.0 ] {can the deluid command be used to refer to the photo id as a user id and remove it ?} tia, vedaal From dshaw@jabberwocky.com Mon Oct 14 22:28:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Oct 14 21:28:02 2002 Subject: deletion of a photo-id In-Reply-To: <200210141915.g9EJFBib015937@compute3.lok.com> References: <200210141915.g9EJFBib015937@compute3.lok.com> Message-ID: <20021014192910.GB8308@akamai.com> On Mon, Oct 14, 2002 at 03:15:10PM -0400, vedaal@lok.com wrote: > is there a way to delete a photo id completely from a key? [ gnupg 1.2.0 ] > > {can the deluid command be used to refer to the photo id as a user > id and remove it ?} Yes. There is also a delphoto command that does the same thing. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From vedaal@compute0.lok.com Tue Oct 15 00:24:02 2002 From: vedaal@compute0.lok.com (vedaal@compute0.lok.com) Date: Mon Oct 14 23:24:02 2002 Subject: deletion of photo id Message-ID: <200210142124.g9ELOwT2018126@compute0.lok.com> is there a way to delete a photo id completely from a key? [ gnupg 1.2.0 ] {can the deluid command be used to refer to the photo id as a user id and remove it ?} tia, vedaal From newton@hammet.net Tue Oct 15 05:04:01 2002 From: newton@hammet.net (Newton Hammet) Date: Tue Oct 15 04:04:01 2002 Subject: cannot get sylpheed to do encryption References: <3DA5EA52.942AEF9C@hammet.net> <20021011010557.22bdc91a.kai.raven@t-online.de> <3DA626F4.B6DE806B@hammet.net> <20021012094739.6080e6ba.claws@thewildbeast.co.uk> <3DA88C2B.84CFCFDA@hammet.net> <20021014092811.3de18be9.claws@thewildbeast.co.uk> Message-ID: <3DAB8612.A4DB157B@hammet.net> Paul wrote: > > Hello Newton, > > On Sat, 12 Oct 2002 14:55:07 -0600 > Newton Hammet wrote: > > > I have also attached a gzipped tarball that contains the script file > > of make configure,make,make-install output for building all 3 systems, > > in this order: > > There was nothing attached! > > Could you send me your config.log? > Off-list would probably be most appropriate. > > best regards > > Paul > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello Paul and All, Again I must suffer the slings and arrows of not realizing where my $PATH is taking me. (DOOOH!) I have done this kind of thing before! (with gnupg itself no less) whereis sylpheed showed me the un-gpgme version of sylpheed that apparently gets shipped with Linux RH7.3. The Privacy tabs show up just fine, so now I am going to embark on learning how to use this thing. Thanks for everyone's help and patience! Regards, Newton From Michele Mazzoleni" Hi all, I am compiling GNUPG1.2 on a SCO5.0.5 machine + GNU make. By running configure --enable-static-rnd=egd --disable-asm --with-egd-socket=/usr/local/var /run/egd-pool make I got linker error messages like "undefined symbols socket and connect first referenced in ../cipher/libcipher.a". I found a release note ("2002-06-11 David Shaw - Put -lsocket and -lnsl in NETLIBS rather than LIBS so not all programs are forced to link to them.") so - as I do not mind to bore the linker - I manually modified tools/Makefile and forced to use "LIBS = -lsocket", so that now I can do make and make check successfully. Regards Michele Mazzoleni From graham.todd@ntlworld.com Tue Oct 15 12:52:02 2002 From: graham.todd@ntlworld.com (Graham) Date: Tue Oct 15 11:52:02 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <3DAB8612.A4DB157B@hammet.net> References: <3DA5EA52.942AEF9C@hammet.net> <20021014092811.3de18be9.claws@thewildbeast.co.uk> <3DAB8612.A4DB157B@hammet.net> Message-ID: <200210151059.29889.graham.todd@ntlworld.com> On Tuesday 15 Oct 2002 4:05 am, Newton Hammet wrote: > The Privacy tabs show up just fine, so now I am going to embark on > learning > how to use this thing. > > Thanks for everyone's help and patience! Just found out that Sylpheed will not decrypt an inline coded message=20 (such as that from KMail), but only a message encoded by PGP/MIME.... --=20 Graham From adam@vbfx.com Tue Oct 15 15:07:02 2002 From: adam@vbfx.com (Adam Young) Date: Tue Oct 15 14:07:02 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <200210151059.29889.graham.todd@ntlworld.com> References: <3DA5EA52.942AEF9C@hammet.net> <20021014092811.3de18be9.claws@thewildbeast.co.uk> <3DAB8612.A4DB157B@hammet.net> <200210151059.29889.graham.todd@ntlworld.com> Message-ID: <20021015080818.50eaecac.adam@vbfx.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 15 Oct 2002 10:59:29 +0100 Graham wrote: > On Tuesday 15 Oct 2002 4:05 am, Newton Hammet wrote: > > > The Privacy tabs show up just fine, so now I am going to embark on > > learning > > how to use this thing. > > > > Thanks for everyone's help and patience! > > Just found out that Sylpheed will not decrypt an inline coded message > (such as that from KMail), but only a message encoded by PGP/MIME.... Not entirely true, if you use the "Actions" which are built into sylpheed, you can verify/sign inline. For more information refer to: http://melvin.hadasht.free.fr/home/sylpheed/actions/index.html Adam -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9rAUyUanLvazj+VgRAtfwAJ98t60luFx9FnuxthWpzXyHlGHJcwCfecYu Zn3YcmGW8oF34tDEAsOo8Tg= =CqY/ -----END PGP SIGNATURE----- From martin.bretschneider@gmx.de Tue Oct 15 16:04:02 2002 From: martin.bretschneider@gmx.de (Martin Bretschneider) Date: Tue Oct 15 15:04:02 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <200210151059.29889.graham.todd@ntlworld.com> References: <3DA5EA52.942AEF9C@hammet.net> <20021014092811.3de18be9.claws@thewildbeast.co.uk> <3DAB8612.A4DB157B@hammet.net> <200210151059.29889.graham.todd@ntlworld.com> Message-ID: --=.Ws1qp?muzSesW6 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Graham wrote: > On Tuesday 15 Oct 2002 4:05 am, Newton Hammet wrote: > > > The Privacy tabs show up just fine, so now I am going to embark on > > learning > > how to use this thing. > > > > Thanks for everyone's help and patience! > > Just found out that Sylpheed will not decrypt an inline coded message > (such as that from KMail), but only a message encoded by PGP/MIME.... Nope, it's a FAQ. Martin -- www.bretschneidernet.de OpenPGP_0x4EA52583 aim_realfurbour (o_ Albert Einstein: (o_ (o_ (o_ //\ Few are those who see with their (\)_(\)_(\)_V_/_ own eyes and feel with their own hearts. --=.Ws1qp?muzSesW6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9q+srGK1ebE6lJYMRAgg8AJwJlGoWfIGjFpygubyG7e2/IZGE+gCgoiU+ TMIsv3MS89yHxYAsygQaASM= =avi3 -----END PGP SIGNATURE----- --=.Ws1qp?muzSesW6-- From anant_tamgole@yahoo.com Tue Oct 15 17:45:02 2002 From: anant_tamgole@yahoo.com (Anant Tamgole) Date: Tue Oct 15 16:45:02 2002 Subject: compilation error on Intel Solaris 8 Message-ID: <20021015144602.96897.qmail@web13205.mail.yahoo.com> --0-809657567-1034693162=:95905 Content-Type: text/plain; charset=us-ascii Hi all, I am getting following error while compiling gnupg-1.2.0 on Solaris 8 ( Intel ) Making all in tools make[2]: Entering directory `/home/gnupg-1.2.0/tools' gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a .. /util/libutil.a ../intl/libintl.a -ldl -lz Undefined first referenced symbol in file socket ../cipher/libcipher.a(rndegd.o) connect ../cipher/libcipher.a(rndegd.o) ld: fatal: Symbol referencing errors. No output written to bftest collect2: ld returned 1 exit status make[2]: *** [bftest] Error 1 make[2]: Leaving directory `/home/gnupg-1.2.0/tools' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/gnupg-1.2.0' make: *** [all] Error 2 # How to remove this error. regards Anant --------------------------------- Do you Yahoo!? Faith Hill - Exclusive Performances, Videos, & more faith.yahoo.com --0-809657567-1034693162=:95905 Content-Type: text/html; charset=us-ascii

Hi all,

I am getting following error while compiling gnupg-1.2.0 on Solaris 8 ( Intel )

Making all in tools
make[2]: Entering directory `/home/gnupg-1.2.0/tools'
gcc  -g -O2 -Wall   -o bftest  bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ..
/util/libutil.a ../intl/libintl.a  -ldl  -lz
Undefined                       first referenced
 symbol                             in file
socket                              ../cipher/libcipher.a(rndegd.o)
connect                             ../cipher/libcipher.a(rndegd.o)
ld: fatal: Symbol referencing errors. No output written to bftest
collect2: ld returned 1 exit status
make[2]: *** [bftest] Error 1
make[2]: Leaving directory `/home/gnupg-1.2.0/tools'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/gnupg-1.2.0'
make: *** [all] Error 2
#

How to remove this error.

 

regards

Anant

 

 


Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos, & more
faith.yahoo.com --0-809657567-1034693162=:95905-- From vedaal@compute0.lok.com Tue Oct 15 18:29:01 2002 From: vedaal@compute0.lok.com (vedaal@compute0.lok.com) Date: Tue Oct 15 17:29:01 2002 Subject: deletion of photo id Message-ID: <200210151529.g9FFThT2003158@compute0.lok.com> > Message: 14 Date: Mon, 14 Oct 2002 15:29:10 -0400 From: David Shaw > To: gnupg-users@gnupg.org Subject: Re: > deletion of a photo-id > > On Mon, Oct 14, 2002 at 03:15:10PM -0400, vedaal@lok.com wrote: > > is there a way to delete a photo id completely from a key? [ gnupg > 1.2.0 ] > > {can the deluid command be used to refer to the photo id > as a user > id and remove it ?} > > Yes. There is also a delphoto command that does the same thing. > > David what is the proper syntax for the delphoto command ? {couldn't find it in the man.page under --edit-key } tried all the following variations and got the same error message: This key may be revoked by DSA key 7B534E2D boo pub 1024D/46D7F7C7 created: 2002-06-30 expires: never trust: u/u sub 1024g/DF22F970 created: 2002-06-30 expires: never (1). gpgshell (2) [jpeg image of size 4095] Command> delphoto You must select at least one user ID. Command> delphoto gpgshell You must select at least one user ID. Command> delphoto [jpeg image of size 4095] You must select at least one user ID. Command> delphoto DF22F970 You must select at least one user ID. Command> delphoto 46DF7F7C7 You must select at least one user ID. Command> tia, vedaal From skquinn@speakeasy.net Tue Oct 15 18:44:02 2002 From: skquinn@speakeasy.net (Shawn K. Quinn) Date: Tue Oct 15 17:44:02 2002 Subject: deletion of photo id In-Reply-To: <200210151529.g9FFThT2003158@compute0.lok.com> References: <200210151529.g9FFThT2003158@compute0.lok.com> Message-ID: <200210151044.05110.skquinn@speakeasy.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday October 15 2002 10:29, vedaal@compute0.lok.com wrote: > what is the proper syntax for the delphoto command ? > {couldn't find it in the man.page under --edit-key } > tried all the following variations and got the same error message: > > This key may be revoked by DSA key 7B534E2D boo > pub 1024D/46D7F7C7 created: 2002-06-30 expires: never trust: > u/u sub 1024g/DF22F970 created: 2002-06-30 expires: never > (1). gpgshell > (2) [jpeg image of size 4095] > > Command> delphoto > You must select at least one user ID. [snip] Try: Command> uid 2 [spew] Command> delphoto - --=20 Shawn K. Quinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9rDfCQVXDBVmaIp0RAsnzAJsE6hbu1RmE6GMvIu4aB+heq/Q9gwCfaTNS Bco6kzUSWXHIMgKZmWm0jF8=3D =3DPxUM -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Tue Oct 15 18:49:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Oct 15 17:49:02 2002 Subject: deletion of photo id In-Reply-To: <200210151529.g9FFThT2003158@compute0.lok.com> References: <200210151529.g9FFThT2003158@compute0.lok.com> Message-ID: <20021015154916.GA1397@akamai.com> On Tue, Oct 15, 2002 at 11:29:43AM -0400, vedaal@compute0.lok.com wrote: > > Message: 14 Date: Mon, 14 Oct 2002 15:29:10 -0400 From: David Shaw > > To: gnupg-users@gnupg.org Subject: Re: > > deletion of a photo-id > > > > On Mon, Oct 14, 2002 at 03:15:10PM -0400, vedaal@lok.com wrote: > > > is there a way to delete a photo id completely from a key? [ gnupg > > 1.2.0 ] > > {can the deluid command be used to refer to the photo id > > as a user > id and remove it ?} > > > > Yes. There is also a delphoto command that does the same thing. > > > > David > > what is the proper syntax for the delphoto command ? > {couldn't find it in the man.page under --edit-key } > tried all the following variations and got the same error message: > > This key may be revoked by DSA key 7B534E2D boo > pub 1024D/46D7F7C7 created: 2002-06-30 expires: never trust: u/u > sub 1024g/DF22F970 created: 2002-06-30 expires: never > (1). gpgshell > (2) [jpeg image of size 4095] > > Command> delphoto > You must select at least one user ID. delphoto is exactly like deluid. You must select the user ID you want to delete. In this case, enter "2", then "deluid" or "delphoto". David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Tue Oct 15 19:00:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Oct 15 18:00:01 2002 Subject: compilation error on Intel Solaris 8 In-Reply-To: <20021015144602.96897.qmail@web13205.mail.yahoo.com> References: <20021015144602.96897.qmail@web13205.mail.yahoo.com> Message-ID: <20021015160048.GA1716@akamai.com> On Tue, Oct 15, 2002 at 07:46:02AM -0700, Anant Tamgole wrote: > > Hi all, > > I am getting following error while compiling gnupg-1.2.0 on Solaris 8 ( Intel ) > > Making all in tools > make[2]: Entering directory `/home/gnupg-1.2.0/tools' > gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a .. > /util/libutil.a ../intl/libintl.a -ldl -lz > Undefined first referenced > symbol in file > socket ../cipher/libcipher.a(rndegd.o) > connect ../cipher/libcipher.a(rndegd.o) > ld: fatal: Symbol referencing errors. No output written to bftest > collect2: ld returned 1 exit status > make[2]: *** [bftest] Error 1 > make[2]: Leaving directory `/home/gnupg-1.2.0/tools' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/home/gnupg-1.2.0' > make: *** [all] Error 2 > # > > > How to remove this error. This is fixed in 1.2.1. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From graham.todd@ntlworld.com Tue Oct 15 21:27:01 2002 From: graham.todd@ntlworld.com (Graham) Date: Tue Oct 15 20:27:01 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <20021015080818.50eaecac.adam@vbfx.com> References: <3DA5EA52.942AEF9C@hammet.net> <200210151059.29889.graham.todd@ntlworld.com> <20021015080818.50eaecac.adam@vbfx.com> Message-ID: <200210151934.19889.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 15 Oct 2002 1:08 pm, Adam Young wrote: > > Just found out that Sylpheed will not decrypt an inline coded > > message (such as that from KMail), but only a message encoded by > > PGP/MIME.... > > Not entirely true, if you use the "Actions" which are built > into sylpheed, you can verify/sign inline. For more information refer > to: > http://melvin.hadasht.free.fr/home/sylpheed/actions/index.html Yes, you can verify/sign inline, but you cannot decrypt inline coded=20 messages sent to you automatically. You have to copy the GPG text and=20 paste it into Seahorse or GPA or some other key editor and decrypt it=20 there. However, if you receive a message encrypted by PGP/MIME,=20 Sylpheed will decrypt it automatically. Elsewhere, Martin has said its a FAQ, but there is no mention of this in=20 the Sylpheed documentation, nor in the FAQ.... - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9rF+bIwtBZOk1250RAuhEAJwNPY8PR5txSVw0woS9D8/Z9ZUj4ACgyKnc urnqzb4/JiWgO2rJdPdezNo=3D =3DZ14E -----END PGP SIGNATURE----- From rmartini@cipsga.org.br Tue Oct 15 21:35:01 2002 From: rmartini@cipsga.org.br (Renato Martini) Date: Tue Oct 15 20:35:01 2002 Subject: compilation error on Intel Solaris 8 In-Reply-To: <20021015144602.96897.qmail@web13205.mail.yahoo.com> References: <20021015144602.96897.qmail@web13205.mail.yahoo.com> Message-ID: <20021015153653.09ef92f5.rmartini@cipsga.org.br> --=.HTOFUp4_MqDdz9 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, 15 Oct 2002 07:46:02 -0700 (PDT) Anant Tamgole wrote: Hi Anant! I found this fatal errorn, and I reported it to the gpg Mailing List (Sep 24 03:08:01 2002), see: http://lists.gnupg.org/pipermail/gnupg-users/2002-September/015132.html. I paste here the message: ------------- I try to compiled just now the gpg 1.2.0 for ix86 Solaris 8. The compilation was aborted in the "tools" directory, and so stoping abnormaly the process... gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a ../intl/libintl.a -ldl -lz Undefined first referenced symbol in file socket ../cipher/libcipher.a(rndegd.o) connect ../cipher/libcipher.a(rndegd.o) ld: fatal: Symbol referencing errors. No output written to bftest collect2: ld returned 1 exit status make: *** [bftest] Error 1 This fatal error in the SunOS is very ordinary, when the compilations don't find the libnets '-lsocket' and '-lnsl' (the sockets library functions). I fix the problem to compile the bftest: the Makefile omits this flags, an I put the flags - -lsocket and -lnsl in the "tools/Makefile" line 175. And so: gcc -g -O2 -Wall -o bftest -lsocket -lnsl bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a ../intl/libintl.a -ldl -lz (...) No problems! May be, the source code could be fixed... -------------------- Okay? The gpg 1.2.0 for Solaris workd fine! No problems! best regards ---------------------- > I am getting following error while compiling gnupg-1.2.0 on Solaris 8 ( Intel ) > > Making all in tools > make[2]: Entering directory `/home/gnupg-1.2.0/tools' > gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a .. > /util/libutil.a ../intl/libintl.a -ldl -lz > Undefined first referenced > symbol in file > socket ../cipher/libcipher.a(rndegd.o) > connect ../cipher/libcipher.a(rndegd.o) > ld: fatal: Symbol referencing errors. No output written to bftest > collect2: ld returned 1 exit status > make[2]: *** [bftest] Error 1 > make[2]: Leaving directory `/home/gnupg-1.2.0/tools' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/home/gnupg-1.2.0' > make: *** [all] Error 2 > # > > > How to remove this error. > > > ---------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br ----------------------------------------------------------------------- http://bancada.softwarelivre.org.br: visite a bancada do software livre ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) --=.HTOFUp4_MqDdz9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9rFI4YogE2yD8bPYRAjpYAKC1ADZHsZeHmunhu6X2EaFPm8L5nACeNmfr Jj1SfYILC/lzxF0BZJHicgE= =JUK1 -----END PGP SIGNATURE----- --=.HTOFUp4_MqDdz9-- From claws@thewildbeast.co.uk Tue Oct 15 21:54:01 2002 From: claws@thewildbeast.co.uk (Paul) Date: Tue Oct 15 20:54:01 2002 Subject: cannot get sylpheed to do encryption In-Reply-To: <200210151934.19889.graham.todd@ntlworld.com> References: <3DA5EA52.942AEF9C@hammet.net> <200210151059.29889.graham.todd@ntlworld.com> <20021015080818.50eaecac.adam@vbfx.com> <200210151934.19889.graham.todd@ntlworld.com> Message-ID: <20021015195459.15980dc9.claws@thewildbeast.co.uk> Hello Graham, On Tue, 15 Oct 2002 19:33:50 +0100 Graham wrote: > Yes, you can verify/sign inline, but you cannot decrypt inline coded > messages sent to you automatically. You have to copy the GPG text and > paste it into Seahorse or GPA or some other key editor and decrypt it > there. However, if you receive a message encrypted by PGP/MIME, > Sylpheed will decrypt it automatically. No, you can use Actions for decrypting as well, using *gpg --no-tty --command-fd 0 --passphrase-fd 0 --decrypt %f| in your 'Command line' setting in Actions. There's no need for all that copy/paste stuff with external programs. best regards Paul From rmartini@cipsga.org.br Wed Oct 16 03:30:02 2002 From: rmartini@cipsga.org.br (Renato Martini) Date: Wed Oct 16 02:30:02 2002 Subject: compilation error on Intel Solaris 8 Message-ID: <20021015213212.44a3c6ed.rmartini@cipsga.org.br> --=.'ET2J_iHFTe7cu Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, Oct 15, 2002 at 07:46:02AM -0700, Anant Tamgole wrote: > > Hi all, > > I am getting following error while compiling gnupg-1.2.0 on Solaris 8 ( Intel ) > > > How to remove this error. > >This is fixed in 1.2.1. > >David Okay... How can I get the 1.2.1 release, using the CVS system? best regards ---------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br ----------------------------------------------------------------------- http://bancada.softwarelivre.org.br: visite a bancada do software livre ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) --=.'ET2J_iHFTe7cu Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9rKV/YogE2yD8bPYRAg3IAJ4xPcB9ZR93LrDcF11ib5Foc401vwCfdmOv Phn2o0jDcqdypZoS2OpqTDE= =Mudi -----END PGP SIGNATURE----- --=.'ET2J_iHFTe7cu-- From alex@FUCKUP.fantastyka.net Wed Oct 16 03:41:02 2002 From: alex@FUCKUP.fantastyka.net (Janusz A. Urbanowicz) Date: Wed Oct 16 02:41:02 2002 Subject: personal--preferences? Message-ID: How do I use the personal--preferences in 1.2.0? Setting it as follows: personal-cipher-preferences 3des personal-digest-preferences ripemd160 gives strange errors when GPG is launched. Alex From eleuteri@myrealbox.com Wed Oct 16 04:18:02 2002 From: eleuteri@myrealbox.com (=?Windows-1252?Q?David_Pic=F3n_=C1lvarez?=) Date: Wed Oct 16 03:18:02 2002 Subject: 1.2.1 Message-ID: <002301c274b2$661ef220$f92489c3@137.36.248> --tyBhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Hi, Where can I get gnupg 1.2.1? It's not listed in the download section of gnupg.org --David. --tyBhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPay/OIVy4iYQ9LKqFAJ7DQ//dWPQ4r3Kz2Sgw0otvRX8O8YrVKDU7kSK jJfFHsCoF1MqYeBAdG/Y3HGL/HNd7A0zyScgB7p5hMJ4PsE3sV9pSTg4wfDVWKKi Uqm/2O+8xkDjsiJdv3lN7nDoMzlFrpBQNemXnn8n/H7Ru+mudu1Pqk8U0LducocY XZyXyB2h9Cq8nTINF4dCWxJzxvodZi8UA8KjsK6G9YEUV1Ftws63s78Ut8E2ZliT vR5RxRv9oLZUq8iXak1Vn1HWvKhlXOHGNWUIdT5EnJhTzbCQiKrmyMbIWL0A8AU6 JX81yz8Vo5HjcDKGtulsf4fULrewcjiVZMv2vANBRp9CChYzEnq4uyILWOIY/G0h T1gNMU5Miq/vktkkI108it58sXwUh0IBn7E2FdtxrUNFPA1TaH4BhjMEvPKQ94et HaVfAO96raIZWgL2MN87GRqEiVWhmaboGSyKWOChz3EBoYs7pkZbidTSnEuZYj6J UXxCAo09f/3KiZK0KNSYaphT/zm218J2rqGFCTGl/ay2mXZ6r/vDQm7vqzzsCh2Y 7bKkxFkVc8X9bDmozbez5zyI9ziR3qlFSPnPfW3bQPUoEWp4jhtiCC07XKdwTdYu Y4WiNH+FMXT0l8LTg4eFgqNh9ZilocexLcRGNSNNsNiDrD6GP5pseZ5+p54ANdAf We81aV8LOVQP/2fqX9nv6eF4OmNrlgsqYamCKYKuyUl50mhr6xOnSvGSYJ2yG0Ba mQK+nRj2NaWvVyCjTk3796HrB0s7+6FHJ3kPoUOnpy2vDCE9b1VZZGi5VdGcX7Z3 PVGDxQB4GBcBE7Ae5A/FqP5VMlM4hUCr+jvvXNupt3fFC69AjsCV/x5HvJrmmEbh ekIYE+uUYH2jiSoqtH+xdgn7Lz/PpTOJoNh7E4cdFcK91NiOEgkvjKuz5MYT1+kf W871YeCaWtCnHnhM6Vx6LpCOzvOYsVYsv2HGSMon0X/KRL029tMHmfoaupbJ2zRP 3otWa4pa9T5dPgSKkNSCXIE/r4SuREVDF7+tYcTROMJmi/54qxI6cBC4K7BLR64C U+qyR+OVD1eHBfn5YO5aMFT5lXT1RVkVXj9jYiGTfYKIar6mN0h445puWkcPXjww +jNnI7Kns+TU0BbhFdHRjF23eeyUGRrdxzb7SxZ4D+tB/RrZUTBTUIfXe9G0QEqw cbDzZ+7oyOq+wYMYb4CfjM2XMdkP9RXf7wK9AJH4ohXppyQKylCoQk1XClsGmUb2 kUpbyck9nrDjyUPOgvb7aR8DfCOS1Xuol3YPMeeIBy92VVzrOwp7XuOo1wCREGnk zVUlDrGG3b56j2etVl4MSmqFKU254zl9Tq+bzCBWBn+Khw8ek7/KHnhT =m9BI -----END PGP SIGNATURE----- --tyBhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From dshaw@jabberwocky.com Wed Oct 16 04:29:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 16 03:29:02 2002 Subject: personal--preferences? In-Reply-To: References: Message-ID: <20021016012951.GA1229@akamai.com> On Wed, Oct 16, 2002 at 02:41:40AM +0200, Janusz A. Urbanowicz wrote: > How do I use the personal--preferences in 1.2.0? > > Setting it as follows: > > personal-cipher-preferences 3des > personal-digest-preferences ripemd160 > > gives strange errors when GPG is launched. Use the same letter codes that "setpref" uses. You can list the available codes with "gpg -v --version". For example. a preference list giving AES, CAST5, and BLOWFISH in that order would be "S7 S3 S4". David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Oct 16 04:31:03 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 16 03:31:03 2002 Subject: compilation error on Intel Solaris 8 In-Reply-To: <20021015213212.44a3c6ed.rmartini@cipsga.org.br> References: <20021015213212.44a3c6ed.rmartini@cipsga.org.br> Message-ID: <20021016013205.GA2309@akamai.com> On Tue, Oct 15, 2002 at 09:32:12PM -0200, Renato Martini wrote: > > > > On Tue, Oct 15, 2002 at 07:46:02AM -0700, Anant Tamgole wrote: > > > > Hi all, > > > > I am getting following error while compiling gnupg-1.2.0 on Solaris 8 ( Intel ) > > > > > > How to remove this error. > > > >This is fixed in 1.2.1. > > > >David > > Okay... > How can I get the 1.2.1 release, using the CVS system? See http://www.gnupg.org/cvs-access.html The CVS tag to use is STABLE-BRANCH-1-2 However, note that a 1.2.1 release candidate should be released very soon. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Oct 16 04:32:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 16 03:32:02 2002 Subject: 1.2.1 In-Reply-To: <002301c274b2$661ef220$f92489c3@137.36.248> References: <002301c274b2$661ef220$f92489c3@137.36.248> Message-ID: <20021016013259.GB2309@akamai.com> On Wed, Oct 16, 2002 at 02:21:46AM +0100, David Pic=F3n =C1lvarez wrote: > Hi, >=20 > Where can I get gnupg 1.2.1? It's not listed in the download section of > gnupg.org It is not released yet, though a test version to make sure that all the build problems were fixed should be released soon, and if all goes well the real 1.2.1 release should come soon after that. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From gnupg-users@gnupg.org Wed Oct 16 04:40:02 2002 From: gnupg-users@gnupg.org (Erik) Date: Wed Oct 16 03:40:02 2002 Subject: personal--preferences? In-Reply-To: References: Message-ID: <94120338562.20021015213622@mochamail.com> Janusz, On Wed, 16 Oct 2002, at 02:41:40 [GMT +0200 (CEST)] you wrote in the message: > How do I use the personal--preferences in 1.2.0? > Setting it as follows: > personal-cipher-preferences 3des > personal-digest-preferences ripemd160 Try: personal-cipher-preferences s2 personal-digest-preferences h3 gpg --edit-key keyid pref showpref may help to figure out the proper syntax. -- Best regards, Erik From Stephan.Fuhrmann@stud.uni-karlsruhe.de Wed Oct 16 12:38:02 2002 From: Stephan.Fuhrmann@stud.uni-karlsruhe.de (Stephan Fuhrmann) Date: Wed Oct 16 11:38:02 2002 Subject: idea plugin doesn't work Message-ID: Hi there, I compiled the idea plugin with the same compiler as I used for GnuPG 1.20 (gcc -Wall -O2 -shared -fPIC -o idea idea.c), then I copied it to th= e right place and edited my config file for GnuPG. But if I want to encrypt/sign something, this unresolved symbol stuff happens: .... Wirklich unterschreiben? j gpg: invalid module `/opt/gnupg/lib/gnupg/idea': gpg: undefined symbol: _idea_get_info gpg: Schutzverfahren 1 (IDEA) wird nicht unterst=FCtzt gpg: das IDEA-Verschl=FCsselungs-Plugin ist nicht vorhanden gpg: F=FCr weitere Info siehe http://www.gnupg.org/why-not-idea.html gpg: Beglaubigung fehlgeschlagen: Unbekanntes Verschl=FCsselungsverfahren Befehl> gpg: Interrupt caught ... exiting -- Stephan Fuhrmann gpg --recv-keys --keyserver blackhole.pca.dfn.de 6663971A From Scott_Carpenter@cargill.com Wed Oct 16 14:49:02 2002 From: Scott_Carpenter@cargill.com (Scott_Carpenter@cargill.com) Date: Wed Oct 16 13:49:02 2002 Subject: Decrypting/Verifying Message-ID: Hello Gnupg Users List! I just signed up on this list and am a relative novice with GnuPG, so please be kind :-) I checked the FAQ, man page, and handbook, but haven't seen an answer to my question: For a signed and encrypted document, I understand that the --decrypt command will decrypt the message and verify the signature all in one operation, but how can I tell in an automated environment that a signature was attached? I'm thinking of a scenario where a trading partner is sending us signed and encrypted documents. When I run the decrypt operation I can see that the signature is verified from the stderr stream, but in batch mode the only way I know that everything is ok is that an exit code of 0 is returned. What if they stop signing their documents? Since I'm only monitoring the exit code, I won't be able to tell. (And I'd like to know!) Is there a way to generate an error if the document isn't signed? Thanks, Scott From avbidder@fortytwo.ch Wed Oct 16 15:02:02 2002 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Oct 16 14:02:02 2002 Subject: Why subkeys? In-Reply-To: <1802xq-1d0zujC@fwd07.sul.t-online.com> References: <1034288437.9158.5.camel@h24-69-83-179> <20021011020603.GC1373@stonewall> <20021011152844.GC4069@dust.uchicago.edu> <1802xq-1d0zujC@fwd07.sul.t-online.com> Message-ID: <1034769795.570.5.camel@altfrangg> --=-X1C1EinnBVyRnZZzPiCp Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-10-11 at 18:48, markus_kampkoetter wrote: > have a look at the mail archive (Subject: using various subkeys [HOWTO] F= rom:=20 > Adrian 'Dagurashibanipal' von Bidder ) Which has since been put to http://fortytwo.ch/gpg/subkeys Update to gpg 1.2.x is still pending. cheers -- vbi --=20 this email is protected by a digital signature http://fortytwo.ch/gpg NOTE: get my key here: http://www.google.com/search?q=3DmQGiBDx2a6ERBAC8l --=-X1C1EinnBVyRnZZzPiCp Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iHQEABECADQFAj2tVYMtGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt YWlsLjIwMDIwODIyAAoJEIukMYvlp/fWnusAn2uXz9t0ZUWPk+ywf0T6awcOMhgW AJ9QryxlLYwYK3fvj5JkTU2qcLpLCw== =m9Kt -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/gpg/policy/email.20020822 --=-X1C1EinnBVyRnZZzPiCp-- From heiko.teichmeier@sw-meerane.de Wed Oct 16 15:24:03 2002 From: heiko.teichmeier@sw-meerane.de (Heiko Teichmeier) Date: Wed Oct 16 14:24:03 2002 Subject: message was not integrity protected Message-ID: <01C2741B.EE122220.heiko.teichmeier@sw-meerane.de> Thanks for this help, I write this in my options-file and hope it help in the future. Mit freundlichen Gr=FC=DFen Stadtwerke Meerane GmbH Teichmeier Netzmeister NB Elt Tel.: (03764)7917-20 Fax: (03764)7917-21 heiko.teichmeier@sw-meerane.de PS: immer aktuell im Internet www.sw-meerane.de -----Original Message----- From: David Shaw [SMTP:dshaw@jabberwocky.com] Sent: Monday, October 14, 2002 4:03 PM To: Gnupg-Users-Mailinglist (E-Mail) Subject: Re: message was not integrity protected On Thu, Oct 10, 2002 at 02:31:13PM +0200, Heiko Teichmeier wrote: > Hi list, >=20 > I use gpg 1.1.91-nr1 with GnuPP 1.1. If I get a encrypted mail from a = user=20 > with PGP 7.x. I can decrypt the message, but the I get the message=20 > "Warning: messsage was not integrity protected". > How dangerous is this problem to trust the mail? What way exist to get = a=20 > clean message - no failure? GnuPG supports integrity protected messages which adds a hash (sort of a mini-signature) inside the encrypted message to alert the user if the message was tampered with. That warning message means that the message you received did not have integrity protection enabled. PGP 7 does not generate messages with integrity protection, though it does understand them when a GnuPG user sends messages to a PGP 7 user. This feature is to help combat message modification attacks such as the one given in http://www.counterpane.com/pgp-attack.html You can make the warning go away with --no-mdc-warning. David --=20 David Shaw | dshaw@jabberwocky.com | WWW = http://www.jabberwocky.com/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and = UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From dshaw@jabberwocky.com Wed Oct 16 15:43:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 16 14:43:02 2002 Subject: Decrypting/Verifying In-Reply-To: References: Message-ID: <20021016124359.GA4227@akamai.com> On Wed, Oct 16, 2002 at 06:50:10AM -0500, Scott_Carpenter@cargill.com wrote: > Hello Gnupg Users List! > > I just signed up on this list and am a relative novice with GnuPG, so > please be kind :-) > > I checked the FAQ, man page, and handbook, but haven't seen an answer > to my question: > > For a signed and encrypted document, I understand that the --decrypt > command will decrypt the message and verify the signature all in one > operation, but how can I tell in an automated environment that a > signature was attached? > > I'm thinking of a scenario where a trading partner is sending us signed > and encrypted documents. When I run the decrypt operation I can see > that the signature is verified from the stderr stream, but in batch > mode the only way I know that everything is ok is that an exit code of > 0 is returned. In an automated environment, the best thing to do is use the --status-fd feature and look at the data sent to that fd. For example, gpg --status-fd 1 --output (whatever) --decrypt (whatever) On FD 1, you will get status messages giving the exact results from that encrypted message, including "GOODSIG". See the doc/DETAILS file for more info. There are ways to specify pretty much every signature case, from no signature at all, to an expired signature, to an signature made by an expired key, etc. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Scott_Carpenter@cargill.com Wed Oct 16 16:36:01 2002 From: Scott_Carpenter@cargill.com (Scott_Carpenter@cargill.com) Date: Wed Oct 16 15:36:01 2002 Subject: Decrypting/Verifying Message-ID: Thanks, David. That looks like it should work just fine. Do you think it's a safe assumption that the string GOODSIG will only appear if there was in fact a signature? And, is there any reason you can think of not to use --status-fd for every GPG operation? It seems like it would be a good thing to have in case there are errors, to provide further troubleshooting information. Scott -----Original Message----- From: dshaw@jabberwocky.com [mailto:dshaw@jabberwocky.com] Sent: Wednesday, October 16, 2002 7:44 AM To: gnupg-users@gnupg.org Subject: Re: Decrypting/Verifying On Wed, Oct 16, 2002 at 06:50:10AM -0500, Scott_Carpenter@cargill.com wrote: > Hello Gnupg Users List! > > I just signed up on this list and am a relative novice with GnuPG, so > please be kind :-) > > I checked the FAQ, man page, and handbook, but haven't seen an answer > to my question: > > For a signed and encrypted document, I understand that the --decrypt > command will decrypt the message and verify the signature all in one > operation, but how can I tell in an automated environment that a > signature was attached? > > I'm thinking of a scenario where a trading partner is sending us signed > and encrypted documents. When I run the decrypt operation I can see > that the signature is verified from the stderr stream, but in batch > mode the only way I know that everything is ok is that an exit code of > 0 is returned. In an automated environment, the best thing to do is use the --status-fd feature and look at the data sent to that fd. For example, gpg --status-fd 1 --output (whatever) --decrypt (whatever) On FD 1, you will get status messages giving the exact results from that encrypted message, including "GOODSIG". See the doc/DETAILS file for more info. There are ways to specify pretty much every signature case, from no signature at all, to an expired signature, to an signature made by an expired key, etc. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +----------------------------------------------------------------------- ----+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From Wegasoft Support Wed Oct 16 16:38:01 2002 From: Wegasoft Support (Thomas Braun) Date: Wed Oct 16 15:38:01 2002 Subject: How to send passphrase to gpg with symetric encryption? Message-ID: <4328538426.20021016153856@wegasoft.de> Hi, I tried the following method suggested by one of the list members: echo "1234" | gpg --passphrase-fd 0 -c test.txt It *seems* to encrypt without error (well, at least it does *not* ask for the passphrase) but when I try to decrypt the message again with this command: gpg -d test.gpg I get the error message "decryption failed: bad key" I tried it from the commandline and in a batch file. Any hints what I may be doing wrong? BTW, running on Windoze 2000 (which may be the cause ;-) -- regards Thomas Braun From thijmen@xs4all.nl Wed Oct 16 16:38:05 2002 From: thijmen@xs4all.nl (5468696A6D656E) Date: Wed Oct 16 15:38:05 2002 Subject: Lesser GPL for gnume Message-ID: <20021016133910.GA24140@xs4all.nl> Why not have the Lesser GPL for gnume? Or even for gnupg? If this logical discussion had been asked before, please forward me the answer. I din't go too deep in the mailinglist archive. Th. -- __Thijmen Klok________ From dshaw@jabberwocky.com Wed Oct 16 16:51:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 16 15:51:02 2002 Subject: Decrypting/Verifying In-Reply-To: References: Message-ID: <20021016135151.GA8635@akamai.com> On Wed, Oct 16, 2002 at 08:36:52AM -0500, Scott_Carpenter@cargill.com wrote: > Thanks, David. That looks like it should work just fine. > > Do you think it's a safe assumption that the string GOODSIG will only > appear if there was in fact a signature? Very safe assumption. To have a GOOD sig, there has to be a sig in the first place ;) > And, is there any reason you can think of not to use --status-fd for > every GPG operation? It seems like it would be a good thing to have in > case there are errors, to provide further troubleshooting information. I think for automated use when you want that kind of information, there is no reason not to use it for all operations. It doesn't significantly impact performance. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From kestral@cfl.rr.com Wed Oct 16 17:48:02 2002 From: kestral@cfl.rr.com (Kestral) Date: Wed Oct 16 16:48:02 2002 Subject: GPG Key Import Message-ID: Hopefully, the following question is not a duplicate. Does anyone know if 'gpg --import' will import a 2048 bit RSA PGP public/private key pair in Armor ASCII format from Windows PGP Freeware 7.0.3? Here's the scenario: A W2K machine w/ PGP Freeware 7.0.3 configured to dual boot Red Hat 8, with a 2048 bit RSA PGP public/private key pair generated by W32 PGP Freeware 7.0.3 which was then exported to an Armor ASCII format file to be imported into GPG. Regards, Kestral From kestral@merciless.net Wed Oct 16 17:48:10 2002 From: kestral@merciless.net (Kestral) Date: Wed Oct 16 16:48:10 2002 Subject: GPG Key Import Message-ID: Hopefully, the following question is not a duplicate. Does anyone know if 'gpg --import' will import a 2048 bit RSA PGP public/private key pair in Armor ASCII format from Windows PGP Freeware 7.0.3? Here's the scenario: A W2K machine w/ PGP Freeware 7.0.3 configured to dual boot Red Hat 8, with a 2048 bit RSA PGP public/private key pair generated by W32 PGP Freeware 7.0.3 which was then exported to an Armor ASCII format file to be imported into GPG. Regards, Kestral From djcombi@btclick.com Wed Oct 16 17:48:18 2002 From: djcombi@btclick.com (djcombi) Date: Wed Oct 16 16:48:18 2002 Subject: Can not encrypt on secure server. Suexec. Message-ID: <000001c27517$994a0da0$0200a8c0@PEN4> I'm struggling long time and have no way now. If you know some info I'm very pleased. Please help. I try send encrypt mail from secure server from my ISP. They say using Suexec so no problem to run cgi under cgi holder. It was sure I could run perl script from cgi directory. I install all to under cgi directory. PHP script also under cgi script. I can run gpg by SSH telnet. on this server but I can not run from site. Maybe Suexec setting or I was completely wrong? One part of encryption part is $command = "echo $body | www/cgi/bin/gpg --batch --homedir www/cgi/.gnupg/ --no-tty --quiet -ar '************ (***************) <***@********>' --always-trust -e -"; ****is all info for my ID. It is PHP script. Best Regard Toru From kestral@cfl.rr.com Wed Oct 16 17:48:26 2002 From: kestral@cfl.rr.com (Kestral) Date: Wed Oct 16 16:48:26 2002 Subject: GPG Key Import Message-ID: Hello. Does anyone know if 'gpg --import' will import a 2048 bit RSA PGP public/private key pair in Armor ASCII format from Windows PGP Freeware 7.0.3? Here's the scenario: A W2K machine w/ PGP Freeware 7.0.3 configured to dual boot Red Hat 8, with a 2048 bit RSA PGP public/private key pair generated by W32 PGP Freeware 7.0.3 which was then exported to an Armor ASCII format file to be imported into GPG. Regards, Kestral Please reply to kestral@merciless.net From ftobin@neverending.org Wed Oct 16 18:01:02 2002 From: ftobin@neverending.org (Frank Tobin) Date: Wed Oct 16 17:01:02 2002 Subject: Lesser GPL for gnume In-Reply-To: <20021016133910.GA24140@xs4all.nl> Message-ID: 5468696A6D656E, on 2002-10-16, wrote: > If this logical discussion had been asked before, please forward me the > answer. I din't go too deep in the mailinglist archive. It has been answered many times before. You didn't check the lists enough. http://marc.theaimsgroup.com/?l=gnupg-devel&w=2&r=1&s=gpgme+lgpl&q=b -- Frank Tobin http://www.neverending.org/~ftobin/ From Wegasoft Support Wed Oct 16 18:03:02 2002 From: Wegasoft Support (Thomas Braun) Date: Wed Oct 16 17:03:02 2002 Subject: How to send passphrase to gpg with symetric encryption? Message-ID: <16733649841.20021016170407@wegasoft.de> Hi, I tried the following method suggested by one of the list members: echo "1234" | gpg --passphrase-fd 0 -c test.txt It *seems* to encrypt without error (well, at least it does *not* ask for the passphrase) but when I try to decrypt the message again with this command: gpg -d test.gpg I get the error message "decryption failed: bad key" I tried it from the commandline and in a batch file. Any hints what I may be doing wrong? BTW, running on Windoze 2000 (which may be the cause ;-) -- regards Thomas Braun From twoaday@freakmail.de Wed Oct 16 18:04:01 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Wed Oct 16 17:04:01 2002 Subject: Can not encrypt on secure server. Suexec. In-Reply-To: <000001c27517$994a0da0$0200a8c0@PEN4> References: <000001c27517$994a0da0$0200a8c0@PEN4> Message-ID: <20021016150618.GA1601@daredevil.joesixpack.net> On Wed Oct 16 2002; 14:26, djcombi wrote: > $command = "echo $body | www/cgi/bin/gpg --batch --homedir > www/cgi/.gnupg/ --no-tty --quiet -ar '************ (***************) > <***@********>' --always-trust -e -"; You need to use one -r for *each* recipient ... -a -r key1 -r key2 -r key@3 because "-r key1 key2 key@3" doesn't work. Timo From anant_tamgole@yahoo.com Wed Oct 16 18:31:02 2002 From: anant_tamgole@yahoo.com (Anant Tamgole) Date: Wed Oct 16 17:31:02 2002 Subject: compilation error on Intel Solaris 8 In-Reply-To: <20021015153653.09ef92f5.rmartini@cipsga.org.br> Message-ID: <20021016152453.1913.qmail@web13206.mail.yahoo.com> --0-1761737067-1034781893=:1440 Content-Type: text/plain; charset=us-ascii Thanks Renato, It solved problem. regards anant Renato Martini wrote:On Tue, 15 Oct 2002 07:46:02 -0700 (PDT) Anant Tamgole wrote: Hi Anant! I found this fatal errorn, and I reported it to the gpg Mailing List (Sep 24 03:08:01 2002), see: http://lists.gnupg.org/pipermail/gnupg-users/2002-September/015132.html. I paste here the message: ------------- I try to compiled just now the gpg 1.2.0 for ix86 Solaris 8. The compilation was aborted in the "tools" directory, and so stoping abnormaly the process... gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a ../intl/libintl.a -ldl -lz Undefined first referenced symbol in file socket ../cipher/libcipher.a(rndegd.o) connect ../cipher/libcipher.a(rndegd.o) ld: fatal: Symbol referencing errors. No output written to bftest collect2: ld returned 1 exit status make: *** [bftest] Error 1 This fatal error in the SunOS is very ordinary, when the compilations don't find the libnets '-lsocket' and '-lnsl' (the sockets library functions). I fix the problem to compile the bftest: the Makefile omits this flags, an I put the flags - -lsocket and -lnsl in the "tools/Makefile" line 175. And so: gcc -g -O2 -Wall -o bftest -lsocket -lnsl bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a ../intl/libintl.a -ldl -lz (...) No problems! May be, the source code could be fixed... -------------------- Okay? The gpg 1.2.0 for Solaris workd fine! No problems! best regards ---------------------- > I am getting following error while compiling gnupg-1.2.0 on Solaris 8 ( Intel ) > > Making all in tools > make[2]: Entering directory `/home/gnupg-1.2.0/tools' > gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a .. > /util/libutil.a ../intl/libintl.a -ldl -lz > Undefined first referenced > symbol in file > socket ../cipher/libcipher.a(rndegd.o) > connect ../cipher/libcipher.a(rndegd.o) > ld: fatal: Symbol referencing errors. No output written to bftest > collect2: ld returned 1 exit status > make[2]: *** [bftest] Error 1 > make[2]: Leaving directory `/home/gnupg-1.2.0/tools' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/home/gnupg-1.2.0' > make: *** [all] Error 2 > # > > > How to remove this error. > > > ---------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br ----------------------------------------------------------------------- http://bancada.softwarelivre.org.br: visite a bancada do software livre ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) > ATTACHMENT part 2 application/pgp-signature --------------------------------- Do you Yahoo!? Faith Hill - Exclusive Performances, Videos, & more faith.yahoo.com --0-1761737067-1034781893=:1440 Content-Type: text/html; charset=us-ascii

Thanks Renato,

It solved problem.

regards

anant

 

 

 Renato Martini <rmartini@cipsga.org.br> wrote:

On Tue, 15 Oct 2002 07:46:02 -0700 (PDT)
Anant Tamgole wrote:

Hi Anant!

I found this fatal errorn, and I reported it to the gpg Mailing List (Sep 24 03:08:01 2002),
see: http://lists.gnupg.org/pipermail/gnupg-users/2002-September/015132.html.

I paste here the message:

-------------
I try to compiled just now the gpg 1.2.0 for ix86 Solaris 8.
The compilation was aborted in the "tools" directory, and
so stoping abnormaly the process...

gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a ../intl/libintl.a -ldl -lz
Undefined first referenced
symbol in file
socket ../cipher/libcipher.a(rndegd.o)
connect ../cipher/libcipher.a(rndegd.o)
ld: fatal: Symbol referencing errors. No output written to bftest
collect2: ld returned 1 exit status
make: *** [bftest] Error 1


This fatal error in the SunOS is very ordinary, when the compilations don't
find the libnets '-lsocket' and '-lnsl' (the sockets library functions).
I fix the problem to compile the bftest: the Makefile omits this flags, an I put the flags
- -lsocket and -lnsl in the "tools/Makefile" line 175.

And so:

gcc -g -O2 -Wall -o bftest -lsocket -lnsl bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a ../intl/libintl.a -ldl -lz (...)

No problems!


May be, the source code could be fixed...

--------------------


Okay?
The gpg 1.2.0 for Solaris workd fine! No problems!

best regards



----------------------
> I am getting following error while compiling gnupg-1.2.0 on Solaris 8 ( Intel )
>
> Making all in tools
> make[2]: Entering directory `/home/gnupg-1.2.0/tools'
> gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ..
> /util/libutil.a ../intl/libintl.a -ldl -lz
> Undefined first referenced
> symbol in file
> socket ../cipher/libcipher.a(rndegd.o)
> connect ../cipher/libcipher.a(rndegd.o)
> ld: fatal: Symbol referencing errors. No output written to bftest
> collect2: ld returned 1 exit status
> make[2]: *** [bftest] Error 1
> make[2]: Leaving directory `/home/gnupg-1.2.0/tools'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/home/gnupg-1.2.0'
> make: *** [all] Error 2
> #
>
>
> How to remove this error.
>
>
>




----------

__|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo
( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br
\___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br
-----------------------------------------------------------------------
http://bancada.softwarelivre.org.br: visite a bancada do software livre
-----------------------------------------------------------------------
"O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!"
(Gabriele d'Annunzio)

> ATTACHMENT part 2 application/pgp-signature


Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos, & more
faith.yahoo.com --0-1761737067-1034781893=:1440-- From Wegasoft Support Wed Oct 16 18:43:02 2002 From: Wegasoft Support (Thomas Braun) Date: Wed Oct 16 17:43:02 2002 Subject: Sorry for duplicate posting Message-ID: <17036074466.20021016174432@wegasoft.de> Sorry, I received a very weird bounce for my first message so I thought I made some mistake. Unfortunately thinking this *was* a mistake ;-) -- regards Thomas Braun From twoaday@freakmail.de Wed Oct 16 22:23:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Wed Oct 16 21:23:02 2002 Subject: How to send passphrase to gpg with symetric encryption? In-Reply-To: <4328538426.20021016153856@wegasoft.de> References: <4328538426.20021016153856@wegasoft.de> Message-ID: <20021016192315.GA815@daredevil.joesixpack.net> On Wed Oct 16 2002; 15:38, Thomas Braun wrote: > message again with this command: > > gpg -d test.gpg > > I get the error message "decryption failed: bad key" But GPG asks you for a passphrase? > I tried it from the commandline and in a batch file. What is the output of test.gpg with "gpg --list-only --list-packets test.gpg"? Timo From Michael_Gold@glic.com Wed Oct 16 23:50:02 2002 From: Michael_Gold@glic.com (Michael_Gold@glic.com) Date: Wed Oct 16 22:50:02 2002 Subject: Need help decrypting (gnuPG 1.2 - winnt4) Message-ID: Hello, I am trying to decrypt a file that was encrypted by another party using my public key. They encrypted using PGP5 and swear they used a CAST5 algorithm. However, whenever I decrypt the file I get the following error message: D:\OpenPGP>gpg pgptest.asc gpg: cipher algorithm 1 (IDEA) is unknown or disabled gpg: the IDEA cipher plugin is not present gpg: please see http://www.gnupg.org/why-not-idea.html for more information gpg: encrypted with 1024-bit ELG-E key, ID 9A38872F, created 2002-10-07 "Guardian (UCLA - NIPR Signing And Encrypting Key - DSA and ElGamal) " gpg: public key decryption failed: unknown cipher algorithm gpg: decryption failed: secret key not available Is IDEA definately the problem? Or is this error message not indicative of the real problem? Note all other gpg operations seem to work fine and when I encrypt and decrypt the file myself its ok. Also, just to prove whether or not IDEA is the problem, I'd like to try the idea.dll plugin. I've downloaded the dll and did a regsvr32 in the same dir as my gpg binary, but it makes no difference. Is there a way I have to tell gpg to use it? I didn't see anything about it in the manual. Any help or suggestions are greatly appreciated. Thanks, Mike From mindfuq@comcast.net Thu Oct 17 05:20:02 2002 From: mindfuq@comcast.net (MindFuq) Date: Thu Oct 17 04:20:02 2002 Subject: Changing signature algorithms Message-ID: <20021016192641.GA2612@comcast.net> I'm using GPG version 1.0.7 (stock), which is capable of the following algorithms: Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Hash: MD5, SHA1, RIPEMD160 My problem is that I can't find the switch to create a non-SHA1 hash. I want to sign using MD5 or RipeMD160. Another problem is that with the --cipher-algo switch, I cannot change the algorithm used to encrypt the hash on my signature. In fact, this switch won't even let me select the default DSA algorithm. I'm guessing that the answer to my second question is that the algorithm used to encrypt the hash is determined by my key. Is that correct? If so, then what is the --cipher-algo switch used for? Then I tried to generate an RSA key, and was told it could only be used to sign messages. Why can't it be used for encryption? To confuse things, I ran a 'showpref' on the key, and it did not list any asymmetric ciphers, not even RSA; but it did list symmetric ciphers: AES, CAST5, 3DES. How are these ciphers used with a key that can only sign? My understanding of a signature is that the hash is encrypted with an asymmetric key, not a symmetric key. From eleuteri@myrealbox.com Thu Oct 17 05:47:02 2002 From: eleuteri@myrealbox.com (=?iso-8859-1?Q?David_Pic=F3n_=C1lvarez?=) Date: Thu Oct 17 04:47:02 2002 Subject: Changing signature algorithms References: <20021016192641.GA2612@comcast.net> Message-ID: <002001c27588$0bd7f6a0$f92489c3@137.36.248> --fMYhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi, > I'm using GPG version 1.0.7 (stock), which is capable of the following > algorithms: > > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG > Hash: MD5, SHA1, RIPEMD160 There's a gnupg 1.2 if you're interested, and 1.2.1 is going to be released soon. > My problem is that I can't find the switch to create a non-SHA1 hash. > I want to sign using MD5 or RipeMD160. --digest-algo > Another problem is that with the --cipher-algo switch, I cannot change > the algorithm used to encrypt the hash on my signature. In fact, this > switch won't even let me select the default DSA algorithm. I don't understand what you mean by that. Sorry. > I'm guessing that the answer to my second question is that the > algorithm used to encrypt the hash is determined by my key. Is that > correct? If so, then what is the --cipher-algo switch used for? The --cypher-algo is used to choose the asymmetric algorithm you use when you encrypt something to other people. > Then I tried to generate an RSA key, and was told it could only be > used to sign messages. Why can't it be used for encryption? To > confuse things, I ran a 'showpref' on the key, and it did not list any > asymmetric ciphers, not even RSA; but it did list symmetric ciphers: > AES, CAST5, 3DES. How are these ciphers used with a key that can only > sign? My understanding of a signature is that the hash is encrypted > with an asymmetric key, not a symmetric key. The symmetric cyphers are not listed because they're obvious. If your key is RSA it's going to use RSA. There's nothing to do about that. The preferred cyphers on a sign-only key don't mean much. However, you can add a RSA encryption subkey to your RSA sign-only key and thus use RSA for everything with no problem whatsoever. Hope this helps, --David. --fMYhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPa4lqYVy4iYQ9LKqFAKQzxAAnhzZzp24I7zFaQSHlYTHehPDhIYecM+u 10Lm0HvPAyHkqNUy59BtMB+j+kbshsKO0yeIxz22BT+S9K9EX2Or4JVHAal2R/SY 1pMzlKdPq7fbIWOzd9T7YVGuSD5pXfJJx4QBbi+Vq7BLGUUqgky7g2VonI2+Cyv6 yq0RI4Kb5b41d7rtReZvySJCCwecgupr2RMq8ceRtyiKRSyKOCLsBnL/yEX0Tnjv bt5aAvAW/9mJiCxfQ1ve360pawtQVR56qOZ7F8M0Fy9MKslCfT0mCon4Ki8bcQfJ Xo+tylT2bQQll6F5xktMri1DnCmVEprFrH+/o1Y5oCZCIoqQHB2e8NRlYPEzBZd3 n9uDS6lrGmVxIqsNpRxxqicrM5xajDnIDN/AW3/h1dS7UF2+6xAGyAF/FAPGjDDi ZzbfRMPdfKjJw1pm4LirNmtlUfzcrBFwHlV0iYrUgmRYVTKLY8LdXrP1gGzLF4tQ vsoRCI469W8XGWA24mxNrOhTh97jYPQsNnNOG0814Hab4ZusgYmxGVQhLceg5wyE HI/mtH1Qf6GJzgBJTp6futCb98Y6owNfJlsS+upnsvHZIBpOhcYSjNZAd1iU/uFb zhiKGjcjDkjJhdNmNOhe5xcFBYJPZSvszOrbj75OF4ez9O9gtqN0iVzIkZmakQKB 3a8IJ8WCiRYP/jYXWlZue221RFLR+tfozNsUT7uxaSCHUWbFw3ieBibBO60eeTw6 h78+NLE5mPUnXvxD9OVW8KFVV3eKThyp/P2RoJWvtvSFb/JqMWrbzGKQ1qnGJM1W Ss2HPS3PjBdZRySMHV4HJYWyUoFjNOpcdEXUOi1mO+ktL9/O7Fr2Zi8Lbc2faaBs YCCyBTKLIH41814nXzxu2rDF2+BpFfw2x3trNM22wFjTh/6L18WJV/zCJHcecFu4 aMnOTGseV3dyj69mQLiPyPgzBjFMZ68heZs5V20iHEFaf8GjVzSzMmNznJyXxOkN lDxZYBiFklwql3nUlkCRQkbsYEako86/wYU+d35zX1GF2WYtGw4DS7ZLEmgPexx5 qhuyEEbx4ftyfDrxXBTtiEQO9bf3QJAefNbHEXa/zWU8LbZorWAHF1xvv8dit8lr Zb5pxNOMx9AE9B54VormDdwpiQ5xcRBqeuWLyJ97Xwyn0/wLRPoemzkaYUdTyN6w 2vDmUH+tKy6sKga1LGFWmDaR19HKToiAOjklJ7NttE5WMM95HH9afmz/7RSz/Txt CZ0x+VzNrvxJYvzKffGFrmGQ6kfR0NGx7z2zLqx/SRqAWks6kTaYJKL/5Bd2TgGi JJiZIVO34x2qQ82Vt7b7oFh39TuZCuz9nKNP0kD20UfOZSi1bbat29Qg =KcDI -----END PGP SIGNATURE----- --fMYhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From newton@hammet.net Thu Oct 17 06:11:02 2002 From: newton@hammet.net (Newton Hammet) Date: Thu Oct 17 05:11:02 2002 Subject: Changing signature algorithms References: <20021016192641.GA2612@comcast.net> Message-ID: <3DAE38E6.3BD50D50@hammet.net> MindFuq wrote: > > I'm using GPG version 1.0.7 (stock), which is capable of the following > algorithms: > > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG > Hash: MD5, SHA1, RIPEMD160 > > My problem is that I can't find the switch to create a non-SHA1 hash. > I want to sign using MD5 or RipeMD160. To find out hashes you are using: gpg --edit-key Command> showpref pub 2048R/05BD84B4 created: 2002-09-26 expires: 2003-09-26 trust: u/u (1). Newton Hammet (TreeFlyer Global Resources) Cipher: TWOFISH, AES, CAST5, 3DES Hash: SHA1, RIPEMD160 Compression: ZLIB, ZIP To find the corresponding codes (use the 'pref' command, aka 'expert') Command> pref pub 2048R/05BD84B4 created: 2002-09-26 expires: 2003-09-26 trust: u/u (1). Newton Hammet (TreeFlyer Global Resources) S10 S7 S3 S2 H2 H3 Z2 Z1 [mdc] The pref command gives a list of codes, the first char determining what the algo is (S=symmetric-key-algo,H=hash,Z=compression) and the following number the specific algorithm. A mapping of numbers for most algorithms is available here: (obtained from 'include/cipher.h' in the source distro) CIPHER_ALGO_NONE 0 CIPHER_ALGO_IDEA 1 CIPHER_ALGO_3DES 2 CIPHER_ALGO_CAST5 3 CIPHER_ALGO_BLOWFISH 4 CIPHER_ALGO_SAFER_SK128 5 CIPHER_ALGO_DES_SK 6 CIPHER_ALGO_RIJNDAEL 7 CIPHER_ALGO_RIJNDAEL192 8 CIPHER_ALGO_RIJNDAEL256 9 CIPHER_ALGO_TWOFISH 10 CIPHER_ALGO_SKIPJACK 101 CIPHER_ALGO_TWOFISH_OLD 102 CIPHER_ALGO_DUMMY 110 PUBKEY_ALGO_RSA 1 PUBKEY_ALGO_RSA_E 2 PUBKEY_ALGO_RSA_S 3 PUBKEY_ALGO_ELGAMAL_E 16 PUBKEY_ALGO_DSA 17 PUBKEY_ALGO_ELGAMAL 20 DIGEST_ALGO_MD5 1 DIGEST_ALGO_SHA1 2 DIGEST_ALGO_RMD160 3 So with this pattern, the hash MD5 is represented by 'H1'. Example: we want CIPHER=TWOFISH, DIGEST(HASH)=MD5, COMPRESSION=ZLIB, then To set algorithm preferences : Command> setpref S10 H1 Z2 Command> updpref and save changes before quiting should update you the above algorithm choices. > > Another problem is that with the --cipher-algo switch, I cannot change > the algorithm used to encrypt the hash on my signature. In fact, this > switch won't even let me select the default DSA algorithm. > > I'm guessing that the answer to my second question is that the > algorithm used to encrypt the hash is determined by my key. Is that > correct? If so, then what is the --cipher-algo switch used for? > > Then I tried to generate an RSA key, and was told it could only be > used to sign messages. Why can't it be used for encryption? To > confuse things, I ran a 'showpref' on the key, and it did not list any > asymmetric ciphers, not even RSA; but it did list symmetric ciphers: > AES, CAST5, 3DES. How are these ciphers used with a key that can only > sign? My understanding of a signature is that the hash is encrypted > with an asymmetric key, not a symmetric key. This is true 'showpref' does not show the asymmetric ciphers. If you look at the choices for your primary key, RSA is for sign only. However after generating an RSA signing key you can add an RSA encrypting key as a sub-key again using :: gpg --edit-key ==================== sample I ran on my workstation Command> addkey Key is protected. You need a passphrase to unlock the secret key for user: "yakoff smirnoff (i am an rsa key) " 1024-bit RSA key, ID DDAC44C2, created 2002-10-17 Please select what kind of key you want: (2) DSA (sign only) (3) ElGamal (encrypt only) (4) ElGamal (sign and encrypt) (5) RSA (sign only) (6) RSA (encrypt only) Your selection? 6 ==================== end of sample you will then get a choice for an RSA signing key, and also an RSA encrypting key. pick option '6'... The software doesnt allow RSA keys to be used for both signing and encryption because there are too many ways that a message can be recovered, due to the fact that 'signing' means multiplying the message by the private key, and encrypting means multiplying the message by the public key. note that decrypting is equiv to signing. I hope this short answer helps answer your question. Let me know if you need more information. Regards, Newton > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From mindfuq@comcast.net Thu Oct 17 07:06:02 2002 From: mindfuq@comcast.net (MindFuq) Date: Thu Oct 17 06:06:02 2002 Subject: Changing signature algorithms In-Reply-To: <002001c27588$0bd7f6a0$f92489c3@137.36.248> References: <20021016192641.GA2612@comcast.net> <002001c27588$0bd7f6a0$f92489c3@137.36.248> Message-ID: <20021016211209.GA3377@comcast.net> * David Picón Álvarez [2002-10-16 20:14]: > > Another problem is that with the --cipher-algo switch, I cannot change > > the algorithm used to encrypt the hash on my signature. In fact, this > > switch won't even let me select the default DSA algorithm. > > I don't understand what you mean by that. Sorry. Tell me if I'm wrong- when I sign a message, the first thing that happens is a hash is created (usually SHA1). Then that SHA1 hash is encrypted with my private asymmetric key. So not only do I have a choice of hashes (SHA1, MD5, RipeMD5), but I also have a choice of asymmetric crptosystems (RSA, DSA, ..). Using defaults and a default generated key, my signatures are composed of an SHA1 hash which is encrypted with my private key using the DSA algorithm. Suppose instead I want my signature to be created by hashing with SHA1 and encrypting with RSA. I should be able to do that using this command: gpg --clearsign --cipher-algo RSA text_msg but I get an error: gpg: selected cipher algorithm is invalid > The --cypher-algo is used to choose the asymmetric algorithm you use when > you encrypt something to other people. Or if I'm encrypting to myself. I just tried to encrypt a message to myself, using my public key; and when I use the --cipher-algo switch as follows: gpg -ea --cipher-algo RSA text_msg I get: gpg: selected cipher algorithm is invalid It doesn't matter what public algorithm I specify. Then for kicks I specified a symmetric algorithm, and it worked! So it seems --cipher-algo is used to select which *symmetric* algorithm to use. If that's true, then what does the --s2k-cipher-algo switch do differently? > The symmetric cyphers are not listed because they're obvious. If your key is > RSA it's going to use RSA. There's nothing to do about that. The preferred > cyphers on a sign-only key don't mean much. However, you can add a RSA > encryption subkey to your RSA sign-only key and thus use RSA for everything > with no problem whatsoever. I will try adding the subkey next. However, it doesn't seem right to have to do this, because when I do a pgpdump on an RSA sign-only key, one of the lines reads: Pub alg - RSA Encrypt or Sign(pub 1) This indicates to me that this sign-only key can be used to encrypt as well; so I'm not sure what's causing the limitation. Also, the following lines are also listed in the pgpdump of the sign-only key: Sym alg - AES with 128-bit key(sym 7) Sym alg - CAST5(sym 3) Sym alg - Triple-DES(sym 2) This is another indicator that this 'sign-only' key can be used for encrypting, because symmetric algorithms aren't used to sign. What am I missing? From Wegasoft Support Thu Oct 17 09:34:03 2002 From: Wegasoft Support (Thomas Braun) Date: Thu Oct 17 08:34:03 2002 Subject: How to send passphrase to gpg with symetric encryption? In-Reply-To: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> Message-ID: <1371928315.20021017083535@wegasoft.de> Hi Timo, > But GPG asks you for a passphrase? Yes. > What is the output of test.gpg with "gpg --list-only --list-packets test.gpg"? :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 salt 007b15fc1dd96a6f, count 96 after entring the passphrase gpg displays this: :encrypted data packet: length: 51 -- regards Thomas Braun From wk@gnupg.org Thu Oct 17 11:43:02 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Oct 17 10:43:02 2002 Subject: Need help decrypting (gnuPG 1.2 - winnt4) In-Reply-To: (Michael_Gold@glic.com's message of "Wed, 16 Oct 2002 16:46:38 -0400") References: Message-ID: <87it01cv9u.fsf@alberti.g10code.de> On Wed, 16 Oct 2002 16:46:38 -0400, Michael Gold said: > Is IDEA definately the problem? Or is this error message not indicative of You have seen the warning message which even includes an URL for further information, right? > Also, just to prove whether or not IDEA is the problem, I'd like to try the > idea.dll plugin. I've downloaded the dll and did a regsvr32 in the same What is regsrv32? You have to use gpg --load-extension c:/foo/bar/idea.dll ... or but it into the gpg.conf file. It is all explained in the manual. Salam-Shalom, Werner From twoaday@freakmail.de Thu Oct 17 12:55:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Thu Oct 17 11:55:02 2002 Subject: How to send passphrase to gpg with symetric encryption? In-Reply-To: <1371928315.20021017083535@wegasoft.de> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> Message-ID: <20021017095540.GA890@daredevil.joesixpack.net> On Thu Oct 17 2002; 08:35, Thomas Braun wrote: > > What is the output of test.gpg with > > "gpg --list-only --list-packets test.gpg"? > > :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 > salt 007b15fc1dd96a6f, count 96 > > after entring the passphrase gpg displays this: > > :encrypted data packet: > length: 51 Seems like the file is okay. Maybe there is a typo in your passphrase? Timo From twoaday@freakmail.de Thu Oct 17 12:55:11 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Thu Oct 17 11:55:11 2002 Subject: Need help decrypting (gnuPG 1.2 - winnt4) In-Reply-To: <87it01cv9u.fsf@alberti.g10code.de> References: <87it01cv9u.fsf@alberti.g10code.de> Message-ID: <20021017095744.GB890@daredevil.joesixpack.net> On Thu Oct 17 2002; 10:41, Werner Koch wrote: > > Also, just to prove whether or not IDEA is the problem, I'd like to try the > > idea.dll plugin. I've downloaded the dll and did a regsvr32 in the same > > What is regsrv32? FYI, all DLL's the GPG project provide are regular DLL's and not services or COM-objects you need to register with regsvr32! Or it is explicitely mentioned in a manual. Timo From alex@FUCKUP.fantastyka.net Thu Oct 17 12:57:02 2002 From: alex@FUCKUP.fantastyka.net (alex@FUCKUP.fantastyka.net) Date: Thu Oct 17 11:57:02 2002 Subject: personal--preferences? In-Reply-To: <20021016012951.GA1229@akamai.com> Message-ID: David Shaw napisa=B3[a]/wrote/schrieb: > On Wed, Oct 16, 2002 at 02:41:40AM +0200, Janusz A. Urbanowicz wrote: > > How do I use the personal--preferences in 1.2.0? > >=20 > > Setting it as follows: > >=20 > > personal-cipher-preferences 3des > > personal-digest-preferences ripemd160 > >=20 > > gives strange errors when GPG is launched. >=20 > Use the same letter codes that "setpref" uses. You can list the > available codes with "gpg -v --version". >=20 > For example. a preference list giving AES, CAST5, and BLOWFISH in that > order would be "S7 S3 S4". This is a Bad Thing to do this such a way. It is the most unintuitive interface I can imagine. Some commands accept algo name, while some need those cryptic codes which really aren't documented anywhere I know of. Nor is the method of getting these. Any chance that we'll get consistient user interface soon? Alex From simpletone@mbox.com.au Thu Oct 17 12:57:13 2002 From: simpletone@mbox.com.au (Mike Tone) Date: Thu Oct 17 11:57:13 2002 Subject: multiple keys in one .asc - like debian guys Message-ID: How do you export? a group of public keys, to one single .asc file? like the debian guys, (http://www.debian.org/security/keys.txt) when you import this one file, you get ~5-6 keys.. thanks in advance --------------------------------------------------------------------- Never lose a fax again, receive faxes to your personal email account! Visit http://www.mbox.com.au/fax From rplana@zicorp.com Thu Oct 17 12:57:23 2002 From: rplana@zicorp.com (Richard Plana) Date: Thu Oct 17 11:57:23 2002 Subject: Invalid Engine Message-ID: <3DAE6479.8090801@zicorp.com> Hi, I've been trying to set up Anubis (a mail proxy which does GPG signing/encrypting via GPGME) and am having some trouble with it. The program encounters an error with gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP) where it returns an Invalid Engine error. I compiled a test program linked against libgpgme with just the three test function and here is the output: gpgme_get_engine_info(): OpenPGP 1.0.7 /usr/bin/gpg gpgme_check_version(NULL): 0.3.12 gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP): Invalid Engine Would someone hazard a guess as to what's wrong with my setup? -- *Richard Neal Plana, B.Sc., CCNA* Lead Software Engineer Zi Corp. From twoaday@freakmail.de Thu Oct 17 12:58:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Thu Oct 17 11:58:02 2002 Subject: Changing signature algorithms In-Reply-To: <20021016211209.GA3377@comcast.net> References: <20021016192641.GA2612@comcast.net> <002001c27588$0bd7f6a0$f92489c3@137.36.248> <20021016211209.GA3377@comcast.net> Message-ID: <20021017100134.GA1056@daredevil.joesixpack.net> On Wed Oct 16 2002; 21:12, MindFuq wrote: > I should be able to do that using this command: > > gpg --clearsign --cipher-algo RSA text_msg > > but I get an error: > > gpg: selected cipher algorithm is invalid You *can't* select the asymmetric cipher for the message! How shall this be possible? It would mean GPG needs to create a key pair in time and where is it stored and a lot of more questions. The key pair has an algorithm and this algorithm is always used. I mean a key generated with --gen-key... Timo From twoaday@freakmail.de Thu Oct 17 13:28:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Thu Oct 17 12:28:02 2002 Subject: Invalid Engine In-Reply-To: <3DAE6479.8090801@zicorp.com> References: <3DAE6479.8090801@zicorp.com> Message-ID: <20021017103027.GA1810@daredevil.joesixpack.net> On Thu Oct 17 2002; 01:19, Richard Plana wrote: > gpgme_get_engine_info(): > > > OpenPGP > 1.0.7 > /usr/bin/gpg > > > gpgme_check_version(NULL): > 0.3.12 > gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP): > Invalid Engine > > Would someone hazard a guess as to what's wrong with my setup? Just a guess but I think you need 1.2.0 for GPGME 0.3.12. Timo From dshaw@jabberwocky.com Thu Oct 17 14:44:03 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 17 13:44:03 2002 Subject: personal--preferences? In-Reply-To: References: <20021016012951.GA1229@akamai.com> Message-ID: <20021017114441.GD3264@jabberwocky.com> On Wed, Oct 16, 2002 at 04:50:47PM +0200, alex@FUCKUP.fantastyka.net wrote: > David Shaw napisa?[a]/wrote/schrieb: > > On Wed, Oct 16, 2002 at 02:41:40AM +0200, Janusz A. Urbanowicz wrote: > > > How do I use the personal--preferences in 1.2.0? > > > > > > Setting it as follows: > > > > > > personal-cipher-preferences 3des > > > personal-digest-preferences ripemd160 > > > > > > gives strange errors when GPG is launched. > > > > Use the same letter codes that "setpref" uses. You can list the > > available codes with "gpg -v --version". > > > > For example. a preference list giving AES, CAST5, and BLOWFISH in that > > order would be "S7 S3 S4". > > This is a Bad Thing to do this such a way. It is the most unintuitive > interface I can imagine. Some commands accept algo name, while some need > those cryptic codes which really aren't documented anywhere I know of. Nor > is the method of getting these. Any chance that we'll get consistient user > interface soon? This is one of the things I have on my list for the devel version. You should be able to use the S-codes as well as the full cipher names interchangeably. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Thu Oct 17 14:51:03 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 17 13:51:03 2002 Subject: multiple keys in one .asc - like debian guys In-Reply-To: References: Message-ID: <20021017115145.GE3264@jabberwocky.com> On Thu, Oct 17, 2002 at 02:00:07PM +1100, Mike Tone wrote: > How do you export? a group of public keys, to one > single .asc file? > > like the debian guys, > (http://www.debian.org/security/keys.txt) > > when you import this one file, you get ~5-6 > keys.. gpg --armor --export key1 key2 key3 key4 > keysonethroughfour.txt David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Wegasoft Support Thu Oct 17 15:43:02 2002 From: Wegasoft Support (Thomas Braun) Date: Thu Oct 17 14:43:02 2002 Subject: Re[2]: How to send passphrase to gpg with symetric encryption? In-Reply-To: <20021017095540.GA890@daredevil.joesixpack.net> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> Message-ID: <9724044890.20021017144408@wegasoft.de> Hi Timo, > Seems like the file is okay. Maybe there is a typo in your passphrase? I use the following batch and I hope I was successful in typing "1234" when gpg asked me ;-) @ECHO OFF del test.gpg ECHO 1234 | gpg -c -v -v --cipher-algo BLOWFISH --passphrase-fd 0 test.txt PAUSE gpg -d -v -v test.gpg This is the output when I run this batch: Reading passphrase from file descriptor 0 gpg: loaded digest 2 gpg: writing to `test.gpg' Drücken Sie eine beliebige Taste . . . :symkey enc packet: version 4, cipher 4, s2k 3, hash 2 salt 30ebf29dd06f4b8b, count 96 gpg: loaded digest 2 :encrypted data packet: length: 51 gpg: BLOWFISH encrypted data gpg: decryption failed: bad key The exact version I'm using is 1.0.6-2 -- regards Thomas Braun From mindfuq@comcast.net Thu Oct 17 18:59:02 2002 From: mindfuq@comcast.net (MindFuq) Date: Thu Oct 17 17:59:02 2002 Subject: Purpose of --s2k-cipher-algo switch In-Reply-To: <20021017100134.GA1056@daredevil.joesixpack.net> References: <20021016192641.GA2612@comcast.net> <002001c27588$0bd7f6a0$f92489c3@137.36.248> <20021016211209.GA3377@comcast.net> <20021017100134.GA1056@daredevil.joesixpack.net> Message-ID: <20021017090524.GA915@comcast.net> * Timo Schulz [2002-10-17 08:23]: > > > I should be able to do that using this command: > > > > gpg --clearsign --cipher-algo RSA text_msg > > > > but I get an error: > > > > gpg: selected cipher algorithm is invalid > > You *can't* select the asymmetric cipher for the message! How shall > this be possible? It would mean GPG needs to create a key pair in > time and where is it stored and a lot of more questions. > > > The key pair has an algorithm and this algorithm is always used. > I mean a key generated with --gen-key... I'm starting to realize this. It seems --cipher-algo and --s2k-cipher-algo both specify the symmetric key. I was thinking that a key is just a block of random bits, and as long as the key is large enough, any algorithm should be able to use it. And this is probably true of symmetric ciphers, but I overlooked the fact that every asymmetric algorithm expects to find numbers from each key that satisfy an equation. Since the equation is different for every cipher, a key pair must only work for a specific equation.. Unless someone is clever enough to make one that works in multiple algorithms. Now I'm trying to make sense out of the --s2k-cipher-algo switch. It's described as the "cipher algorithm used to protect secret keys." Since the secret (symmetric) key is encrypted with the public (asymmetric) key, there should be no way to select the algorithm to protect the symmetric key. It should then be forced to use the algorithm the public key is bound to. Then it lists BLOWFISH as a default, which is not an asymmetric algorithm. I'm suspecting that the developers meant something different. Generally the accepted terminology in crypto is as follows: secret key = symmetric key private key = secret asymmetric key public key = public asymmetric key I've noticed a few places where the GPG docs use "secret key" when they mean "private key." It's looking like that may be what the developers did when documenting the --s2k-cipher-algo switch. So are we saying that the --s2k-cipher-algo switch enables me to choose which symmetric algorithm uses my password to encrypt my private key? From twoaday@freakmail.de Thu Oct 17 19:04:02 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Thu Oct 17 18:04:02 2002 Subject: How to send passphrase to gpg with symetric encryption? In-Reply-To: <9724044890.20021017144408@wegasoft.de> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> Message-ID: <20021017160639.GA1328@daredevil.joesixpack.net> On Thu Oct 17 2002; 14:44, Thomas Braun wrote: > @ECHO OFF > del test.gpg > ECHO 1234 | gpg -c -v -v --cipher-algo BLOWFISH --passphrase-fd 0 test.txt > PAUSE > gpg -d -v -v test.gpg > > This is the output when I run this batch: [snip] > gpg: BLOWFISH encrypted data > gpg: decryption failed: bad key Hmm, for me it works. Maybe the shell adds a newline character to the echo and this means the passphrase is *not* 1234 but 1234\n. I guess it's the standard Windows behave of ECHO. Timo From wk@gnupg.org Thu Oct 17 20:13:08 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Oct 17 19:13:08 2002 Subject: gnupg 1.2.1 release candidate Message-ID: <87adldat52.fsf@alberti.g10code.de> Hi! A release candidate for 1.2.1 is now available. I would very much appreciate if people with build problems on 1.2.0 can try this one out. ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.1rc1.tar.gz (2M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.1rc1.tar.gz.sig (2M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.0-1.2.1rc1.diff.gz (295k) You may also use http://ftp.gnupg.org . Salam-Shalom, Werner From wk@gnupg.org Thu Oct 17 20:27:03 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Oct 17 19:27:03 2002 Subject: Purpose of --s2k-cipher-algo switch In-Reply-To: <20021017090524.GA915@comcast.net> (MindFuq's message of "Thu, 17 Oct 2002 09:05:24 +0000") References: <20021016192641.GA2612@comcast.net> <002001c27588$0bd7f6a0$f92489c3@137.36.248> <20021016211209.GA3377@comcast.net> <20021017100134.GA1056@daredevil.joesixpack.net> <20021017090524.GA915@comcast.net> Message-ID: <871y6pashv.fsf@alberti.g10code.de> On Thu, 17 Oct 2002 09:05:24 +0000, MindFuq said: > I'm suspecting that the developers meant something different. > Generally the accepted terminology in crypto is as follows: In OpenPGP parlance (rfc2440) a secret key is meant as a private key. There is even another reason to speak about a secret key : private key - public key secret key - public key prvkey - pubkey seckey - pubkey pk - pk :-( sk - pk Guess where you make more error when writing or reviewing code. The fist goal is to keep a secret secret and thus I prefer to use "secret" instead of "private". Salam-Shalom, Werner From mindfuq@comcast.net Fri Oct 18 01:08:03 2002 From: mindfuq@comcast.net (MindFuq) Date: Fri Oct 18 00:08:03 2002 Subject: Possible distribution oversight - Details docs Message-ID: <20021017151423.GA14942@comcast.net> I noticed version 1.2.0 of gpg did not come with the DETAILS file in the documentation area. Was this intentionally left out? I thought it was pretty useful. From eleuteri@myrealbox.com Fri Oct 18 01:26:03 2002 From: eleuteri@myrealbox.com (=?iso-8859-1?Q?David_Pic=F3n_=C1lvarez?=) Date: Fri Oct 18 00:26:03 2002 Subject: Changing signature algorithms References: <20021016192641.GA2612@comcast.net> <002001c27588$0bd7f6a0$f92489c3@137.36.248> <20021016211209.GA3377@comcast.net> Message-ID: <001001c2762c$b7d62ae0$f92489c3@137.36.248> --ldphz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi, > Tell me if I'm wrong- when I sign a message, the first thing that > happens is a hash is created (usually SHA1). Then that SHA1 hash is > encrypted with my private asymmetric key. So not only do I have a > choice of hashes (SHA1, MD5, RipeMD5), but I also have a choice of > asymmetric crptosystems (RSA, DSA, ..). You're wrong. The assymetric algorithm is chosen by the key type. If you have an RSA keypair you can't use it to do ElGamal. If you have a DSA keypair you can't use it to do RSA. That's why you can create different types of keys in the first place. The cryptosystems are based on different numeric problems so the keys are not exchangable like that. > Or if I'm encrypting to myself. I just tried to encrypt a message to > myself, using my public key; and when I use the --cipher-algo switch > as follows: > > gpg -ea --cipher-algo RSA text_msg Sorry, I meant symmetric here. My finger went of. Cipher-algo chooses symmetric algos. > It doesn't matter what public algorithm I specify. Then for kicks I > specified a symmetric algorithm, and it worked! So it seems > --cipher-algo is used to select which *symmetric* algorithm to use. Correct. > If that's true, then what does the --s2k-cipher-algo switch do > differently? It chooses the symmetric algorithm used to encrypt your private key with your passphrase. HTH --David. --ldphz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPa858IVy4iYQ9LKqFAK4rA/8Cr5YOA5rknN1OSGWTR2gCld2+pmKOr22 qz/6VQrFYdNnUlFv2Q7sguTBClp3Ze8mpiMN/zlOuSpnLSIjG528If5Z/b3N5H16 AwZ5GnuiN8ECDtX7i5K67yMVj813gMcR/DEF1HdoNYo08uCaDMEJy9ejk5D/bCYL 4YJ+EFjzQD5FbgrknDQL+T41xsON265HNkKe0GKpqxI4Mr7x9Eu3uNlp1RSHbWnB 1Qc9ghWzyC1mgdeVj9sWFFys8TUFDX68/zJX20HyklmDduYL2BoTOe1VpsxCTqaW O//NkUnOf/nVkm3akgmlf/Y68ZBUYYTQ+hnyFqmbRP/AB3oB4NQRkXQafAIxmEnv VKlBrl6V/yEh+63zFh/cDe0ZfuKnTRxm0eW6E47alzn87aEFx6Ca9k2r4oO+EuLr cH4m/pfgUSzuCoJtsN6Mxa2axTDR2pN7eBtDYjs67biIK0PF85reaIFQ9Zpb2/8Q 4J27GxgjTAERFq5Ippu/CtUqeX7qxGTfFthCh8eLPESYLz9LI/j1IE9cu8NdpjEZ aX4Mm9MBIfFwIgfbnWcmFKtkoRmwWDl5r42Ya3JqLAXbs/cubdjLtFXZaY6WhDo2 oyuUmnzDzDDOe6i/6UVfGGrnjBEUphH6HBG8+fH1Ba5LbhUqQ4RP9wvUtNfzQNS1 8gLTSZXDwmEP/0jinNMcj5Ass9O1OAKHpq3XpDyXBeu6AWN7dMftwm96EAkiXEvQ 9SON0Dxa2jfE0kuiDn6JuxhvkbULEMK5jejW5OwUG/2SbHXYfCniaRmmvehetAsQ rfi1hlpmsSMTTs4fmP5x3UDNyWAwpkNtVlaTqQBAH/+Og364K1qm2bgCVxEmqBJi piV58U87sXGNdOl+djhwCM19DZGLOjpBdxAw5WwsN9LLLMyURz63HVaXkn1BTnu7 C+vd7n/TFu/ei0Mdh8n2dkMTGVa1IaTKA//E9nyf12mKXYGJ46cAzwYdOs8QOc1p yutKZmrm+KBiiCqzzXiEh/OiMsbQf6YD69M6kssCC7Hlsons1KrRkM5wpg5/Bemw ptqfYFxeekeRE6HJNV9qyZwmJ2bOjZ8OkU5VesuZDA7D83IoLX2JX4v20mPxfIZ5 SC1EGP+5wR1gKqeIH+NGsyNnaVc3m73nU7JrkjKfAogv4UwGQL8IYbQJcKqS/42W jmB4vm3kMzphpPcVGnDplzZCxT7V0gRhpLznW8l7ZJbrsbIrepxhc/1n34P1S1Nd 0fIrcvPnkQYXJJAQgqunvzsZ7JdgfWXqRHaOdcNRhPLkGoBJEL4GeRlvJbIZKt3Y i+PGFnYKlhbiqABUVDpPQnEY112ZSlsfwtjaj/d4iKhMnDkhB5xGoYCu =4tqs -----END PGP SIGNATURE----- --ldphz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From mindfuq@comcast.net Fri Oct 18 02:19:02 2002 From: mindfuq@comcast.net (MindFuq) Date: Fri Oct 18 01:19:02 2002 Subject: rsa-e / rsa-s distinction in --version output Message-ID: <20021017162513.GA15365@comcast.net> Doing a gpg --version gives: gpg (GnuPG) 1.2.0 [...] Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160 Compress: Uncompressed, ZIP, ZLIB It's strange that RSA, RSA-E, and RSA-S are all listed. I can see just listing RSA for simplicity, or just listing RSA-E/S, but all three? Why? It's confusing. If RSA-E is for encryption, and RSA-S is for signatures, what is meant by RSA? It seems like there shouldn't be any distinction at all. If I generate an RSA key, technically that key can be used for encrypting or signing.. In fact, signing is encrypting; correct? Signing is just taking a hash and encrypting it like it's a message, only the in this case the private key is used. The algorithm doesn't care whether it's a -E or -S key. Equally confusing, ELG and ELG-E are listed. No ELG-S? With the expert setting, I can create an ELG key that can be used to sign. From gnupg-users@gnupg.org Fri Oct 18 02:40:02 2002 From: gnupg-users@gnupg.org (Christian Biere) Date: Fri Oct 18 01:40:02 2002 Subject: compilation error on Intel Solaris 8 In-Reply-To: <20021015144602.96897.qmail@web13205.mail.yahoo.com> References: <20021015144602.96897.qmail@web13205.mail.yahoo.com> Message-ID: <20021017234046.GA13860@teak.TechFak.Uni-Bielefeld.DE> --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Anant Tamgole wrote: >=20 > Making all in tools > make[2]: Entering directory `/home/gnupg-1.2.0/tools' > gcc -g -O2 -Wall -o bftest bftest.o ../cipher/libcipher.a ../mpi/libm= pi.a .. > /util/libutil.a ../intl/libintl.a -ldl -lz > Undefined first referenced > symbol in file > socket ../cipher/libcipher.a(rndegd.o) > connect ../cipher/libcipher.a(rndegd.o) Just add '-lsocket -lnsl' to LIBS or LDFLAGS before running configure. Christian --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: 2.6.3i iQCVAgUBPa9Kft/kIoG9jxf5AQH4WQP/U79dE2SgdmbsVXaFkp07TG29lqdIMA6R xdk4LHQm3YTwnbK8JCD7welAGTxyDGsAYfHtE4m0C2D092lsdxYtZ45bzSQNVLyw jTu055Avd/KZ44F+vTIGiFvxYJU7t6ncSDoUpDvajTFacFBArnr5eH10sFq2z0o4 WOx1Zeckock= =0sg5 -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- From Gnupg-users@gnupg.org Fri Oct 18 02:50:02 2002 From: Gnupg-users@gnupg.org (Christian Biere) Date: Fri Oct 18 01:50:02 2002 Subject: Possible distribution oversight - Details docs In-Reply-To: <20021017151423.GA14942@comcast.net> References: <20021017151423.GA14942@comcast.net> Message-ID: <20021017235115.GB13860@teak.TechFak.Uni-Bielefeld.DE> --ftEhullJWpWg/VHq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MindFuq wrote: > I noticed version 1.2.0 of gpg did not come with the DETAILS file in > the documentation area. Was this intentionally left out?=20 I don't miss the DETAILS file: $ bzip2 -dc gnupg-1.2.0.tar.bz2|tar tf -|grep DETAILS gnupg-1.2.0/doc/DETAILS $ gpg --print-mds gnupg-1.2.0.tar.bz2 gnupg-1.2.0.tar.bz2: MD5 =3D B2 2B 10 DA CF EB 5C 2B 0B C4 CE 9D EF 2D = 11 20 gnupg-1.2.0.tar.bz2: SHA1 =3D 67A2 CF5D 0469 67B7 6558 90AA 67D5 9F45 09= FE 361E gnupg-1.2.0.tar.bz2: RMD160 =3D D71E 081D F291 5191 ED41 AC35 3AA8 39F3 9A= A0 95A3 gnupg-1.2.0.tar.bz2: TIGER =3D 6E08DC67 722BE107 A857D84F 8547BBF6 47AE84= 22 22188B4A Christian --ftEhullJWpWg/VHq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: 2.6.3i iQCVAgUBPa9M8t/kIoG9jxf5AQGBngP/UG9AXOdhiSOTzFDKBiDiNLREqhKBTQJy FOIhEBMpFO7ub/jPBCc8UHwAvWgbiaSM0epHlj3o+wZboCRe1Ep2HMD2IZL2sypX gi48I1v7P2VIW0N9dwvBX/xZ7yYphsrlrA+OR+cwm8r0tGCqOKw+HH+gGl9xhLvJ pFZvq33QY7U= =O0bp -----END PGP SIGNATURE----- --ftEhullJWpWg/VHq-- From mindfuq@comcast.net Fri Oct 18 09:55:02 2002 From: mindfuq@comcast.net (MindFuq) Date: Fri Oct 18 08:55:02 2002 Subject: pgp7 switch Message-ID: <20021018000105.GA18791@comcast.net> Could someone please tell me what switches are implied by the pgp7 switch? It doesn't seem to be documented anywhere yet. What makes me curious is the fact that I can use gpg to create a ciphertext with these attributes: dsa, idea, z0 PGP 6.5.8 (domestic) has a problem decrypting this. It accepts my password and doesn't report a problem; but no plaintext output. It just drops the ball. Then PGP 6.5.1 (international) has no problem with this ciphertext. When I throw the pgp7 switch, same result: pgp 6.5.8 fails, pgp 6.5.1i works. Okay, so pgp 6.5.8 should not work w/ the pgp7 switch, and when I use the pgp6 or pgp2 switch there is no problem (as expected). What I'm trying to figure out is why the older international version CAN decrypt this; what's the difference? I thought pgpi was just a scanned version of pgp, so pgpi should be behind pgp. (I'd also like to point out that pgp7 should be added to the man page). From rabbi@abditum.com Fri Oct 18 11:29:02 2002 From: rabbi@abditum.com (Len Sassaman) Date: Fri Oct 18 10:29:02 2002 Subject: rsa-e / rsa-s distinction in --version output In-Reply-To: <20021017162513.GA15365@comcast.net> Message-ID: On Thu, 17 Oct 2002, MindFuq wrote: > It's strange that RSA, RSA-E, and RSA-S are all listed. I can see > just listing RSA for simplicity, or just listing RSA-E/S, but all > three? Why? It's confusing. If RSA-E is for encryption, and RSA-S > is for signatures, what is meant by RSA? "RSA" has no restrictions on it. RSA-E can only be used for encryption; RSA-S can only be used for signing. > case the private key is used. The algorithm doesn't care whether it's > a -E or -S key. But the protocol does. > Equally confusing, ELG and ELG-E are listed. No ELG-S? With the > expert setting, I can create an ELG key that can be used to sign. Yes, but you cannot create an ELG key that can only be used for signing. (Though, you shouldn't be creating any ELG keys other than ELG-E). From wk@gnupg.org Fri Oct 18 12:11:01 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Oct 18 11:11:01 2002 Subject: rsa-e / rsa-s distinction in --version output In-Reply-To: <20021017162513.GA15365@comcast.net> (MindFuq's message of "Thu, 17 Oct 2002 16:25:14 +0000") References: <20021017162513.GA15365@comcast.net> Message-ID: <878z0w9kqr.fsf@alberti.g10code.de> On Thu, 17 Oct 2002 16:25:14 +0000, MindFuq said: > It's strange that RSA, RSA-E, and RSA-S are all listed. I can see gpg lists the available algorithms according to OpenPGP. Salam-Shalom, Werner From wk@gnupg.org Fri Oct 18 12:15:01 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Oct 18 11:15:01 2002 Subject: pgp7 switch In-Reply-To: <20021018000105.GA18791@comcast.net> (MindFuq's message of "Fri, 18 Oct 2002 00:01:05 +0000") References: <20021018000105.GA18791@comcast.net> Message-ID: <874rbk9klv.fsf@alberti.g10code.de> On Fri, 18 Oct 2002 00:01:05 +0000, MindFuq said: > (I'd also like to point out that pgp7 should be added to the man > page). It is: --pgp7 Set up all options to be as PGP 7 compliant as possible. This is identical to --pgp6 except that MDCs are not disabled, and the list of allowable ciphers is expanded to add AES128, AES192, AES256, and TWOFISH. From dshaw@jabberwocky.com Fri Oct 18 19:55:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 18 18:55:02 2002 Subject: [Announce]GnuPG 1.3.0 released (development) Message-ID: <20021018134940.GA9701@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hello! The first release from the new development branch of GnuPG is ready for public consumption. This is a branch to create what will be GnuPG 1.4 someday. It will change much more frequently than the 1.2.x "stable" branch, which will mainly be updated for bug fix reasons. I encourage the more GnuPG-familiar user to try this release (and the ones that will follow in the 1.3.x branch), and report back any problems to gnupg-devel@gnupg.org. In return, you get the latest code with the latest features. However, it is always important to keep in mind that this is still development code - please do not use it on anything mission-critical. Critical applications should always use the 1.2.x stable branch. You may notice the smaller tarball size for this release - that is due to the translations other than de being removed. You may also notice the smaller size of the gpg binary, and that is due to some of the keyserver modifications. See the list below for more on these changes. The files are available from: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.0.tar.gz (1432k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.0.tar.gz.sig MD5 checksums for the files are: 2dcd23aae21e1ff08ffc258d6f075d64 gnupg-1.3.0.tar.gz 006384951e566ffa4581251b538af154 gnupg-1.3.0.tar.gz.sig Noteworthy changes in version 1.3.0 (2002-10-18) - ------------------------------------------------ * The last piece of internal keyserver support has been removed, and now all keyserver access is done via the keyserver plugins. There is also a newer keyserver protocol used between GnuPG and the plugins, so plugins from earlier versions of GnuPG may not work properly. * The HKP keyserver plugin supports the new machine-readable key listing format for those keyservers that provide it. * When using a HKP keyserver with multiple DNS records (such as wwwkeys.pgp.net which has the addresses of multiple servers around the world), try all records until one succeeds. Note that it depends on the LDAP library used whether the LDAP keyserver plugin does this as well. * The library dependencies for OpenLDAP seem to change fairly frequently, and GnuPG's configure script cannot guess all the combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to override the script and use the libraries selected. * Secret keys generated with --export-secret-subkeys are now indicated in key listings with a '#' after the "sec", and in --with-colons listings by showing no capabilities (no lowercase characters). * --trusted-key has been un-obsoleted, as it is useful for adding ultimately trusted keys from the config file. It is identical to using --edit and "trust" to change a key to ultimately trusted. * Translations other than de are no longer distributed with the development branch. This is due to the frequent text changes during development, which cause the translations to rapidly go out of date. Happy Hacking, The GnuPG team (David, Stefan, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3 (GNU/Linux) iQEVAwUBPbARc4ccwqs8s7QVAQGXKAgAo9UqRZ0HdH/HEiX1wRMJsNHWYL7E9Mxc ftYiThLyEvhZ/W0tTFDqsyqtd4fazzyuUgy7ECKl0nJLGdCM7whXnIyELQmqGxVB XOOiZ0RRMoBz0QbqsEkB46KWI+VeZkAxw7WK9Buib7UeC8BnUVIYHGpMItxPMlDa 3pCOg7gnaV450ad+24KkzMOt1uZ+TFYLSQmgUxczJ8Y1WMsh7LIsvIniWmIQWVFs MvMvx3i8Bdt2dO2H/jW8ezaPDQt6WcY84BZQeNRcZ6xD9bs3u6Cr96kNA41NPuM2 CmgqU5L2YAsJ1YE+ZmmrzxmlqWOOjQcRgmao9n9GYSQw72sc+ofsPw== =uhVf -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From mindfuq@comcast.net Fri Oct 18 21:16:03 2002 From: mindfuq@comcast.net (MindFuq) Date: Fri Oct 18 20:16:03 2002 Subject: undocumented switch In-Reply-To: <874rbk9klv.fsf@alberti.g10code.de> References: <20021018000105.GA18791@comcast.net> <874rbk9klv.fsf@alberti.g10code.de> Message-ID: <20021018112250.GA30102@comcast.net> * Werner Koch [2002-10-18 08:58]: > On Fri, 18 Oct 2002 00:01:05 +0000, MindFuq said: > > > (I'd also like to point out that pgp7 should be added to the man > > page). > > It is: My fault.. sorry about that. My original installation was done from an RPM file, and when I upgraded to a 1.2.0 tarball, the man pages didn't get replaced. Anyway, there is a switch that really is not documented: --disable-mdc >From the archives, I can figure that this disables modification detection code. I'm just thinking it should be added to the man page. Also, the switches in the manpage don't seem to have any order or pattern. Is this a todo item? If not, should it be? I don't mind doing the work; just tell me where to sign up. Thanks. From mindfuq@comcast.net Fri Oct 18 21:59:03 2002 From: mindfuq@comcast.net (MindFuq) Date: Fri Oct 18 20:59:03 2002 Subject: Understanding MDC (Modification Detection Code) Message-ID: <20021018120534.GA30375@comcast.net> The faq states that having key preferences of TwoFish and AES implies the keyholder has the capability of using MDC encryption. This may be true, but my tests are showing that MDC is disjoint from those algorithms. PGP 6.5.1i can handle MDC, and it's limited to the IDEA, CAST, and 3DES ciphers. How exactly does MDC work? I know with MDC out of the picture, if someone changes the ciphertext, the receiver knows. Either the receiver will get garbage, or the receiver won't be able to decrypt the message at all. So what's the purpose of MDC? Also, I'm curious as to why PGP 6.5.8 (domestic) cannot handle MDC, but PGP 6.5.1i can. Was MDC capability removed, and then re-added in PGP7? From mindfuq@comcast.net Fri Oct 18 22:13:02 2002 From: mindfuq@comcast.net (MindFuq) Date: Fri Oct 18 21:13:02 2002 Subject: How to select the Dummy cipher Message-ID: <20021018121939.GA30573@comcast.net> The cipher.h file lists more ciphers than the --version switch. I'm interested in the Dummy cipher (S110), but I don't want to set that as a preference on my key. I tried the options: --cipher-algo dummy --expert and the cipher was unrecognized. Is there a way to do this from the commandline? Or do I have to set up S110 as my one and only preference on my key to make it work? From wk@gnupg.org Sat Oct 19 14:43:03 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Oct 19 13:43:03 2002 Subject: How to select the Dummy cipher In-Reply-To: <20021018121939.GA30573@comcast.net> (MindFuq's message of "Fri, 18 Oct 2002 12:19:39 +0000") References: <20021018121939.GA30573@comcast.net> Message-ID: <873cr27o6t.fsf@alberti.g10code.de> On Fri, 18 Oct 2002 12:19:39 +0000, MindFuq said: > and the cipher was unrecognized. Is there a way to do this from the > commandline? Or do I have to set up S110 as my one and only > preference on my key to make it work? RTSL: /* We have support for a DUMMY encryption cipher which comes handy to debug MDCs and similar things. Because this is a bit dangerous it is not enabled. */ /*#define ALLOW_DUMMY 1 */ Shalom-Salam, Werner From dshaw@jabberwocky.com Sat Oct 19 15:47:03 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 19 14:47:03 2002 Subject: Understanding MDC (Modification Detection Code) In-Reply-To: <20021018120534.GA30375@comcast.net> References: <20021018120534.GA30375@comcast.net> Message-ID: <20021019124821.GA1247@jabberwocky.com> On Fri, Oct 18, 2002 at 12:05:34PM +0000, MindFuq wrote: > The faq states that having key preferences of TwoFish and AES implies > the keyholder has the capability of using MDC encryption. This may be > true, but my tests are showing that MDC is disjoint from those > algorithms. PGP 6.5.1i can handle MDC, and it's limited to the IDEA, > CAST, and 3DES ciphers. That is correct. As you saw, MDC is unrelated from any particular cipher choice. However, given the general evolution of OpenPGP, it is possible to infer from the presence of Twofish and AES that MDC exists. Ideally, of course, the key would have an explicit MDC flag, but PGP does not do this. > How exactly does MDC work? I know with MDC out of the picture, if > someone changes the ciphertext, the receiver knows. Either the > receiver will get garbage, or the receiver won't be able to decrypt > the message at all. So what's the purpose of MDC? Among other things, read http://www.counterpane.com/pgp-attack.html > Also, I'm curious as to why PGP 6.5.8 (domestic) cannot handle MDC, > but PGP 6.5.1i can. Was MDC capability removed, and then re-added in > PGP7? 6.5.8 != 6.5.1i. Two different programs. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From skweek@parinux.org Sat Oct 19 17:24:02 2002 From: skweek@parinux.org (skweek) Date: Sat Oct 19 16:24:02 2002 Subject: Klez!! References: <873cr27o6t.fsf@alberti.g10code.de> Message-ID: <3DB16AF5.000001.01320@dub> Hello!=0D =0D Pay your attention=0D =0D I have received an virus today :/ I don't know if the virus was arrived v= ia GPG ML :(=0D =0D =0D =0D The virus is W32/Klez.H@mm=0D =0D Good Afternoon=0D =0D Skweek From sean@tcob1.net Sat Oct 19 22:55:01 2002 From: sean@tcob1.net (Sean Rima) Date: Sat Oct 19 21:55:01 2002 Subject: Klez!! In-Reply-To: <3DB16AF5.000001.01320@dub> References: <873cr27o6t.fsf@alberti.g10code.de> <3DB16AF5.000001.01320@dub> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 19 Oct 2002, skweek@parinux.org verbalised: > Hello! > > Pay your attention > > I have received an virus today :/ I don't know if the virus was > arrived via GPG ML :( > > > > The virus is W32/Klez.H@mm > > Good Afternoon > I checked my exim reject log as I reject any mail containing a virus and I rejected none from this ML. Sean - -- Sean Rima http://www.tcob1.net Linux User: 231986 Jabber: tcobone@jabber.org THE VIEWS EXPRESSED HERE ARE NOT NECESSARILY THOSE OF MY WIFE. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Use GPG for Secure Mail iD8DBQE9sbjyHMnSWn2nApQRAkdoAJ96MPZYv4FvRJ5hNKpbnD/nw2wHNgCeO+s1 WipY1vE6/9CK0nAwzDKoVdw= =2zEh -----END PGP SIGNATURE----- From rmartini@cipsga.org.br Sat Oct 19 23:19:02 2002 From: rmartini@cipsga.org.br (Renato Martini) Date: Sat Oct 19 22:19:02 2002 Subject: gnupg 1.2.1 release candidate In-Reply-To: <87adldat52.fsf@alberti.g10code.de> References: <87adldat52.fsf@alberti.g10code.de> Message-ID: <20021019172001.70ff72bd.rmartini@cipsga.org.br> --VB(9VfgG=.rWb8Kz Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 17 Oct 2002 19:10:17 +0200 Werner Koch wrote: > Hi! > > A release candidate for 1.2.1 is now available. I would very much > appreciate if people with build problems on 1.2.0 can try this one > out. Okay! Now works fine in a SunOS (i386-pc-solaris2.8). But, is the release stable to install and work? regards ---------- __|_ _| _ \ __| __| \ | Renato Martini ::: Diretor Administrativo ( | __/\__ \ (_ | _ \ | http://www.cipsga.org.br \___|___|_| ____/\___|_/ _\ | http://gnupg.unixsecurity.com.br ----------------------------------------------------------------------- http://bancada.softwarelivre.org.br: visite a bancada do software livre ----------------------------------------------------------------------- "O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!" (Gabriele d'Annunzio) --VB(9VfgG=.rWb8Kz Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9sbBhYogE2yD8bPYRAoKkAJ432r6QUTKYygbQ9nQf+RcZQmT+SwCfcSYG G6Zy38528HtmtRgvwcSoIMg= =yhH4 -----END PGP SIGNATURE----- --VB(9VfgG=.rWb8Kz-- From jharris@widomaker.com Sun Oct 20 22:41:02 2002 From: jharris@widomaker.com (Jason Harris) Date: Sun Oct 20 21:41:02 2002 Subject: intermediate (2002-10-20) keyanalyze results Message-ID: <20021020194116.GA1193@pm14-23.lft.widomaker.com> --4Ckj6UjgE2iN1+kY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable New intermediate keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2002-10-20/ Earlier intermediate reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --4Ckj6UjgE2iN1+kY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9swbbSypIl9OdoOMRAhZLAJoCOOncLhGs2lt36RcI2+C0wmsPVwCgy1Pw poA2nan2RZENwiET4/tclV4= =mHqX -----END PGP SIGNATURE----- --4Ckj6UjgE2iN1+kY-- From engage@n0sq.net Sun Oct 20 23:23:01 2002 From: engage@n0sq.net (engage) Date: Sun Oct 20 22:23:01 2002 Subject: trouble installing ML 9 Message-ID: <200210202023.g9KKNvB03696@n0sq.net> I just attempted to install ML9. The PC booted from the CD but when I pre= ssed=20 enter to continue, I got a balank screen. I don't see anything at Mandrak= es=20 site for a fix. Anyone have a fix? MSI K7T266 Pro 2 mobo (AMD Athlon 1.3GHz, 512MB SDRAM) Radeon VE video card Creative IDE CD-RW (booted from this drive) Teac SCSI CD-ROM (Adaptec card does not permit booting from SCSI drives) From johanw@vulcan.xs4all.nl Mon Oct 21 00:45:02 2002 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sun Oct 20 23:45:02 2002 Subject: gnupg 1.2.1 release candidate In-Reply-To: <87adldat52.fsf@alberti.g10code.de> from Werner Koch at "Oct 17, 2002 07:10:17 pm" Message-ID: <200210202140.XAA00220@vulcan.xs4all.nl> Werner Koch wrote: > A release candidate for 1.2.1 is now available. I would very much > appreciate if people with build problems on 1.2.0 can try this one > out. I know that Cygwin isn't supported, but the build errors on Cygwin remain the same: it can't find the generated libfiles, you have to type "make" several times to get it compiled. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From Weimer@CERT.Uni-Stuttgart.DE Mon Oct 21 08:36:02 2002 From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer) Date: Mon Oct 21 07:36:02 2002 Subject: trouble installing ML 9 In-Reply-To: <200210202023.g9KKNvB03696@n0sq.net> (engage's message of "Sun, 20 Oct 2002 14:23:57 -0600") References: <200210202023.g9KKNvB03696@n0sq.net> Message-ID: <873cr0nyiy.fsf@Login.CERT.Uni-Stuttgart.DE> engage writes: > I just attempted to install ML9. The PC booted from the CD but when I pressed > enter to continue, I got a balank screen. I don't see anything at Mandrakes > site for a fix. Anyone have a fix? You should ask such questions on another list. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 From nickmather@cox.net Mon Oct 21 10:36:01 2002 From: nickmather@cox.net (N and P) Date: Mon Oct 21 09:36:01 2002 Subject: extreme newbie, installing gnupg on virtual host Message-ID: <5.0.2.1.2.20021021003255.00ae1548@pop.west.cox.net> Hi, Is it possible to install gnupg on my hosts server in my directory? If so, is there a tutorial available or some kind of directions. Thanks very much in advance. Best regards, -Nick From jam@jamux.com Tue Oct 22 04:56:01 2002 From: jam@jamux.com (John A. Martin) Date: Tue Oct 22 03:56:01 2002 Subject: Agent implementation In-Reply-To: <87it0y6wod.fsf@alberti.gnupg.de> (Werner Koch's message of "Sun, 22 Sep 2002 14:22:42 +0200") References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE> <87it0y6wod.fsf@alberti.gnupg.de> Message-ID: <87k7kbqlqm.fsf@athene.jamux.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "wk" == Werner Koch >>>>> "Re: Agent implementation" >>>>> Sun, 22 Sep 2002 14:22:42 +0200 wk> Get the latest libgcrypt *new*pg and build them. You probably wk> don't have libksba installed, so the configure script of newpg wk> should figure this out and only build the gpg-agent. If you wk> have problems, please complain. What am I missing? ,----[ tail of make output ] | LD_LIBRARY_PATH=$(seen=0; for i in ; do if echo "$i" | egrep '^-L' | >/dev/null 2>&1; then if test $seen = 0; then seen=1; else printf | ":"; fi; printf "%s" "${i}" | sed 's/^-L//'; fi; done; if test | $seen != 0 && test x${LD_LIBRARY_PATH} != x; then printf ":"; fi; | printf "%s" "${LD_LIBRARY_PATH}") \ | srcdir=. GNUPGHOME=`pwd` LC_ALL=C GPGSM=../sm/gpgsm | ./runtest ./inittests | gpgsm: Fatal: libgcrypt is too old (need 1.1.8, have 1.1.5) | gpgsm: Fatal: libgcrypt is too old (need 1.1.8, have 1.1.5) | gpgsm: Fatal: libgcrypt is too old (need 1.1.8, have 1.1.5) | echo timestamp >./inittests.stamp | make[2]: Leaving directory `/slash/var/jam/src/newpg-0.9.2/tests' | make[2]: Entering directory `/slash/var/jam/src/newpg-0.9.2' | make[2]: Nothing to be done for `all-am'. | make[2]: Leaving directory `/slash/var/jam/src/newpg-0.9.2' | make[1]: Leaving directory `/slash/var/jam/src/newpg-0.9.2' `---- ,----[ config.log ] | configure:3281: checking for libgcrypt-config | configure:3299: found /usr/local/bin/libgcrypt-config | configure:3312: result: /usr/local/bin/libgcrypt-config | configure:3320: checking for LIBGCRYPT - version >= 1.1.8 | configure:3356: result: yes `---- ,----[ /usr/local/lib made from libgcrypt-1.1.10 ] | -rwxr-xr-x 1 root staff 726 Oct 21 13:49 libgcrypt.la | lrwxrwxrwx 1 root staff 18 Oct 21 13:49 libgcrypt.so | -> libgcrypt.so.1.4.2 | lrwxrwxrwx 1 root staff 18 Oct 21 13:49 | libgcrypt.so.1 -> libgcrypt.so.1.4.2 | -rwxr-xr-x 1 root staff 624209 Oct 21 13:49 libgcrypt.so.1.4.2 `---- jam -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAj20sEMACgkQUEvv1b/iXy/24gCfSx2Dojn1CfY4wrWBXKnveBKb XrsAn06JSsLBsp+4Vx3CagkSBg9wOWG3 =HmcS -----END PGP SIGNATURE----- From Wegasoft Support Tue Oct 22 10:10:02 2002 From: Wegasoft Support (Thomas Braun) Date: Tue Oct 22 09:10:02 2002 Subject: How to send passphrase to gpg with symetric encryption? In-Reply-To: <20021017160639.GA1328@daredevil.joesixpack.net> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> Message-ID: <1775405705.20021022091115@wegasoft.de> Hi , > On Thu Oct 17 2002; 14:44, Thomas Braun wrote: >> @ECHO OFF >> del test.gpg >> ECHO 1234 | gpg -c -v -v --cipher-algo BLOWFISH --passphrase-fd 0 test.txt [snipped] > Hmm, for me it works. Maybe the shell adds a newline character to the > echo and this means the passphrase is *not* 1234 but 1234\n. I guess > it's the standard Windows behave of ECHO. Most likely you are right. I tried various possible things and found the following to be working: I put the passphrase into pass.txt and changed the batch to the following: TYPE pass.txt | gpg -c --passphrase-fd 0 test.txt I'm aware that this is not a very secure solution but I'm only experimenting at the moment because I'm not sure how to pass the passphrase to gpg from a program that is used in a web application. -- regards Thomas Braun From wk@gnupg.org Tue Oct 22 10:41:02 2002 From: wk@gnupg.org (Werner Koch) Date: Tue Oct 22 09:41:02 2002 Subject: Agent implementation In-Reply-To: <87k7kbqlqm.fsf@athene.jamux.com> (jam@jamux.com's message of "Mon, 21 Oct 2002 21:57:05 -0400") References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE> <87it0y6wod.fsf@alberti.gnupg.de> <87k7kbqlqm.fsf@athene.jamux.com> Message-ID: <873cqy53cn.fsf@alberti.g10code.de> On Mon, 21 Oct 2002 21:57:05 -0400, John A Martin said: > | gpgsm: Fatal: libgcrypt is too old (need 1.1.8, have 1.1.5) There is another libgcrypt somewhere. The runtime linker linked against the old one whereas gpgsm was build with the new one in mind. Run a "ldd gpgsm" so see the location of the library actually used. > | gpgsm: Fatal: libgcrypt is too old (need 1.1.8, have 1.1.5) > | gpgsm: Fatal: libgcrypt is too old (need 1.1.8, have 1.1.5) > | echo timestamp >./inittests.stamp > | make[2]: Leaving directory `/slash/var/jam/src/newpg-0.9.2/tests' > | make[2]: Entering directory `/slash/var/jam/src/newpg-0.9.2' > | make[2]: Nothing to be done for `all-am'. > | make[2]: Leaving directory `/slash/var/jam/src/newpg-0.9.2' > | make[1]: Leaving directory `/slash/var/jam/src/newpg-0.9.2' > `---- > ,----[ config.log ] > | configure:3281: checking for libgcrypt-config > | configure:3299: found /usr/local/bin/libgcrypt-config > | configure:3312: result: /usr/local/bin/libgcrypt-config > | configure:3320: checking for LIBGCRYPT - version >= 1.1.8 > | configure:3356: result: yes > `---- > ,----[ /usr/local/lib made from libgcrypt-1.1.10 ] > | -rwxr-xr-x 1 root staff 726 Oct 21 13:49 libgcrypt.la > | lrwxrwxrwx 1 root staff 18 Oct 21 13:49 libgcrypt.so > | -> libgcrypt.so.1.4.2 > | lrwxrwxrwx 1 root staff 18 Oct 21 13:49 > | libgcrypt.so.1 -> libgcrypt.so.1.4.2 > | -rwxr-xr-x 1 root staff 624209 Oct 21 13:49 libgcrypt.so.1.4.2 > `---- > jam > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk@gnupg.org Tue Oct 22 10:43:02 2002 From: wk@gnupg.org (Werner Koch) Date: Tue Oct 22 09:43:02 2002 Subject: Agent implementation In-Reply-To: <87k7kbqlqm.fsf@athene.jamux.com> (jam@jamux.com's message of "Mon, 21 Oct 2002 21:57:05 -0400") References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE> <87it0y6wod.fsf@alberti.gnupg.de> <87k7kbqlqm.fsf@athene.jamux.com> Message-ID: <87znt63oos.fsf@alberti.g10code.de> On Mon, 21 Oct 2002 21:57:05 -0400, John A Martin said: > | gpgsm: Fatal: libgcrypt is too old (need 1.1.8, have 1.1.5) The runtime linker used the wrong library. Under GNU/Linux run a ldd gpgsm to see what libraries are actually used and delete old libgcrypt*. Shalom-Salam, Werner From nc@stormvault.net Tue Oct 22 11:28:02 2002 From: nc@stormvault.net (Nicolas Couture) Date: Tue Oct 22 10:28:02 2002 Subject: pub & sub In-Reply-To: <1775405705.20021022091115@wegasoft.de> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> <1775405705.20021022091115@wegasoft.de> Message-ID: <1035275319.5133.5.camel@dimension> --=-RVmnsV4ieb18fzGdnksc Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I curently has both pub and sub keys setted to 1024D : pub 1024D/ ... .. . sub 1024D/ ... .. . I'd like to set my sub key to 2048g is it possible ?=20 How can I do it ? Thanks. --=-RVmnsV4ieb18fzGdnksc Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9tQw3NjLW0xqk2ZYRAky0AJ0WurB9R21ZQAMnAwLXNToWx0mQmQCeIbIs roJV3BS8QOwMvSVKNG1Vl1g= =M6iz -----END PGP SIGNATURE----- --=-RVmnsV4ieb18fzGdnksc-- From thijmen@xs4all.nl Tue Oct 22 12:20:02 2002 From: thijmen@xs4all.nl (5468696A6D656E) Date: Tue Oct 22 11:20:02 2002 Subject: How to send passphrase to gpg with symetric encryption? In-Reply-To: <1775405705.20021022091115@wegasoft.de> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> <1775405705.20021022091115@wegasoft.de> Message-ID: <20021022092123.GE23655@xs4all.nl> On Tue, Oct 22, 2002 at 09:11:15AM +0200, Thomas Braun wrote: > > On Thu Oct 17 2002; 14:44, Thomas Braun wrote: > >> @ECHO OFF > >> del test.gpg > >> ECHO 1234 | gpg -c -v -v --cipher-algo BLOWFISH --passphrase-fd 0 test.txt > [snipped] > > Hmm, for me it works. Maybe the shell adds a newline character to the > > echo and this means the passphrase is *not* 1234 but 1234\n. I guess > > it's the standard Windows behave of ECHO. > > TYPE pass.txt | gpg -c --passphrase-fd 0 test.txt > > I'm aware that this is not a very secure solution but I'm only > experimenting at the moment because I'm not sure how to pass the > passphrase to gpg from a program that is used in a web application. If that is your goal, don't mind the insecure situation in the batch files, what about the insecure situation that people need to store their secret key on a *webserver* ? Are people willing to do that? Th. -- __Thijmen Klok________ From newton@hammet.net Tue Oct 22 16:52:02 2002 From: newton@hammet.net (Newton Hammet) Date: Tue Oct 22 15:52:02 2002 Subject: pub & sub References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> <1775405705.20021022091115@wegasoft.de> <1035275319.5133.5.camel@dimension> Message-ID: <3DB5665D.C51F88CD@hammet.net> Nicolas Couture wrote: > > I curently has both pub and sub keys setted to 1024D : > > pub 1024D/ ... .. . > sub 1024D/ ... .. . > > I'd like to set my sub key to 2048g is it possible ? > > How can I do it ? > > Thanks. > > ------------------------------------------------------------------------ > Name: signature.asc > signature.asc Type: application/pgp-signature > Description: This is a digitally signed message part You can optionally delete the 1024D subkey... then do an addkey and select 2048-bit length. You can't take the 1024D subkey and make it longer. gpg --edit-key and follow the prompts... Regards, Newton From ARustad@Online-can.com Tue Oct 22 17:54:02 2002 From: ARustad@Online-can.com (Rustad, Aaron) Date: Tue Oct 22 16:54:02 2002 Subject: Where can I find info on "use-agent" Message-ID: <35199F5CEFCED311B69A009027DCD2550156E382@cgyexchange.online-can.com> Can anyone tell me where I might find information about using the "use-agent" flag? I have looked in the man file, Howto, Handbook, mailing lists....but no luck. AR. From wk@gnupg.org Tue Oct 22 19:11:02 2002 From: wk@gnupg.org (Werner Koch) Date: Tue Oct 22 18:11:02 2002 Subject: Where can I find info on "use-agent" In-Reply-To: <35199F5CEFCED311B69A009027DCD2550156E382@cgyexchange.online-can.com> ("Rustad, Aaron"'s message of "Tue, 22 Oct 2002 09:09:08 -0600") References: <35199F5CEFCED311B69A009027DCD2550156E382@cgyexchange.online-can.com> Message-ID: <87znt61mm0.fsf@alberti.g10code.de> On Tue, 22 Oct 2002 09:09:08 -0600, Rustad, Aaron said: > Can anyone tell me where I might find information about using the > "use-agent" flag? I have looked in the man file, Howto, Handbook, mailing > lists....but no luck. Just ask ;-) There used to be an old agent in the abandoned gnupg 1.1.1 release which is still supported by gpg. However the newer one is the one developed for the Ägypten project available with the newpg package (http://www.gnupg.org/aegypten/). Currently it works only on GNU/Linux Systems; the agent itself might work on other systems too but I never tried[1]. To build newpg you need the libgcrypt and libksba libraries, although they are not really used when using gpg-agent along with GnuPG. It might be useful if someone creates a new package with just the bare gpg-agent stripped down to the code required for the use by gpg and maybe combine that with the GTK+/ncurses pinentry. Another choice would be a pinentry which directly acts as the gpg-agent. If someone wants to take such a job just tell me or the list. Work is currently underway to merge newpg (and thus the gpg-agent) with GnuPG. A GNUPG-1-9-BRANCH has therefore been created in the CVS which eventually will lead to a GnuPG 2.0 release. But don't expect that to happen soon. GnuPG 2.0 will undergo heavy internal changes and thus a stable version 1.4 will be released much earlier than anything from that second development branch. Shalom-Salam, Werner [1] The reason is that we use some glibc specific features like fopencookie in some parts of newpg and the stub we use for other systems is really only a stub. From nc@stormvault.net Tue Oct 22 23:50:01 2002 From: nc@stormvault.net (Nicolas Couture) Date: Tue Oct 22 22:50:01 2002 Subject: pub & sub In-Reply-To: <3DB5665D.C51F88CD@hammet.net> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> <1775405705.20021022091115@wegasoft.de> <1035275319.5133.5.camel@dimension> <3DB5665D.C51F88CD@hammet.net> Message-ID: <1035319832.9601.8.camel@dimension> On Tue, 2002-10-22 at 10:53, Newton Hammet wrote: > Nicolas Couture wrote: > > > > I curently has both pub and sub keys setted to 1024D : > > > > pub 1024D/ ... .. . > > sub 1024D/ ... .. . > > > > I'd like to set my sub key to 2048g is it possible ? > > > > How can I do it ? > > > > Thanks. > > > > ------------------------------------------------------------------------ > > Name: signature.asc > > signature.asc Type: application/pgp-signature > > Description: This is a digitally signed message part > > You can optionally delete the 1024D subkey... then do an addkey > and select 2048-bit length. You can't take the 1024D subkey and > make it longer. > > gpg --edit-key > > and follow the prompts... > I tried your solution with half success: --- remote@dimension:~$ gpg --list-key ... pub 1024D/4C7461CF 2002-10-22 Nicolas Couture sub 1024g/87018F83 2002-10-22 [expires: 2006-06-20] sub 2048g/9FDDA627 2002-10-22 [expires: 2006-06-20] ... remote@dimension:~$ gpg --edit-key nc@stormvault.net ... Secret key is available. pub 1024D/4C7461CF created: 2002-10-22 expires: 2006-06-20 trust: -/d *** This key has been disabled sub 1024g/87018F83 created: 2002-10-22 expires: 2006-06-20 sub 2048g/9FDDA627 created: 2002-10-22 expires: 2006-06-20 (1). Nicolas Couture --- I can not use delkey specifying the keyid 87018F83 --- Command> delkey 87018F83 You must select at least one key. --- I even tried delkey nc@stormvault.net and it gave me the same error message. Thanks in advance! From wk@gnupg.org Wed Oct 23 00:29:02 2002 From: wk@gnupg.org (Werner Koch) Date: Tue Oct 22 23:29:02 2002 Subject: pub & sub In-Reply-To: <1035319832.9601.8.camel@dimension> (Nicolas Couture's message of "Tue, 22 Oct 2002 16:50:32 -0400") References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> <1775405705.20021022091115@wegasoft.de> <1035275319.5133.5.camel@dimension> <3DB5665D.C51F88CD@hammet.net> <1035319832.9601.8.camel@dimension> Message-ID: <87vg3u17vl.fsf@alberti.g10code.de> On Tue, 22 Oct 2002 16:50:32 -0400, Nicolas Couture said: > pub 1024D/4C7461CF created: 2002-10-22 expires: 2006-06-20 trust: -/d > *** This key has been disabled > sub 1024g/87018F83 created: 2002-10-22 expires: 2006-06-20 > sub 2048g/9FDDA627 created: 2002-10-22 expires: 2006-06-20 > (1). Nicolas Couture > --- > I can not use delkey specifying the keyid 87018F83 Command> key 1 Command> delkey From gnupg-users@gnupg.org Wed Oct 23 00:51:02 2002 From: gnupg-users@gnupg.org (Erik) Date: Tue Oct 22 23:51:02 2002 Subject: pub & sub In-Reply-To: <1035319832.9601.8.camel@dimension> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> <1775405705.20021022091115@wegasoft.de> <1035275319.5133.5.camel@dimension> <3DB5665D.C51F88CD@hammet.net> <1035319832.9601.8.camel@dimension> Message-ID: <19218105633.20021022175151@mochamail.com> Hello Nicolas, On Tue, 22 Oct 2002, at 16:50:32 [GMT -0400] you wrote in the message: > Command>> delkey 87018F83 > You must select at least one key. > --- > I even tried delkey nc@stormvault.net and it gave me the same error > message. gpg --edit-key 87018F83 key 1 delkey save However, it should be noted that if you have uploaded your key to the keyservers you should revoke the specified subkey rather than delete, as it will not be deleted from the server. gpg --edit-key 87018F83 key 1 revkey follow prompts save -- Best regards, Erik From newton@hammet.net Wed Oct 23 01:40:02 2002 From: newton@hammet.net (Newton Hammet) Date: Wed Oct 23 00:40:02 2002 Subject: pub & sub References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> <1775405705.20021022091115@wegasoft.de> <1035275319.5133.5.camel@dimension> <3DB5665D.C51F88CD@hammet.net> <1035319832.9601.8.camel@dimension> Message-ID: <3DB5E25F.CAA3AE8A@hammet.net> Nicolas Couture wrote: > > On Tue, 2002-10-22 at 10:53, Newton Hammet wrote: > > Nicolas Couture wrote: > > > > > > I curently has both pub and sub keys setted to 1024D : > > > > > > pub 1024D/ ... .. . > > > sub 1024D/ ... .. . > > > > > > I'd like to set my sub key to 2048g is it possible ? > > > > > > How can I do it ? > > > > > > Thanks. > > > > > > ------------------------------------------------------------------------ > > > Name: signature.asc > > > signature.asc Type: application/pgp-signature > > > Description: This is a digitally signed message part > > > > You can optionally delete the 1024D subkey... then do an addkey > > and select 2048-bit length. You can't take the 1024D subkey and > > make it longer. > > > > gpg --edit-key > > > > and follow the prompts... > > > > I tried your solution with half success: > > --- > remote@dimension:~$ gpg --list-key > ... > pub 1024D/4C7461CF 2002-10-22 Nicolas Couture > sub 1024g/87018F83 2002-10-22 [expires: 2006-06-20] > sub 2048g/9FDDA627 2002-10-22 [expires: 2006-06-20] > ... > remote@dimension:~$ gpg --edit-key nc@stormvault.net > ... > Secret key is available. > > pub 1024D/4C7461CF created: 2002-10-22 expires: 2006-06-20 trust: -/d > *** This key has been disabled > sub 1024g/87018F83 created: 2002-10-22 expires: 2006-06-20 > sub 2048g/9FDDA627 created: 2002-10-22 expires: 2006-06-20 > (1). Nicolas Couture > --- > > I can not use delkey specifying the keyid 87018F83 That isn't how it is used. first you must enter the command 'key N' where 'N' is the number of the subkey you want to delete. then enter 'delkey'. then that should work. Regards, Newton > --- > Command> delkey 87018F83 > You must select at least one key. > --- > > I even tried delkey nc@stormvault.net and it gave me the same error > message. > > Thanks in advance! > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From nc@stormvault.net Wed Oct 23 02:53:02 2002 From: nc@stormvault.net (Nicolas Couture) Date: Wed Oct 23 01:53:02 2002 Subject: pub & sub In-Reply-To: <3DB5E25F.CAA3AE8A@hammet.net> References: <20021017042637.31939.14041.Mailman@trithemius.gnupg.org> <1371928315.20021017083535@wegasoft.de> <20021017095540.GA890@daredevil.joesixpack.net> <9724044890.20021017144408@wegasoft.de> <20021017160639.GA1328@daredevil.joesixpack.net> <1775405705.20021022091115@wegasoft.de> <1035275319.5133.5.camel@dimension> <3DB5665D.C51F88CD@hammet.net> <1035319832.9601.8.camel@dimension> <3DB5E25F.CAA3AE8A@hammet.net> Message-ID: <1035330817.10678.3.camel@dimension> --=-ZZUCD3mk6qphZYgPtQJy Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-10-22 at 19:42, Newton Hammet wrote: > Nicolas Couture wrote: > >=20 > > On Tue, 2002-10-22 at 10:53, Newton Hammet wrote: > > > Nicolas Couture wrote: > > > > > > > > I curently has both pub and sub keys setted to 1024D : > > > > > > > > pub 1024D/ ... .. . > > > > sub 1024D/ ... .. . > > > > > > > > I'd like to set my sub key to 2048g is it possible ? > > > > > > > > How can I do it ? > > > > > > > > Thanks. > > > > > > > > -----------------------------------------------------------------= ------- > > > > Name: signature.asc > > > > signature.asc Type: application/pgp-signature > > > > Description: This is a digitally signed message par= t > > > > > > You can optionally delete the 1024D subkey... then do an addkey > > > and select 2048-bit length. You can't take the 1024D subkey and > > > make it longer. > > > > > > gpg --edit-key > > > > > > and follow the prompts... > > > > >=20 > > I tried your solution with half success: > >=20 > > --- > > remote@dimension:~$ gpg --list-key > > ... > > pub 1024D/4C7461CF 2002-10-22 Nicolas Couture > > sub 1024g/87018F83 2002-10-22 [expires: 2006-06-20] > > sub 2048g/9FDDA627 2002-10-22 [expires: 2006-06-20] > > ... > > remote@dimension:~$ gpg --edit-key nc@stormvault.net > > ... > > Secret key is available. > >=20 > > pub 1024D/4C7461CF created: 2002-10-22 expires: 2006-06-20 trust: -/d > > *** This key has been disabled > > sub 1024g/87018F83 created: 2002-10-22 expires: 2006-06-20 > > sub 2048g/9FDDA627 created: 2002-10-22 expires: 2006-06-20 > > (1). Nicolas Couture > > --- > >=20 > > I can not use delkey specifying the keyid 87018F83 >=20 > That isn't how it is used. >=20 > first you must enter the command=20 > 'key N' >=20 > where 'N' is the number of the subkey you want to delete. >=20 > then enter 'delkey'. >=20 > then that should work. >=20 Ok I got it now. But how could I have figured this out alone ? Where is this written at ? Thanks alot. Nicolas Couture > > --- > > Command> delkey 87018F83 > > You must select at least one key. > > --- > >=20 > > I even tried delkey nc@stormvault.net and it gave me the same error > > message. > >=20 > > Thanks in advance! > >=20 --=-ZZUCD3mk6qphZYgPtQJy Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9teUA21qyXJK3sIMRAkG+AKDF9ezzK32P9QTmlLAg/jrZ6POUsACffT5Z 89BiZzHtVPpWFltXfOAGa/Y= =M1m7 -----END PGP SIGNATURE----- --=-ZZUCD3mk6qphZYgPtQJy-- From trena@cotse.net Wed Oct 23 04:20:01 2002 From: trena@cotse.net (trena) Date: Wed Oct 23 03:20:01 2002 Subject: I lost my public key! :( Message-ID: Hello, According to my understanding of how PGP works, I should be able to get out of this mess, but I'm not quite sure how to go about doing so with GPG. Here's a summary of my scenario... I use GPG to encrypt a "filesystem in a file" that I mount using the loopback device, and keep my secret key on removable media. My .gnupg directory has a link to the secring.gpg file on a floppy, and my public key was kept on my hard drive. Thus I only need the floppy when unencrypting the filesystem, and could re-encrypt it using my public key. Unfortunately, I wiped my hard drive and installed a new version of GNU/Linux on my laptop and did not back up my public key (I mistakenly assumed all my keys were on the removable media). I have the secret key and my passphrase. Now how do I unencrypt the filesystem? I tried re-creating my keys and replacing the secret key with my old version from the floppy, but that doesn't work because the key IDs don't match. Can I edit the ID somehow in the new public key so it will work? Other ideas? Many, many thanks, Stu From cwsiv_home1@juno.com Wed Oct 23 04:32:01 2002 From: cwsiv_home1@juno.com (carl w spitzer) Date: Wed Oct 23 03:32:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? Message-ID: <20021022.183045.9767.0.cwsiv_home1@juno.com> While an estimated 900 million people use e-mail, few take advantage of encryption. http://www.NewsFactor.com/perl/story/18860.html NewsFactor.com, Aug. 5, 2002 ________________________________________________________________ Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com From dshaw@jabberwocky.com Wed Oct 23 06:33:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 23 05:33:02 2002 Subject: I lost my public key! :( In-Reply-To: References: Message-ID: <20021023033344.GA27838@jabberwocky.com> On Tue, Oct 22, 2002 at 09:19:34PM -0400, trena wrote: > I have the secret key and my passphrase. Now how do I unencrypt the > filesystem? I tried re-creating my keys and replacing the secret key with > my old version from the floppy, but that doesn't work because the key IDs > don't match. Can I edit the ID somehow in the new public key so it will > work? Other ideas? Unlike many "lost key" situations, you're not completely out of luck. All OpenPGP secret keys have a copy of the public key inside them, and in a worst-case scenario, you can create yourself a new public key using the secret key. Some versions of PGP, in fact, do this automatically when you import a secret key. Did you (or someone else) send your public key to a keyserver? If so, you can probably retrieve a copy from there. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From bminton@efn.org Wed Oct 23 08:58:01 2002 From: bminton@efn.org (Brian Minton) Date: Wed Oct 23 07:58:01 2002 Subject: I lost my public key! :( In-Reply-To: <20021023033344.GA27838@jabberwocky.com> References: <20021023033344.GA27838@jabberwocky.com> Message-ID: <20021023055827.GA2087@bminton.dyn.cheapnet.net> --ftEhullJWpWg/VHq Content-Type: multipart/mixed; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Oct 22, 2002 at 11:33:44PM -0400, David Shaw wrote: > Unlike many "lost key" situations, you're not completely out of > luck. All OpenPGP secret keys have a copy of the public key > inside them, and in a worst-case scenario, you can create > yourself a new public key using the secret key. Some versions > of PGP, in fact, do this automatically when you import a secret > key. ok, I tried this, and not only did it fail, it crashed gnupg 1.2.0 and pgp freeware version 6.5.8ckt Build: 08... attached is what gpg did (the passphrase is: test key) the -vv or --list-all-packets options didn't give any more information --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=typescript Script started on Wed Oct 23 01:39:09 2002 minton@bminton:~/tmp$ cat test-key.asc -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.2.0 (GNU/Linux) lQHhBD22L0kRBACcGDl1nUl/bqQv2fTv8NNIkSce40Vfr9KnOtONOFa5atr7nxjH 1ui8Br1QFm+v7GlHhNbogOekKWhhRvlhMXTW2mfLRBuUIcQCEqL+9tn5sbyI89hf QPOjb1hd4GslnYsDyUbfjFvkkvCWKhC3EYyjqcf06KRC/BODRtosrnesEwCg8Rtw 4AiXjL1lD67BNHZ4h3PDYVcD/312N5x7lMN5kqB+0ePBtRDRj4lOyYJ4MHTqttWV 1kdJ+lcslKTT8TZoTBSXJcqmEHDCrh+blr3btwzsl8E2N6OtDsfZBadXFBXbsbKe RjvPfkLUZEDXeh/cblrEiAl61+bogX527t711tRICdk6YAKZyshyjjiM/uQAaILE AHH3A/4pcY1/4sMWCfHPHSXsCQ71ehIuBzVI3/QH8Ys7V0ZLqULpl1kapto7w9iV RTbiCuZHu1hbE8uUJJ6ywgopLKG76LHCJzSoRi/IPZ8kO2zn2wKYVECqjUDwiH6F +7UEFQo896Vu+hihflJWWkUAq2qUUKOQhI0F26pR7wJYyIW9zf4DAwKyKFApMcZl umCz0iYZ8+mNRqVj9neM0QaEJ+DgSZNngk7jNSkVF2dlsORcssf2r0l9tES/lrWg keoblrQIdGVzdCBrZXmIXwQTEQIAHwUCPbYvSQUJAAFRgAQLBwMCAxUCAwMWAgEC HgECF4AACgkQ4+gqsHaDvXJisACcCvPk1bbynNGdj/Aesh/JtsvDhU0AnA07sCHh IxRrssY2XXEgxAtL6Y36nQFXBD22L08QBAC+Q00dZqs62Zq2nZI5Xw941RJ9g8F5 XNZ7oysIg7bZ8/d6GMygzVhxDTLS7f0/hZ66PPCk28bzU/gOTIv6OEuevQet1KhZ yCUEwGJEXmAAwSx5gQ81gXILxpGqICwPofTg30yHG69HcXPUOIFtuz0togF6WOo1 Aw5cxYeTfVwYYwADBgQAjo0OldiUt2D7pUu0CubyMKsEjuG+36mPhSLBNyi6+Vr0 rJsTXaneuvrxTIw+n9h5aDNbXhZurD3iGkx2loUZ2bdR/eoFHgwt5fenLtIL6xI3 is0OvxqlPea0MWcwBpM+OwakIQrVe9XHYvtRI2xj70QqcX/4WHxKqPOZPeh9G9f+ AwMCsihQKTHGZbpg85xdSCBplPkM7HYpLyygqKpkkNkUUGw9ipfGBde6I4bu+5gd UEnv/TATmc1q6/9+wmNkShhTi7X2T3ue84hMBBgRAgAMBQI9ti9PBQkAAVGAAAoJ EOPoKrB2g71yxrkAoNI1GP0N7GlcuN6OJcVaWLghmssWAJ4r27UfcAkzhB7SY7V3 ObmBsthEMg== =9MrS -----END PGP PRIVATE KEY BLOCK----- minton@bminton:~/tmp$ cat test.asc -----BEGIN PGP MESSAGE----- Version: GnuPG v1.2.0 (GNU/Linux) hQEOA7Ru3qG3ojulEAQAoP3LzuysjojmOTCavvK+km69I2Xj2OIUCfqp7tY5yEgH 4Fb2pGiqkhXddKNUsQSg/3nka23k6YBR0R9PTijNp8oizlyMnv4G91xTNAFufEQQ 32SOY6/pZJu9I5LP1D/lV4NLSv39y3Dqwf5o/WanI+DeEozhFbTFGcEW1W3XQSgE AJwye5qmWJWqRUUkBgfGGkx7or6CDGz0hQGD1jXHJTb6rrtGKlDPOWgxXV2pGUfA 4xBVz4B4o+fvhNoez5V8T+8fzzjUVsCwSmXJTxTspsCC3socNH9BLwWOVc630hXH qji5/lcsqo40t4LEEbSavaZ4e3KgFN2+oieWcvAHZFXP0j4Bjm04CEPhlgA7hbPU ZfCtvu0Lz8J/lxhfWekhUNpGBL7gbzgpYdiQu86OHeylRFug4XWnktXajGDSoKrd RQ== =JaeO -----END PGP MESSAGE----- minton@bminton:~/tmp$ gpg test.asc gpg: key 7683BD72: secret key without public key - skipped gpg: encrypted with ELG-E key, ID B7A23BA5 gpg: decryption failed: secret key not available minton@bminton:~/tmp$ gpg --try-all-secrets test.asc gpg: anonymous recipient; trying secret key 731C0B62 ... You need a passphrase to unlock the secret key for user: "Brian Minton " 1184-bit ELG-E key, ID 731C0B62, created 2000-05-15 Enter passphrase: gpg: anonymous recipient; trying secret key 35EB95DF ... You need a passphrase to unlock the secret key for user: "Brian Minton " 1152-bit ELG-E key, ID 35EB95DF, created 2000-08-30 Enter passphrase: gpg: anonymous recipient; trying secret key 22D4701E ... You need a passphrase to unlock the secret key for user: "Brian Minton (expiremental key, please don't use for general email) " 832-bit ELG-E key, ID 22D4701E, created 2000-12-02 Enter passphrase: gpg: anonymous recipient; trying secret key 20CBA5BB ... You need a passphrase to unlock the secret key for user: "Brian Minton " 1152-bit ELG-E key, ID 20CBA5BB, created 2001-10-27 Enter passphrase: gpg: anonymous recipient; trying secret key B7A23BA5 ... You need a passphrase to unlock the secret key for user: "[User id not found]" Enter passphrase: gpg: oops: public key not found for preference check gpg: Segmentation fault caught ... exiting Segmentation fault minton@bminton:~/tmp$ exit Script done on Wed Oct 23 01:40:14 2002 --KsGdsel6WgEHnImy-- --ftEhullJWpWg/VHq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9tjqDcieIIFcDdHIRAom4AKCVBNI9a2Bawxeq5gQSZdFfGdWeLQCg1Ppi wHx7sQPm0LGX68g5lhuKJj4= =o+UR -----END PGP SIGNATURE----- --ftEhullJWpWg/VHq-- From minton@csc.smsu.edu Wed Oct 23 08:59:01 2002 From: minton@csc.smsu.edu (Brian Minton) Date: Wed Oct 23 07:59:01 2002 Subject: I lost my public key! :( In-Reply-To: <20021023033344.GA27838@jabberwocky.com> References: <20021023033344.GA27838@jabberwocky.com> Message-ID: <20021023055925.GB2087@bminton.dyn.cheapnet.net> --3Pql8miugIZX0722 Content-Type: multipart/mixed; boundary="XMCwj5IQnwKtuyBG" Content-Disposition: inline --XMCwj5IQnwKtuyBG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Oct 22, 2002 at 11:33:44PM -0400, David Shaw wrote: > Unlike many "lost key" situations, you're not completely out of > luck. All OpenPGP secret keys have a copy of the public key > inside them, and in a worst-case scenario, you can create > yourself a new public key using the secret key. Some versions > of PGP, in fact, do this automatically when you import a secret > key. ok, I tried this, and not only did it fail, it crashed gnupg 1.2.0 and pgp freeware version 6.5.8ckt Build: 08... attached is what gpg did (the passphrase is: test key) the -vv or --list-all-packets options didn't give any more information --XMCwj5IQnwKtuyBG Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=typescript Script started on Wed Oct 23 01:39:09 2002 minton@bminton:~/tmp$ cat test-key.asc -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.2.0 (GNU/Linux) lQHhBD22L0kRBACcGDl1nUl/bqQv2fTv8NNIkSce40Vfr9KnOtONOFa5atr7nxjH 1ui8Br1QFm+v7GlHhNbogOekKWhhRvlhMXTW2mfLRBuUIcQCEqL+9tn5sbyI89hf QPOjb1hd4GslnYsDyUbfjFvkkvCWKhC3EYyjqcf06KRC/BODRtosrnesEwCg8Rtw 4AiXjL1lD67BNHZ4h3PDYVcD/312N5x7lMN5kqB+0ePBtRDRj4lOyYJ4MHTqttWV 1kdJ+lcslKTT8TZoTBSXJcqmEHDCrh+blr3btwzsl8E2N6OtDsfZBadXFBXbsbKe RjvPfkLUZEDXeh/cblrEiAl61+bogX527t711tRICdk6YAKZyshyjjiM/uQAaILE AHH3A/4pcY1/4sMWCfHPHSXsCQ71ehIuBzVI3/QH8Ys7V0ZLqULpl1kapto7w9iV RTbiCuZHu1hbE8uUJJ6ywgopLKG76LHCJzSoRi/IPZ8kO2zn2wKYVECqjUDwiH6F +7UEFQo896Vu+hihflJWWkUAq2qUUKOQhI0F26pR7wJYyIW9zf4DAwKyKFApMcZl umCz0iYZ8+mNRqVj9neM0QaEJ+DgSZNngk7jNSkVF2dlsORcssf2r0l9tES/lrWg keoblrQIdGVzdCBrZXmIXwQTEQIAHwUCPbYvSQUJAAFRgAQLBwMCAxUCAwMWAgEC HgECF4AACgkQ4+gqsHaDvXJisACcCvPk1bbynNGdj/Aesh/JtsvDhU0AnA07sCHh IxRrssY2XXEgxAtL6Y36nQFXBD22L08QBAC+Q00dZqs62Zq2nZI5Xw941RJ9g8F5 XNZ7oysIg7bZ8/d6GMygzVhxDTLS7f0/hZ66PPCk28bzU/gOTIv6OEuevQet1KhZ yCUEwGJEXmAAwSx5gQ81gXILxpGqICwPofTg30yHG69HcXPUOIFtuz0togF6WOo1 Aw5cxYeTfVwYYwADBgQAjo0OldiUt2D7pUu0CubyMKsEjuG+36mPhSLBNyi6+Vr0 rJsTXaneuvrxTIw+n9h5aDNbXhZurD3iGkx2loUZ2bdR/eoFHgwt5fenLtIL6xI3 is0OvxqlPea0MWcwBpM+OwakIQrVe9XHYvtRI2xj70QqcX/4WHxKqPOZPeh9G9f+ AwMCsihQKTHGZbpg85xdSCBplPkM7HYpLyygqKpkkNkUUGw9ipfGBde6I4bu+5gd UEnv/TATmc1q6/9+wmNkShhTi7X2T3ue84hMBBgRAgAMBQI9ti9PBQkAAVGAAAoJ EOPoKrB2g71yxrkAoNI1GP0N7GlcuN6OJcVaWLghmssWAJ4r27UfcAkzhB7SY7V3 ObmBsthEMg== =9MrS -----END PGP PRIVATE KEY BLOCK----- minton@bminton:~/tmp$ cat test.asc -----BEGIN PGP MESSAGE----- Version: GnuPG v1.2.0 (GNU/Linux) hQEOA7Ru3qG3ojulEAQAoP3LzuysjojmOTCavvK+km69I2Xj2OIUCfqp7tY5yEgH 4Fb2pGiqkhXddKNUsQSg/3nka23k6YBR0R9PTijNp8oizlyMnv4G91xTNAFufEQQ 32SOY6/pZJu9I5LP1D/lV4NLSv39y3Dqwf5o/WanI+DeEozhFbTFGcEW1W3XQSgE AJwye5qmWJWqRUUkBgfGGkx7or6CDGz0hQGD1jXHJTb6rrtGKlDPOWgxXV2pGUfA 4xBVz4B4o+fvhNoez5V8T+8fzzjUVsCwSmXJTxTspsCC3socNH9BLwWOVc630hXH qji5/lcsqo40t4LEEbSavaZ4e3KgFN2+oieWcvAHZFXP0j4Bjm04CEPhlgA7hbPU ZfCtvu0Lz8J/lxhfWekhUNpGBL7gbzgpYdiQu86OHeylRFug4XWnktXajGDSoKrd RQ== =JaeO -----END PGP MESSAGE----- minton@bminton:~/tmp$ gpg test.asc gpg: key 7683BD72: secret key without public key - skipped gpg: encrypted with ELG-E key, ID B7A23BA5 gpg: decryption failed: secret key not available minton@bminton:~/tmp$ gpg --try-all-secrets test.asc gpg: anonymous recipient; trying secret key 731C0B62 ... You need a passphrase to unlock the secret key for user: "Brian Minton " 1184-bit ELG-E key, ID 731C0B62, created 2000-05-15 Enter passphrase: gpg: anonymous recipient; trying secret key 35EB95DF ... You need a passphrase to unlock the secret key for user: "Brian Minton " 1152-bit ELG-E key, ID 35EB95DF, created 2000-08-30 Enter passphrase: gpg: anonymous recipient; trying secret key 22D4701E ... You need a passphrase to unlock the secret key for user: "Brian Minton (expiremental key, please don't use for general email) " 832-bit ELG-E key, ID 22D4701E, created 2000-12-02 Enter passphrase: gpg: anonymous recipient; trying secret key 20CBA5BB ... You need a passphrase to unlock the secret key for user: "Brian Minton " 1152-bit ELG-E key, ID 20CBA5BB, created 2001-10-27 Enter passphrase: gpg: anonymous recipient; trying secret key B7A23BA5 ... You need a passphrase to unlock the secret key for user: "[User id not found]" Enter passphrase: gpg: oops: public key not found for preference check gpg: Segmentation fault caught ... exiting Segmentation fault minton@bminton:~/tmp$ exit Script done on Wed Oct 23 01:40:14 2002 --XMCwj5IQnwKtuyBG-- --3Pql8miugIZX0722 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9tjq9cieIIFcDdHIRApN1AKDgfL9EEmNs9WToTJH9pJqoscMeNgCgzsgF STkU+X8fbqoPidojuHKCqXo= =vtM+ -----END PGP SIGNATURE----- --3Pql8miugIZX0722-- From wk@gnupg.org Wed Oct 23 10:11:02 2002 From: wk@gnupg.org (Werner Koch) Date: Wed Oct 23 09:11:02 2002 Subject: I lost my public key! :( In-Reply-To: <20021023055827.GA2087@bminton.dyn.cheapnet.net> (Brian Minton's message of "Wed, 23 Oct 2002 01:58:27 -0400") References: <20021023033344.GA27838@jabberwocky.com> <20021023055827.GA2087@bminton.dyn.cheapnet.net> Message-ID: <87n0p51vkl.fsf@alberti.g10code.de> On Wed, 23 Oct 2002 01:58:27 -0400, Brian Minton said: > gpg: oops: public key not found for preference check > gpg: Segmentation fault caught ... exiting Okay, I fixed this. I see what I can do to recreate a public key from a secret one. Shalom-Salam, Werner From wk@gnupg.org Wed Oct 23 11:57:02 2002 From: wk@gnupg.org (Werner Koch) Date: Wed Oct 23 10:57:02 2002 Subject: I lost my public key! :) In-Reply-To: <20021023033344.GA27838@jabberwocky.com> (David Shaw's message of "Tue, 22 Oct 2002 23:33:44 -0400") References: <20021023033344.GA27838@jabberwocky.com> Message-ID: <87k7k91ql9.fsf_-_@alberti.g10code.de> On Tue, 22 Oct 2002 23:33:44 -0400, David Shaw said: > All OpenPGP secret keys have a copy of the public key inside them, and > in a worst-case scenario, you can create yourself a new public key > using the secret key. Some versions of PGP, in fact, do this I just wrote a tool to convert a secret key into a public one. It is actually a new option for gpgsplit and available in the CVS. It will also be included in 1.2.1 I hope to release soon. It works like this gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg One should first try to export the secret key and convert just this one. Using the entire secring should work too. After this has been done, the publickey.gpg can be imported into gpg as usual. Salam-Shalom, Werner From ndtt@ll.iac.es Wed Oct 23 12:16:02 2002 From: ndtt@ll.iac.es (Noel D. Torres =?iso-8859-1?Q?Ta=F1o?=) Date: Wed Oct 23 11:16:02 2002 Subject: Compiling problem on Solaris Message-ID: <3DB5637D.B14390EE@ll.iac.es> I compiled gnupg in solaris some days ago, without problems, adding in line 175 of tools/Makefile the flags -lnsl and -lsocket. But now the sysadmins have changed the SO to version 5.8 and I have a new compiling problem: Making all in checks ../tools/mk-tdata 80000 >data-80000 ld.so.1: ../tools/mk-tdata: fatal: relocation error: file ../tools/mk-tdata: symbol __register_frame_info: referenced symbol not found *** Error code 137 make: Fatal error: Command failed for target `data-80000' Current working directory /home/ndtt/gnupg-1.2.0/checks *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /home/ndtt/gnupg-1.2.0 *** Error code 1 make: Fatal error: Command failed for target `all' Haye you any idea about how to fix it? I was trying gnupg 1.2.0 Noel Torres From jas@extundo.com Wed Oct 23 12:29:01 2002 From: jas@extundo.com (Simon Josefsson) Date: Wed Oct 23 11:29:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021022.183045.9767.0.cwsiv_home1@juno.com> (carl w spitzer's message of "Fri, 18 Oct 2002 19:33:38 PDT") References: <20021022.183045.9767.0.cwsiv_home1@juno.com> Message-ID: carl w spitzer writes: > While an estimated 900 million people use e-mail, few take advantage of > encryption. > http://www.NewsFactor.com/perl/story/18860.html > NewsFactor.com, Aug. 5, 2002 Why isn't everyone doing phone encryption? Why isn't everyone encrypting their personal postal mail? Just because something is technically possible doesn't mean everyone should use it. From wk@gnupg.org Wed Oct 23 12:41:02 2002 From: wk@gnupg.org (Werner Koch) Date: Wed Oct 23 11:41:02 2002 Subject: Compiling problem on Solaris In-Reply-To: <3DB5637D.B14390EE@ll.iac.es> ("Noel D. Torres =?iso-8859-1?q?Ta=F1o"'s?= message of "Tue, 22 Oct 2002 15:41:01 +0100") References: <3DB5637D.B14390EE@ll.iac.es> Message-ID: <87d6q11ol1.fsf@alberti.g10code.de> On Tue, 22 Oct 2002 15:41:01 +0100, Noel D Torres Taño said: > I compiled gnupg in solaris some days ago, without problems, adding in > line 175 of tools/Makefile the flags -lnsl and -lsocket. > But now the sysadmins have changed the SO to version 5.8 and I have a > new compiling problem: Can you please try this release: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.1rc1.tar.gz Shalom-Salam, Werner From Scott_Carpenter@cargill.com Wed Oct 23 15:11:02 2002 From: Scott_Carpenter@cargill.com (Scott_Carpenter@cargill.com) Date: Wed Oct 23 14:11:02 2002 Subject: Verifying a signature Message-ID: If I'm running gpg in an automated environment, what is the best way to make sure that a good signature came from the sender I expected? For instance: I run gpg decrypt with --status-fd and analyze the output to see that a GOODSIG was included. Now how do I make sure it was ACME's signature and not somebody else on my keyring? Do I check the output for ACME's name or email or whatever identifying information they have with their public key? Thanks, Scott From John.Gill@tgslc.org Wed Oct 23 16:42:02 2002 From: John.Gill@tgslc.org (Gill, John) Date: Wed Oct 23 15:42:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? Message-ID: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> The interface is too confusing for the "average-home" user. It's like asking them to perform a tune-up on a car. They just don't know or care to know. Encryption is a great idea, but because of user interface issues it's still for power-users or better. John Gill *** These comments are my own and do not represent my employer in any way. -----Original Message----- From: Simon Josefsson [mailto:jas@extundo.com] Sent: Wednesday, October 23, 2002 4:30 AM To: carl w spitzer Cc: gnupg-users@gnupg.org; PGP-Basics@yahoogroups.com Subject: Re: E-Mail Encryption: Why Isn't Everyone Doing It? carl w spitzer writes: > While an estimated 900 million people use e-mail, few take advantage of > encryption. > http://www.NewsFactor.com/perl/story/18860.html > NewsFactor.com, Aug. 5, 2002 Why isn't everyone doing phone encryption? Why isn't everyone encrypting their personal postal mail? Just because something is technically possible doesn't mean everyone should use it. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From esj@harvee.billerica.ma.us Wed Oct 23 16:47:02 2002 From: esj@harvee.billerica.ma.us (Eric S. Johansson) Date: Wed Oct 23 15:47:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? References: <20021022.183045.9767.0.cwsiv_home1@juno.com> Message-ID: <3DB6A89D.8030300@harvee.billerica.ma.us> Simon Josefsson wrote: > carl w spitzer writes: > > >>While an estimated 900 million people use e-mail, few take advantage of >>encryption. >>http://www.NewsFactor.com/perl/story/18860.html >>NewsFactor.com, Aug. 5, 2002 > > > Why isn't everyone doing phone encryption? Why isn't everyone > encrypting their personal postal mail? Just because something is > technically possible doesn't mean everyone should use it. that's not an entirely fair answer. Phone encryption isn't done because people have an unrealistic expectation of privacy. Same is true of postal mail; it's an envelope, it can't be easily snooped. e-mail is perceived as being hard to read on the wire because the end-user can't see it except with their e-mail client. I've often thought it would be "amusing" to capture e-mails in transit to make them visible via a Web interface. Obviously one would need a very good lawyer and plenty of $$ to defend yourself but it would get the point across about e-mail not being private. Now, more directly to Carl's question: 1) user interface sucks 2) users will barely tolerate a single password and a pass phrase is just plain rejected 3) it's not integrated into the client delivered by the ISP 4) it's too much like work to dig up keys of the other person 5) the user interface still sucks I'm encountering similar problems with the camram antispam system. I'm trying to figure out how to train system without letting the user know that they're the training system. It's a challenge getting the user to do anything different. As part of the camram system, I'm trying to address some of the encrypted e-mail in transit issues. For example, I will be propagating public keys as part of every message. I'm going to ignore the whole key server infrastructure because it just won't scale (think one public key per user per year, no revocation). The next sacred cow to be slaughtered is I will not require any passphrases. Yes, if an attacker gets in and steals the private key, they can cause all sorts of mischief. The chances of the happening are extremely low especially if we generate new keys on a regular basis. there will be no user interface for the encryption system. It will all work in the background. well, maybe there will be a geek/tinkerers user interface but 99 percent of the users will ignore it. now, nothing I'm doing will stop you from running the ugly-interface, hard-to-use encryption system of today. but for the vast majority of users, the system I'm working on will probably be good enough. Yes, it has certain weaknesses (mitm, unprotected private keys) but that's OK. If we can come up with a way to fix these problems without requiring the naive user to change how they work, then so much the better. The important thing is that the amount of encrypted traffic on the net would go up and it would be indistinguishable from encrypted traffic using the proper protocols. ---eric From John.Gill@tgslc.org Wed Oct 23 16:50:02 2002 From: John.Gill@tgslc.org (Gill, John) Date: Wed Oct 23 15:50:02 2002 Subject: Verifying a signature Message-ID: <92BE0AA5B56B5849AFE716631DA5102E01A79B9A@tgserve1> I had to do this too. To solve it, I created a master key database and created a custom keyring only when I needed to decrypt a single item. Into that custom keyring I placed my public key and the public key of the sender. The b2b network I was working with required all participants to put a set of identifying information in the subject/filename so that the receiving party knew who should have signed the file. John Gill *** These comments are my own and do not represent my employer in any way. -----Original Message----- From: Scott_Carpenter@cargill.com [mailto:Scott_Carpenter@cargill.com] Sent: Wednesday, October 23, 2002 7:11 AM To: gnupg-users@gnupg.org Subject: Verifying a signature If I'm running gpg in an automated environment, what is the best way to make sure that a good signature came from the sender I expected? For instance: I run gpg decrypt with --status-fd and analyze the output to see that a GOODSIG was included. Now how do I make sure it was ACME's signature and not somebody else on my keyring? Do I check the output for ACME's name or email or whatever identifying information they have with their public key? Thanks, Scott _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From trena@cotse.net Wed Oct 23 17:21:02 2002 From: trena@cotse.net (trena) Date: Wed Oct 23 16:21:02 2002 Subject: I lost my public key! :) In-Reply-To: <87k7k91ql9.fsf_-_@alberti.g10code.de> References: <20021023033344.GA27838@jabberwocky.com> <87k7k91ql9.fsf_-_@alberti.g10code.de> Message-ID: > On Tue, 22 Oct 2002 23:33:44 -0400, David Shaw said: > >> All OpenPGP secret keys have a copy of the public key inside them, and >> in a worst-case scenario, you can create yourself a new public key >> using the secret key. Some versions of PGP, in fact, do this > > I just wrote a tool to convert a secret key into a public one. It is > actually a new option for gpgsplit and available in the CVS. It will > also be included in 1.2.1 I hope to release soon. > > It works like this > > gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg > > One should first try to export the secret key and convert just this one. > Using the entire secring should work too. After this has been done, > the publickey.gpg can be imported into gpg as usual. > > > Salam-Shalom, > > Werner Werner, I can't thank you enough. I'll check this out of CVS and give it a shot. Stu From ARustad@Online-can.com Wed Oct 23 17:25:06 2002 From: ARustad@Online-can.com (Rustad, Aaron) Date: Wed Oct 23 16:25:06 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? Message-ID: <35199F5CEFCED311B69A009027DCD2550156E38D@cgyexchange.online-can.com> Email encryption is a Joke...especially PGP/GPG....but not because it doesn't work, and not because the interface is ugly and hard to work with, but because the "other guy" almost always refuses to take the time to learn it. Strong measures need to be taken to force people to use it...especially corporations. I would love to see my employer at least mandate the use of PGP internally, but, even though we are a high tech company, we are just to lazy to put forth the initiative to secure our mail/intellectual knowledge. Like I said, I would use it all the time, however, that means that everyone else would have to use it too. -----Original Message----- From: Gill, John [mailto:John.Gill@tgslc.org] Sent: Wednesday, October 23, 2002 7:43 AM To: gnupg-users@gnupg.org Subject: RE: E-Mail Encryption: Why Isn't Everyone Doing It? The interface is too confusing for the "average-home" user. It's like asking them to perform a tune-up on a car. They just don't know or care to know. Encryption is a great idea, but because of user interface issues it's still for power-users or better. John Gill *** These comments are my own and do not represent my employer in any way. -----Original Message----- From: Simon Josefsson [mailto:jas@extundo.com] Sent: Wednesday, October 23, 2002 4:30 AM To: carl w spitzer Cc: gnupg-users@gnupg.org; PGP-Basics@yahoogroups.com Subject: Re: E-Mail Encryption: Why Isn't Everyone Doing It? carl w spitzer writes: > While an estimated 900 million people use e-mail, few take advantage of > encryption. > http://www.NewsFactor.com/perl/story/18860.html > NewsFactor.com, Aug. 5, 2002 Why isn't everyone doing phone encryption? Why isn't everyone encrypting their personal postal mail? Just because something is technically possible doesn't mean everyone should use it. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From dshaw@jabberwocky.com Wed Oct 23 17:52:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 23 16:52:01 2002 Subject: Verifying a signature In-Reply-To: References: Message-ID: <20021023145246.GB2694@jabberwocky.com> On Wed, Oct 23, 2002 at 07:11:20AM -0500, Scott_Carpenter@cargill.com wrote: > If I'm running gpg in an automated environment, what is the best way to > make sure that a good signature came from the sender I expected? > > For instance: I run gpg decrypt with --status-fd and analyze the output > to see that a GOODSIG was included. Now how do I make sure it was > ACME's signature and not somebody else on my keyring? Do I check the > output for ACME's name or email or whatever identifying information > they have with their public key? The most secure way to do this is to look for GOODSIG *and* VALIDSIG. The first argument to VALIDSIG is the fingerprint of the key that made the signature. You can do this with just GOODSIG, but since GOODSIG has only the keyid and not a full fingerprint, it is spoofable. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From agreene@pobox.com Wed Oct 23 18:34:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Wed Oct 23 17:34:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: ; from jas@extundo.com on Wed, Oct 23, 2002 at 11:29:57AM +0200 References: <20021022.183045.9767.0.cwsiv_home1@juno.com> Message-ID: <20021023113427.G19196@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23-Oct-2002/11:29 +0200, Simon Josefsson wrote: >carl w spitzer writes: > >> While an estimated 900 million people use e-mail, few take advantage of >> encryption. >> http://www.NewsFactor.com/perl/story/18860.html >> NewsFactor.com, Aug. 5, 2002 > >Why isn't everyone doing phone encryption? Why isn't everyone >encrypting their personal postal mail? Just because something is >technically possible doesn't mean everyone should use it. People generally put personal mail in envelopes. They should do the same with email. There are some things that could make it easier: - Built-in support for the big two encryption schemes (OpenPGP, S/MIME) in all mail clients. - Automatic generation or import of keys during mail client setup. - Establishment of non-commercial CAs that issue cost-free certs that are accepted by most encryption implementations in their default configuration. Govt agencies could issue certs along with other identity documents. - Message is automatically encrypted if all recipients are able and willing to process encrypted mail. - Mail client encrypts replies to encrypted messages. - Mail client can cache decryption password if allowed by user. This allows auto-decrypt when recipient attempts to view the message. - Different authentication token (password) for signature and decryption keys. This allows mail clients to cache decryption keys without making signature keys vulnerable. As long as people have to take extra steps to protect their email, it won't happen. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9tsF/pCpg3WyUI50RAvR9AJ9ArqCSArYot2CPfRTSJHzrAEsA3QCbBxdX w6+f7MLSAvh6/DsIZjajJRk= =YI5r -----END PGP SIGNATURE----- From peter.schuller@infidyne.com Wed Oct 23 18:45:02 2002 From: peter.schuller@infidyne.com (Peter Schuller) Date: Wed Oct 23 17:45:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> Message-ID: <1035387996.3729.22.camel@furiona> > The interface is too confusing for the "average-home" user. It's like > asking them to perform a tune-up on a car. They just don't know or care to > know. Encryption is a great idea, but because of user interface issues it's > still for power-users or better. I don't agree. In order to achieve secure communication, there are certain steps that MUST be taken. It cannot happen automatically, because if it does it is by definition not secure. Granted, one could use a finger print device or similar to rid oneself of the passphrase problem, but the fundamental principles of secure communication is still there. It works exactly the same as any "real world" communication. If I'm given a phone number to John Doe and call him up - I have no way of knowing I am really talking to John Doe, nor that he possesses the role that someone else claims he does. If one were to try, I believe one could come a LONG way just through social engineering. E-Mail is also like postal mail. You have no way of knowing who sent it - unless you trust a return address which can be faked as easily as it can be real. You also have no way of ensuring that only the intended recipient reads the message - unless you take certain steps to do so. The one thing that makes electronic communication different is the level at which insecurities can be exploited. Tasks can be automated, etc. If you get into a company building through social engineering you might be able to sneak out with a PDA or two. You can't empty the entire building without being noticed. If you get into a server, you can easily delete everything on the hard drive - or worse, plant a trojan. Once you are in a position to exploit a vulnerability in a piece of software or in the way communication is being carried out, you have a helluva opportunity to exploit it, compared to non-computerized similar situations. For that reason, security in the digital world is often more important (or at least, the lack thereof is more disastrous) than in the physical world. I believe users (and others...) must be taught to respect security and understand the basic principles of trust that are a fact of life - with or without computers. (There are other importans issues aswell of course, such as E-Mail clients acting properly to protect the user, development of appropriate standards, etc. But at the very core of all issues is awareness. Automatic and therefore transparent security is seldom possible, even theoretically.) -- / Peter Schuller, InfiDyne Technologies HB PGP userID: 0xE9758B7D or 'Peter Schuller ' Key retrival: Send an E-Mail to getpgpkey@scode.org E-Mail: peter.schuller@infidyne.com Web: http://www.scode.org From dshaw@jabberwocky.com Wed Oct 23 19:07:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 23 18:07:02 2002 Subject: I lost my public key! :) In-Reply-To: <87k7k91ql9.fsf_-_@alberti.g10code.de> References: <20021023033344.GA27838@jabberwocky.com> <87k7k91ql9.fsf_-_@alberti.g10code.de> Message-ID: <20021023160724.GA5131@jabberwocky.com> On Wed, Oct 23, 2002 at 10:56:02AM +0200, Werner Koch wrote: > On Tue, 22 Oct 2002 23:33:44 -0400, David Shaw said: > > > All OpenPGP secret keys have a copy of the public key inside them, and > > in a worst-case scenario, you can create yourself a new public key > > using the secret key. Some versions of PGP, in fact, do this > > I just wrote a tool to convert a secret key into a public one. It is > actually a new option for gpgsplit and available in the CVS. It will > also be included in 1.2.1 I hope to release soon. I have added a similar feature to the development GnuPG. When you import a secret key, the embedded public key is imported as well. You can disable this behavior with "--import-option no-convert-sk-to-pk". David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From agreene@pobox.com Wed Oct 23 19:11:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Wed Oct 23 18:11:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <1035387996.3729.22.camel@furiona>; from peter.schuller@infidyne.com on Wed, Oct 23, 2002 at 05:46:35PM +0200 References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <1035387996.3729.22.camel@furiona> Message-ID: <20021023121207.I19196@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23-Oct-2002/17:46 +0200, Peter Schuller wrote: >In order to achieve secure communication, there are certain steps that >MUST be taken. It cannot happen automatically, because if it does it is >by definition not secure. There are relative levels of security. The tools need to allow full automation of the process, or else it won't happen. Users could be offered varying levels of automation and security and allowed to make a choice. It could be a simple as three buttons labeled like this: - Protect all my outgoing email if possible (Default) - Don't bother protecting my email - Advanced >It works exactly the same as any "real world" communication. If I'm >given a phone number to John Doe and call him up - I have no way of >knowing I am really talking to John Doe, nor that he possesses the role >that someone else claims he does. You are confusing authentication with encryption. Authentication is complex, but encryption is relatively simple. If I want to send you an encrypted message, I don't need to worry about whether your electronic identity is connected to the real world person "Peter Schuller". I just need to get a key that can be used by to decrypt the message. Compared to authenticating a connection between an identity and a person, getting that key is easy. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9tspVpCpg3WyUI50RAvkoAJwPS5VbYKsxisNpuFn7AffRlpJAEwCgjxZZ 1DRYEt3tCbSIclVCOat2ORU= =+jsQ -----END PGP SIGNATURE----- From jason.graham@danzas.com Wed Oct 23 19:20:01 2002 From: jason.graham@danzas.com (Jason Graham) Date: Wed Oct 23 18:20:01 2002 Subject: gpg: Oops; key lost! Message-ID: <005901c27aaf$87ab9670$530cc902@dcc1280a> This might be a dumb question but What does gpg: Oops; key lost! mean gpg --list-secret-keys gpg: Warning: using insecure memory! /data/ftp/customer/.gnupg/secring.gpg ----------------------------------- gpg: Oops; key lost! node 0x80caad8 00/00 type=public-key keyid=CD8C0D07 node 0x80cab20 00/00 type=user-id "company" node 0x80cac10 00/00 type=signature class=10 keyid=CD8C0D07 node 0x80cade8 00/00 type=public-subkey keyid=FDE79F3C node 0x80caed0 00/00 type=signature class=18 keyid=CD8C0D07 gpg: Oops; key lost! node 0x80caed0 00/00 type=public-key keyid=2710EA03 node 0x80cade8 00/00 type=user-id "customer" node 0x80cac10 00/00 type=signature class=10 keyid=2710EA03 node 0x80cab20 00/00 type=public-subkey keyid=65B16C22 node 0x80caad8 00/00 type=signature class=18 keyid=2710EA03 Jason From dshaw@jabberwocky.com Wed Oct 23 19:32:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 23 18:32:01 2002 Subject: gpg: Oops; key lost! In-Reply-To: <005901c27aaf$87ab9670$530cc902@dcc1280a> References: <005901c27aaf$87ab9670$530cc902@dcc1280a> Message-ID: <20021023163257.GB5131@jabberwocky.com> On Wed, Oct 23, 2002 at 12:16:20PM -0400, Jason Graham wrote: > This might be a dumb question but > > What does gpg: Oops; key lost! mean > > gpg --list-secret-keys > gpg: Warning: using insecure memory! > /data/ftp/customer/.gnupg/secring.gpg > ----------------------------------- > gpg: Oops; key lost! > node 0x80caad8 00/00 type=public-key keyid=CD8C0D07 > node 0x80cab20 00/00 type=user-id "company" > node 0x80cac10 00/00 type=signature class=10 keyid=CD8C0D07 > node 0x80cade8 00/00 type=public-subkey keyid=FDE79F3C > node 0x80caed0 00/00 type=signature class=18 keyid=CD8C0D07 > gpg: Oops; key lost! > node 0x80caed0 00/00 type=public-key keyid=2710EA03 > node 0x80cade8 00/00 type=user-id "customer" > node 0x80cac10 00/00 type=signature class=10 keyid=2710EA03 > node 0x80cab20 00/00 type=public-subkey keyid=65B16C22 > node 0x80caad8 00/00 type=signature class=18 keyid=2710EA03 Looks like you have public keys in your secret keyring. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From graham.todd@ntlworld.com Wed Oct 23 19:41:01 2002 From: graham.todd@ntlworld.com (Graham) Date: Wed Oct 23 18:41:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> Message-ID: <200210231749.02083.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 23 Oct 2002 2:43 pm, Gill, John wrote: > The interface is too confusing for the "average-home" user. It's > like asking them to perform a tune-up on a car. They just don't know > or care to know. Encryption is a great idea, but because of user > interface issues it's still for power-users or better. What interface with GnuPG? Even the proprietary PGP has a GUI interface, and its not too bad, but=20 could be refined. GnuPG has no GUI, and so it is even less embracing. In Linux, there are NO GUI front ends that can be used for all GPG=20 commands; those that are available are merely key editors with some nod=20 towards encryption facilities. GPA, as an example, doesn't show trust=20 properly. In Windows you at least have GPGShell and WinPT; GPGShell is=20 the most PGP-like interface and the easiest to use (IMHO). But both of these interface to a program that is commandline only: most=20 computer users in the world don't even know what a CLI is, and we're=20 going nowhere unless we break free from the limitations that imposes. Surely its not beyond the expertise of those who produce such a=20 brilliant program an GnuPG to provide a GUI interface through which ALL=20 commands can be given and which (in Linux anyway) can be used as a=20 stand alone program to encrypt or sign emails even in MUAs without GPG=20 integration? - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9ttL1IwtBZOk1250RAiitAKDrOnTFEI8QpPCAgKSlL0ZE9W9XWQCfThjX Gl1MLzM6irC4O8XwFPnHYIY=3D =3D/9sq -----END PGP SIGNATURE----- From rmalayter@bai.org Wed Oct 23 21:34:01 2002 From: rmalayter@bai.org (Ryan Malayter) Date: Wed Oct 23 20:34:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? Message-ID: <22FD1855C2B16C40A1F6DE406420021E01482EFA@mail.bai.org> From: Graham [mailto:graham.todd@ntlworld.com]=20 >Surely its not beyond the expertise of those=20 >who produce such a brilliant program an GnuPG=20 >to provide a GUI interface through which ALL=20 >commands can be given and which (in Linux=20 >anyway) can be used as a stand alone program=20 >to encrypt or sign emails even in MUAs without=20 >GPG integration? There are more ways to help with open source projects than simple programming. In fact, if you were to organize a GUI design document for an easy-to-use front end, I'll bet you could find someone to do the coding. One of the major problems with open-source software, in my opinion, is that it is written by software engineers for software engineers. It seems very few open-source projects have an interface design team with graphic artists, usability experts, "user-level" beta testers, etc. Most commercial development teams have such people to make sure the end result is not only usable (in the functional sense) but easy enough to be *useful* to the vast nontechnical masses. Ryan Malayter Sr. Network & Database Administrator Bank Administration Institute Chicago, Illinois, USA PGP Key: http://www.malayter.com/pgp-public.txt ::::::::::::::::::::::::::::::: Men stumble over the truth from time to time, but most pick themselves up and hurry off as if nothing happened. -Sir Winston S. Churchill From vedaal@lok.com Wed Oct 23 22:32:01 2002 From: vedaal@lok.com (vedaal@lok.com) Date: Wed Oct 23 21:32:01 2002 Subject: lost public key Message-ID: <200210231932.g9NJWvib021805@compute3.lok.com> >From: Brian Minton >Subject: Re: I lost my public key! :( >On Tue, Oct 22, 2002 at 11:33:44PM -0400, David Shaw wrote: > Unlike many "lost key" situations, you're not completely out of > luck. All OpenPGP secret keys have a copy of the public key > inside them, and in a worst-case scenario, you can create > yourself a new public key using the secret key. Some versions > of PGP, in fact, do this automatically when you import a secret > key. >ok, I tried this, and not only did it fail, it crashed gnupg >1.2.0 and pgp freeware version 6.5.8ckt Build: 08... ckt build 8 cannot recognize the new secret key format introduced in 1.0.7 but ckt 9 beta (1,2, and 3) does, and will automatically generate the public key when importing the secret key you can confirm this on ckt build 8, by generating a test key in gnupg, while using the option of '--simple-sk-checksum' and then import only the private key to ckt build 8, hth, vedaal From nc@stormvault.net Wed Oct 23 23:15:02 2002 From: nc@stormvault.net (Nicolas Couture) Date: Wed Oct 23 22:15:02 2002 Subject: I lost my public key! :( In-Reply-To: References: Message-ID: <1035404095.1853.4.camel@dimension> You should consider using something dedicated to what you're trying to do (cryptographic fs). There are alot of utils out there that are made for this purpose. Take cfs or loopaes. On Tue, 2002-10-22 at 21:19, trena wrote: > Hello, > > According to my understanding of how PGP works, I should be able to get > out of this mess, but I'm not quite sure how to go about doing so with > GPG. Here's a summary of my scenario... > > I use GPG to encrypt a "filesystem in a file" that I mount using the > loopback device, and keep my secret key on removable media. My .gnupg > directory has a link to the secring.gpg file on a floppy, and my public > key was kept on my hard drive. Thus I only need the floppy when > unencrypting the filesystem, and could re-encrypt it using my public key. > > Unfortunately, I wiped my hard drive and installed a new version of > GNU/Linux on my laptop and did not back up my public key (I mistakenly > assumed all my keys were on the removable media). > > I have the secret key and my passphrase. Now how do I unencrypt the > filesystem? I tried re-creating my keys and replacing the secret key with > my old version from the floppy, but that doesn't work because the key IDs > don't match. Can I edit the ID somehow in the new public key so it will > work? Other ideas? > > Many, many thanks, > > Stu > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From avbidder@fortytwo.ch Wed Oct 23 23:17:01 2002 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Oct 23 22:17:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021023121207.I19196@asmoweb.hqda.pentagon.mil> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <1035387996.3729.22.camel@furiona> <20021023121207.I19196@asmoweb.hqda.pentagon.mil> Message-ID: <1035404323.2330.12.camel@altfrangg> --=-1G3hVvgNrIC6qRZuQWWB Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-10-23 at 18:12, Anthony E. Greene wrote: > You are confusing authentication with encryption. >=20 > Authentication is complex, but encryption is relatively simple. If I want > to send you an encrypted message, I don't need to worry about whether you= r > electronic identity is connected to the rea= l > world person "Peter Schuller". I just need to get a key that can be used > by to decrypt the message. Compared to > authenticating a connection between an identity and a person, getting tha= t > key is easy. If you want encryption, you want other people to be unable to look at the encrypted email. You only want the owner of the respective emailaddress being able to look at it. You're right saying that you don't care about the person behind the key. But you must solve the authentication problem anyway, or you are wide open to a Man in the Middle Attack. There's just no way to securely encrypt messages without doing authentication first. cheers -- vbi -- this email is protected by a digital signature http://fortytwo.ch/gpg NOTE: get my key here: http://www.google.com/search?q=3DmQGiBDx2a6ERBAC8l --=-1G3hVvgNrIC6qRZuQWWB Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iHQEABECADQFAj23BCMtGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt YWlsLjIwMDIwODIyAAoJEIukMYvlp/fWt88An1slvFHTEZFLQG06y9HRTQaERyjj AKDe4fY/wQ7DKq7Egs17uJTthWb3HQ== =W/TC -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/gpg/policy/email.20020822 --=-1G3hVvgNrIC6qRZuQWWB-- From general@eepatents.com Wed Oct 23 23:26:02 2002 From: general@eepatents.com (Ed Suominen) Date: Wed Oct 23 22:26:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? References: <20021023193201.6964.92803.Mailman@trithemius.gnupg.org> Message-ID: <3DB706F6.1060408@eepatents.com> I agree with this comment and the others like it. I've quit relying on GnuPG/WinPT for much encryption per se, simply because people don't want to be bothered with it. When I have to send or show something sensitive to a colleague or an existing client, I try to do so via a tunnelled connection using my Privaria software. I wrote it for ease of use, and it's literally a one-click connection (no Amazon, this ain't online shopping...) once you've set it up. Perhaps the 25,000 downloads of the software since its May 2002 initial release says something about the value people place on encryption that's (relatively) easy to use. /--- Ed Suominen ------------------------------\ |> Registered Patent Agent |> Independent Inventor of EE Technology |> Author, PRIVARIA Secure Networking Suite || Freely available at http://www.privaria.org \--- http://www.eepatents.com -----------------/ > --__--__-- > > Message: 2 > From: "Rustad, Aaron" > To: "'gnupg-users@gnupg.org'" > Subject: RE: E-Mail Encryption: Why Isn't Everyone Doing It? > Date: Wed, 23 Oct 2002 08:40:31 -0600 > > Email encryption is a Joke...especially PGP/GPG....but not because it > doesn't work, and not because the interface is ugly and hard to work with, > but because the "other guy" almost always refuses to take the time to learn > it. Strong measures need to be taken to force people to use it...especially > corporations. I would love to see my employer at least mandate the use of > PGP internally, but, even though we are a high tech company, we are just to > lazy to put forth the initiative to secure our mail/intellectual knowledge. > > Like I said, I would use it all the time, however, that means that everyone > else would have to use it too. From ARustad@Online-can.com Wed Oct 23 23:43:02 2002 From: ARustad@Online-can.com (Rustad, Aaron) Date: Wed Oct 23 22:43:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? Message-ID: <35199F5CEFCED311B69A009027DCD2550156E394@cgyexchange.online-can.com> Ed, this sounds like a shameless plug. =-) -----Original Message----- From: Ed Suominen [mailto:general@eepatents.com] Sent: Wednesday, October 23, 2002 2:31 PM To: gnupg-users@gnupg.org Subject: Re: E-Mail Encryption: Why Isn't Everyone Doing It? I agree with this comment and the others like it. I've quit relying on GnuPG/WinPT for much encryption per se, simply because people don't want to be bothered with it. When I have to send or show something sensitive to a colleague or an existing client, I try to do so via a tunnelled connection using my Privaria software. I wrote it for ease of use, and it's literally a one-click connection (no Amazon, this ain't online shopping...) once you've set it up. Perhaps the 25,000 downloads of the software since its May 2002 initial release says something about the value people place on encryption that's (relatively) easy to use. /--- Ed Suominen ------------------------------\ |> Registered Patent Agent |> Independent Inventor of EE Technology |> Author, PRIVARIA Secure Networking Suite || Freely available at http://www.privaria.org \--- http://www.eepatents.com -----------------/ > --__--__-- > > Message: 2 > From: "Rustad, Aaron" > To: "'gnupg-users@gnupg.org'" > Subject: RE: E-Mail Encryption: Why Isn't Everyone Doing It? > Date: Wed, 23 Oct 2002 08:40:31 -0600 > > Email encryption is a Joke...especially PGP/GPG....but not because it > doesn't work, and not because the interface is ugly and hard to work with, > but because the "other guy" almost always refuses to take the time to learn > it. Strong measures need to be taken to force people to use it...especially > corporations. I would love to see my employer at least mandate the use of > PGP internally, but, even though we are a high tech company, we are just to > lazy to put forth the initiative to secure our mail/intellectual knowledge. > > Like I said, I would use it all the time, however, that means that everyone > else would have to use it too. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From jgoerzen@complete.org Thu Oct 24 00:16:01 2002 From: jgoerzen@complete.org (John Goerzen) Date: Wed Oct 23 23:16:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <35199F5CEFCED311B69A009027DCD2550156E394@cgyexchange.online-can.com> References: <35199F5CEFCED311B69A009027DCD2550156E394@cgyexchange.online-can.com> Message-ID: <20021023211612.GB19218@excelhustler.com> On Wed, Oct 23, 2002 at 02:58:27PM -0600, Rustad, Aaron wrote: [replying to Ed Suominen] > When I have to send or show something sensitive to a colleague or an > existing client, I try to do so via a tunnelled connection using my > Privaria software. I wrote it for ease of use, and it's literally a > one-click connection (no Amazon, this ain't online shopping...) once > you've set it up. Perhaps the 25,000 downloads of the software since its > May 2002 initial release says something about the value people place on > encryption that's (relatively) easy to use. I really see no difference in ease of use between this and e-mailing people, other than the fact that you downplay key verification and provide no coverage for web of trust while likely insecurely passing passphrases between processes and providing no support for cross-platform communication. Either way, you still have to set up a public key. In fact, I maintain that e-mailing is easier because you don't have to obtain an FTP account somewhere. -- John From ethompson@nbr.org Thu Oct 24 01:04:02 2002 From: ethompson@nbr.org (Erick Thompson) Date: Thu Oct 24 00:04:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? References: <35199F5CEFCED311B69A009027DCD2550156E394@cgyexchange.online-can.com> <20021023211612.GB19218@excelhustler.com> Message-ID: <031a01c27ae0$48147b40$3b01a8c0@NBROFFICE.ORG> > I really see no difference in ease of use between this and e-mailing people, > other than the fact that you downplay key verification and provide no > coverage for web of trust while likely insecurely passing passphrases > between processes and providing no support for cross-platform communication. I'm no expert in encryption (far from it), but it seems to be that a lot of problems come about by trying to make a platform completely secure, and saying that everything that doesn't achieve that is insecure, and therefore as bad as no security. I understand that if a system is vulnerable to an attack it can be comprimised, but sometimes half a cake is better then none :) In the case of passing passphrases between processes being a bad thing, yes it is, but if your system is running a trojan or process that can grab info passed between processes, you're SOL already. An earlier poster talked about not having passphrases at all, which I think is a great idea, as long as encryption and authentication are separated! I would like to see my users using encryption, but the level of hassle needed to do it right now is too high. Erick From factotum@gvdnet.dk Thu Oct 24 01:49:02 2002 From: factotum@gvdnet.dk (Martin Christensen) Date: Thu Oct 24 00:49:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <3DB6A89D.8030300@harvee.billerica.ma.us> ("Eric S. Johansson"'s message of "Wed, 23 Oct 2002 09:48:13 -0400") References: <20021022.183045.9767.0.cwsiv_home1@juno.com> <3DB6A89D.8030300@harvee.billerica.ma.us> Message-ID: <8765vsdb2m.fsf@gvdnet.dk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Eric" == Eric S Johansson writes: Eric> The next sacred cow to be slaughtered is I will not require any Eric> passphrases. Yes, if an attacker gets in and steals the private Eric> key, they can cause all sorts of mischief. The chances of the Eric> happening are extremely low especially if we generate new keys Eric> on a regular basis. If it were to become widespread, then it would be useless. If everyone encrypts their stuff but leave their unprotected private key floating around much like they do their address books, then all they have is a false sense of security. It would take two weeks for the first virus to come by to collect secret keys. Even relatively simple passphrases (relatively being defined as being able to withstand, say, John the Ripper for at least a couple of hours) to protect the private keys would make it infeasible to try to reap keys en masse. Martin - -- Homepage: http://www.cs.auc.dk/~factotum/ GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using Mailcrypt+GnuPG iEYEARECAAYFAj23J7EACgkQYu1fMmOQldWP0gCglXgoMI80ZcPdRVqLWNmYdVWy gCkAnAjOG95KXTQsepEtII008gb+VE1P =xiQe -----END PGP SIGNATURE----- From bminton@efn.org Thu Oct 24 04:10:02 2002 From: bminton@efn.org (Brian Minton) Date: Thu Oct 24 03:10:02 2002 Subject: lost public key In-Reply-To: <200210231932.g9NJWvib021805@compute3.lok.com> References: <200210231932.g9NJWvib021805@compute3.lok.com> Message-ID: <20021024011052.GB15280@bminton.dyn.cheapnet.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Oct 23, 2002 at 03:32:57PM -0400, vedaal@lok.com wrote: > you can confirm this on ckt build 8, by generating a test key > in gnupg, while using the option of '--simple-sk-checksum' and > then import only the private key to ckt build 8, thanks. I suppose it may be time to upgrade :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9t0ibcieIIFcDdHIRAlZmAKCzpE2VQIsGn8+ST0D9o2sEuVIF+gCgu0vj 7k7Hyl6HAfXw9WWqlxDTfjs= =ThM2 -----END PGP SIGNATURE----- From bminton@efn.org Thu Oct 24 04:13:02 2002 From: bminton@efn.org (Brian Minton) Date: Thu Oct 24 03:13:02 2002 Subject: I lost my public key! :) Message-ID: <20021024011245.GC15280@bminton.dyn.cheapnet.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: > On Tue, 22 Oct 2002 23:33:44 -0400, David Shaw said: > > >>All OpenPGP secret keys have a copy of the public key inside them, >>and in a worst-case scenario, you can create yourself a new public >>key >>using the secret key. Some versions of PGP, in fact, do this Which doesn't address the original question, why is the public key required for decryption, if the secret key is available, and has all the necessary info? (btw, I guess I was mistaken about the public key not being recoverable from the secret key) -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ iQA/AwUBPbcPYnIniCBXA3RyEQIsbACgliHaGdvqOu2j6MkNTwm7q1FYmBUAoMur SIJtA4ebZwptOah3D52oZ62z =uIch -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Thu Oct 24 04:50:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 24 03:50:01 2002 Subject: I lost my public key! :) In-Reply-To: <20021024011245.GC15280@bminton.dyn.cheapnet.net> References: <20021024011245.GC15280@bminton.dyn.cheapnet.net> Message-ID: <20021024015028.GA9024@jabberwocky.com> On Wed, Oct 23, 2002 at 09:12:45PM -0400, Brian Minton wrote: > > On Tue, 22 Oct 2002 23:33:44 -0400, David Shaw said: > > > > > >>All OpenPGP secret keys have a copy of the public key inside them, > >>and in a worst-case scenario, you can create yourself a new public > >>key > >>using the secret key. Some versions of PGP, in fact, do this > > Which doesn't address the original question, why is the public key > required for decryption, if the secret key is available, and has all > the necessary info? (btw, I guess I was mistaken about the public key > not being recoverable from the secret key) It isn't required - the problem you had earlier was a bug. It's been fixed now as part of 1.2.1. In 1.2.1 you do need to use --try-all-secrets to decrypt though, for various reasons having to do with how GnuPG looks up keys internally. This is handled in the latest devel version (1.3.1) which creates a public key automatically from the secret key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From damienffm@web.de Thu Oct 24 07:32:01 2002 From: damienffm@web.de (damien) Date: Thu Oct 24 06:32:01 2002 Subject: How to change the e-mail adress for existing keyrings Message-ID: <001501c27b16$56765dd0$9790fea9@sevenofnine> Hi, I have different keyrings (sec/pub) where the e-mailadresses change. How can I manage to change the e-mail adress which belongs to a special key ring??? Or have I to delete all those keypairs and create new ones??? Thx alexander From newton@hammet.net Thu Oct 24 08:18:02 2002 From: newton@hammet.net (Newton Hammet) Date: Thu Oct 24 07:18:02 2002 Subject: How to change the e-mail adress for existing keyrings References: <001501c27b16$56765dd0$9790fea9@sevenofnine> Message-ID: <3DB79116.6AA2E0F@hammet.net> damien wrote: > > Hi, > > I have different keyrings (sec/pub) where the e-mailadresses change. > How can I manage to change the e-mail adress which belongs to a special key > ring??? > Or have I to delete all those keypairs and create new ones??? No you don't ... you use the adduid and deluid of the edit-key feature. gpg --edit-key Command> adduid follow the prompts... Then to delete the first uid with the bad email address: Command> uid 1 Command> deluid follow the prompts. and voila, you are done! Regards, Newton > > Thx > > alexander > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From tuyen.dinh@risc.fr Thu Oct 24 08:49:05 2002 From: tuyen.dinh@risc.fr (Tuyen DINH) Date: Thu Oct 24 07:49:05 2002 Subject: validating other keys on your public keyring Message-ID: Hi, According to "The GNU Privacy Handbook" : « a correspondent's key is validated by personally checking his key's fingerprint » (http://www.gnupg.org/gph/en/manual.html#AEN335) * is it equivalent or less secure to personally check the person's keyid ? * and why do most of people send their fingerprint in their message, since the fingerprint is the thing you want to check personally ? From agreene@pobox.com Thu Oct 24 09:24:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Thu Oct 24 08:24:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <"from graham.todd"@ntlworld.com> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> Message-ID: <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23-Oct-2002/17:48 +0100, Graham wrote: >Surely its not beyond the expertise of those who produce such a >brilliant program an GnuPG to provide a GUI interface through which ALL >commands can be given and which (in Linux anyway) can be used as a >stand alone program to encrypt or sign emails even in MUAs without GPG >integration? Have you taken a look at the GnuPG manual lately? GnuPG can do lots of things that PGP cannot do. There is no way to reproduce all those options in a GUI and still have an easy to use interface. In the last 24 hours two options were added in reponse to a user with a lost public key. If that kind of responsiveness had to be put on hold because it would take too long to put it into an GUI, then GnuPG would not be as good as it is. In any case, the features you are referring to will not be used by 90%+ of users. They will not care about trust values or key management. They won't know anything about their keyrings and won't care. Nor should they. This stuff does not need a good interface. It needs to drop out of sight. It needs to become as transparent and automatic as SSL. People don't care about the interface for managing SSL keys and certs and they shouldn't have to care about the interface for managing OpenPGP keys and certs. This stuff should be built into mail software the same way SSL is built into browsers. Until it is, it just won't be widely used. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Messenger: TonyG05 HomePage: Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9t5I2pCpg3WyUI50RAishAKD0ddraDnRFdlIxiyaKcDaooVMKSACgksRB ujanUC3wyFt4vPjwl8W09G4= =YyFC -----END PGP SIGNATURE----- From dscribner@yahoo.com Thu Oct 24 10:14:02 2002 From: dscribner@yahoo.com (David Scribner) Date: Thu Oct 24 09:14:02 2002 Subject: validating other keys on your public keyring In-Reply-To: Message-ID: <20021024071514.809.qmail@web13507.mail.yahoo.com> --- Tuyen DINH wrote: > * is it equivalent or less secure to personally check the > person's > keyid ? It is less secure to use the keyid. Since you're using fewer bits to check the key with, there is of course a greater chance that there will exist more than one key with that key ID. Of course, there's also a very slim chance that more than one key would have the same fingerprint, but it's certainly less error-prone to compare fingerprints than manually (by hand) checking every character in the entire key block. > * and why do most of people send their fingerprint in their > message, > since the fingerprint is the thing you want to check > personally ? Say perhaps that your key is out there, on a keyserver or web page for example. By having your key's fingerprint "advertised" in your email signature, someone can be reasonably sure that the key hasn't been tampered with if the fingerprint matches what's in your email, especially if your email signatures exist multiple times in multiple places (such as mailing lists). If the keyserver or web sites lists a key's fingerprint, and that fingerprint matches what's on your email, it's just another little measure of security. Also, by having your key's fingerprint (or key ID) listed in your email sig, you advertise PK use and may stir a few questions from recipients, giving you a chance to evangelize and enlighten. HTH ===== David D. Scribner IT Consulting & Services CompTIA Linux+, Network+, A+ Certified Ph: (817) 461-4018 eFax: (630) 214-7769 dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/ GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06 __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ From graham.todd@ntlworld.com Thu Oct 24 10:45:02 2002 From: graham.todd@ntlworld.com (Graham) Date: Thu Oct 24 09:45:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> Message-ID: <200210240853.17601.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 24 Oct 2002 7:24 am, Anthony E. Greene wrote: [snipped] > Have you taken a look at the GnuPG manual lately? GnuPG can do lots > of things that PGP cannot do.=20 I have looked at the GPG manual recently, and I agree that GPG is the=20 better program. >There is no way to reproduce all those > options in a GUI and still have an easy to use interface. In the last > 24 hours two options were added in reponse to a user with a lost > public key. If that kind of responsiveness had to be put on hold > because it would take too long to put it into an GUI, then GnuPG > would not be as good as it is. Well now, why is it that in Windows GPGShell can provide this as soon as=20 a new version of GnuPG comes out? And it is a complete interface:=20 through it you can directly alter the options, give extra commands, do=20 key management, and encrypt and sign in windows on which you have the=20 focus. Indeed, the lack of anything similar in Linux made me consider=20 for some time whether I should move over and I am sure that many =20 people migrating to Linux from Windows won't use GPG because it does=20 not have this kind of interface despite being bundled with every distro=20 that I am aware of. [snipped] >This stuff should be built into mail software > the same way SSL is built into browsers. Until it is, it just won't > be widely used. That's where we part company. I also believe that SSL and S/MIME should=20 be available as stand alone packages so that you can use them with=20 MUAs. GPG should be available as a stand alone package with its own=20 GUI. Compatibility can be built into MUAs so that they interface with=20 it directly for signing and encryption, but that is the extent to which=20 MUAs should be involved. By treating GPG as just another library of=20 functions which you access through the MUA is to reduce its power, and=20 anyway commands to GPG are sent through the CLI so it is available=20 separately now. I am merely arguing that in Linux there should be a full GUI to these=20 functions, as there is in Windows. As Ryan Malayter said, "There are more ways to help with open source=20 projects than simple programming. In fact, if you were to organize a=20 GUI design document for an easy-to-use front end, I'll bet you could=20 find someone to do the coding." I'm not so sure about this, and I=20 would not know where to start (except by reference to GPGShell) but I'm=20 willing to give it a try instead of just bitching. Would anyone interested like to contact me off list? - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9t6bnIwtBZOk1250RAo5gAJ9rfgnIVluPqem0dVCLiPNaKu62tACeI6T0 VKcleYye+hYJw73ZpLyeGJo=3D =3DeN7j -----END PGP SIGNATURE----- From debug@centras.lt Thu Oct 24 11:10:01 2002 From: debug@centras.lt (De Bug) Date: Thu Oct 24 10:10:01 2002 Subject: RE[1]: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <3DB6A89D.8030300@harvee.billerica.ma.us> References: <20021022.183045.9767.0.cwsiv_home1@juno.com> <3DB6A89D.8030300@harvee.billerica.ma.us> Message-ID: <200210240810.g9O8AtT27765@perkunas1.omnitel.net> >>> While an estimated 900 million people use e-mail, few take >>>advantage ofencryption. >>>http://www.NewsFactor.com/perl/story/18860.html >>>NewsFactor.com, Aug. 5, 2002 I am aware of possibility to use encryption but i dont use it cause i have nothing to hide (at least in the emails i send). I think people should be open as much as they can that's the reason i often intentionally do NOT use encryption. This is a matter of principles. P.S. For political figures i would suggest 24hours a day public inspection so they has nothing to hide. Dont like it - dont be a politician -- De Bug From debug@centras.lt Thu Oct 24 11:57:01 2002 From: debug@centras.lt (De Bug) Date: Thu Oct 24 10:57:01 2002 Subject: RE[1]: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <35199F5CEFCED311B69A009027DCD2550156E38D@cgyexchange.online-can.com> References: <35199F5CEFCED311B69A009027DCD2550156E38D@cgyexchange.online-can.com> Message-ID: <200210240858.g9O8w7k27102@atmpe.omnitel.net> > Email encryption is a Joke...especially PGP/GPG....but not >because it doesn't work, and not because the interface is >ugly and hard to work with, but because the "other guy" >almost always refuses to take the time to learn it. Strong >measures need to be taken to force people to use >it...especially corporations. I would hate to work in a corporation that forces me to shut up my mouth In fact developing proprietary software is a kind of this mess -- De Bug From borso@vekoll.saturnus.vein.hu Thu Oct 24 12:31:02 2002 From: borso@vekoll.saturnus.vein.hu (Adam ENDRODI) Date: Thu Oct 24 11:31:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> Message-ID: <20021023144401.GB14119@vekoll.saturnus.vein.hu> On Wed, Oct 23, 2002 at 08:43:11AM -0500, Gill, John wrote: > The interface is too confusing for the "average-home" user. It's like > asking them to perform a tune-up on a car. They just don't know or care to > know. I think that's the point. I often observed while talking to my friends (evan from the DCS) and the subject comes to computer security they *always* argue "Oh come on, why on earth should anyone bother reading my documents?", "I have no sensitive data" or "How would they know about me?". I wondered what'd be the effects of a real demonstration -- just to let them know how it feels when it turns out month later someone tampered with their files... On the other hand, there must be scores of risks in the "real" world which we're not aware of however poses (or might pose) serious threat on our life (eg. gm food). bit, adam -- Use | 10/05/02 my GPG key chenged | Some days, my soul's confined GPG, | 1024D/37B8D989 finger://borso@vekoll.vein.hu | And out of mind PGP! | 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 | Sleep forever -- Die die die my darling, don't utter a single word ---.---.---.--.--.-.... From pt@radvis.nu Thu Oct 24 12:41:02 2002 From: pt@radvis.nu (Per Tunedal) Date: Thu Oct 24 11:41:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021022.183045.9767.0.cwsiv_home1@juno.com> Message-ID: <5.1.0.14.2.20021024105443.00beb2c0@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I agree with all people telling that users will not use anything that makes e-mailing more complicating. Especially pass phrases are a great obstacle. Many people hate them. An other great obstacle is that people don't want to learn anything about encryption. And thus cannot take any responsibility for their own security. They can (and will!) do a lot of mistakes that compromises their security. - - The idea to have two different passphrases: one for signing and one for decryption is brilliant. It would make it possible to have a greater protection for the signing key and doing automatic decryption. That is important: you can have a signing key with a long life and regularly change the encryption keys (without loosing the signatures on your signing key and thus "transferring" the trust to the new encryption subkeys you create). - - I belive GPG Relay is a great way in the right direction. It does automatic tasks of your choice: encryption, signing, decryption, verifying. You can choose to enter your passphrase as needed, cache your passphrase for a specified time or for the session, or enter it to the program once and use it for ever. One great advantage is that you can choose your security level and set it according to your security needs. And it is possible to use one key for automatic tasks with GPG Relay and an other for more sensitive tasks with more traditional interfaces like WinPT or plug-ins for e-mail programs. http://sites.inka.de/tesla/gpgrelay.html - - Key exchange is still complicated. Why not automatically download keys from keyservers for all e-mail adresses in your address book? And do the same whenever you add a new adress? It would be fine with such a feature in the plug-ins for Outlook Express and Eudora! - - Authentication is still complicated though. I recently discovered a security risk that i had not ever thought about before. I verified key-data (fingerprint) by phone with a person I knew. All seemed OK, but during the conversation it occurred to me that the keypair was not created nor controlled by that person. He actually had a consulting programmer from an external company "helping" him to create the keypair and the programmer had a backup. Ignorant users does not know to protect them selves. Afterwards I realised that it is never possible to know if anyone have exclusive control over their key. You simply have to trust the other person. And more: often it does not matter! That is: if my contact choose to share the key with an external consultant it is his choice. It is good if I know, but I cannot always know. I can still use the key for encryption to him, as long as he is willing to accept the key as his own. But it does matter if I send something that I do not want to be read by ANYONE but the intended recipient. Then I must trust the recipient - otherwise he could print the document and give it away anyway. By the way I read an article on how to implement PGP-encryption in a company. The author suggested that an administrator would create the keypairs for all users and sign them with a company signing key. Then he should distribute the keys to the users and keep a backup of the public key. "But the secret key should not be kept". What would prevent the administrator to keep the secret keys for any reson? How would you know how many people controls the secret key for a user you encrypt to? Per Tunedal At 19:33 2002-10-18 -0700, you wrote: >While an estimated 900 million people use e-mail, few take advantage of >encryption. >http://www.NewsFactor.com/perl/story/18860.html >NewsFactor.com, Aug. 5, 2002 > > >________________________________________________________________ >Sign Up for Juno Platinum Internet Access Today >Only $9.95 per month! >Visit www.juno.com > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.90 iD8DBQE9t8AvV+WjFXkFqqkRAip+AJ0ZAohxMet3iuYUxcNjmTOjZRIsPwCeNk2D HGpHFXHdQP43hDhnhv2Wifo= =tfU0 -----END PGP SIGNATURE----- From Ralf.Huels@schufa.de Thu Oct 24 12:51:02 2002 From: Ralf.Huels@schufa.de (Huels, Ralf SCORE) Date: Thu Oct 24 11:51:02 2002 Subject: AW: E-Mail Encryption: Why Isn't Everyone Doing It? Message-ID: <51896D38E5E4D111BE560001FA68BA369FBB4C@SBO1002> Adam Enrodi wrote: > I think that's the point. I often observed while talking to my > friends (evan from the DCS) and the subject comes to computer > security they *always* argue "Oh come on, why on earth should > anyone bother reading my documents?", "I have no sensitive data" > or "How would they know about me?". I work for a credit bureau. You better believe there's lot's of stuff that we can't send by e-mail. You'd be surprised how many customers expect us to send consumer data via mail without giving thought to encryption. We don't, of course. After all we're talking about credit profiles and stuff like that here. I shudder at the thought of how little even some people who professionally handle sensitive data are aware of e-mail security issues. Tschuess, Ralf From mortimer.eulenburg@y-e-p.de Thu Oct 24 14:40:02 2002 From: mortimer.eulenburg@y-e-p.de (Mortimer Graf zu Eulenburg) Date: Thu Oct 24 13:40:02 2002 Subject: AW: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <5.1.0.14.2.20021024105443.00beb2c0@localhost> Message-ID: <000001c27b52$3e79ce60$fe78a8c0@32241075G> --=_Knzjz1fZ.5XiMkIG0nnxfhpcRy8C.P Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Per, you wrote plenty of good stuff i=B4d like to comment inlined. > -----Urspr=FCngliche Nachricht----- > Von: gnupg-users-admin@gnupg.org=20 > [mailto:gnupg-users-admin@gnupg.org] Im Auftrag von Per Tunedal > Gesendet: Donnerstag, 24. Oktober 2002 11:36 > An: gnupg-users@gnupg.org > Betreff: Re: E-Mail Encryption: Why Isn't Everyone Doing It? >=20 > An other great obstacle is that people don't want to learn=20 > anything about=20 > encryption. And thus cannot take any responsibility for their=20 > own security.=20 > They can (and will!) do a lot of mistakes that compromises=20 > their security. Agree but if you let them first work with a testing keypair they can get familiar with the wholestuff without too much of damage. >=20 > - - The idea to have two different passphrases: one for=20 > signing and one for=20 > decryption is brilliant. It would make it possible to have a greater=20 > protection for the signing key and doing automatic=20 > decryption. That is=20 > important: you can have a signing key with a long life and=20 > regularly change=20 > the encryption keys (without loosing the signatures on your=20 > signing key and=20 > thus "transferring" the trust to the new encryption subkeys=20 > you create). Agree again but most ppl are not even able to remember a single passphrase, with 2 of them it will be even harder.=20 > - - I belive GPG Relay is a great way in the right direction. > http://sites.inka.de/tesla/gpgrelay.html If then one could add the complete functionality of a GPL=B4ed GPGShell = to GPGRelay it would be a great step ahead. > - - Key exchange is still complicated. Why not automatically=20 > download keys=20 > from keyservers for all e-mail adresses in your address book?=20 > And do the=20 > same whenever you add a new adress? It would be fine with=20 > such a feature in=20 > the plug-ins for Outlook Express and Eudora! yep, still my auto-key-retrieve produces eof-errors all the time > You simply have to trust=20 > the other person. That sounds like the solution for all of our problems :)) > But it does matter if I send something that I do not want to=20 > be read by=20 > ANYONE but the intended recipient. Then I must trust the recipient -=20 > otherwise he could print the document and give it away anyway. AFAIK this all is intended to secure the way to a reciever, not to secure the reciever ? > By the way I read an article on how to implement PGP-encryption in a=20 > company. The author suggested that an administrator would create the=20 > keypairs for all users and sign them with a company signing=20 > key. Then he=20 > should distribute the keys to the users and keep a backup of=20 > the public=20 > key. "But the secret key should not be kept". What would prevent the=20 > administrator to keep the secret keys for any reson? How=20 > would you know how=20 > many people controls the secret key for a user you encrypt to? Again, with GnuPG one can do everything that is needed to keep things secure within his own Sphere of influence. If others do not share our thoughts on security risks we can not blame them for that but if risks come true at least they can not blame us.=20 Greetz from Berlin, Mortimer > Per Tunedal >=20 >=20 > This mail was signed (Inlined PGP-Message). >=20 > ,-----GnuPG output follows (current time: Thu, Oct 24 2002 -=20 > 11:57:24)-- > | > | Hinweis: Alte voreingestellte Optionendatei=20 > 'C:/Programme/GnuPG/Keys\options' wurde ignoriert > | ASCII-H=FClle: BEGIN PGP SIGNED MESSAGE > | ASCII-H=FClle: Hash: SHA1 > | ASCII-H=FClle: BEGIN PGP SIGNATURE > | ASCII-H=FClle: Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.90 > | Urspr=FCnglicher Dateiname=3D'' > | Unterschrift vom 10/24/02 11:41:03 , DSA Schl=FCssel ID 7905AAA9 > | Korrekte Unterschrift von "RADVIS " > | alias "Info RADVIS Tjanstekvalitet=20 > " > | alias "Jobb RADVIS Tjanstekvalitet=20 > " > | Schl=FCssel 4DD2209A: Akzeptiert als vertrauensw=FCrdiger = Schl=FCssel > | Schl=FCssel 04A33061: Akzeptiert als vertrauensw=FCrdiger = Schl=FCssel > | Schl=FCssel 37E7FBDD: Akzeptiert als vertrauensw=FCrdiger = Schl=FCssel > | Schl=FCssel 3485782E: Akzeptiert als vertrauensw=FCrdiger = Schl=FCssel > | WARNUNG: Dieser Schl=FCssel tr=E4gt keine vertrauensw=FCrdige=20 > Signatur! > | Es gibt keinen Hinweis, da=DF die Signatur=20 > wirklich dem vorgeblichen Besitzer geh=F6rt. > | Haupt-Fingerabdruck =3D 09D5 1EA1 8056 0D6C 1684 4D22 57E5 = A315 > | 7905 AAA9 > | > `----------------------------------------------- >=20 --=_Knzjz1fZ.5XiMkIG0nnxfhpcRy8C.P Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.90 iD8DBQA9t9xU8w7YcTfn+90RArjFAJ9x86dHKKRpJhZ8VaZwqVAlAxOPiwCfZxiu gkhKg+L6p5Y9GY32X/BEpos= =heI8 -----END PGP SIGNATURE----- --=_Knzjz1fZ.5XiMkIG0nnxfhpcRy8C.P-- From agreene@pobox.com Thu Oct 24 15:43:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Thu Oct 24 14:43:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <"from debug"@centras.lt> References: <20021022.183045.9767.0.cwsiv_home1@juno.com> <3DB6A89D.8030300@harvee.billerica.ma.us> <200210240810.g9O8AtT27765@perkunas1.omnitel.net> Message-ID: <20021024084356.A12023@cp5340.hyatsv01.md.comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24-Oct-2002/10:05 +0200, De Bug wrote: >I am aware of possibility to use encryption but i dont use it cause i >have nothing to hide (at least in the emails i send). I think people >should be open as much as they can that's the reason i often >intentionally do NOT use encryption. This is a matter of principles. I have run mail servers and networks. I have no illusions about how easy it is for someone to read unencrypted email. As long as email is only used for sending jokes to friends there is no need for encryption. But I use email for work and to conduct personal business. I'd like to be able to send encrypted email to my political representatives. I would like to be able to send encrypted email to my doctor, lawyer, real estate broker, stock broker, or people I am conducting business with. I would also like to be able to send encrypted email to friends who share a Winbox with other members of their household. Anyone in my neighborhood who has cable Internet service can read my my unencrypted email. Anyone at my ISP or my recipient's ISP can also read my mail. All they need is sniffer software that is freely available. I am not paranoid. I have no illusion that there are people watching me. I just understand that it is too easy for nosy/curious people in the right position to snoop other people's mail. I would like to be able to protect my email from that kind of snooping. I can only do that if my recipients can handle encrypted mail. That is why this discussion is important. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Messenger: TonyG05 HomePage: Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9t+sKpCpg3WyUI50RAgtMAKDcaIgJP3LkaZPNKup0gkQfOTpTwgCg6asa PykoA1gtorew5LMRbftK32w= =tfq3 -----END PGP SIGNATURE----- From Scott_Carpenter@cargill.com Thu Oct 24 16:35:01 2002 From: Scott_Carpenter@cargill.com (Scott_Carpenter@cargill.com) Date: Thu Oct 24 15:35:01 2002 Subject: Expiring Keys Message-ID: Can anyone tell me what the benefit of expiring keys is? I don't understand why it would increase security that much, but I hear that it is so. Thanks! Scott From Jason_Mantor@hesc.com Thu Oct 24 18:02:02 2002 From: Jason_Mantor@hesc.com (Jason_Mantor@hesc.com) Date: Thu Oct 24 17:02:02 2002 Subject: PGP 7.1.1 reports "bad signature" on messages from GnuPG ? Message-ID: I've read some older posts that say that older versions of PGP might be looking for v3 sigs and not handle v4 sigs from GnuPG. Anyone know if that's still the case for PGP 7.1.1 ? Also, I've noticed the --pgp7 switch in the docs, if I use that, will it cause problems with recipients that use GnuPG ? Thanks, -JSM Jason S. Mantor, MCP Senior Computer Programmer/Analyst New York State Higher Education Services Corporation Email: Jason_Mantor@hesc.com Telephone: (518) 402-3545 From debug@centras.lt Thu Oct 24 18:05:02 2002 From: debug@centras.lt (De Bug) Date: Thu Oct 24 17:05:02 2002 Subject: AW: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <51896D38E5E4D111BE560001FA68BA369FBB4C@SBO1002> References: <51896D38E5E4D111BE560001FA68BA369FBB4C@SBO1002> Message-ID: <200210241506.g9OF6Ig12912@perkunas1.omnitel.net> > I work for a credit bureau. You better believe there's lot's >of stuff that we can't send by e-mail. You'd be surprised how >many customers expect us to send consumer data via mail >without giving thought to encryption. We don't, of course. >After all we're talking about creditprofiles and stuff like >that here. So what =3F What is there to hide =3F Do not your words conform that people dont really care to keep their information secret=3F This is the real answer to the subject question. Read-only access to information can't cause real harm. Bad things are cause by evil-driven people and not by the information accessability to the public. Where encryption is really important is in protecting the rights to manage things i.e. who and what can change/operate/manage/control. Email is not used for such things (well SMTP protocol could probablly be used for it but it is not the prefered protocol) All the importance is mostly in identification - i want to be sure who exactlly sent me that paticular email, who is requesting write access to the databases. >From my point of view any scheme that is based on keeping information secret is potentially dangerous It is much better to assume that anyone can read the information and then think about how to make the system work safely -- De Bug From avbidder@fortytwo.ch Thu Oct 24 18:20:02 2002 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Oct 24 17:20:02 2002 Subject: Expiring Keys In-Reply-To: References: Message-ID: <1035472875.954.19.camel@altfrangg> --=-NizxRpPz5UKHtC8CYYDu Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2002-10-24 at 15:36, Scott_Carpenter@cargill.com wrote: > Can anyone tell me what the benefit of expiring keys is? I don't=20 > understand why it would increase security that much, but I hear that it=20 > is so. Hi! Always be careful with terms like 'it increases security' without specifying the possible attack the security is provided against. That said: key expiry is good, because when you can't revoke a key anymore because your secret key is lost, the key won't appear valid until the dawn of time. Also, assuming an expiry date can not be changed, even if your secret key was stolen, the attacker could not extend the validity of the key, the amount of damage he can do is restricted. (Note that with modern (v4) keys, the expiry date *can* be changed, though. Before you discuss this, please read the list archives of the various lists, it has been discussed before). The downside of having a key expire is that your accumulated web of trust gets lost. So you'll have to collect signatures from all signers again, a very slow process. I feel that the web of trust is very important, especially on a key used to sign messages on public mailing lists etc., so I've set a very *long* expiry period. cheers -- vbi --=20 this email is protected by a digital signature http://fortytwo.ch/gpg NOTE: get my key here: http://www.google.com/search?q=3DmQGiBDx2a6ERBAC8l --=-NizxRpPz5UKHtC8CYYDu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iHQEABECADQFAj24D+stGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt YWlsLjIwMDIwODIyAAoJEIukMYvlp/fWImoAn1tcX1AdzPoN4/giPlfjvOPKCiSu AKD251aefdSJn63u5zFeDtzC/b7PWQ== =lqQR -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/gpg/policy/email.20020822 --=-NizxRpPz5UKHtC8CYYDu-- From skquinn@speakeasy.net Thu Oct 24 18:23:02 2002 From: skquinn@speakeasy.net (Shawn K. Quinn) Date: Thu Oct 24 17:23:02 2002 Subject: How to change the e-mail adress for existing keyrings In-Reply-To: <3DB79116.6AA2E0F@hammet.net> References: <001501c27b16$56765dd0$9790fea9@sevenofnine> <3DB79116.6AA2E0F@hammet.net> Message-ID: <200210241021.47487.skquinn@speakeasy.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday October 24 2002 01:20, Newton Hammet wrote: > Then to delete the first uid with the bad email address: > Command> uid 1 > Command> deluid > > follow the prompts. > > and voila, you are done! If it's already been uploaded to keyservers, then you probably want to=20 instead revoke the self-signature on that UID. (This is how you mark a=20 UID as no longer valid.) - --=20 Shawn K. Quinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uBAKQVXDBVmaIp0RAmCXAKCs8/qipMtvwxNKvevOEIvWRJaimwCeOGsw 0oEExTN6PRJCGibRYCXNj3U=3D =3DIVx7 -----END PGP SIGNATURE----- From skquinn@speakeasy.net Thu Oct 24 18:26:02 2002 From: skquinn@speakeasy.net (Shawn K. Quinn) Date: Thu Oct 24 17:26:02 2002 Subject: validating other keys on your public keyring In-Reply-To: References: Message-ID: <200210241024.37994.skquinn@speakeasy.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday October 24 2002 00:52, Tuyen DINH wrote: > Hi, > > According to "The GNU Privacy Handbook" : > =AB a correspondent's key is validated by personally checking his key's > fingerprint =BB (http://www.gnupg.org/gph/en/manual.html#AEN335) > > * is it equivalent or less secure to personally check the person's > keyid ? The fingerprint is only the lowest-order 32 bits of one of the primes=20 (RSA) or last 32 bits of the fingerprint (DSA). So for the highest=20 level of security you need to check the entire fingerprint. > * and why do most of people send their fingerprint in their message, > since the fingerprint is the thing you want to check personally ? That's something you'd have to ask them, but my theory is if they have=20 100 messages with the right fingerprint in it, it makes it that much=20 harder for an attacker to pass off a bogus key as valid. - --=20 Shawn K. Quinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uBC1QVXDBVmaIp0RAr6lAJ0UnBzr0PLwNakObWHurQImJvTVaQCfXf7f XvmwFV8tfe0IWIPwUYHXfTs=3D =3DJooo -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Thu Oct 24 18:38:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 24 17:38:02 2002 Subject: PGP 7.1.1 reports "bad signature" on messages from GnuPG ? In-Reply-To: References: Message-ID: <20021024153855.GD1213@jabberwocky.com> On Thu, Oct 24, 2002 at 11:02:35AM -0400, Jason_Mantor@hesc.com wrote: > I've read some older posts that say that older versions of PGP might be > looking for v3 sigs and not handle v4 sigs from GnuPG. Anyone know if > that's still the case for PGP 7.1.1 ? I believe 7.1.1 handles it correctly, but try it and see ;) > Also, I've noticed the --pgp7 switch > in the docs, if I use that, will it cause problems with recipients that use > GnuPG ? No problems. All the --pgp7 switch does is to use a subset of GnuPG features. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Thu Oct 24 18:42:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Oct 24 17:42:02 2002 Subject: Expiring Keys In-Reply-To: References: Message-ID: <20021024154311.GE1213@jabberwocky.com> On Thu, Oct 24, 2002 at 08:36:04AM -0500, Scott_Carpenter@cargill.com wrote: > Can anyone tell me what the benefit of expiring keys is? I don't > understand why it would increase security that much, but I hear that it > is so. There is some confusion with expiring keys, since the meaning of expiration changed a few years ago. In the old v3 keys (PGP 2.x), expiration meant "this key only lasts this long, period." Once the key expired, the key was dead. In the new v4 keys (PGP 5+, GnuPG), expiration means "I plan on using the key this long, but I may change my mind" - the expiration date can be changed by the key owner, even after the key has "expired". Anyway, expiration is a tool that you can use to handle certain problems like the loss of a secret key. After the key expires, nobody will use it. It does not protect you against a stolen secret key since the attacker could just extend or remove the expiration date himself. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From peter.schuller@infidyne.com Thu Oct 24 18:46:03 2002 From: peter.schuller@infidyne.com (Peter Schuller) Date: Thu Oct 24 17:46:03 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021023121207.I19196@asmoweb.hqda.pentagon.mil> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <1035387996.3729.22.camel@furiona> <20021023121207.I19196@asmoweb.hqda.pentagon.mil> Message-ID: <1035474446.6101.26.camel@furiona> > >In order to achieve secure communication, there are certain steps that > >MUST be taken. It cannot happen automatically, because if it does it is > >by definition not secure. > > There are relative levels of security. The tools need to allow full > automation of the process, or else it won't happen True. SSL with no pre-existing knowledge of certificate is better than nothing. SSL with a CA signed certificate is better than SSL without it. SSL with pre-defined certificates is bettar than CA signed certificates, etc. Correspondingly, PGP encrypted/signed communication where the passphrase is stored in memory and/or on some network drive is a lot safer than not using PGP at all - AS LONG AS one is not mislead into a false sense of security above what is actually in place. > You are confusing authentication with encryption. No, but perhaps I was not clear enough. > Authentication is complex, but encryption is relatively simple. If I want > to send you an encrypted message, I don't need to worry about whether your > electronic identity is connected to the real > world person "Peter Schuller". I just need to get a key that can be used > by to decrypt the message. Compared to > authenticating a connection between an identity and a person, getting that > key is easy. Encryption is much less meaningless without authentication. And you are right, I don't care about the actualy PHYSICAL identity of a person in many cases, but I might care about the person's position. The public key of the CEO might be published on a company's website for example. And true, the analogy falls somewhat when you consider this. With encryption one is usually interested in knowing that only a certain person X has access to the E-Mail - or that that person wrote it. One does not always have to know who X really is. A relative assurance that the same person is at the other end is often enough when the inital trust is based upon E-Mail communication to begin with. -- / Peter Schuller, InfiDyne Technologies HB PGP userID: 0xE9758B7D or 'Peter Schuller ' Key retrival: Send an E-Mail to getpgpkey@scode.org E-Mail: peter.schuller@infidyne.com Web: http://www.scode.org From d_well@isuisse.com Thu Oct 24 18:46:15 2002 From: d_well@isuisse.com (d_well@isuisse.com) Date: Thu Oct 24 17:46:15 2002 Subject: problem with signature verify Message-ID: <200210241546.1775@th01.opsion.fr>

I have a problem when I will verify a signature. I have signed a message with the command "gpgme_op_sign (GCtx, in, out, GPGME_SIG_MODE_CLEAR );" and after I verify with the command "gpgme_op_verify (GCtx, sig, text, &status );"

The variable "in" and "text" are the same.

And I take the signature part of the variable "out" and I put that in the variable "sig".

Exemple of variable "sig" :


-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.0.6 (GNU/Linux)


iEYEARECAAYFAj24FOoACgkQLXJ8x2hpdzTQygCdGUpZghMIU0iRa9nSjvhBk3YY

+ZMAnRYr+bnObi+NnTRx5KXnW+Z3Pdw/

=gbrJ

-----END PGP SIGNATURE-----


Everytime I have the Error message "Verification Status: No Signature". How must do to have a good result when I verify a signature.



___________________________________________________________________ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w From skquinn@speakeasy.net Thu Oct 24 18:54:02 2002 From: skquinn@speakeasy.net (Shawn K. Quinn) Date: Thu Oct 24 17:54:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> Message-ID: <200210241053.16003.skquinn@speakeasy.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday October 24 2002 01:24, Anthony E. Greene wrote: > On 23-Oct-2002/17:48 +0100, Graham wrote: > >Surely its not beyond the expertise of those who produce such a > >brilliant program an GnuPG to provide a GUI interface through which > > ALL commands can be given and which (in Linux anyway) can be used > > as a stand alone program to encrypt or sign emails even in MUAs > > without GPG integration? > > Have you taken a look at the GnuPG manual lately? GnuPG can do lots > of things that PGP cannot do. There is no way to reproduce all those > options in a GUI and still have an easy to use interface. In the last > 24 hours two options were added in reponse to a user with a lost > public key. If that kind of responsiveness had to be put on hold > because it would take too long to put it into an GUI, then GnuPG > would not be as good as it is. I feel there does need to be some GUI version of GnuPG that is not just=20 a front end to the CLI version. As much as I dislike it having only a=20 CLI program will probably hinder widespread adaptability of at least=20 our flavor of OpenPGP-compatible encryption. > In any case, the features you are referring to will not be used by > 90%+ of users. They will not care about trust values or key > management. They won't know anything about their keyrings and won't > care. Nor should they. They should not care about trust values or key management? Really? Why=20 not? You mean they should trust a key randomly placed on the net by=20 some schmuck? That defeats the security of the whole system, leaving=20 one wide open to things like man in the middle attacks! > This stuff does not need a good interface. It needs to drop out of=20 > sight. It needs to become as transparent and automatic as SSL. No, it doesn't. It needs to be there so the users can tell the software=20 who they trust. > People don't care about the interface for managing SSL keys and certs Maybe most don't, because the CAs are supposed to be people the average=20 user can trust. In fact, if one does not trust a particular CA it is=20 rather painful to configure the software not to trust it; this is what=20 I consider to be a design flaw in the SSL system. This is why one can=20 go to a particular CA and get a certificate for Microsoft Corp. and =20 sooner or later catch someone napping who actually gives one. > and they shouldn't have to care about the interface for managing > OpenPGP keys and certs.=20 The trust model is completely different. OpenPGP is based on=20 user-defined trust, i.e., telling the software which keys you feel are=20 trustworthy. The users *should* have to care, because most of the=20 security provided by the system comes from the trust database. - --=20 Shawn K. Quinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uBdqQVXDBVmaIp0RAtlTAJ0X41TY8nbt+JMhvTwl+ElvLS2RBgCfRWnx EVBdT+Ih+ZCfRONqLAIw8ro=3D =3DJ3nW -----END PGP SIGNATURE----- From k.raven@freenet.de Thu Oct 24 18:58:03 2002 From: k.raven@freenet.de (Kai Raven) Date: Thu Oct 24 17:58:03 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <200210240853.17601.graham.todd@ntlworld.com> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210240853.17601.graham.todd@ntlworld.com> Message-ID: <20021024175959.35cc8a20.k.raven@freenet.de> Hello Graham, On Thu, 24 Oct 2002 08:52:57 +0100 you wrote: > Well now, why is it that in Windows GPGShell can provide this as soon > as a new version of GnuPG comes out? And it is a complete interface: > through it you can directly alter the options, give extra commands, do > key management, and encrypt and sign in windows on which you have the > focus. Indeed, the lack of anything similar in Linux made me consider > for some time whether I should move over and I am sure that many > people migrating to Linux from Windows won't use GPG because it does > not have this kind of interface despite being bundled with every > distro that I am aware of. You are right, unfortunately, all GnuPG shells under Linux, say GPA or Seahorse are out-of-date and provide only a very small choice to use all the options, commands etc.with a 'click' ;) But on the other side, all MUAs under Linux have a good support for all necessary GnuPG functions and for the rest i think, the most Linux users are using the shell or scripts so the most of them don't need any GnuPG GUI like WinPT or GPGshell. You are switching from Windows to Linux? You have to learn & love the console - sooner or later ;o)) Ciao Kai -- WWW:http://kai.iks-jena.de/ GPG-Key: 0x60F3882F / 0x076C65282 ICQ:146714798 From jgoerzen@complete.org Thu Oct 24 19:51:07 2002 From: jgoerzen@complete.org (John Goerzen) Date: Thu Oct 24 18:51:07 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <031a01c27ae0$48147b40$3b01a8c0@NBROFFICE.ORG> References: <35199F5CEFCED311B69A009027DCD2550156E394@cgyexchange.online-can.com> <20021023211612.GB19218@excelhustler.com> <031a01c27ae0$48147b40$3b01a8c0@NBROFFICE.ORG> Message-ID: <20021024165204.GA28086@excelhustler.com> On Wed, Oct 23, 2002 at 03:05:21PM -0700, Erick Thompson wrote: > I'm no expert in encryption (far from it), but it seems to be that a lot of > problems come about by trying to make a platform completely secure, and > saying that everything that doesn't achieve that is insecure, and therefore In my opinion, MORE problems come about by making false claims of security, giving people a false sense of security and then having bad consequences. This is a situation in which you have to be paranoid. > as bad as no security. I understand that if a system is vulnerable to an > attack it can be comprimised, but sometimes half a cake is better then none > :) Hopefully the person expecting desert has not been told that there is an entire cake available :-) > In the case of passing passphrases between processes being a bad thing, yes It's not a bad thing per se; it's just a bad thing if done insecurely. > it is, but if your system is running a trojan or process that can grab info > passed between processes, you're SOL already. An earlier poster talked about On a Unix machine, any user can view the command line of any program you run. The root user can view the environment of any process and generally its memory space as well. This does not require a trojan or more than "first week Unix 101" knowledge. Unix applications passing sensitive data should use things like pipes or other socketed items. Likewise, Windows has its own set of ways to not pass data between processes. > not having passphrases at all, which I think is a great idea, as long as > encryption and authentication are separated! I would like to see my users > using encryption, but the level of hassle needed to do it right now is too > high. Instruct a user, and they will be able to do some of it. Enlighten a user, and they will be yours forever :-) If you teach them why they need encryption and how it works, it's not that hard to grasp. Make them paranoid and there ya are. -- John From agreene@pobox.com Thu Oct 24 19:59:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Thu Oct 24 18:59:02 2002 Subject: AW: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <200210241506.g9OF6Ig12912@perkunas1.omnitel.net>; from debug@centras.lt on Thu, Oct 24, 2002 at 04:13:23PM +0200 References: <51896D38E5E4D111BE560001FA68BA369FBB4C@SBO1002> <200210241506.g9OF6Ig12912@perkunas1.omnitel.net> Message-ID: <20021024125920.B26212@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24-Oct-2002/16:13 +0200, De Bug wrote: >> I work for a credit bureau. You better believe there's lot's >>of stuff that we can't send by e-mail. You'd be surprised how >>many customers expect us to send consumer data via mail >>without giving thought to encryption. We don't, of course. >>After all we're talking about creditprofiles and stuff like >>that here. > >So what ? What is there to hide ? Do not your words conform that people >dont really care to keep their information secret? This is the real >answer to the subject question. No. It only confirms that people do not understand the danger. >Read-only access to information can't cause real harm. That is a meaningless point. The danger is that the revealed data allows r/w access on other systems. >Bad things are cause by evil-driven people and not by the information >accessability to the public. Also meaningless. The existence of "evil-driven people" is a given. >Where encryption is really important is in protecting the rights to >manage things i.e. who and what can change/operate/manage/control. Email >is not used for such things The point is that managers and clients routinely tell subordinates and vendors what to do via email. These kinds of orders need to be both protected and authenticated. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9uCbnpCpg3WyUI50RAm7AAJ9G79tdBpEW0BW6x+K1CuXtzJ1mOgCfSB+T xAlclCUdbgYkk9Fkm7VfX20= =JI6K -----END PGP SIGNATURE----- From Jason_Mantor@hesc.com Thu Oct 24 20:16:01 2002 From: Jason_Mantor@hesc.com (Jason_Mantor@hesc.com) Date: Thu Oct 24 19:16:01 2002 Subject: PGP 7.1.1 reports "bad signature" on messages from GnuPG ? Message-ID: On Thu, Oct 24, 2002 at 11:02:35AM -0400, Jason_Mantor@hesc.com wrote: >> I've read some older posts that say that older versions of PGP might be >> looking for v3 sigs and not handle v4 sigs from GnuPG. Anyone know if >> that's still the case for PGP 7.1.1 ? >I believe 7.1.1 handles it correctly, but try it and see ;) My trading partner is telling me they are get this error : ( I'm wondering if this is the cause ? >> Also, I've noticed the --pgp7 switch >> in the docs, if I use that, will it cause problems with recipients that use >> GnuPG ? >No problems. All the --pgp7 switch does is to use a subset of GnuPG >features. >David OK. Thanks : ) From outerdarkness@softhome.net Thu Oct 24 20:49:02 2002 From: outerdarkness@softhome.net (Kevin Benko) Date: Thu Oct 24 19:49:02 2002 Subject: PGP/GPG Multiple Keyring Synchronization Question Message-ID: <5.1.1.6.2.20021024132441.009f0250@pop.efn.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 NOTE: I'm sending this to two lists, so some of you may be getting duplicates. BACKGROUND: I'm in transition between PGP and GnuPG I'm using: PGP version 6.5.8 CKT build 08, GnuPG version 1.2.1rc1-nr1 (nullify release), GnuPG version 1.0.7-3 I'm running WIN98, and I've got CygWin version 1.3.13 installed. PGP and GnuPG(1.2.1rc1-nr1) are installed under windows GnuPG(1.0.7-3) is installed under CygWin Because I'm in transition, I'm maintaining a separate keyring for each of the three PGP/GPG programs, and I'm using either MS-DOG batch files or BASH shellscripts to synchronize the keyrings. The scripts are set up such that each program handles exporting its own keyring to a temporary file and importing the other programs' temporary files into its own keyring. I've also made absolutely certain that none of this exporting/importing is done by two PGP/GPG programs at the same time. PROBLEM: I haven't checked where this has occurred, but I've noted that I have been accumulating multiple self-signatures under my default key. That is, with regards to my default key, I noticed the self-signature for that key keeps getting added to the other self signatures until I have three or four self-signatures. I can easily delete the extraneous self-signatures, but this is still bugging me. POSSIBLE SOLUTION: Under what circumstances can all three PGP/GPG programs share the same keyring files? Under what circumstances should the three PGP/GPG programs *not* share the same keyring files? MORE INFO? Would it be helpful for me to export the public key in question? If so, I can post a URL for the thing. Thank you for your time. -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt Comment: Word Wrap set at column 70 Comment: Fingerprint: B167 F4DB F078 A8F5 95A5 DB39 3998 5627 2FD1 2867 iQA/AwUBPbgz2zmYVicv0ShnEQMWkACdFK1YyPEeYBIJwSqx3pX3iPe3eIsAoKZy pX4BYfjkeVOfi2B1dgYZBl5L =4Xdc -----END PGP SIGNATURE----- -- Kevin Benko "The natural tendency of every government is to grow steadily worse-- that is, to grow more satisfactory to those who constitute it and less satisfactory to those who support it." -- H.L. Mencken From peter.schuller@infidyne.com Thu Oct 24 22:44:02 2002 From: peter.schuller@infidyne.com (Peter Schuller) Date: Thu Oct 24 21:44:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <200210241053.16003.skquinn@speakeasy.net> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> Message-ID: <20021024194509.GA4478@prometheus.scode.org> > > This stuff does not need a good interface. It needs to drop out of > > sight. It needs to become as transparent and automatic as SSL. > > No, it doesn't. It needs to be there so the users can tell the software > who they trust. Amen to that. I still don't know how to configure MSIE or Outlook etc to trust only a specific key (mutt does this fine though for example). -- / Peter Schuller, InfiDyne Technologies HB PGP userID: 0xE9758B7D or 'Peter Schuller ' Key retrival: Send an E-Mail to getpgpkey@scode.org E-Mail: peter.schuller@infidyne.com Web: http://www.scode.org From bobmath@earthlink.net Thu Oct 24 22:58:02 2002 From: bobmath@earthlink.net (Bob Mathews) Date: Thu Oct 24 21:58:02 2002 Subject: validating other keys on your public keyring In-Reply-To: References: Message-ID: <200210241301.21578.bobmath@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 23 October 2002 22:52, Tuyen DINH wrote: > * is it equivalent or less secure to personally check the person's > keyid ? Checking the 32-bit key ID is 100% insecure. I have a program that can fo= rge=20 any desired 32-bit key ID on a DSA key, in only a couple of days running = on=20 an old 350 MHz Pentium-II. It took me just a few hours to write, includin= g=20 the time it took to learn to use the OpenSSL library. The same technique=20 should work with El Gamal keys. Forging a 64-bit key ID would be far more= =20 difficult, but might be possible for someone willing to spend millions of= =20 dollars in the attempt (that seems unlikely to me, though). Forging the f= ull=20 160-bit fingerprint is pretty much impossible. With old version 3 keys, the key ID is simply the lower bits of the RSA p= ublic=20 modulus, so it's trivially easy to forge a key with someone else's 64-bit= key=20 ID on it. -bob mathews -----BEGIN PGP SIGNATURE----- iD8DBQE9uFFtPgDecCrBEpcRAqMFAKCpbhqHyOaJq5UlSFgiRUyEwnAmPwCfTbf9 O/f/nIasNQr+pxbQBSwHmSQ=3D =3DiYi9 -----END PGP SIGNATURE----- From agreene@pobox.com Fri Oct 25 01:06:02 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Fri Oct 25 00:06:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021024194509.GA4478@prometheus.scode.org>; from peter.schuller@infidyne.com on Thu, Oct 24, 2002 at 09:45:09PM +0200 References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> Message-ID: <20021024180658.E26803@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24-Oct-2002/21:45 +0200, Peter Schuller wrote: >> > This stuff does not need a good interface. It needs to drop out of >> > sight. It needs to become as transparent and automatic as SSL. >> >> No, it doesn't. It needs to be there so the users can tell the software >> who they trust. > >Amen to that. I still don't know how to configure MSIE or Outlook etc to >trust only a specific key (mutt does this fine though for example). SSL/TLS is configurable, but installed defaults and default choices work for most users most of the time. The shortfalls of a specific SSL implementation notwithstanding, I maintain that encryption needs to "just work" for most people to use it. The fact is that WoT does not work well in a mass market deployment scenario. Most people do not need the features that the WoT provides. Some people do need those features, but most people don't, at least not most of the time. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9uG8ApCpg3WyUI50RAnblAKCI3AOksZZiA7ROB3H6dTzrpZdTvgCgmBHR 6Yn+sTkNZjOYVKGcdsI56sw= =s8rX -----END PGP SIGNATURE----- From marcokunst@yahoo.fr Fri Oct 25 01:55:01 2002 From: marcokunst@yahoo.fr (=?iso-8859-1?q?Marco=20Kunst?=) Date: Fri Oct 25 00:55:01 2002 Subject: Solaris error (bftest) Message-ID: <20021024225636.23664.qmail@web10706.mail.yahoo.com> --0-1472290190-1035500196=:23509 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Please, my compilation (Sun Solaris 5.8) found a error in this place: Undefined first referenced symbol in file socket ../cipher/libcipher.a(rndegd.o) connect ../cipher/libcipher.a(rndegd.o) ld: fatal: Symbol referencing errors. No output written to bftest collect2: ld returned 1 exit status make[2]: *** [bftest] Error 1 make[2]: Leaving directory `/home/gnupg-1.2.0/tools' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/gnupg-1.2.0' make: *** [all] Error 2 The list users can help me? (**Please CC to my email marcokunst@yahoo.fr**) Thanks in advance! ----------------------------------------------()- Marco Kunt - marcokunst@yahoo.fr --------------------------------- Yahoo! Mail -- Une adresse @yahoo.fr gratuite et en français ! --0-1472290190-1035500196=:23509 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit

Please, my compilation (Sun Solaris 5.8) found a error in this place:

Undefined                       first referenced
symbol                             in file
socket                              ../cipher/libcipher.a(rndegd.o)
connect                             ../cipher/libcipher.a(rndegd.o)
ld: fatal: Symbol referencing errors. No output written to bftest
collect2: ld returned 1 exit status
make[2]: *** [bftest] Error 1
make[2]: Leaving directory `/home/gnupg-1.2.0/tools'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/gnupg-1.2.0'
make: *** [all] Error 2

The list users can help me?

(**Please CC to my email marcokunst@yahoo.fr**)

Thanks in advance!



----------------------------------------------()-
Marco Kunt - marcokunst@yahoo.fr


Yahoo! Mail -- Une adresse @yahoo.fr gratuite et en français !
--0-1472290190-1035500196=:23509-- From dshaw@jabberwocky.com Fri Oct 25 05:57:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 25 04:57:01 2002 Subject: PGP 7.1.1 reports "bad signature" on messages from GnuPG ? In-Reply-To: References: Message-ID: <20021025025719.GC7803@jabberwocky.com> On Thu, Oct 24, 2002 at 01:16:18PM -0400, Jason_Mantor@hesc.com wrote: > > > > On Thu, Oct 24, 2002 at 11:02:35AM -0400, Jason_Mantor@hesc.com wrote: > >> I've read some older posts that say that older versions of PGP might be > >> looking for v3 sigs and not handle v4 sigs from GnuPG. Anyone know if > >> that's still the case for PGP 7.1.1 ? > > >I believe 7.1.1 handles it correctly, but try it and see ;) > > > My trading partner is telling me they are get this error : ( > I'm wondering if this is the cause ? It could be. Try using --pgp7 or --force-v3-sigs and see if it makes a difference. --pgp7 includes --force-v3-sigs so you don't need to set them both (no harm if you do though). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From graham.todd@ntlworld.com Fri Oct 25 07:28:02 2002 From: graham.todd@ntlworld.com (Graham) Date: Fri Oct 25 06:28:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021024175959.35cc8a20.k.raven@freenet.de> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210240853.17601.graham.todd@ntlworld.com> <20021024175959.35cc8a20.k.raven@freenet.de> Message-ID: <200210250536.32354.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 24 Oct 2002 4:59 pm, Kai Raven wrote: [snipped] > But on the other side, all MUAs under Linux have a good support for > all necessary GnuPG functions=20 No, they are adequate for encryption and signing, decryption and=20 verifying emails, nothing more. I have not yet seen any MUA which=20 would allow me to locally sign a key and update trust....which are=20 "necessary" GPG functions >and for the rest i think, the most > Linux users are using the shell or scripts so the most of them don't > need any GnuPG GUI like WinPT or GPGshell.=20 The original question is: why isn't everybody encrypting or signing=20 mails, and the original poster indicated that the interface was=20 confusing. I expressed a view that (in Windows) the interface is=20 adequate but in Linux it is far from adequate. Because most users of=20 GPG in Linux use the CLI at present (indeed they have to for most=20 things), it doesn't mean that its adequate or that more people wouldn't=20 use it through a GUI. I personally think people are entitled to the=20 choice, and I would like to see a GUI front end for GPG in Linux=20 through which ALL the functions of GPG are accessed. >You are switching from > Windows to Linux? You have to learn & love the console - sooner or > later ;o)) No, I've switched (over a year ago) and I use Linux exclusively. I=20 enjoy the ease and speed of the console for some things and not for=20 others. I would like to see a GUI for GPG...its that simple. - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9uMpCIwtBZOk1250RAjypAKDlNHeoSXqC4/+Mze/cXc7CAOEQBgCdF4FW yEt2yRvGl3BtfrP9/5ESL+M=3D =3DIbxC -----END PGP SIGNATURE----- From eleuteri@myrealbox.com Fri Oct 25 10:26:01 2002 From: eleuteri@myrealbox.com (=?iso-8859-1?Q?David_Pic=F3n_=C1lvarez?=) Date: Fri Oct 25 09:26:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210240853.17601.graham.todd@ntlworld.com> <20021024175959.35cc8a20.k.raven@freenet.de> <200210250536.32354.graham.todd@ntlworld.com> Message-ID: <001601c27bf8$62ce7a80$f92489c3@137.36.248> --UCFkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi, This seems to be quite a controversial topic, so I'll add my little thoughts on the matter. Graham wrote: > No, they are adequate for encryption and signing, decryption and > verifying emails, nothing more. I have not yet seen any MUA which > would allow me to locally sign a key and update trust....which are > "necessary" GPG functions Now, I agree that encrypt/decrypt and sign/verify are not the only things you need to do with gnupg. However, I must say, it is completely alien to my sense of design to put those things in a MUA. The use of a MUA is to ssend and receive e-mail and interface with things like gnupg or s/mime or things that in some way "touch" the mail so you don't have to do it yourself. A MUA is not a PKI solution. Now you can say: "says who?". Maybe it would be nice to have it all intergrated, but I doubt it. One of the main differences in design philosophy between Windows and Unix lies in the way tools are conceived. An ideal Unix tool is small, well specified, does one thing and does it well. Whereas in Windows it's sometimes hard to see where a tool begins and another ends. This is not good. Monolithic systems have serious disadvantages. > The original question is: why isn't everybody encrypting or signing > mails, and the original poster indicated that the interface was > confusing. I expressed a view that (in Windows) the interface is > adequate but in Linux it is far from adequate. Because most users of > GPG in Linux use the CLI at present (indeed they have to for most > things), it doesn't mean that its adequate or that more people wouldn't > use it through a GUI. I personally think people are entitled to the > choice, and I would like to see a GUI front end for GPG in Linux > through which ALL the functions of GPG are accessed. Let us recapitulate here. 1) You think the Windows interface is adequate. 2) You think the Linux interface is not. Let us pose this question: what's the proportion of Windows gnupg users against Linux gnupg users? Obviously, considering the difference in market share. I hope the point is seen. Most Linux users, at least most of those I know, aren't bothered by CLIs and use them extensively. Moreover, to use the word confusing on a CLI is an incredible overstatement. And I leave you with a quotation, I don't remember from who: "The only truly intuitive interface is the nipple. Everything else must be learnt" --David. --UCFkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPbjzHoVy4iYQ9LKqFAJ41g//ZXaBedTOHrHZSUwzI/MeDH0+6XYmgA6C bGQkyTjsqcsrjHQyStOM8VnuQHgN8BoS8ei6CXhg6tNoj2erzCcD1f+z0C7L60FA +JeO4pSUYspdNtDa87yOjq1RiKadN50GhZIhH6IjRDWFnXRh4nf1L1Nz3BzMiwNX 94zSDk8wE9LwLwA8kgR4c4OtNKEgzDrtR7afHUe1hVL+JXr/OcSKYnwo9Y9dZUe+ WKw0wHp+n2qBkAY6t9qqG5Rw6q94jZrGr2eiZ/cOERKuDLKdGsSVHvblLNlqRh26 ToOIO6BD3L8c4qWE921CYlS7Wh2RcSIg7wArYeuau6/3c42HwvA2QitJ4UWgcT4Q 22ZCMnIlH3/hg7UvW5++zBhK3A9DFMci8IHD6ei+inkJgKklSYhu0+9NoYjAZXtN hTxaHAacDFAMHpj8618PE0qV9O0CvTdaVrH0q7C76B5pZxz/djRrH666PfKd8F3E MVX7Is4+rdfAY5aEcAoP1laKDYk8ixTVgZ/clR8PpMCQ/7NMdhCmV/FX+Jpfmd/2 jrYYucUSAOkx/tiXs+nuESRKPAlrgEnIS+0+NgckAAa86Z1v7XEvfS5sEsYWIkC/ u7UuFPQODf1jYKGBK4HiCRmEIKDScLxWKTw9/LSETe72lLI2E/LmTLv9CLSgXDWH OC7x+1t2xqMP/27EV+RfxRDc3QE+bFkxboinbm8NHT0Pr6Ht9aHsZDia3SkapbSu X20sd0W0lHa30MN4+QjqUblRdl//0KACR6o4ivTdFzwBkiIbg9pxLbaSK4tLXk4/ 8neSBWUlzh+I7JyjVLi4NtQ4YXFHwZXmERGkKjgiP/asAdNBqkmxoBbhyvGBdAoC kusczeUXxHXvVMSXV0iaQVlPUoT0FM6nOLfTobruRb69DuZ7jgrT+tzwzCMc+zZ2 RjUL/C8zW1eSamhSiD5P5vIlnorCsw7x/tWr1uRw9p7PuqVDFM0ePZUSroYfNMIE XNZvSgw/Z6ognlM7Kiq6flSq0xVJzOiKebDHFd/anZ/LOu8jwj1dHVDp6Cccn5Hw ouQRyrso/4ymUrg2JdeRD0AYJYYR+z84PMwX1+OCq0A8W3XMLsL5R5QAR9YeTZ1H wO1OyCZjzJJBHFi/M1VKUbCiYkgHI38CRNaQvuNNdZbmS8exrcZaMxcWY1pNG+bx bIi88NgJPDv6LRnoCcv7Fq6qlgEuJtPjKnfrEgx51V96cyoO3wW0sn8qrwJVaj8B lwtrZYPBVWrKgJwyRjfgM3k6vRg+9HzZjI6YBqLMg0TkZFbodGl8FKzEBI+K5OzJ +3PPXWade9D/WHcsMJITbjhVTgWOnHbWC7YA4h42HEu06Mx0EgfT5z6y =fm6B -----END PGP SIGNATURE----- --UCFkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From jprice@cyberbuzz.gatech.edu Fri Oct 25 11:37:02 2002 From: jprice@cyberbuzz.gatech.edu (Jason Price) Date: Fri Oct 25 10:37:02 2002 Subject: Have key ID, but can't decrypt. Message-ID: <20021024172111.A1201@redfish.gatech.edu> I have a feeling I'm being stupid. When I 'gpg --list-keys', I get: > gpg --list-keys gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information /usr/local/home/jprice/.gnupg/pubring.gpg ----------------------------------------- pub 1024D/F64BA00C 2002-10-07 Jason Price sub 1024g/6B38F22C 2002-10-07 pub 1024D/FAD37ABE 2002-08-24 Edward Graham V sub 4096g/34B2393A 2002-08-24 However, when I try and decrypt a message, I get: > gpg --decrypt egr.1.pgp gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created 2002-08-24 "Edward Graham V " gpg: decryption failed: secret key not available gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created 2002-08-24 "Edward Graham V " gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created 2002-08-24 "Edward Graham V " gpg: decryption failed: secret key not available That "keyid" is in my key ring. Why can't I decrypt? Thanks for any help; Jason From twoaday@freakmail.de Fri Oct 25 11:52:01 2002 From: twoaday@freakmail.de (Timo Schulz) Date: Fri Oct 25 10:52:01 2002 Subject: Have key ID, but can't decrypt. In-Reply-To: <20021024172111.A1201@redfish.gatech.edu> References: <20021024172111.A1201@redfish.gatech.edu> Message-ID: <20021025085518.GA1386@daredevil.joesixpack.net> On Thu Oct 24 2002; 17:21, Jason Price wrote: > > gpg --decrypt egr.1.pgp > gpg: WARNING: using insecure memory! > gpg: please see http://www.gnupg.org/faq.html for more information > gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created 2002-08-24 > "Edward Graham V " > gpg: decryption failed: secret key not available > gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created 2002-08-24 > "Edward Graham V " > gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created 2002-08-24 > "Edward Graham V " > gpg: decryption failed: secret key not available > > That "keyid" is in my key ring. Why can't I decrypt? Yes, it's in your keyring but just the public part of it. The message doesn't seem to be encrypted with 2 keys (yours and his key) but just with the key 0x34B2393A. Timo From Ralf.Huels@schufa.de Fri Oct 25 11:59:02 2002 From: Ralf.Huels@schufa.de (Huels, Ralf SCORE) Date: Fri Oct 25 10:59:02 2002 Subject: AW: Have key ID, but can't decrypt. Message-ID: <51896D38E5E4D111BE560001FA68BA369FBB53@SBO1002> > I have a feeling I'm being stupid. Weeeelll... ;-)=20 =20 > gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created=20 > 2002-08-24 > "Edward Graham V " > gpg: decryption failed: secret key not available >=20 > That "keyid" is in my key ring. Why can't I decrypt? The cryptogram is encrypted with Edward Grahams public key. You need his secret key to decrypt. Unless he's a person you made up for testing purposes, you probably have only his=20 public key.=20 If you want to decrypt stuff you encrypted for other people=20 you have to specify _both_ your own and the other guy's key ID in the encryption phase. HTH. Tsch=FC=DF, Ralf From graham.todd@ntlworld.com Fri Oct 25 12:01:01 2002 From: graham.todd@ntlworld.com (Graham) Date: Fri Oct 25 11:01:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <001601c27bf8$62ce7a80$f92489c3@137.36.248> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210250536.32354.graham.todd@ntlworld.com> <001601c27bf8$62ce7a80$f92489c3@137.36.248> Message-ID: <200210251008.53222.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 25 Oct 2002 8:30 am, David Pic=F3n =C1lvarez wrote: > Now, I agree that encrypt/decrypt and sign/verify are not the only > things you need to do with gnupg. However, I must say, it is > completely alien to my sense of design to put those things in a MUA. > The use of a MUA is to ssend and receive e-mail and interface with > things like gnupg or s/mime or things that in some way "touch" the > mail so you don't have to do it yourself. A MUA is not a PKI > solution.=20 [snipped] AGREED! That's why I want a GUI to GPG and NOT have it in an MUA. I=20 was answering a post from somebody that said the GUI in an MUA was=20 sufficient. It is only sufficient for sending/receiving encrypted or=20 signed messages. GPG does far more than this. At present it only has a CLI; I would like=20 to see a GUI interface for these functions, even if in a different=20 package that interfaces with GPG. [snipped] > Let us recapitulate here. 1) You think the Windows interface is > adequate. 2) You think the Linux interface is not.=20 No, lets's get this correct. The CLI in both Windows and Linux is NOT=20 adequate for people to intuitively use it IMO. PGP has an edequate GUI=20 in Windows that could be improved, and both GPGShell and WinPT in=20 Windows are fairly adequate GUI front ends for GPG. They are more or=20 less intuitive and GPGShell can allow access to virtually all the=20 functions of GPG. In Linux, there is no GUI to GPG, adequate or=20 otherwise. >Let us pose this > question: what's the proportion of Windows gnupg users against Linux > gnupg users? Obviously, considering the difference in market share. I > hope the point is seen. Most Linux users, at least most of those I > know, aren't bothered by CLIs and use them extensively. Moreover, to > use the word confusing on a CLI is an incredible overstatement. I don't agree. There are more PGP users in the Windows environment than=20 GPG users because PGP has an approachable program with an intuitive=20 GUI. The number of Windows GPG users is growing...because there is an=20 adequate GUI for it and reasonable support for GPGShell in other=20 mailing lists and newsgroups. The problem for me is that neither=20 GPGShell or PGP is open source. The CLI is confusing to people coming=20 to Linux from Windows, although you have to learn to live with it. But=20 I am not asking for GPG users in Linux to abandon the CLI, I simply=20 want an adequate GUI to GPG as well so that it can be used by those=20 (like me) who prefer it. - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9uQoeIwtBZOk1250RAmRjAKDMFI2rHE4OMeutsqkJ4jamOYYqpQCdHvQ1 cyBOPjMu6Tp3z6jj8Da0hzU=3D =3Da0sb -----END PGP SIGNATURE----- From eleuteri@myrealbox.com Fri Oct 25 12:22:02 2002 From: eleuteri@myrealbox.com (=?iso-8859-1?Q?David_Pic=F3n_=C1lvarez?=) Date: Fri Oct 25 11:22:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210250536.32354.graham.todd@ntlworld.com> <001601c27bf8$62ce7a80$f92489c3@137.36.248> <200210251008.53222.graham.todd@ntlworld.com> Message-ID: <007f01c27c08$916393c0$f92489c3@137.36.248> --4vGkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi, Graham wrote a lot of stuff but I'm only quoting some: > No, lets's get this correct. The CLI in both Windows and Linux is NOT > adequate for people to intuitively use it IMO. PGP has an edequate GUI > in Windows that could be improved, and both GPGShell and WinPT in > Windows are fairly adequate GUI front ends for GPG. They are more or > less intuitive and GPGShell can allow access to virtually all the > functions of GPG. In Linux, there is no GUI to GPG, adequate or > otherwise. 1) The intuitiveness of a CLI is IMO akin to that of language. Since you're using abstract symbolic manipulation as opposed to metaphors, confusions are less common and ambiguity occurs seldom if ever. Now you may be thinking this is false or irrelevant or both, but just think about it. With commands, the statements have total precission whereas with metaphors (GUI-like interfaces are based on metaphors) things are not so very clear. For a non-critical program, a GUI is perfectly fine since it operates at higher level and you don't really worry about what happens below. A silly example is an html generator. However, for security-critical tools, you want (at least I do) to control the lowest possible level of operation because a wrong default or something missing in the "advanced options" GUIs use to have hidden somewhere your security could be compromised. > I don't agree. There are more PGP users in the Windows environment than > GPG users because PGP has an approachable program with an intuitive I don't believe so. There are more PGP users than gnupg users because of several other reasons, though: pgp is ages older. pgp was the first program from which the standard itself arose. pgp has been backed by relatively powerful security companies with a lot of mindshare. And, of course, because of some peoples paranoia that free software is evil and must be covered in bugs and trojans. > GUI. The number of Windows GPG users is growing...because there is an > adequate GUI for it and reasonable support for GPGShell in other > mailing lists and newsgroups. The problem for me is that neither Maybe I'm overestimating people but I tend to think that the number of Windows gpg users is growing because there is a higher degree of security awareness and because gpg is simply (from a functional standpoint) a better, more complete peace of software. > GPGShell or PGP is open source. The CLI is confusing to people coming > to Linux from Windows, although you have to learn to live with it. But > I am not asking for GPG users in Linux to abandon the CLI, I simply > want an adequate GUI to GPG as well so that it can be used by those > (like me) who prefer it. Obviously, everyone has the right to use whatever software they prefer and in whatever manner. I just think that: 1) spending gnupg's developers time in a GUI wouldn't be optimum resource allocation. 2) a gui may not be the best thing from a security standpoint. 3) I don't believe creating a gnupg gui for unix would increase its user base. Anyway, I don't want to seem fanatical or something. :-) --David. --4vGkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPbkOQ4Vy4iYQ9LKqFAJCiw/8CvHYprh+Q0q08LNwPqqPdw0TQ7h0Njyv VRBBVW6hCbd4H8NtTfwndeOARH0NaDA00TJpAMJYg0Wioo4jlyjPNU5h9SbHorbD NiK3ggKV3x8psFW5bVtGBkkufpZAk5NdEt11KL6azitpfRgCiRmwat5idtCrbcpe iU8WqCSLgdxs8ubZQlK+FU5CmQG+NraC30ibHMEEkcvFszbprX8KyotKJs4ECsgO HQ1gvqG4hSMCM5sxo6vgBv4MqkmJ8+EQszPxeDQpryD1M37MSLAC6bKA8oF7qbg1 4UEzWHZD82lr5MtugKsnNyBwNciFiAJTkW5WRI6h5Fvt4u4nUcU1bTrVxyTMbK8p a94+fSUZ0Zfn7yMtZhkCQ0zwrjnm5qIHx5r/HmMT7k+Nn968sg+U2xZwrywRSKDu ECg0o4ZwWULJv70+JOU1QOjHYDjjjTWtfwwRi/q/iTB/J58YjNtwkThMluNYNQFr pNbjJHL+WQ/neUz0XyGIPWafRalitBv2pKMT47jOqs/D2w1H6wkuOVcwsFntpWF6 0ew/rJdNNmFIk/+8gb95fhfOQa+xSsexEhzG6dZli6pBff3Sffo9U6ubSO03g5uc 9zDMipKSpN4Iz58cAqBDJrk2YymD8Dd/Jyua1EDO4TjezESdAeJeSyxAQsPEgvul GX1Exa30i5sP+QFt10LCBePNhG+kOvRgNXQ0ajWYie/YFkbByZiLh6F8PpU6HdS1 ULugQ4CPCmY9eR4VjdZm6/2S3PJkDUgsAOw0fLYE7k/YGme6DrVakb+mHOjIz6Qu +ZRJOBIm1aSZXuHV6rCSF3KRALDkanwxN8Jg0MEeOWZ7Ocjp27vwKpXa73J/0nc+ WB48M6v6/T+vymRe3TPnpmJEOvrN9ZIS0rjLFfoPsqIl2XcxraSzViax8py9RVku ieFelpwFK4jYlB1izGjeU3yMx1opTFFMh8fqDnG0xoULjg47ZT4pKMlYW/e++sy6 I5mtY//Yo7M8rh68AXPMEYaGCLRq7hXku83FaRIe7zuBhyM25qn2PZ97wUEPQEud si9femS53l0OE4eINMrpCUqpMjQ+cRcVPXvNEanPLHAzvNm0+L9ABop85bAfR0dK QTPhXo9r9OnhmsZWFIntQJgqM5AcirwCRCsksyNsCDUJ7moW5gunF994phoObZ+W D/Hg9jFmf4m/E8jvnS2Ip6BJcaA3IfBtgfWN1el/0DM9qGqYrqdnPTeCcguiPZoV BMPLtxUGy4AmHADkCXNslJxPzkUqk0GvbZWqLkVTp9uCHw+WiKbNEzDCq4hJO4Bs ZVqQsH1M+gq0onUkUnDXgD/CbZjA88xH6zH2IjvQmFdcTOFzFzTsrITJ =ME+3 -----END PGP SIGNATURE----- --4vGkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From davidtg-gnupg@justpickone.org Fri Oct 25 12:32:02 2002 From: davidtg-gnupg@justpickone.org (David T-G) Date: Fri Oct 25 11:32:02 2002 Subject: Have key ID, but can't decrypt. In-Reply-To: <20021024172111.A1201@redfish.gatech.edu> References: <20021024172111.A1201@redfish.gatech.edu> Message-ID: <20021025093344.GA38751@justpickone.org> --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jason -- =2E..and then Jason Price said... %=20 % I have a feeling I'm being stupid. Not stupid; just not practiced yet :-) %=20 % When I 'gpg --list-keys', I get: %=20 % > gpg --list-keys % gpg: WARNING: using insecure memory! % gpg: please see http://www.gnupg.org/faq.html for more information % /usr/local/home/jprice/.gnupg/pubring.gpg % ----------------------------------------- % pub 1024D/F64BA00C 2002-10-07 Jason Price % sub 1024g/6B38F22C 2002-10-07 %=20 % pub 1024D/FAD37ABE 2002-08-24 Edward Graham V % sub 4096g/34B2393A 2002-08-24 OK. So you have your public key and his public key. %=20 % However, when I try and decrypt a message, I get: %=20 % > gpg --decrypt egr.1.pgp =2E.. % gpg: encrypted with 4096-bit ELG-E key, ID 34B2393A, created 2002-08-24 % "Edward Graham V " % gpg: decryption failed: secret key not available =2E.. Looks like you don't have Edward's secret key. Not all that surprising, since only he is supposed to. What do you see when you run gpg --list-secret-keys instead? I'll bet a Twinkie that it's only your own. %=20 % That "keyid" is in my key ring. Why can't I decrypt? There are two key rings. Take a look in your .gnupg directory; there are interesting files in there :-) Remember for a moment how public key encryption works: a public key is used to garble the data, and only the matching private key can ungarble it. That means that even you, the encryptor, can't read the result if you only encrypt with someone else's public key, because you don't have the private key. As Ralf noted, you can also encrypt to yourself. Then you have the private key, and so gpg will ask for *your* passphrase and will be able to decrypt -- but as far as gpg is concerned that's about the same as only having it encrypted to your key and forgetting Edward's info, because you don't have that private key. I encrypt to myself by default in my options file; what's coming next shouldn't imply that it's a bad thing. You should be aware of it, though. When you encrypt to a user ID and someone gets a copy of that encrypted chunk, even though it's encrypted it still gives out some information: for *whom* it is encrypted. If you've encrypted to your key as well as the recipient's, then after just a few messages it can become very apparent that you are the one sending this stuff -- which you might not want at all. Of course, you can always turn off the encrypt-to-yourself part for those messages that shouldn't reveal your authorship, but then you can't read your kept copy of what you send. You might instead consider whipping up a key that never gets exported to servers that you use for this instead; you could even have multiple ones so you don't start leaving an obvious trail or connect your authorship, whoever you are (remember that nobody else has this public key), of messages to one person with authorship of messages to another. Using an MUA such as mutt, where you have very strong configuration capability, makes this pretty transparent, and of course once the message is encrypted gpg does all of the figuring out of how to decrypt it. %=20 % Thanks for any help; Sure thing! % Jason HTH & HAND :-D --=20 David T-G * There is too much animal courage in=20 (play) davidtg@justpickone.org * society and not sufficient moral courage. (work) davidtgwork@justpickone.org -- Mary Baker Eddy, "Science and Health" http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9uQ/4Gb7uCXufRwARAi08AJ4+zu01MZKKZrca5HwUstNnSXu3YgCfY8/m J1U1f36kLOP0gNhsmr3VN/A= =97N2 -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB-- From avbidder@fortytwo.ch Fri Oct 25 12:48:01 2002 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Fri Oct 25 11:48:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021024180658.E26803@asmoweb.hqda.pentagon.mil> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> Message-ID: <1035539354.9412.30.camel@altfrangg> --=-/2xINomEmd6FyGmfKZ8+ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-10-25 at 00:06, Anthony E. Greene wrote: [SSL works most of the time, because configured defaults are ok] > The fact is that WoT does not work well in a mass market deployment > scenario. Most people do not need the features that the WoT provides. > Some people do need those features, but most people don't, at least not > most of the time. [damn, what is WoT? For me it'll always be Wheel of Time ;-] OpenPGP works with a hierarchical trust structure equally well as with a peer2peer Web of Trust. Perhaps a good way to improve userfriendliness of pgp frontends would be to include and trust the keys of a few pgpcas by default. The installer should - force/encourage people to generate or import a key for them - add a few trusted pgpcas (and offer to sign their keys, so explicitely marking them as trusted would not be necessary - chose a good keyserver - offer links to pgpcas' instructions on how to get certified. (for the I-only-want-to-know-that-the-emnail-address-is-genuine case, a web based automatical certificate is sufficient, so people could actually use openpgp encryption within a few minutes.) No, I won't write the code, sorry. cheers -- vbi --=20 this email is protected by a digital signature: http://fortytwo.ch/gpg NOTE: keyserver bugs! get my key here: https://fortytwo.ch/gpg/92082481 --=-/2xINomEmd6FyGmfKZ8+ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iHQEABECADQFAj25E5otGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt YWlsLjIwMDIwODIyAAoJEIukMYvlp/fWjkYAoLLa3vgM/n/7TzM1xfQHgvMKyvYb AJ93qbAbGlYXLLW6Osk6arIK4sXdaw== =7GEI -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/gpg/policy/email.20020822 --=-/2xINomEmd6FyGmfKZ8+-- From avbidder@fortytwo.ch Fri Oct 25 13:03:02 2002 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Fri Oct 25 12:03:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <001601c27bf8$62ce7a80$f92489c3@137.36.248> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210240853.17601.graham.todd@ntlworld.com> <20021024175959.35cc8a20.k.raven@freenet.de> <200210250536.32354.graham.todd@ntlworld.com> <001601c27bf8$62ce7a80$f92489c3@137.36.248> Message-ID: <1035540260.20599.10.camel@altfrangg> --=-Qvufjm8+ra8ocBXqbNHh Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Yo! On Fri, 2002-10-25 at 09:30, David Pic=F3n =C1lvarez wrote: [key management functions don't belong in a MUA] While I agree with you that the Unix philosophy is for tools to do one thing, and that properly, the second half of it is that these tools can be combined. For the CLI this is the Unix shell pipe, for the GUI ???. A mailreader should read and send mail, yes. But when I tell the mailreader to encrypt mail whenever possible, it would be great when the mailer would try to encrypt: 'You want to encrypt to foo@bar.baz, however, no encryption key has been found in your keyring. However, there are these keys on the keyserver that match the email address: [ ] ...[userid here]... [ ] ... To ensure that foo@bar.baz will receive the message, it is important that blah blah blah about key trust, in a way that an average user should understand it.' Whether this dialog is displayed by the MUA or by an external key management application doesn't matter for the end user (yes, the latter would certainly be better). [Yes, I'm full of ideas today :-)] (Compare it to: a mailreader reads and sends mail, so managing mail accounts should also be able. If it encrypts and decrypts, managing keys should also be available). cheers -- vbi --=20 this email is protected by a digital signature: http://fortytwo.ch/gpg NOTE: keyserver bugs! get my key here: https://fortytwo.ch/gpg/92082481 --=-Qvufjm8+ra8ocBXqbNHh Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iHQEABECADQFAj25FyQtGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt YWlsLjIwMDIwODIyAAoJEIukMYvlp/fW4dsAn0xflODv9/e4w302vLhDEjFaEVoi AJsE3ti+ZAlY94BQOgeSv5QQ2UF+oQ== =WHqw -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/gpg/policy/email.20020822 --=-Qvufjm8+ra8ocBXqbNHh-- From ASMCALLEN1@aol.com Fri Oct 25 13:17:01 2002 From: ASMCALLEN1@aol.com (ASMCALLEN1@aol.com) Date: Fri Oct 25 12:17:01 2002 Subject: STOP SENDING ME MAIL Message-ID: <18a.102855ef.2aea7437@aol.com> From ASMCALLEN1@aol.com Fri Oct 25 13:18:01 2002 From: ASMCALLEN1@aol.com (ASMCALLEN1@aol.com) Date: Fri Oct 25 12:18:01 2002 Subject: PLEASE REMOVE ME FROM ANY AND ALL LISTS Message-ID: <43.13e1b531.2aea7490@aol.com> From graham.todd@ntlworld.com Fri Oct 25 14:27:01 2002 From: graham.todd@ntlworld.com (Graham) Date: Fri Oct 25 13:27:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <007f01c27c08$916393c0$f92489c3@137.36.248> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210251008.53222.graham.todd@ntlworld.com> <007f01c27c08$916393c0$f92489c3@137.36.248> Message-ID: <200210251235.18439.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 25 Oct 2002 10:26 am, David Pic=F3n =C1lvarez wrote: [snipped] > Obviously, everyone has the right to use whatever software they > prefer and in whatever manner. I just think that: 1) spending gnupg's > developers time in a GUI wouldn't be optimum resource allocation. 2) > a gui may not be the best thing from a security standpoint. 3) I > don't believe creating a gnupg gui for unix would increase its user > base. > > Anyway, I don't want to seem fanatical or something. :-) I'm not asking that gnupg developers spend their time on a GUI for GPG. =20 I think that there is a demand for a GUI to the functions of GPG in=20 Linux (as least from me and several other members of the PGP-Basics=20 List), and I'd like to see if it is a practical possibility. If it withers on the vine, then (clearly) I am in a small minority. But=20 I think that somebody should start the ball rolling to see. - --=20 Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE9uSxrIwtBZOk1250RAs6JAJ91Pvl2pokrRK1OfY6URhJpRrm3rgCgjREJ TH/dx/CPVxkfIt64d/zM8qU=3D =3Du5lh -----END PGP SIGNATURE----- From d_well@isuisse.com Fri Oct 25 14:57:02 2002 From: d_well@isuisse.com (d_well@isuisse.com) Date: Fri Oct 25 13:57:02 2002 Subject: (no subject) Message-ID: <200210251157.3184@th00.opsion.fr> I have a problem when I will verify a signature. I have signed a message with the command "gpgme_op_sign (GCtx, in, out, GPGME_SIG_MODE_CLEAR );" and after I verify with the command "gpgme_op_verify (GCtx, sig, text, &status );" The variable "in" and "text" are the same. And I take the signature part of the variable "out" and I put that in the variable "sig". Exemple of variable "sig" : -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iEYEARECAAYFAj24FOoACgkQLXJ8x2hpdzTQygCdGUpZghMIU0iRa 9nSjvhBk3YY +ZMAnRYr+bnObi+NnTRx5KXnW+Z3Pdw/ =3DgbrJ -----END PGP SIGNATURE----- Everytime I have the Error message "Verification Status: No Signature". How must do to have a good result when I verify a signature. From d_well@isuisse.com Fri Oct 25 14:57:07 2002 From: d_well@isuisse.com (d_well@isuisse.com) Date: Fri Oct 25 13:57:07 2002 Subject: problem with signature verify again Message-ID: <200210251158.1ea7@th00.opsion.fr> I have a problem when I will verify a signature. I have signed a message with the command "gpgme_op_sign (GCtx, in, out, GPGME_SIG_MODE_CLEAR );" and after I verify with the command "gpgme_op_verify (GCtx, sig, text, &status );" The variable "in" and "text" are the same. And I take the signature part of the variable "out" and I put that in the variable "sig". Exemple of variable "sig" : -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iEYEARECAAYFAj24FOoACgkQLXJ8x2hpdzTQygCdGUpZghMIU0iRa 9nSjvhBk3YY +ZMAnRYr+bnObi+NnTRx5KXnW+Z3Pdw/ =3DgbrJ -----END PGP SIGNATURE----- Everytime I have the Error message "Verification Status: No Signature". How must do to have a good result when I verify a signature. From dshaw@jabberwocky.com Fri Oct 25 15:47:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 25 14:47:01 2002 Subject: Have key ID, but can't decrypt. In-Reply-To: <20021025093344.GA38751@justpickone.org> References: <20021024172111.A1201@redfish.gatech.edu> <20021025093344.GA38751@justpickone.org> Message-ID: <20021025124743.GA14462@jabberwocky.com> On Fri, Oct 25, 2002 at 05:33:45AM -0400, David T-G wrote: > When you encrypt to a user ID and someone gets a copy of that encrypted > chunk, even though it's encrypted it still gives out some information: > for *whom* it is encrypted. If you've encrypted to your key as well as > the recipient's, then after just a few messages it can become very > apparent that you are the one sending this stuff -- which you might not > want at all. Another way to do this is the --throw-keyid option, which keeps using your own key for encryption, but removes the keyid so it can't be traced. Unfortunately, --throw-keyid acts on *all* keys used, and not specific ones so it would remove the keyid of the recipient as well. I should look at that. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From terry@georgiawebpro.com Fri Oct 25 16:55:01 2002 From: terry@georgiawebpro.com (GeorgiaWebPro.com) Date: Fri Oct 25 15:55:01 2002 Subject: Have key ID, but can't decrypt. In-Reply-To: <20021025124743.GA14462@jabberwocky.com> Message-ID: Newbie here... I'm using GnuPGExch for unencrypting emails. It works fine on my home computer but when I installed it on a client's computer I had problems. I imported the public and private keys through the DOS window fine, but it turns out the text files I imported were corrupt (I had sent them to a Yahoo email account to download at the client's office) - in binary form instead of ascii. So when I tested the unencryption, I got a message that looks like this: http://www.georgiawebpro.com/gpgerror.jpg (89k) After getting a good copy of the key text files, I tried re-importing the text files in the DOS window and that didn't work. I tried deleting the key from the GUI window in Outlook then re-importing the text files in the DOS window and that didn't work either. Then I tried uninstalling GnuPGExch and reinstalling and importing the text files again. I even deleted everything in the C:\Program Files\GnuPGExch folder, but still when unencrypting I get a screen similar to the above linked image. Can anyone give me some insight? Be gentle, I'm very new to this. Please, if you could, walk me through anything I may need to do. Gracious thanks, Terry From outerdarkness@softhome.net Fri Oct 25 17:27:01 2002 From: outerdarkness@softhome.net (Kevin Benko) Date: Fri Oct 25 16:27:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021023144401.GB14119@vekoll.saturnus.vein.hu> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> Message-ID: <5.1.1.6.2.20021025102753.00a30570@mail.SoftHome.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I had the unique pleasure of working for a small company in 1999-2000 where we were told that we *must* use encrypted email for certain inter-company communications. [then we were absorbed by a mega-corporation and mandatory encryption was no more....] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1rc1-nr1 (Windows 98) - GPGshell v2.45 Comment: Word Wrap at column 70 iD8DBQE9uVYkOZhWJy/RKGcRAz+2AJkBpf4mYbZVuRNBOWxkiiJ3236raQCfcB5/ kXE6h295WEiF8OlA8NJ6xrk= =+u8R -----END PGP SIGNATURE----- -- Kevin Benko "The men the American people admire most extravagantly are the most daring liars; the men they detest most violently are those who try to tell them the truth." -- H. L. Mencken From agreene@pobox.com Fri Oct 25 18:52:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Fri Oct 25 17:52:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <200210251235.18439.graham.todd@ntlworld.com>; from graham.todd@ntlworld.com on Fri, Oct 25, 2002 at 12:34:34PM +0100 References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210251008.53222.graham.todd@ntlworld.com> <007f01c27c08$916393c0$f92489c3@137.36.248> <200210251235.18439.graham.todd@ntlworld.com> Message-ID: <20021025115225.C28047@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25-Oct-2002/12:34 +0100, Graham wrote: >On Friday 25 Oct 2002 10:26 am, David Pic=F3n =C1lvarez wrote: > >[snipped] > >> Obviously, everyone has the right to use whatever software they >> prefer and in whatever manner. I just think that: 1) spending gnupg's >> developers time in a GUI wouldn't be optimum resource allocation. 2) >> a gui may not be the best thing from a security standpoint. 3) I >> don't believe creating a gnupg gui for unix would increase its user >> base. >> >> Anyway, I don't want to seem fanatical or something. :-) > >I'm not asking that gnupg developers spend their time on a GUI for GPG. = =20 Actually in this archived message http://lists.gnupg.org/pipermail/gnupg-users/2002-October/015575.html you said: "Surely its not beyond the expertise of those who produce such a=20 brilliant program an GnuPG to provide a GUI interface through which ALL=20 commands can be given and which (in Linux anyway) can be used as a=20 stand alone program to encrypt or sign emails even in MUAs without GPG=20 integration?" There's always the possibility of a misunderstanding, but it looks pretty much like you'd like the GnuPG developers to also develop a GUI for GnuPG. In the interest of fairness, I'd like to make note of the fact that later in the thread you volunteered to work with someone (not a GnuPG developer= ) on designing such a GUI. Tony - --=20 Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239= D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9uWixpCpg3WyUI50RAmbqAKD2ovrz57hcx8sZ6M0pfe1DjIhJOACfaFYP xIShprFfLYCmBSpUd5G+/KQ=3D =3DU9UA -----END PGP SIGNATURE----- From agreene@pobox.com Fri Oct 25 19:29:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Fri Oct 25 18:29:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <1035539354.9412.30.camel@altfrangg>; from avbidder@fortytwo.ch on Fri, Oct 25, 2002 at 11:49:14AM +0200 References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> Message-ID: <20021025122914.D28047@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25-Oct-2002/11:49 +0200, Adrian von Bidder wrote: > >Perhaps a good way to improve userfriendliness of pgp frontends would be >to include and trust the keys of a few pgpcas by default. Good idea. I think it might be better to offer the user an opportunity to choose keys to trust. There might be ethnic, religious, nationalistic, and/or other concerns about trusting certain CAs. >The installer should > - force/encourage people to generate or import a key for them > - add a few trusted pgpcas (and offer to sign their keys, so >explicitely marking them as trusted would not be necessary > - chose a good keyserver > - offer links to pgpcas' instructions on how to get certified. It should also make a revocation cert and backup copies of the keyrings and offer to put those on separate media. It seems to me that a shell script using "dialog" or a Tcl/Tk script may be able to do most or all of this. Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9uXFWpCpg3WyUI50RAm16AJ47l3TV5WlcuA8iKq1MOL3pqga2nwCfZCkV kBmnqatZ2NinrNGMAOp9MeE= =3aCm -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Fri Oct 25 19:46:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 25 18:46:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <1035539354.9412.30.camel@altfrangg> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> Message-ID: <20021025164633.GC16100@jabberwocky.com> On Fri, Oct 25, 2002 at 11:49:14AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > On Fri, 2002-10-25 at 00:06, Anthony E. Greene wrote: > > [SSL works most of the time, because configured defaults are ok] > > > The fact is that WoT does not work well in a mass market deployment > > scenario. Most people do not need the features that the WoT provides. > > Some people do need those features, but most people don't, at least not > > most of the time. > > [damn, what is WoT? For me it'll always be Wheel of Time ;-] > > OpenPGP works with a hierarchical trust structure equally well as with a > peer2peer Web of Trust. Perhaps a good way to improve userfriendliness > of pgp frontends would be to include and trust the keys of a few pgpcas > by default. Well, my key comes with GnuPG... if anyone finds themselves near Cambridge, Massachusetts in the US, I'd be glad to sign their key. There was talk about a email based robot CA a few months ago. It would check only the email address (by sending a challenge). An interesting idea, if done right. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Josh Huber Fri Oct 25 19:58:01 2002 From: Josh Huber (Josh Huber) Date: Fri Oct 25 18:58:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021025164633.GC16100@jabberwocky.com> (David Shaw's message of "Fri, 25 Oct 2002 12:46:33 -0400") References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> Message-ID: <871y6e78vv.fsf@mail.paradoxical.net> David Shaw writes: > There was talk about a email based robot CA a few months ago. It > would check only the email address (by sending a challenge). An > interesting idea, if done right. I think this is a great idea. (again, if done right) Was this discussion on this list, or elsewhere? -- Josh Huber From wk@gnupg.org Fri Oct 25 20:18:02 2002 From: wk@gnupg.org (Werner Koch) Date: Fri Oct 25 19:18:02 2002 Subject: [Announce]GnuPG 1.2.1 released Message-ID: <874rbawklz.fsf@alberti.g10code.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! We are pleased to announce the availability of GnuPG version 1.2.1. This is mainly a bug fix release. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. GnuPG 1.2.1 can be downloaded from the GnuPG main server or one of its mirror sites (see below or http://www.gnupg.org/mirrors.html). These source packages are available: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.1.tar.bz2 (1.8M) ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.1.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.0.tar.gz (2.5M) ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.0.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.0-1.2.1.diff.gz (374k) A patch file to upgrade a 1.2.0 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. We also provide one binary package build from the above source: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.2.1.zip (1.1M) ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.2.1.zip.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and comes without a graphical installer tool. You have to use an UNZIP utility to extract the files and install them manually. The included file README.W32 has further instructions. Please don't forget to check the integritry of the packages; either by verifying the provided signature or by comparing the MD5 checksum: e63add33e010b4224ba0841b21fe0bfe gnupg-1.2.1.tar.bz2 83e02b4905dab34c4dc25652936022f9 gnupg-1.2.1.tar.gz 0f57c5d13cc8c5cddcbfe9099d2551bc gnupg-1.2.0-1.2.1.diff.gz 00c9935497c69464e744bba030ce585f gnupg-w32cli-1.2.1.zip Here is a list of major user visible changes since 1.2.1: * The library dependencies for OpenLDAP seem to change fairly frequently, and GnuPG's configure script cannot guess all the combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to override the script and use the libraries selected. * Secret keys generated with --export-secret-subkeys are now indicated in key listings with a '#' after the "sec", and in --with-colons listings by showing no capabilities (no lowercase characters). * --trusted-key has been un-obsoleted, as it is useful for adding ultimately trusted keys from the config file. It is identical to using --edit and "trust" to change a key to ultimately trusted. * The usual bug fixes as well as fixes to build problems on some systems. Many thanks to Swebase AB for now hosting ftp.gnupg.org. Happy Hacking, The GnuPG team (David, Stefan, Timo and Werner) p.s. If you want to help with further development by donating money and you feel that Werner and his company g10 Code does a reasonable job please visit https://order.kagi.com/?P3G . Donations to the Free Software Foundations are also welcome, see: https://donate.fsf.org and http://fsfeurope.org/help/donate-2002.html Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/ Please use them if you can; new releases should show up on these servers within a day. This mirror list is also available at http://www.gnupg.org/mirrors.html Australia Australia ftp://ftp.planetmirror.com/pub/gnupg/ http://ftp.planetmirror.com/pub/gnupg/ Asia Japan ftp://ftp.ring.gr.jp/pub/pgp/ ftp://pgp.iijlab.net/pub/pgp/gcrypt/ http://www.ring.gr.jp/pub/pgp/gnupg/ ftp://ftp.ayamura.org/pub/gnupg/ Europe Austria ftp://gd.tuwien.ac.at/privacy/gnupg/ http://gd.tuwien.ac.at/privacy/gnupg/ Belgium ftp://gnupg.x-zone.org/pub/gnupg Czechia ftp://ftp.gnupg.cz/pub/gcrypt Denmark ftp://sunsite.dk/pub/security/gcrypt/ Finland ftp://ftp.jyu.fi/pub/crypt/gcrypt/ ftp://trumpetti.atm.tut.fi/gcrypt/ http://trumpetti.atm.tut.fi/gcrypt/ rsync://trumpetti.atm.tut.fi/gcrypt/ France ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/ Germany ftp://ftp.cert.dfn.de/pub/tools/crypt/gcrypt/ ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/ ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/ Greece ftp://hal.csd.auth.gr/mirrors/gnupg/ ftp://igloo.linux.gr/pub/crypto/gnupg/ Iceland ftp://ftp.hi.is/pub/mirrors/gnupg/ Italy ftp://ftp3.linux.it/pub/mirrors/gnupg/ ftp://ftp.linux.it/pub/mirrors/gnupg/ http://ftp3.linux.it/pub/mirrors/gnupg/ http://ftp.linux.it/pub/mirrors/gnupg/ rsync://ftp3.linux.it/gnupg/ rsync://ftp.linux.it/gnupg/ Netherlands ftp://ftp.demon.nl/pub/mirrors/gnupg/ ftp://ftp.surfnet.nl/pub/security/gnupg/ Switzerland ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/ United Kingdom ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/ http://www.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9uW/+bH7huGIcwBMRAvkcAJ9hwGc/T6+xAoQ6RKCIpAcJ6H/P6ACdEQ00 P5pDGs38ccpN8hX20y63QqE= =mB1n -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From dshaw@jabberwocky.com Fri Oct 25 20:32:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 25 19:32:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <871y6e78vv.fsf@mail.paradoxical.net> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> Message-ID: <20021025173225.GD16100@jabberwocky.com> On Fri, Oct 25, 2002 at 12:58:44PM -0400, Josh Huber wrote: > David Shaw writes: > > > There was talk about a email based robot CA a few months ago. It > > would check only the email address (by sending a challenge). An > > interesting idea, if done right. > > I think this is a great idea. (again, if done right) Was this > discussion on this list, or elsewhere? It was on the cryptography list, I believe, and a few other places (linux-elitists?) The basic idea was a web form where a user could paste their key or an email address to send it the key to. The program would then email a challenge string to each email address on the key. If the challenge came back signed by the user's key, then the program would sign that user ID with its own key. One gotcha we can avoid, if there are multiple levels of certification in the future, is to use a different signing key for each. That way users can trust the signing key for the exact service they want. I understand Thawte got this detail wrong when they set up their PGP signing service. Anyway, the basic idea is pretty clear, but the details are not. One signing key? Multiple signing keys? What if a signing key gets compromised? And so on... ;) I actually registered keysigners.org for the project back when it first came up. I happen to have a bit more free time nowadays (I'm also adding trust signatures to GnuPG), so perhaps I'll ressurect the idea. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Fri Oct 25 20:38:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 25 19:38:01 2002 Subject: Solaris error (bftest) In-Reply-To: <20021024225636.23664.qmail@web10706.mail.yahoo.com> References: <20021024225636.23664.qmail@web10706.mail.yahoo.com> Message-ID: <20021025173810.GF16100@jabberwocky.com> On Fri, Oct 25, 2002 at 12:56:36AM +0200, Marco Kunst wrote: > > Please, my compilation (Sun Solaris 5.8) found a error in this place: > > Undefined first referenced > symbol in file > socket ../cipher/libcipher.a(rndegd.o) > connect ../cipher/libcipher.a(rndegd.o) > ld: fatal: Symbol referencing errors. No output written to bftest > collect2: ld returned 1 exit status > make[2]: *** [bftest] Error 1 > make[2]: Leaving directory `/home/gnupg-1.2.0/tools' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/home/gnupg-1.2.0' > make: *** [all] Error 2 > > The list users can help me? > > (**Please CC to my email marcokunst@yahoo.fr**) This is fixed in the new GnuPG 1.2.1. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From terry@georgiawebpro.com Fri Oct 25 21:05:02 2002 From: terry@georgiawebpro.com (GeorgiaWebPro.com) Date: Fri Oct 25 20:05:02 2002 Subject: Imported Corrupt file? Message-ID: Sorry - I posted this a bit ago with an older Subject Line. I didn't see any feedback on my dilemma so I thought I would restate the Subject Line and give it another go. Can anyone help me *clear* these corrupt keys? If not, can any recommend me to someone or somewhere who could? I've read over the Manual here: http://www.gnupg.org/gph/en/manual.html but 95% of it is over my head. I've rarely used the DOS window. Maybe 10 times in my whole life. Hopefully you can understand why this is such a struggle for me. -----Original Message----- From: GeorgiaWebPro.com [mailto:terry@georgiawebpro.com] Sent: Friday, October 25, 2002 9:55 AM To: GnuPG Users' List Subject: RE: Have key ID, but can't decrypt. Newbie here... I'm using GnuPGExch for unencrypting emails. It works fine on my home computer but when I installed it on a client's computer I had problems. I imported the public and private keys through the DOS window fine, but it turns out the text files I imported were corrupt (I had sent them to a Yahoo email account to download at the client's office) - in binary form instead of ascii. So when I tested the unencryption, I got a message that looks like this: http://www.georgiawebpro.com/gpgerror.jpg (89k) After getting a good copy of the key text files, I tried re-importing the text files in the DOS window and that didn't work. I tried deleting the key from the GUI window in Outlook then re-importing the text files in the DOS window and that didn't work either. Then I tried uninstalling GnuPGExch and reinstalling and importing the text files again. I even deleted everything in the C:\Program Files\GnuPGExch folder, but still when unencrypting I get a screen similar to the above linked image. Can anyone give me some insight? Be gentle, I'm very new to this. Please, if you could, walk me through anything I may need to do. Gracious thanks, Terry From vedaal@lok.com Fri Oct 25 21:17:01 2002 From: vedaal@lok.com (vedaal@lok.com) Date: Fri Oct 25 20:17:01 2002 Subject: throw-keyid modification Message-ID: <200210251818.g9PIIDkJ026667@compute1.lok.com> >Date: Fri, 25 Oct 2002 08:47:43 -0400 >From: David Shaw >To: "GnuPG Users' List" >Subject: Re: Have key ID, but can't decrypt. >Another way to do this is the --throw-keyid option, which keeps using >your own key for encryption, but removes the keyid so it can't be >traced. Unfortunately, --throw-keyid acts on *all* keys used, and not >specific ones so it would remove the keyid of the recipient as well. >I should look at that. >David Disastry has this modification in 2.6.3 multi for the fake keyid commands, where each recipient (including the default encrypt to self) can have a fake or random id, and the 'real' recipient, the real id {example: pgp +fake_keyid=123456789abcdef -e file sender recipient} the message will be encrypted to the real key of the recipient, and the 'fake key' of the sender, gnupg will treat such an encrypted message as an ordinary one for the recipient, but will require '--try-all-secrets' for the sender to be able to decrypt. {requires an old v3 rsa key for experimentation, but can be generated in 2.6.3 multi 'without idea' as the preferred recipient} a possible modification might be to repeat the 'throw_keyid' command in front of each recipient for the completely anonymous throw-keyid message, and to just leave it out, before the sender's key, for the 'modified-anonymous- sender' feature {would love to see it, ;) } with Respect, vedaal From skquinn@speakeasy.net Fri Oct 25 21:28:02 2002 From: skquinn@speakeasy.net (Shawn K. Quinn) Date: Fri Oct 25 20:28:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <3DB6A89D.8030300@harvee.billerica.ma.us> References: <20021022.183045.9767.0.cwsiv_home1@juno.com> <3DB6A89D.8030300@harvee.billerica.ma.us> Message-ID: <200210251326.43749.skquinn@speakeasy.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday October 23 2002 08:48, Eric S. Johansson wrote: > that's not an entirely fair answer. Phone encryption isn't done > because people have an unrealistic expectation of privacy. Same is > true of postal mail; it's an envelope, it can't be easily snooped.=20 > e-mail is perceived as being hard to read on the wire because the > end-user can't see it except with their e-mail client. A good way of shattering this perception would be to use a program like=20 dsniff or Ethereal as part of a controlled demonstration on a closed =20 network (i.e. disconnected from the Internet) specifically dedicated to=20 the purpose. Outside of a controlled demonstration, of course, you run=20 the risk of violating laws such as the ECPA (in the US). To really hammer it home, it should be made clear that everything is=20 just peachy as long as you trust *every* person with the capability of=20 root/administrator access on the path between and including you, your=20 mail servers, your recipients' mail servers, and your recipient.=20 Finding out just how many people have root on e.g. AOL's or Earthlink's=20 mail servers will quickly show this group is much, much larger than=20 most people think, as in at least one order of magnitude larger. In theory, anyone can install Linux or one of the BSD variants on a=20 laptop, plug two network cards into it, configure it as a bridge, and=20 put it in front of a gateway with tethereal or tcpdump running full=20 time capturing everything that goes through it to disk. It is very=20 difficult to detect the difference between a legitimate dumb switch and=20 a laptop with two network cards conveniently set up to run a sniffer=20 and log everything. Also note that a bridge does not need an IP=20 address, and most attackers would in fact not want it to have one. (Do realize that actually doing this almost certainly violates policy at=20 any decent company and probably every single applicable law. I am=20 definitely not advocating anyone actually do what I described, far from=20 it, however I do want to make sure as many people as possible are aware=20 of the risk of sending unencrypted e-mail!) > I've often thought it would be "amusing" to capture e-mails in > transit to make them visible via a Web interface. Obviously one > would need a very good lawyer and plenty of $$ to defend yourself but > it would get the point across about e-mail not being private. This just seems too risky. Especially in the US, where we have laws like=20 the ECPA, this seems like a one-way ticket to prison (and bankruptcy if=20 a civil suit is filed as well). A controlled demonstration on a closed=20 network probably would not. > Now, more directly to Carl's question: > > 1) user interface sucks KMail seems easy enough. If only more programs were as user friendly. > 2) users will barely tolerate a single password and a pass phrase is > just plain rejected Well, they do so at their own risk, and I do not think it would be that=20 infeasible to brute force anything up to about three-word Diceware=20 passphrases. If they realized just how insecure a one-word "passphrase"=20 was, I think more would warm up to the idea. > 3) it's not integrated into the client delivered by the ISP Unfortunate, but not a total show-stopper. AOL is the worst offender=20 here, they don't even allow you to bring your own software to read AOL=20 e-mail. (You could always go get an account from HotPOP for $10/year=20 and a POP-capable e-mail program, but many will see it as not worth the=20 trouble.) > 4) it's too much like work to dig up keys of the other person I disagree. If I send you my key, all you have to do is copy and paste=20 into a running 'gpg --import'. If you have the right options in=20 gpg.conf, you might even get a version of the key sans things like=20 photographic user IDs automatically. This is the one thing I dislike=20 about KMail; it does not let you import keys easily. > 5) the user interface still sucks I agree somewhat that the console mode interface to GnuPG does suck.=20 Even I would like to see some form of native GUI interface(s) at some=20 point, and I have become accustomed to doing many things via CLI. > I'm encountering similar problems with the camram antispam system.=20 > I'm trying to figure out how to train system without letting the user > know that they're the training system. It's a challenge getting the > user to do anything different. > > As part of the camram system, I'm trying to address some of the > encrypted e-mail in transit issues. For example, I will be > propagating public keys as part of every message. I'm going to > ignore the whole key server infrastructure because it just won't > scale (think one public key per user per year, no revocation). Not sure just how workable this really is in practice. You'll have a lot=20 of useless keys before too long. We already have keys created with very=20 old versions of PGP that are still floating around on the keyservers. I=20 know at least two or three of the keys with my name on them (mostly=20 ones with FidoNet addresses) are completely useless, yet they live on.=20 Designing a system to generate bloat like that on purpose strikes me as=20 bordering on insane. > The next sacred cow to be slaughtered is I will not require any > passphrases. Yes, if an attacker gets in and steals the private key, > they can cause all sorts of mischief. The chances of the happening > are extremely low especially if we generate new keys on a regular > basis. This is still incredibly dangerous. At one time, I did not use=20 passphrases myself (in the pre-Diceware era). I can't believe I was=20 that naive at that time, even today, and thankfully did not use=20 PGP/GnuPG for anything very important at that time. Contrary to the usual saying, the passphrase requirement sacred cow=20 makes absolutely terrible hamburgers, and personally I flatly refuse to=20 trust a system that actively discourages or even prohibits users from=20 using passphrases. - --=20 Shawn K. Quinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9uYziQVXDBVmaIp0RAlqEAJ9ePBDiI/GCP9FAM0konTv4EAzQBgCcCCo1 6IJjPi1VdwKaAoL6pSuUd0U=3D =3DUZ2y -----END PGP SIGNATURE----- From Jason_Mantor@hesc.com Fri Oct 25 21:28:08 2002 From: Jason_Mantor@hesc.com (Jason_Mantor@hesc.com) Date: Fri Oct 25 20:28:08 2002 Subject: PGP 7.1.1 reports "bad signature" on messages from GnuPG ? Message-ID: Yep, Thansk : ) --force-v3-sigs seems to do the trick. I want to do some testing to see if that will mess up things for my trading partners usign GnuPG before I do this in production though. -JSM David Shaw cc: Sent by: Subject: Re: PGP 7.1.1 reports "bad signature" on messages from GnuPG ? gnupg-users-admin @gnupg.org 10/24/02 10:57 PM On Thu, Oct 24, 2002 at 01:16:18PM -0400, Jason_Mantor@hesc.com wrote: > > > > On Thu, Oct 24, 2002 at 11:02:35AM -0400, Jason_Mantor@hesc.com wrote: > >> I've read some older posts that say that older versions of PGP might be > >> looking for v3 sigs and not handle v4 sigs from GnuPG. Anyone know if > >> that's still the case for PGP 7.1.1 ? > > >I believe 7.1.1 handles it correctly, but try it and see ;) > > > My trading partner is telling me they are get this error : ( > I'm wondering if this is the cause ? It could be. Try using --pgp7 or --force-v3-sigs and see if it makes a difference. --pgp7 includes --force-v3-sigs so you don't need to set them both (no harm if you do though). David From rlaager@wiktel.com Fri Oct 25 21:52:02 2002 From: rlaager@wiktel.com (Richie Laager) Date: Fri Oct 25 20:52:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021025173225.GD16100@jabberwocky.com> Message-ID: <000801c27c57$b8dceb00$1ea63992@umcrookston.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: gnupg-users-admin@gnupg.org > [mailto:gnupg-users-admin@gnupg.org] On Behalf Of David Shaw > Sent: Friday, October 25, 2002 12:32 PM > To: Josh Huber > Subject: Re: E-Mail Encryption: Why Isn't Everyone Doing It? > One gotcha we can avoid, if there are multiple levels of > certification in the future, is to use a different signing key for > each. That way users can trust the signing key for the exact > service they want. Or, just use different levels of signatures (0x10, 0x11, 0x12, 0x13). Ideally, GPG would have a setting that allows one to specify distinct levels of trust on a per-person per-signature class level. This is something that I've always wanted to see implemented. I'm hoping to learn the GPG internals some day, so that I could implement this. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPbmS4W31OrleHxvOEQK+JgCeLheaJRs58PYqpCAqCiBWWBgglZEAn0Af R16rWrcj6r9kNH1gMkHLnJjk =pLFX -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Sat Oct 26 00:53:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Oct 25 23:53:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <000801c27c57$b8dceb00$1ea63992@umcrookston.edu> References: <20021025173225.GD16100@jabberwocky.com> <000801c27c57$b8dceb00$1ea63992@umcrookston.edu> Message-ID: <20021025215401.GB18289@jabberwocky.com> On Fri, Oct 25, 2002 at 01:52:51PM -0500, Richie Laager wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > -----Original Message----- > > From: gnupg-users-admin@gnupg.org > > [mailto:gnupg-users-admin@gnupg.org] On Behalf Of David Shaw > > Sent: Friday, October 25, 2002 12:32 PM > > To: Josh Huber > > Subject: Re: E-Mail Encryption: Why Isn't Everyone Doing It? > > > One gotcha we can avoid, if there are multiple levels of > > certification in the future, is to use a different signing key for > > each. That way users can trust the signing key for the exact > > service they want. > > Or, just use different levels of signatures (0x10, 0x11, 0x12, 0x13). > Ideally, GPG would have a setting that allows one to specify distinct > levels of trust on a per-person per-signature class level. This is > something that I've always wanted to see implemented. I'm hoping to > learn the GPG internals some day, so that I could implement this. That's another possibility, but I'd want things to work well with PGP as well, and PGP doesn't do signature levels. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From jharris@widomaker.com Sat Oct 26 02:09:01 2002 From: jharris@widomaker.com (Jason Harris) Date: Sat Oct 26 01:09:01 2002 Subject: automated userid certifications (was Re: E-Mail Encryption: Why Isn't Everyone Doing It?) In-Reply-To: <20021025173225.GD16100@jabberwocky.com> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> Message-ID: <20021025230941.GC674@pm3-35.lft.widomaker.com> --Izn7cH1Com+I3R9J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 25, 2002 at 01:32:26PM -0400, David Shaw wrote: > The basic idea was a web form where a user could paste their key or an > email address to send it the key to. The program would then email a > challenge string to each email address on the key. If the challenge > came back signed by the user's key, then the program would sign that > user ID with its own key. (NB: http://biglumber.com/ doesn't sign keys, and AIUI there aren't any plans for it to, but it does verify email addresses via challenge/response now.) Instead of trying to keep track of PGP keys making userid certifications in automated systems, would a new signature class (0x14 - email address verified via challenge/response) be advisable? I've already issued a few 0x12 (casually checked) signatures instead of 0x13 (carefully checked) signatures to handle this situation... > first came up. I happen to have a bit more free time nowadays (I'm (Are you sure you should be admitting to this? :) --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --Izn7cH1Com+I3R9J Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9uc81SypIl9OdoOMRAur8AJ0ePknSi8Yb34fSxf5v5+ToKSa0zwCffdTP OLr1APgkIzVFeYz6UzgbDXc= =4tgG -----END PGP SIGNATURE----- --Izn7cH1Com+I3R9J-- From dshaw@jabberwocky.com Sat Oct 26 02:22:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 26 01:22:01 2002 Subject: automated userid certifications (was Re: E-Mail Encryption: Why Isn't Everyone Doing It?) In-Reply-To: <20021025230941.GC674@pm3-35.lft.widomaker.com> References: <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> <20021025230941.GC674@pm3-35.lft.widomaker.com> Message-ID: <20021025232246.GA21503@jabberwocky.com> On Fri, Oct 25, 2002 at 07:09:42PM -0400, Jason Harris wrote: > On Fri, Oct 25, 2002 at 01:32:26PM -0400, David Shaw wrote: > > > The basic idea was a web form where a user could paste their key or an > > email address to send it the key to. The program would then email a > > challenge string to each email address on the key. If the challenge > > came back signed by the user's key, then the program would sign that > > user ID with its own key. > > (NB: http://biglumber.com/ doesn't sign keys, and AIUI there aren't any > plans for it to, but it does verify email addresses via challenge/response > now.) > > Instead of trying to keep track of PGP keys making userid certifications > in automated systems, would a new signature class (0x14 - email address > verified via challenge/response) be advisable? I've already issued > a few 0x12 (casually checked) signatures instead of 0x13 (carefully > checked) signatures to handle this situation... I'd rather use 0x11, as a new signature class would have a serious backwards compatibility problem. 0x11 is pretty good for this purpose. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From eleuteri@myrealbox.com Sat Oct 26 02:25:02 2002 From: eleuteri@myrealbox.com (=?Windows-1252?Q?David_Pic=F3n_=C1lvarez?=) Date: Sat Oct 26 01:25:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? Message-ID: <003401c27c7e$65245a80$f92489c3@137.36.248> --pFTkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Hi, I remember having come up with an idea of the sort and posted here and most people thought it wasn't very useful because it was far too weak. If people think it's still a useful thing to have then I'd like to make a couple of points here: > The basic idea was a web form where a user could paste their key or an > email address to send it the key to. The program would then email a > challenge string to each email address on the key. If the challenge > came back signed by the user's key, then the program would sign that > user ID with its own key. There's a program that does something close enough to this at hushmail, for free. Unfortunately, hushmail's certification key is not on the keyservers so it's not streight forward to verify the signature. I suppose it would be possible to a) extract the key from hushmail and send it to a keyserver though that would be rude or 2) convince hushmail to send its key. As well, biglumber.com has a similar mechanism for account creation though it doesn't culminate with a certifying signature, but just with the validation of the account. I've been thinking that if there would be a trojan or something on the machine of the user most security would still be lost anyway, but I've been thinking of ways to de-automatize the process just enough to ensure human intervention. Among what I have thought of are to ask for a number which is contained on a graphic (the graphic would have to be noisified a bit), to ask for a number contained in a sound sample, or to ask for easy questions (ideally one-time) that anyone should know or at least could find out in google in 1 min like who's the president of the US or what country is Berlin in? > One gotcha we can avoid, if there are multiple levels of certification > in the future, is to use a different signing key for each. That way > users can trust the signing key for the exact service they want. I > understand Thawte got this detail wrong when they set up their PGP > signing service. Good idea. BTW, why is it so that we can't use thawte? At least I've been told so. --David. --pFTkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPbnT84Vy4iYQ9LKqFAJADhAAthTZ43GxQ1ahZdlyqRjq5FSgUv4YZYVN sM3Fl7G6QScboWLkRFo91puA+69+9ayNYyltAYwWGbIC2SQK0xPY3UAhiwi7z3np n6dGx0NFWTOPAJ7t+ekklBzZBwIyjZ8wbd7JSgCQ9fFt5NjLV3xCokqOPr4qZ2Uz 3NilEqG4jF4e6LIP2wQ4KA5DQIMx/RSYubVr7VhMES67oIAyR26E3F2E3yqhrqEk QG9Qd83UyJwUKg/RUgGoBBCUWnJrz0JMltoQsCQ9gtoewvGB69HRhCVh2YkaoE8J 8hoK+wHA1rLAPcUCVbPqRwL0U3bilnuktbNANuF5rW4VAGpdH2a3/jivqlOnZd+8 rqocVlRq94YUX+OedfqVkSfFcO6RxNIRZ2NuQ6u0m7z+L+jMgiTE3mh07F2ev342 lorQ5aA42Qcnj3/Kgvvbi5S4nX9sJP1hgeGle09j0oTRQeuLu89SyDq6AsfPbUI8 BUXI0E3BBLuJt+FKLzUw+HSeZAFn2aKiPwmtH7lP2+CALnJweiuFPUM+/844RtSR Q186JnfnOJsTDypwFplmubEoTrM3JwLW+q0KHhLHE9XcngV8dtDmDEygg6gOyhsz OafhwHbj0EQqyVVuKyEk61dvy1Mu/Y9p2NkWy2lpWF6/sfhpy814DXvoy1qRvdKP dJTjFasvjw4P/0EA5hsVLIeQkWgdB2O35egw89nW69vhZqr/U8v/PxSS7MKiyswE V9jfdnD+XWr8wbPycM0kyYAX9qHlMwBqjhFpoUXMMKw50noVNL+xa/6VU3CnXavE rlCo6WJRtRNkwaXO58KkElq+ZrGXTm9xH2jjOPSHr+a2z2viEWgzTyBbcszsgDja XBLRhkOOSHum64QYeHHshQX8bPQ4pSbSZpb3TS6DDPZECBT6CulhAAsYow1D4O5a PCwRvPX9weIdnmOJ4RYu05pTzJ9dN/9/HdTydPYnFqtdLuKf6PDHrPupgvmtKCzJ 7YdzC0j90Bbfp6urgouWu3V8RIXbReBW51YbwwV0gv2zwDfh2VynBWzPm5oE8zi3 IhWnftkL902EbcR92B9XQSTcedvA9r2h3bNW7+fUjulJELB/v5cqBn4/TgLHetHu S8icQaa8kScw8WQQKwbgePokkqyFXLuUiZIo3ZYkkUbmtwS9KPI/X+NeFG+B/2HA Yld/BldwjSEbOBCYG3wTcxh+TKnCI8qNv1d7gwkG/TmuSANYkF6Y0SYworB3M/dH vtAbq1CTKBha1STdiSqymiOIVdyNLT8rXisXxdyq5jMPfIFBJzMBK6QeOMAlRGcM DEt6zslTyv8wO8QPiPIQB/43wB42r9fT0df8u2xJpUhC1dFMB6aHHRWf =yQQG -----END PGP SIGNATURE----- --pFTkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From eleuteri@myrealbox.com Sat Oct 26 04:35:01 2002 From: eleuteri@myrealbox.com (=?Windows-1252?Q?David_Pic=F3n_=C1lvarez?=) Date: Sat Oct 26 03:35:01 2002 Subject: maximum keylength Message-ID: <003a01c27c90$83734660$f92489c3@137.36.248> --M0Vkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Hi, Just a couple of questions: 1) Does openpgp establish a maximum keylength for rsa or elgamal keys? I understand DSA is a fixed 1024 key. 2) I've read somewhere of versions of pgp that can generate 8192 length keys. Can gnupg work with them? And why not allow generation? Is it a limitation of the way the mathematics are done or is it just because piling up more bits is not very useful any more? --David. --M0Vkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQQXAwUAPbnyVoVy4iYQ9LKqFAKIUA//S1FDsu2HWqFLCeagLVi7O1xgQAJ2m6eM 01JG2cQUudQ/TzksUtWXGc9uW6sb9HIYYRJZQPiMMHGaw3hLVMGYWgFW+89Czqqf thgkTe8rofDg8advusOtMDi+avIBYAvnT3uLRbNn5wkairRZChx/S0uchDB8th/z fG25ZN81CBZKE34B3gltBKAnrPKgWouv51isUXm8humLxYvkmJANBSZvq3WidkHj EuARI8EHJYUuj0X/fnqDqHNQOqfvgl2ltkRYGhSzg6K0SjnjAJwH2m7Aglym/r9n ddyxoYyPNRNatvU7XIDCebjYd3YeZ5PjG99iJA525nMxXSTfwH4x5nL6G1A1Etz5 BpsCUor3PB3e9PGCxzGqovDBuU2fg523Lgty/UbUWauh/CJ3xVaWMskCfPOhJwWN FDzAy0GR573ytqzkrVwNFTr3uehLDGCqA30d1omPd7UNXDc2+U7a7MVuK1UXUt6H ISMPIzugbLwjsMLUjeUW8SSiEiwH32rWDQ5InZkdNpXyfOZOxEz4gQEIWZkb59GE A1qqPvySYXkK0M76QRvpEL4BWpQNPvZaRjJzW+jDb6ry8KYeLd22NiH453RI/QwA zgbHITnFuIDo2YTLqYcDAcENu2xraFwQ/9m5zMyXylS0jemH7P+j/B1FiG9mqzEs 8CQCLiCNo54P/R+p5lUJ12K0/Z1M8Pv5Kr5jNMUxeXuWo4BzB/3slzC0bcbgo4LI mBonZClSixtDIGStVJVuTlgZA91qLceyGS6Q0gTthMFFU/uNUIg7GH8pkRJk30Jp xk5eX2HF7WApsmDr8A/+SgT60+kczlk6jzbELWVMXbn9+1galG/QG6w6XsvbYHAw peEdKzPXSnO8YXvQIe+B39LwG3Hmtgje7jLyNLPB0Cffc7KQ1BfO6xViNv+RkfJY /JtZ9g3Yg3hnS3YPJpraJ5aYeMKkTbiM6cNRL0BlO7Pkfrv8XwxbFxf/AAakFlDg pqVgyjlDHvYiZV0UpM80vMd5qXCbkmYg3O/+FMc9luTzHKLgSwcYQ5HF1GDavlLc IiFkbKR7pJ1HSBOECrzTPlZzqEPVzXyLJtEjiv1U/lS3eLIqfgvrdwTzepzUM68a bgO6nBhBfftaMCQ4iEfuointeOxBFMbaWkI+IbBMSAKXVnlyOOVlyEnEUVLKLgIh ScfKaqE8KKjN3VZVJMtyaoCD+NGwK4R/PVcOAnFT5cg54S9K7YlJfiw12DrD6IoM q0lHLMetuygLGv13F0q+yhg4e4C6x3COplopKXEsZwV4MWScWv1+d6yaD7R/uf7h G5M+ib8Vv5v+evIxBBBpIGXBJDlNqe8wnebrGhjTVTQOM/v/av5Fr9RC =XXNG -----END PGP SIGNATURE----- --M0Vkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU-- From wk@gnupg.org Sat Oct 26 12:15:02 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Oct 26 11:15:02 2002 Subject: automated userid certifications In-Reply-To: <20021025232246.GA21503@jabberwocky.com> (David Shaw's message of "Fri, 25 Oct 2002 19:22:46 -0400") References: <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> <20021025230941.GC674@pm3-35.lft.widomaker.com> <20021025232246.GA21503@jabberwocky.com> Message-ID: <87n0p1v9ym.fsf@alberti.g10code.de> On Fri, 25 Oct 2002 19:22:46 -0400, David Shaw said: > I'd rather use 0x11, as a new signature class would have a serious > backwards compatibility problem. 0x11 is pretty good for this Add notation data or better an policy URL to describe this certification policy. Shalom-Salam, Werner From wk@gnupg.org Sat Oct 26 12:19:02 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Oct 26 11:19:02 2002 Subject: maximum keylength In-Reply-To: <003a01c27c90$83734660$f92489c3@137.36.248> (David =?iso-8859-1?q?Pic=F3n_=C1lvarez's?= message of "Sat, 26 Oct 2002 02:39:22 +0100") References: <003a01c27c90$83734660$f92489c3@137.36.248> Message-ID: <87k7k5v9ti.fsf@alberti.g10code.de> On Sat, 26 Oct 2002 02:39:22 +0100, David Picón Álvarez said: > 1) Does openpgp establish a maximum keylength for rsa or elgamal keys? I > understand DSA is a fixed 1024 key. No. Howerver certain lengths don't make sense because the security is more than just the number key bits. > 2) I've read somewhere of versions of pgp that can generate 8192 length > keys. Can gnupg work with them? And why not allow generation? Is it a There are some memory constraints which could easily be lifted. Large keys are an annoyance for users with slower CPUs (think of signature verification and encryption). Salam-Shalom, Werner From dshaw@jabberwocky.com Sat Oct 26 15:07:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 26 14:07:01 2002 Subject: automated userid certifications In-Reply-To: <87n0p1v9ym.fsf@alberti.g10code.de> References: <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> <20021025230941.GC674@pm3-35.lft.widomaker.com> <20021025232246.GA21503@jabberwocky.com> <87n0p1v9ym.fsf@alberti.g10code.de> Message-ID: <20021026120740.GA23209@jabberwocky.com> On Sat, Oct 26, 2002 at 11:13:53AM +0200, Werner Koch wrote: > On Fri, 25 Oct 2002 19:22:46 -0400, David Shaw said: > > > I'd rather use 0x11, as a new signature class would have a serious > > backwards compatibility problem. 0x11 is pretty good for this > > Add notation data or better an policy URL to describe this > certification policy. I thought about this, but again it's a PGP problem because PGP ignores policy URLs :( I'm currently thinking about doing 0x11, a policy URL, and a policy URL in the (parentheses) as part of the user ID. Cover all bases.. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From johanw@vulcan.xs4all.nl Sat Oct 26 16:18:01 2002 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sat Oct 26 15:18:01 2002 Subject: Win32 DLL load error with 1.2.1 Message-ID: <200210261313.PAA00213@vulcan.xs4all.nl> Hello, After upgrading gpg.exe on my win2000 system, it complained it could not load ADVAPI32 although ADVAPI32.DLL is present in the path it showed in the error box. However, when I copied ADVAPI32.DLL to ADVAPI32 (without the DLL extension), it worked (but then it gpg complained it could not load kernel32, etc. Any idea what's wrong here? Is this something with gpg.exe, or with my system? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From didier@saint-avold-net.com Sat Oct 26 18:47:02 2002 From: didier@saint-avold-net.com (Didier) Date: Sat Oct 26 17:47:02 2002 Subject: Error with w32 gpg 1.2.1 binaries Message-ID: <001601c27d07$0008e060$f3490d50@lemien> This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C27D17.C342F420 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, I update gpg 1.2.0 with 1.2.1 and i get this message "Library ADVAPI32 not found in path...." but this library is on my hardrive in a folder in path anybody can help me please ------=_NextPart_000_0013_01C27D17.C342F420 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello,
 
I update gpg 1.2.0 with 1.2.1 and i = get this=20 message
 
"Library ADVAPI32 not found in=20 path...."
 
but this library is on my hardrive in = a folder in=20 path
 
anybody can help me=20 please
------=_NextPart_000_0013_01C27D17.C342F420-- From k.raven@freenet.de Sat Oct 26 19:08:01 2002 From: k.raven@freenet.de (Kai Raven) Date: Sat Oct 26 18:08:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <200210250536.32354.graham.todd@ntlworld.com> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210240853.17601.graham.todd@ntlworld.com> <20021024175959.35cc8a20.k.raven@freenet.de> <200210250536.32354.graham.todd@ntlworld.com> Message-ID: <20021026181005.6618bbf3.k.raven@freenet.de> Hello Graham, On Fri, 25 Oct 2002 05:36:18 +0100 you wrote: > [snipped] > > But on the other side, all MUAs under Linux have a good support for > > all necessary GnuPG functions > No, they are adequate for encryption and signing, decryption and > verifying emails, nothing more. I have not yet seen any MUA which > would allow me to locally sign a key and update trust....which are > "necessary" GPG functions that is what i wanted to say, all necessary GnUPG functions for e-mail communication are implemented in the most MUA's and 'for the rest' in the meaning of file encryption, key management etc. > >You are switching from > > Windows to Linux? You have to learn & love the console - sooner or > > later ;o)) > No, I've switched (over a year ago) and I use Linux exclusively. I > enjoy the ease and speed of the console for some things and not for > others. I would like to see a GUI for GPG...its that simple. My sentence above wasn't directed to you, but to all new linux users like me (using Linux since 3 months) Ciao Kai -- WWW:http://kai.iks-jena.de/ GPG-Key: 0x60F3882F / 0x076C65282 ICQ:146714798 From johanw@vulcan.xs4all.nl Sat Oct 26 19:39:02 2002 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sat Oct 26 18:39:02 2002 Subject: Build error on gpg 1.3.0 Message-ID: <200210261635.SAA07174@vulcan.xs4all.nl> I'm trying to compile gpg 1.3.0 on my Linux libc5 system, kernel 2.0.38, gcc 2.7.2.2. I get the following errors: Making install in keyserver make[1]: Entering directory /tmp/gnupg-1.3.0/keyserver' gcc -g -O2 -Wall -o gpgkeys_hkp gpgkeys_hkp.o ../util/libutil.a ../util/libutil.a(miscutil.o): In function `answer_is_yes_no_default': /tmp/gnupg-1.3.0/util/miscutil.c:296: undefined reference to `gettext' /tmp/gnupg-1.3.0/util/miscutil.c:297: undefined reference to `gettext' /tmp/gnupg-1.3.0/util/miscutil.c:298: undefined reference to `gettext' /tmp/gnupg-1.3.0/util/miscutil.c:299: undefined reference to `gettext' ../util/libutil.a(miscutil.o): In function `answer_is_yes_no_quit': /tmp/gnupg-1.3.0/util/miscutil.c:331: undefined reference to `gettext' ../util/libutil.a(miscutil.o):/tmp/gnupg-1.3.0/util/miscutil.c:332: more undefined references to `gettext' follow make[1]: *** [gpgkeys_hkp] Error 1 make[1]: Leaving directory /tmp/gnupg-1.3.0/keyserver' make: *** [install-recursive] Error 1 Configure was done with ./configure --with-included-zlib --prefix=/usr/local/lib/gnupg-1.3 --enable-tiger -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dshaw@jabberwocky.com Sat Oct 26 19:47:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 26 18:47:01 2002 Subject: Build error on gpg 1.3.0 In-Reply-To: <200210261635.SAA07174@vulcan.xs4all.nl> References: <200210261635.SAA07174@vulcan.xs4all.nl> Message-ID: <20021026164803.GA27703@jabberwocky.com> On Sat, Oct 26, 2002 at 06:35:20PM +0200, Johan Wevers wrote: > I'm trying to compile gpg 1.3.0 on my Linux libc5 system, kernel 2.0.38, > gcc 2.7.2.2. I get the following errors: > > Making install in keyserver > make[1]: Entering directory /tmp/gnupg-1.3.0/keyserver' > gcc -g -O2 -Wall -o gpgkeys_hkp gpgkeys_hkp.o ../util/libutil.a > ../util/libutil.a(miscutil.o): In function `answer_is_yes_no_default': > /tmp/gnupg-1.3.0/util/miscutil.c:296: undefined reference to `gettext' > /tmp/gnupg-1.3.0/util/miscutil.c:297: undefined reference to `gettext' > /tmp/gnupg-1.3.0/util/miscutil.c:298: undefined reference to `gettext' > /tmp/gnupg-1.3.0/util/miscutil.c:299: undefined reference to `gettext' > ../util/libutil.a(miscutil.o): In function `answer_is_yes_no_quit': > /tmp/gnupg-1.3.0/util/miscutil.c:331: undefined reference to `gettext' > ../util/libutil.a(miscutil.o):/tmp/gnupg-1.3.0/util/miscutil.c:332: more > undefined references to `gettext' follow Edit keyserver/Makefile.am and change the gpgkeys_hkp_LDADD line to read: gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ @INTLLIBS@ Then re-run ./configure David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Sat Oct 26 19:49:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Oct 26 18:49:02 2002 Subject: Build error on gpg 1.3.0 In-Reply-To: <20021026164803.GA27703@jabberwocky.com> References: <200210261635.SAA07174@vulcan.xs4all.nl> <20021026164803.GA27703@jabberwocky.com> Message-ID: <20021026164926.GB27703@jabberwocky.com> On Sat, Oct 26, 2002 at 12:48:03PM -0400, David Shaw wrote: > On Sat, Oct 26, 2002 at 06:35:20PM +0200, Johan Wevers wrote: > > I'm trying to compile gpg 1.3.0 on my Linux libc5 system, kernel 2.0.38, > > gcc 2.7.2.2. I get the following errors: > > > > Making install in keyserver > > make[1]: Entering directory /tmp/gnupg-1.3.0/keyserver' > > gcc -g -O2 -Wall -o gpgkeys_hkp gpgkeys_hkp.o ../util/libutil.a > > ../util/libutil.a(miscutil.o): In function `answer_is_yes_no_default': > > /tmp/gnupg-1.3.0/util/miscutil.c:296: undefined reference to `gettext' > > /tmp/gnupg-1.3.0/util/miscutil.c:297: undefined reference to `gettext' > > /tmp/gnupg-1.3.0/util/miscutil.c:298: undefined reference to `gettext' > > /tmp/gnupg-1.3.0/util/miscutil.c:299: undefined reference to `gettext' > > ../util/libutil.a(miscutil.o): In function `answer_is_yes_no_quit': > > /tmp/gnupg-1.3.0/util/miscutil.c:331: undefined reference to `gettext' > > ../util/libutil.a(miscutil.o):/tmp/gnupg-1.3.0/util/miscutil.c:332: more > > undefined references to `gettext' follow > > Edit keyserver/Makefile.am and change the gpgkeys_hkp_LDADD line to > read: > > gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ @INTLLIBS@ > > Then re-run ./configure Rather, run automake, *then* ./configure :) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Sat Oct 26 19:51:02 2002 From: wk@gnupg.org (Werner Koch) Date: Sat Oct 26 18:51:02 2002 Subject: [Announce]GnuPG 1.2.1 Windows update Message-ID: <87adl1uqe7.fsf@alberti.g10code.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Due to a bug in the recent mingw32/cpd toolkit the latest GnuPG binary for Windows did not work on Windows NT. I have build a new binary which is available at the primary server and hopefully soon at the mirrors. Please use this new version: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.2.1-1.zip ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.2.1-1.zip.sig md5sum is: d385797fd71e7fec960cd6fafbde4044 gnupg-w32cli-1.2.1-1.zip The old version (w/o the "-1" suffix) has been removed from the server. Note that the source is still the same, only the toolkit changed. To build it yourself, you need the latest mingw32/cpd from *CVS* - a new tarball will be available in a few days. It is also possible to use the old 0.3.1 version of the toolkit, but this won't build the LDAP support. Shalom-Salam, Werner -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9ur/hbH7huGIcwBMRAjI0AJ9seErjNzKBWLk360kdKsaAzsCaiQCfU78Q e9NCBnx+4wRl3Gzw4SokW/M= =6oju -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From peter.schuller@infidyne.com Sat Oct 26 20:01:01 2002 From: peter.schuller@infidyne.com (Peter Schuller) Date: Sat Oct 26 19:01:01 2002 Subject: STOP SENDING ME MAIL In-Reply-To: <18a.102855ef.2aea7437@aol.com> References: <18a.102855ef.2aea7437@aol.com> Message-ID: <20021026180157.GB11872@prometheus.scode.org> You have gotten yourself subscribed to a mailinglist. I will resist the urge to be rude about your rude mail to the list and simply point you to the following information which is part of every e-mail coming from the list: List-Unsubscribe: , -- / Peter Schuller, InfiDyne Technologies HB PGP userID: 0xE9758B7D or 'Peter Schuller ' Key retrival: Send an E-Mail to getpgpkey@scode.org E-Mail: peter.schuller@infidyne.com Web: http://www.scode.org From peter.schuller@infidyne.com Sat Oct 26 20:02:02 2002 From: peter.schuller@infidyne.com (Peter Schuller) Date: Sat Oct 26 19:02:02 2002 Subject: STOP SENDING ME MAIL In-Reply-To: <20021026180157.GB11872@prometheus.scode.org> References: <18a.102855ef.2aea7437@aol.com> <20021026180157.GB11872@prometheus.scode.org> Message-ID: <20021026180308.GC11872@prometheus.scode.org> Argh!!! Sorry, that should have been in private. -- / Peter Schuller, InfiDyne Technologies HB PGP userID: 0xE9758B7D or 'Peter Schuller ' Key retrival: Send an E-Mail to getpgpkey@scode.org E-Mail: peter.schuller@infidyne.com Web: http://www.scode.org From jharris@widomaker.com Sun Oct 27 00:13:02 2002 From: jharris@widomaker.com (Jason Harris) Date: Sat Oct 26 23:13:02 2002 Subject: automated userid certifications (was Re: E-Mail Encryption: Why Isn't Everyone Doing It?) In-Reply-To: <20021025232246.GA21503@jabberwocky.com> References: <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> <20021025230941.GC674@pm3-35.lft.widomaker.com> <20021025232246.GA21503@jabberwocky.com> Message-ID: <20021026211355.GB327@pm13-28.lft.widomaker.com> --tjCHc7DPkfUGtrlw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 25, 2002 at 07:22:46PM -0400, David Shaw wrote: > On Fri, Oct 25, 2002 at 07:09:42PM -0400, Jason Harris wrote: > > Instead of trying to keep track of PGP keys making userid certifications > > in automated systems, would a new signature class (0x14 - email address > > verified via challenge/response) be advisable? I've already issued > > a few 0x12 (casually checked) signatures instead of 0x13 (carefully > > checked) signatures to handle this situation... >=20 > I'd rather use 0x11, as a new signature class would have a serious > backwards compatibility problem. 0x11 is pretty good for this > purpose. [RFC wording] "0x11: Persona certification of a User ID and Public Key packet. The issuer of this certification has not done any verification of the claim that the owner of this key is the user ID specified." So a 0x11 signature really means that a person's first and last name, if given, weren't verified (against a photo ID), but the rest of the signed (hashed) data in the (public key and userid) packet(s) is being certified, right? Thank you for pointing this out. [GPG wording] "How carefully have you verified the key you are about to sign actually bel= ongs to the person named above? If you don't know what to answer, enter "0". (0) I will not answer. (default) (1) I have not checked at all. (2) I have done casual checking. (3) I have done very careful checking." This wording throws me off though. I feel that I have verified something when I'm certifying an email <-> key connection, whether or not a first and last name ("person named above") are given in the userid packet. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --tjCHc7DPkfUGtrlw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9uwWRSypIl9OdoOMRAsJUAJ93Cv4GHL317PZ9uUFR3LTk8ZwYXQCfRD4r 3x78REaVXGCcnDmc9Lrqlfs= =OGsX -----END PGP SIGNATURE----- --tjCHc7DPkfUGtrlw-- From jdbeyer@exit109.com Sun Oct 27 01:31:02 2002 From: jdbeyer@exit109.com (Jean-David Beyer) Date: Sun Oct 27 00:31:02 2002 Subject: Is Enigmail supposed to work with Mozilla-1.0.1--2.7.3 from Red Hat? Message-ID: <3DBB17DA.4080306@exit109.com> Red Hat's up2date updated my Mozilla from 0.9.9 or something like that to 1.0.1-2.7.3 recently. It would not update until I uninstalled some rpms from Enigmail. I am running Red Hat Linux 7.3, with all the updates I would expect to get from their up2date program. So I went to Enigmail's site: http://enigmail.mozdev.org/download.html and tried to download the stuff for 1.0.1 Red Hat, and the stuff will not install. This is what they say, apparently for me: If you are using a Mozilla 1.0/1.0.1, or Netscape 7 on Windows, Linux, or Solaris, choose (other systems snipped): Linux/x86 RPM (for Red_Hat_7x RPM Mozilla build from mozilla.org): Download and install the following two RPMs: mozilla-enigmail-0.63.3-1.i386.rpm, mozilla-enigmime-0.63.0-1_rh7x.i386.rpm It complains as follows: valinux:root[/opt/Downloaded/Mozilla]# rpm -Uvh mozilla-enigm* error: failed dependencies: mozilla = 1.0.0 is needed by mozilla-enigmail-0.63.3-1 mozilla-mail = 1.0.0 is needed by mozilla-enigmail-0.63.3-1 mozilla = 1.0.0 is needed by mozilla-enigmime-0.63.0-1 mozilla-mail = 1.0.0 is needed by mozilla-enigmime-0.63.0-1 mozilla-psm = 1.0.0 is needed by mozilla-enigmime-0.63.0-1 I suppose the trouble is that I am using a Red_Hat_7.3 Mozilla build from Red Hat and not from Mozilla.org. Do I just wait around for them to come up with new RPMs that will use mozilla 1.0.1? The previous Mozilla build (the 0.9.9 one) worked with the enigmail rpm download. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ Registered Machine 73926. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 6:20pm up 9 days, 6:50, 2 users, load average: 2.32, 2.19, 1.81 From apapadop@cmu.edu Sun Oct 27 02:39:01 2002 From: apapadop@cmu.edu (Alexandros Papadopoulos) Date: Sun Oct 27 02:39:01 2002 Subject: Is Enigmail supposed to work with Mozilla-1.0.1--2.7.3 from Red Hat? In-Reply-To: <3DBB17DA.4080306@exit109.com> References: <3DBB17DA.4080306@exit109.com> Message-ID: <200210262139.59961.apapadop@cmu.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 26 October 2002 18:31, Jean-David Beyer wrote: > I suppose the trouble is that I am using a Red_Hat_7.3 Mozilla build > from Red Hat and not from Mozilla.org. Do I just wait around for them t= o > come up with new RPMs that will use mozilla 1.0.1? The previous Mozilla > build (the 0.9.9 one) worked with the enigmail rpm download. Why not rid yourself of distribution-specific dependencies? Install Mozilla from mozilla.org, and then install enigmail from=20 enigmail.mozdev.org and you'll be fine. FYI, enigmail works even with the latest Mozilla (1.2b) - -A - --=20 http://andrew.cmu.edu/~apapadop/pub_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9u0PvgmAMwQt1gmURAh+fAJ9vTT423jHLAgBFR5l3qpPEYOeNqwCfWTY5 dhNj3UIwehCCFb1Ta2aYgnw=3D =3Daxe8 -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Sun Oct 27 03:57:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Oct 27 03:57:01 2002 Subject: automated userid certifications (was Re: E-Mail Encryption: Why Isn't Everyone Doing It?) In-Reply-To: <20021026211355.GB327@pm13-28.lft.widomaker.com> References: <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> <20021025230941.GC674@pm3-35.lft.widomaker.com> <20021025232246.GA21503@jabberwocky.com> <20021026211355.GB327@pm13-28.lft.widomaker.com> Message-ID: <20021027025729.GB16062@jabberwocky.com> On Sat, Oct 26, 2002 at 05:13:55PM -0400, Jason Harris wrote: > On Fri, Oct 25, 2002 at 07:22:46PM -0400, David Shaw wrote: > > On Fri, Oct 25, 2002 at 07:09:42PM -0400, Jason Harris wrote: > > > > Instead of trying to keep track of PGP keys making userid certifications > > > in automated systems, would a new signature class (0x14 - email address > > > verified via challenge/response) be advisable? I've already issued > > > a few 0x12 (casually checked) signatures instead of 0x13 (carefully > > > checked) signatures to handle this situation... > > > > I'd rather use 0x11, as a new signature class would have a serious > > backwards compatibility problem. 0x11 is pretty good for this > > purpose. > > [RFC wording] > "0x11: Persona certification of a User ID and Public Key packet. > The issuer of this certification has not done any verification > of the claim that the owner of this key is the user ID > specified." > > So a 0x11 signature really means that a person's first and last name, > if given, weren't verified (against a photo ID), but the rest of the > signed (hashed) data in the (public key and userid) packet(s) is being > certified, right? It means only what it says. It's a semantic difference, not a functional difference. The user ID is being certified, because there is a signature being made at all, but the semantic meaning of that certification is "I'm making this signature, but I didn't check what I'm certifying". RFC-1991 defines it as "This key was created by someone who has told me that he is this user" which is perhaps a better way to look at it. > [GPG wording] > "How carefully have you verified the key you are about to sign actually belongs > to the person named above? If you don't know what to answer, enter "0". > > (0) I will not answer. (default) > (1) I have not checked at all. > (2) I have done casual checking. > (3) I have done very careful checking." > > This wording throws me off though. I feel that I have verified something > when I'm certifying an email <-> key connection, whether or not a first > and last name ("person named above") are given in the userid packet. Yes. However I think the 0x11 "I haven't checked", is closer to the right value than the 0x12 "I casually checked". It's all a matter of the opinion of the *signer*, so it would be equally appropriate for it to be a 0x13 - if the email checking robot considered checking email "very careful" ;) David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From jharris@widomaker.com Sun Oct 27 16:10:02 2002 From: jharris@widomaker.com (Jason Harris) Date: Sun Oct 27 16:10:02 2002 Subject: automated userid certifications In-Reply-To: <20021026120740.GA23209@jabberwocky.com> References: <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> <20021025230941.GC674@pm3-35.lft.widomaker.com> <20021025232246.GA21503@jabberwocky.com> <87n0p1v9ym.fsf@alberti.g10code.de> <20021026120740.GA23209@jabberwocky.com> Message-ID: <20021026213803.GC327@pm13-28.lft.widomaker.com> --lCAWRPmW1mITcIfM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 26, 2002 at 08:07:40AM -0400, David Shaw wrote: > On Sat, Oct 26, 2002 at 11:13:53AM +0200, Werner Koch wrote: > > On Fri, 25 Oct 2002 19:22:46 -0400, David Shaw said: > >=20 > > > I'd rather use 0x11, as a new signature class would have a serious > > > backwards compatibility problem. 0x11 is pretty good for this > >=20 > > Add notation data or better an policy URL to describe this > > certification policy. >=20 > I thought about this, but again it's a PGP problem because PGP ignores > policy URLs :( >=20 > I'm currently thinking about doing 0x11, a policy URL, and a policy > URL in the (parentheses) as part of the user ID. Cover all bases.. [Bcc'd to gnupg-users, but please continue this on keyanalyze-discuss.] My main concern is being able to detect certifications only on email addresses in the keyanalyze reports. 0x11 signatures, whether generated by automated systems or humans, are quite easy to filter. I already know about the Thawte Freemail program, but are there other automated systems that have signed PGP keys (esp. enough keys to have an effect on keyanalyze MSDs)? Such signatures could be filtered based on the issuing keyid. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --lCAWRPmW1mITcIfM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9uws6SypIl9OdoOMRArtTAJ9oT/A8Iv2u1SWjZ032+JkaBCKHdwCfYhXG ExEcI/RvOuSs6BoeFCJXzbU= =/76K -----END PGP SIGNATURE----- --lCAWRPmW1mITcIfM-- From cova@ferrara.linux.it Mon Oct 28 00:38:01 2002 From: cova@ferrara.linux.it (Fabio Coatti) Date: Mon Oct 28 00:38:01 2002 Subject: [Announce]RPMs Message-ID: <200210280009.54175.cova@ferrara.linux.it> I'm currently uploading RPMs packages for gnupg 1.2.1. At this moment I've uploaded src and mdk 9.0 packages. The latter is built with gcc 2.96. There is no support for ldap helper, to avoid dependencies issues. I'm planning to upload ldap enabled packages in a short time. I've seen some patches for spec files posted on mailing list; if someone has patches for the actual spec file and want to see it applied, I'll be more than happy to update the spec file itself, with full credito to contributors, of course :)); just send the diff file to my address. URLs: ftp://crypto.ferrara.linux.it/pub/gpg/gnupg-1.2.1-1mdk90.i586.rpm ftp://crypto.ferrara.linux.it/pub/gpg/gnupg-1.2.1-1.src.rpm The packages are signed with my GPG key -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From George@Schoelles.com Mon Oct 28 04:54:01 2002 From: George@Schoelles.com (George Schoelles) Date: Mon Oct 28 04:54:01 2002 Subject: 1.2.1 Message-ID: <20021027194234.A99C.GEORGE@Schoelles.com> The windows v1.2.1 gives a "can not find avapi32.dll" error whereas 1.2.0 does not under win2k. any thoughts? -- George Schoelles From wk@gnupg.org Mon Oct 28 12:06:01 2002 From: wk@gnupg.org (Werner Koch) Date: Mon Oct 28 12:06:01 2002 Subject: 1.2.1 In-Reply-To: <20021027194234.A99C.GEORGE@Schoelles.com> (George Schoelles's message of "Sun, 27 Oct 2002 19:44:36 -0800") References: <20021027194234.A99C.GEORGE@Schoelles.com> Message-ID: <87adkyltbp.fsf@alberti.g10code.de> On Sun, 27 Oct 2002 19:44:36 -0800, George Schoelles said: > The windows v1.2.1 gives a "can not find avapi32.dll" error whereas > 1.2.0 does not under win2k. Did you use the gnupg-w32cli-1.2.1-1.zip (note the "-1") or the original one? From George@Schoelles.com Mon Oct 28 15:43:01 2002 From: George@Schoelles.com (George Schoelles) Date: Mon Oct 28 15:43:01 2002 Subject: Re[2]: 1.2.1 In-Reply-To: <87adkyltbp.fsf@alberti.g10code.de> References: <20021027194234.A99C.GEORGE@Schoelles.com> <87adkyltbp.fsf@alberti.g10code.de> Message-ID: <20021028062844.6E22.GEORGE@Schoelles.com> > On Sun, 27 Oct 2002 19:44:36 -0800, George Schoelles said: > > > The windows v1.2.1 gives a "can not find avapi32.dll" error whereas > > 1.2.0 does not under win2k. > > Did you use the gnupg-w32cli-1.2.1-1.zip (note the "-1") or the > original one? > OK, I did not realize I was extracting the older version although I had downloaded the correct copy. All seems well know. Thank you, -- George Schoelles From mwood@IUPUI.Edu Mon Oct 28 16:20:01 2002 From: mwood@IUPUI.Edu (Mark H. Wood) Date: Mon Oct 28 16:20:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <1035387996.3729.22.camel@furiona> Message-ID: On 23 Oct 2002, Peter Schuller wrote: [snip] > E-Mail is also like postal mail. You have no way of knowing who sent it > - unless you trust a return address which can be faked as easily as it > can be real. A while back, when someone was sending anthrax spores through the mail over here, I actually spent some time thinking about whether cryptographic signatures could be adapted to verification of the return address on physical mail. I gave up when I realized that, not being trained in cryptography, I didn't trust my own answers. [snip] > I believe users (and others...) must be taught to respect security and > understand the basic principles of trust that are a fact of life - with > or without computers. I'm going to teach my children such things, so maybe that's a start. :-/ -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu MS Windows *is* user-friendly, but only for certain values of "user". From terry@scps81.com Mon Oct 28 16:20:14 2002 From: terry@scps81.com (Terry Maltos) Date: Mon Oct 28 16:20:14 2002 Subject: Corrupt File? Message-ID: Can anyone help me *clear* these corrupt keys? If not, can any recommend me to someone or somewhere who could? I've read over the Manual here: http://www.gnupg.org/gph/en/manual.html but 95% of it is over my head. I've rarely used the DOS window. Maybe 10 times in my whole life. Hopefully you can understand why this is such a struggle for me. I'm using GnuPGExch for unencrypting emails. It works fine on my home computer but when I installed it on a client's computer I had problems. I imported the public and private keys through the DOS window fine, but it turns out the text files I imported were corrupt (I had sent them to a Yahoo email account to download at the client's office) - in binary form instead of ascii. So when I tested the unencryption, I got a message that looks like this: http://www.georgiawebpro.com/gpgerror.jpg (89k) After getting a good copy of the key text files, I tried re-importing the text files in the DOS window and that didn't work. I tried deleting the key from the GUI window in Outlook then re-importing the text files in the DOS window and that didn't work either. Then I tried uninstalling GnuPGExch and reinstalling and importing the text files again. I even deleted everything in the C:\Program Files\GnuPGExch folder, but still when unencrypting I get a screen similar to the above linked image. **Note: I tried this again. It would not let me delete 2 .dll files in this folder. I'm assuming I need to delete those as well since this is still not working. True? Can anyone give me some insight? Be gentle, I'm very new to this. Please, if you could, walk me through anything I may need to do. Gracious thanks, Terry From Patrick.Tchoquessi@iem.fh-friedberg.de Mon Oct 28 16:38:01 2002 From: Patrick.Tchoquessi@iem.fh-friedberg.de (Patrick Tchoquessi) Date: Mon Oct 28 16:38:01 2002 Subject: gnupg1.0.5 gpa0.4.3 Message-ID: Hello , may somebody tell why I get this failure by running GPA: can ' t open `/root/.gnupg/keyservers`: No such file or directory. I'm working on suse linux 8.0 can I just "touch" this file Patrick From mwood@IUPUI.Edu Mon Oct 28 16:43:02 2002 From: mwood@IUPUI.Edu (Mark H. Wood) Date: Mon Oct 28 16:43:02 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> Message-ID: On Thu, 24 Oct 2002, Anthony E. Greene wrote: [snip interior quote] > Have you taken a look at the GnuPG manual lately? GnuPG can do lots of > things that PGP cannot do. There is no way to reproduce all those options > in a GUI and still have an easy to use interface. Sure there is. You put all of the simple, popular stuff on the front of the interface and provide more-advanced stuff on other tabs, "Advanced" buttons, wizards, etc. according to the complexity of the material. > In the last 24 hours two > options were added in reponse to a user with a lost public key. If that > kind of responsiveness had to be put on hold because it would take too > long to put it into an GUI, then GnuPG would not be as good as it is. Why should GUI development have any effect on the answering of questions about the commandline interface? The GUI goop should just be a wrapper around the commandline tool. > In any case, the features you are referring to will not be used by 90%+ of > users. They will not care about trust values or key management. They won't > know anything about their keyrings and won't care. Nor should they. This > stuff does not need a good interface. It needs to drop out of sight. It > needs to become as transparent and automatic as SSL. I must disagree. EVERY feature should have a good user interface. One of the things which make a UI good is correctly identifying the "90%+ of users will never want this" options and placing them on a portion of the interface which the user must explicitly request. > People don't care about the interface for managing SSL keys and certs and I do, and I'm considering writing a comprehensive GUI for the openssl command which will keep track of all 69,000 options for me so I won't have to remember or relearn them on the 2-3 occasions every year when I want them. Yes, I know it'll be a big job, but I'd happily spend two hours coding rather than one hour to do the same thing manually, even just to do it once. > they shouldn't have to care about the interface for managing OpenPGP keys > and certs. This stuff should be built into mail software the same way SSL > is built into browsers. The way SSL is built into browsers is precisely what makes it not terribly useful in that setting. I would like a *lot* more control over this aspect of my browser; I just don't want it to all spring out at me every time I select a link. And I want my email to work similarly. -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu MS Windows *is* user-friendly, but only for certain values of "user". From steve-gnupg@gbnet.net Mon Oct 28 18:11:02 2002 From: steve-gnupg@gbnet.net (Steve Kennedy) Date: Mon Oct 28 18:11:02 2002 Subject: 1.2.1 In-Reply-To: <20021028062844.6E22.GEORGE@Schoelles.com> References: <20021027194234.A99C.GEORGE@Schoelles.com> <87adkyltbp.fsf@alberti.g10code.de> <20021028062844.6E22.GEORGE@Schoelles.com> Message-ID: <20021028150403.GC25558@ns.gbnet.net> Fails to build on SunOS 4.1.4 gcc -O2 -L/usr/local/lib -L/usr/local/lib -o mpicalc mpicalc.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a ../intl/libintl.a -liconv -ldl -lz ld: Undefined symbol _mpihelp_rshift ___udiv_qrnnd _mpihelp_add_n _mpihelp_lshift collect2: ld returned 2 exit status Steve -- NetTek Ltd Flat 2, 43 Howitt Road, Belsize Park, London NW3 4LU, UK tel +44-(0)20 7483 1169 fax +44-(0)20 7483 2455 mob 07775 755503 SMS steve-pager (at) gbnet.net [body] gpg 1024D/468952DB 2001-09-19 From johanw@vulcan.xs4all.nl Mon Oct 28 21:51:02 2002 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Mon Oct 28 21:51:02 2002 Subject: 1.2.1 In-Reply-To: <20021027194234.A99C.GEORGE@Schoelles.com> from George Schoelles at "Oct 27, 2002 07:44:36 pm" Message-ID: <200210281648.RAA00706@vulcan.xs4all.nl> George Schoelles wrote: > The windows v1.2.1 gives a "can not find avapi32.dll" error No, it will give a "can not find avapi32" error, without the ".dll". If you copy "avapi32.dll" to "avapi32" it will work (but then it will complain about the next dll it can't load). -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From agreene@pobox.com Mon Oct 28 22:07:01 2002 From: agreene@pobox.com (Anthony E. Greene) Date: Mon Oct 28 22:07:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: ; from mwood@IUPUI.Edu on Mon, Oct 28, 2002 at 10:43:58AM -0500 References: <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> Message-ID: <20021028160725.A9011@asmoweb.hqda.pentagon.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28-Oct-2002/10:43 -0500, "Mark H. Wood" wrote: >On Thu, 24 Oct 2002, Anthony E. Greene wrote: >[snip interior quote] >> Have you taken a look at the GnuPG manual lately? GnuPG can do lots of >> things that PGP cannot do. There is no way to reproduce all those options >> in a GUI and still have an easy to use interface. > >Sure there is. You put all of the simple, popular stuff on the front of >the interface and provide more-advanced stuff on other tabs, "Advanced" >buttons, wizards, etc. according to the complexity of the material. If the GUI is just a wrapper, then that's true. If the GUI is part of the program, then it should prevent certain combinations of input, provide warnings, and otherwise behave as an integral part of GnuPG. That is not nearly so simple. Designing wizards to ask the right questions and process input is tedious, and often complicated. Tcl/Tk and java make usable cross platform GUIs. There is at least one person who is willing to work on this kind of project, but it's not me. I have built just enough end user apps to know very well that there is a significant PITA factor in designing apps that must reliably process input from potentially clueless users. >> In the last 24 hours two >> options were added in reponse to a user with a lost public key. If that >> kind of responsiveness had to be put on hold because it would take too >> long to put it into an GUI, then GnuPG would not be as good as it is. > >Why should GUI development have any effect on the answering of questions >about the commandline interface? The GUI goop should just be a wrapper >around the commandline tool. It wasn't a matter of answering a question. The application code was updated to add a feature in response to a post on this list. The interface change was a relatively simple matter of allowing another command line option. Fitting those same options into a GUI is not necessarily so simple. [snipped reasonable disagreement with my SSL examples] Tony - -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: Linux: the choice of a GNU Generation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQE9vacMpCpg3WyUI50RAgsIAKDyXzNTwHo4+h2BKV+1WS0/O+5VPQCfQuJs NnEl6sKnqP8+jsGz7ex7DVc= =c/cv -----END PGP SIGNATURE----- From james@brocs.org Tue Oct 29 02:53:02 2002 From: james@brocs.org (James A DePrisco) Date: Tue Oct 29 02:53:02 2002 Subject: Problems with Public Key Message-ID: <200210290154.g9T1s9F26487@weba2.sunvirtual.com> I am using Kmail with gpg. I have been able to send encrypted emails to other recipients no problem. However, I downloaded a new public key and when I try to encrypt with Kmail, the "show encryped results" window shows no encryption. When I tried another key, it worked fine. Another thing, this person was able to send me an encrypted email using my public key. Her public key was generated via PGPfreeware 6.0.2i. I am using Mandrake Linux 8.2 and I am a newbie. The one thing to consider is that the holder of the key has a latin name so there is a "\"character in the key name for a special character. Her name is Nunez and this is shown as "N\xf1ez" in the key name. Perhaps this is throwing things off. Please help. Thanks. From avbidder@fortytwo.ch Tue Oct 29 09:43:01 2002 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Oct 29 09:43:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <20021025173225.GD16100@jabberwocky.com> References: <92BE0AA5B56B5849AFE716631DA5102E01A79B99@tgserve1> <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> Message-ID: <1035881071.640.14.camel@altfrangg> --=-s1T0HT9iYTkOeB2JRNy2 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-10-25 at 19:32, David Shaw wrote: > The basic idea was a web form where a user could paste their key or an > email address to send it the key to. The program would then email a > challenge string to each email address on the key. If the challenge > came back signed by the user's key, then the program would sign that > user ID with its own key. 0x11 signatures were mentioned, I'd agree to that. Also, policy URLs (With the openpgp standard purposely /not/ defining the meaning of a signature, I feel that every signature should have a policy URL (or some other way of stating what it means). I'd propose that the CA-bot only sign userids with *only* the email address, to make it clear that no binding between email address and any real name is confirmed. But I wouldn't recommend requiring any special comment on the userid - the userid should be usable to collect other signatures on it as well. > One gotcha we can avoid, if there are multiple levels of certification > in the future, is to use a different signing key for each. That way > users can trust the signing key for the exact service they want. I > understand Thawte got this detail wrong when they set up their PGP > signing service. I'd prefer multiple signing keys over the 0x[123] signature thing, too. The default userid of the key should make it clear which certification was issued. cheers -- vbi --=20 this email is protected by a digital signature: http://fortytwo.ch/gpg NOTE: keyserver bugs! get my key here: https://fortytwo.ch/gpg/92082481 --=-s1T0HT9iYTkOeB2JRNy2 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iHQEABECADQFAj2+Sm4tGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt YWlsLjIwMDIwODIyAAoJEIukMYvlp/fWnG8AoOd2M6EvlnvLIdEUcjcGBKJDi7fX AJ0cqgz3pnNVDRg4hH7nRCLKFBVBCA== =5eU2 -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/gpg/policy/email.20020822 --=-s1T0HT9iYTkOeB2JRNy2-- From rabbito@san.rr.com Tue Oct 29 10:34:01 2002 From: rabbito@san.rr.com (rabbito@san.rr.com) Date: Tue Oct 29 10:34:01 2002 Subject: Multiple keyring support In-Reply-To: <20020515155549.GD9193@justpickone.org> References: <20020513164309.GF22953@justpickone.org> <20020515155549.GD9193@justpickone.org> Message-ID: <20021027173327.GA9370@san.rr.com> On Wed, May 15, 2002 at 10:55:49AM -0500, David T-G wrote: > Hi, all -- > > ...and then David T-G said... > % > % Perhaps as a result but perhaps simply coincidentally, any received keys > % end up in my primary ring instead of in the catch-all ring (or even the > % last ring listed). Gaack. > > I think I have it all worked out. Boy o boy was this was brutal. > > It appears that even if there is no options file and there is a keyring > explicitly listed on the command line, like > > gpg --options /dev/null --keyring pubring.catch-all-keys.gpg --import > > or so, the imported key will drop into the default pubring.gpg keyring. > Adding --no-default-keyring takes care of that -- but then, of course, > one doesn't have a default keyring, so you have to go back and list the > default keyring in the options file (or on the command line if you're > using no options). > > Furthermore, in 1.0.6 and before, an imported key would be added to the > last ring in the list in the options file, so something like > > keyring pubring.gpg > keyring pubring.foo.gpg > ... > keyring pubring.catch-all-keys.gpg > > would put the new key in the catch-all ring as expected with a simple > > gpg --import > > and then display all keys in the order listed when --list-keys was > specified. [Note that it actually wasn't a good idea to list the default > ring because it would be read twice, thereby confusing the trustdb, and > thus causing gpg to exit with an error code 2 even after a successful > verification, so I didn't use the first line above for long.] In 1.0.7, > however, in the absence of a default keyring, the imported key lands in > the *first* ring in the list, so everything was either landing in the > default ring with a > > gpg --import > > or in the foo ring with a > > gpg --import --no-default-keyring > > command; arrgh! The answer is to move the catch-all ring to the *top* of > the list as well as adding the default ring to the list and specifying > no-default-keyring, so the relevant section of the options file now looks > like > > # > # I want to know what ring > # > show-keyring > > # > # if you want keys to land anywhere else, you can't have a default > # > no-default-keyring > > # > # keyrings to use (in search order) > ### dumps into first one found(??) > # > keyring pubring.catch-all-keys.gpg > keyring pubring.gpg > keyring pubring.foo.gpg > ... > > and the only loss is that gpg --list-keys spits out all of the keys still > in keyring listing order (naturally) and so I can't easily see what has > fallen into the catch-all ring; I can make an alias for that easily > enough, even though it's a kludge. > > How much of this behavior change was intended? I personally would much > rather see imported keys land in the last keyring in the options file or, > if there are any, the last ring specified on the command line; that makes > the most sense to me. Is anyone else using multiple keyrings and do you > have any input? Hi, I was just looking through the archives because I was interested in having multiple keyrings. It seems like a loss of functionality came about from 1.0.6 to 1.0.7+. Was this intentional? Is there another way to: - have default imports and verifies dump the keys in to a default catch all keyring. - be able to override (on the command line) default imports and verifies into a specific keyring file. - override the keyring to use on the command line. - list the contents of the pubring.gpg first when using --list-keys It seems like 1.0.6 did all of this, but with 1.0.7+ it's not possible (once you setup the options file as above, you can't get back to the pubring.gpg file by using the --keyring pubring.gpg on the command line). If there is a way to do all of these, please let me know. Thank you. -- Rabbito From dshaw@jabberwocky.com Tue Oct 29 13:19:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Oct 29 13:19:01 2002 Subject: E-Mail Encryption: Why Isn't Everyone Doing It? In-Reply-To: <1035881071.640.14.camel@altfrangg> References: <200210231749.02083.graham.todd@ntlworld.com> <20021024022455.E10019@cp5340.hyatsv01.md.comcast.net> <200210241053.16003.skquinn@speakeasy.net> <20021024194509.GA4478@prometheus.scode.org> <20021024180658.E26803@asmoweb.hqda.pentagon.mil> <1035539354.9412.30.camel@altfrangg> <20021025164633.GC16100@jabberwocky.com> <871y6e78vv.fsf@mail.paradoxical.net> <20021025173225.GD16100@jabberwocky.com> <1035881071.640.14.camel@altfrangg> Message-ID: <20021029121925.GB23711@jabberwocky.com> On Tue, Oct 29, 2002 at 09:44:31AM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > I'd propose that the CA-bot only sign userids with *only* the email > address, to make it clear that no binding between email address and any > real name is confirmed. But I wouldn't recommend requiring any special > comment on the userid - the userid should be usable to collect other > signatures on it as well. The comment I was referring to would be on the CA-bot key itself to help make the purpose of the key clear. The comment is not on the key that is being signed. The Thawte system added user IDs to the signed key which I always thought was really ugly. > > One gotcha we can avoid, if there are multiple levels of certification > > in the future, is to use a different signing key for each. That way > > users can trust the signing key for the exact service they want. I > > understand Thawte got this detail wrong when they set up their PGP > > signing service. > > I'd prefer multiple signing keys over the 0x[123] signature thing, too. > The default userid of the key should make it clear which certification > was issued. I'm planning (if I do this) on using them all together (0x11, policy URL, a comment on the signing key, and a different key for each sort of certification). It's the only way to really work well across multiple OpenPGP implementations. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Tue Oct 29 16:03:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Oct 29 16:03:02 2002 Subject: Multiple keyring support In-Reply-To: <20021027173327.GA9370@san.rr.com> References: <20020513164309.GF22953@justpickone.org> <20020515155549.GD9193@justpickone.org> <20021027173327.GA9370@san.rr.com> Message-ID: <20021029150412.GE23711@jabberwocky.com> On Sun, Oct 27, 2002 at 09:33:27AM -0800, rabbito@san.rr.com wrote: > I was just looking through the archives because I was interested in > having multiple keyrings. It seems like a loss of functionality came > about from 1.0.6 to 1.0.7+. Was this intentional? Is there another way > to: > > - have default imports and verifies dump the keys in to a default > catch all keyring. > > - be able to override (on the command line) default imports and > verifies into a specific keyring file. > > - override the keyring to use on the command line. > > - list the contents of the pubring.gpg first when using --list-keys Try this: in your gpg.conf file, specify the additional keyring only: keyring catch-all.gpg Make your current keyring readonly: chmod a-w pubring.gpg Now you still have the current pubring listed first in key listings, but new keys go to the catch-all ring. To override, restore writability to pubring.gpg. (I'm not saying this is necessarily optimal, but it does give you what you want). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From lomax Tue Oct 29 22:02:01 2002 From: lomax (lomax) Date: Tue Oct 29 22:02:01 2002 Subject: advapi32.dll Message-ID: <1193569542.20021030000527@zmail.sk> hello gnupg-users, after unpacking, the gnupg 1.2.1 on a win2k box into the c:\program files\gnupg directory, the gpg.exe is: gpg.exe - unable to locate dll the dynamic link library ADVAPI32 could not be found in the specified path bla bla bla i'm not sure whether this is a gnugp problem, but can someone help me with this? path to gpg is set. so is the path 2 advapi32.dll, as it's in the winnt\system32 it doesn't work even when the .dll is copied over to the gpg dir. thnx in advance,, -- Best regards, lomax mailto:lomax@zmail.sk From booker@lava.net Tue Oct 29 22:45:01 2002 From: booker@lava.net (Booker) Date: Tue Oct 29 22:45:01 2002 Subject: Feature request for future versions of gnupg, windows version. Message-ID: <000201c27f94$a4da9130$c17f4140@lava.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is it possible to code future versions of gnupg to not require having a = registry setting or environmental path for it? I would like to keep my = keys on a business card cdrom or on one of them fancy usb drives that = are miniature in size that it fits on your key chain? =20 I currently do kept gnupg on a business card cd with my keys on it so = that I can move from desk to desk in the office and bring it home as = well. I like to do this because I don't have to have my keys scattered = all over the office. Whenever I do need to add a key or make a new key = I do it at home and burn a new cd. For now, on the machines in the = office I just set the path in the registry or environment path to the = cdrom. =20 Are there insurmountable limitations to gnupg that requires it to know = it's path or have it's path in the windows registry? If all keys public = and private were kept in the same directory wouldn't that be sufficient? = I.e. program gnupg to first look in it's current directory for it's = required files, then look into the environment path and then registry? =20 Well it's just a suggestion, TTFN! =20 Mahalo, Booker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE9vwG0aiP2qN1MAsoRAto3AJ46YGR6ZSyT0Q6nGjA1oEbwfsZhrQCeJAcs ulKa1WNo5JNJig5kz4D+7Gs=3D =3DDsNk -----END PGP SIGNATURE----- From luther.miller@softagon.com Tue Oct 29 23:46:01 2002 From: luther.miller@softagon.com (Luther Miller) Date: Tue Oct 29 23:46:01 2002 Subject: Specify --homedir with GNUPGHOME? Message-ID: I am able to specify the location of the gpg files including the trust database and keyring successfully by using the --homedir option under Windows 2000, but I would like to be able to set an environment variable instead. I have tried HOME and GNUPGHOME to no avail. What should I be setting? I am using Win32 GnuPG 1.2.1. Thanks in advance... Luther From vedaal@lok.com Wed Oct 30 00:17:01 2002 From: vedaal@lok.com (vedaal@lok.com) Date: Wed Oct 30 00:17:01 2002 Subject: suggestion for possible modification of throw-keyid switch Message-ID: <200210292317.g9TNHjkJ009425@compute1.lok.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 have posted here {incorrectly :( } a few days ago about how to achieve selective anonymity in a message encrypted to more than one key, by using the fake_keyid command in Disastry's 2.6.3multi6. it 'can' be done, but is somewhat more involved than the way i posted it. for those interested, the explanation / sample message / pgp commands are posted here: http://www.angelfire.com/pr/pgpf/selanon.html the encrypted message, and the two sample keys, are all done using '3des', and not 'idea', to spare anyone the inconvenience of changing anyone's gnupg build/setup. it may be a useful concept/tool for consideration as an optional gnupg feature with Respect, vedaal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1rc1-nr1 (Windows 98) Comment: Acts of Kindness better the World, and protect the Soul iQEVAwUBPb8UiGoFoLeFMG0lAQMGkAgArCaOSSSKgbhJp/hHPMhSryHrSLr3Minn f06qRfrrhEz0lDz6R+9bO88BbYOK0SUqQJiKBlOjre7pViKrQfcFYkqzM3x5IWcI F9SMYkjrnLaHXBYkrPeX5hns7lcM/bTyRDnwjSDYANijkwYooSbys1lvP1vnI/Ts IDCbk9IhcA4+GOerqOXtHQwkOAU5TUvi6ik4WNja3U8/PzN+5B3Q8gLOJ/ngT4yO ZfCDoCURgwsQNIAuBX80KDVwTym7avwh25F5mXnfiWtNFJ+yw+OtIscAVakbUF32 stHM8wq4VCUO07j3w3rXWaFqoPqEB94YRWjSCUBvrAhbt2WwDpu0GA== =vQ/8 -----END PGP SIGNATURE----- From jtjm@xenoclast.org Wed Oct 30 00:58:02 2002 From: jtjm@xenoclast.org (Julian T J Midgley) Date: Wed Oct 30 00:58:02 2002 Subject: Determining the trust path to a particular key Message-ID: I'm wondering if anyone has written a tool (or if gnupg itself has a means that I've not yet discovered) to trace the complete trust path from ones' own key to a particular key on the keyring. Sometimes it's useful to know precisely how a particular key has come to be marked as valid, and whilst check-sigs gives you a clue, there are times when it would be useful to see the exact chain (without having to perform the backtrace manually). For example, I might want to treat a key differently if it had been marked as valid because three marginally trusted users had signed it (when those three users themselves were only valid because they'd been signed by someone else who I trusted fully), than if the key was signed directly by someone I trusted fully whose key I had signed personally. A '--trace-trust-path' option might produce output something like this: mykey -> keyA(f) -> keyB(m) -+-> targetkey mykey -> keyC(f) -> keyD(m) -+ mykey -> keyC(f) -> keyE(m) -/ Does anyone know if there is a utility to perform analysis of this sort? (If not, I might write one in a spare moment.) Julian -- Julian T. J. Midgley http://www.xenoclast.org/ Cambridge, England. PGP Key ID: 0xBCC7863F From rlaager@wiktel.com Wed Oct 30 01:23:01 2002 From: rlaager@wiktel.com (Richie Laager) Date: Wed Oct 30 01:23:01 2002 Subject: Determining the trust path to a particular key In-Reply-To: Message-ID: <001c01c27faa$8866c6c0$2ca63992@umcrookston.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: gnupg-users-admin@gnupg.org > [mailto:gnupg-users-admin@gnupg.org] On Behalf Of Julian T J > Midgley Sent: Tuesday, October 29, 2002 6:00 PM > To: gnupg-users@gnupg.org > Subject: Determining the trust path to a particular key > I'm wondering if anyone has written a tool (or if gnupg > itself has a means > that I've not yet discovered) to trace the complete trust > path from ones' > own key to a particular key on the keyring. I've heard of gpgwww. Jason Harris runs it on his keyserver. The URL below will trace the path between my key and yours, for example. http://keyserver.kjsl.com/~jharris/gpgwww.cgi?from=0x5E1F1BCE&to=0xBCC 7863F Since trust paths do not have to be symmetrical, the trust path in the opposite direction can differ. The path between our keys is like this for example. To trace the path from your key back to mine, simply reverse the arguments: http://keyserver.kjsl.com/~jharris/gpgwww.cgi?from=0xBCC7863F&to=0x5E1 F1BCE I don't know about running this locally. It would be nice to have a tool that would take into account your GPG trust levels. I don't know if such a tool exists. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPb8maW31OrleHxvOEQKn/QCfTUuXzXqGD1qrjZhU4T/EQXTIGh4An0SA SJEnTVJbPLJdNULRvk6HFDqJ =p0+r -----END PGP SIGNATURE----- From George@Schoelles.com Wed Oct 30 02:21:01 2002 From: George@Schoelles.com (George Schoelles) Date: Wed Oct 30 02:21:01 2002 Subject: advapi32.dll In-Reply-To: <1193569542.20021030000527@zmail.sk> References: <1193569542.20021030000527@zmail.sk> Message-ID: <20021029165316.79C4.GEORGE@Schoelles.com> I had the same problem that was fixed with Version 1.2.1-1 note the -1. > hello gnupg-users, > > after unpacking, the gnupg 1.2.1 on a win2k box into the > c:\program files\gnupg directory, the gpg.exe is: > > gpg.exe - unable to locate dll > the dynamic link library ADVAPI32 could not be found in the specified > path bla bla bla > > i'm not sure whether this is a gnugp problem, but can someone help me > with this? > > path to gpg is set. > so is the path 2 advapi32.dll, as it's in the winnt\system32 > it doesn't work even when the .dll is copied over to the gpg dir. > > thnx in advance,, -- George Schoelles From jtjm@xenoclast.org Wed Oct 30 02:42:01 2002 From: jtjm@xenoclast.org (Julian T J Midgley) Date: Wed Oct 30 02:42:01 2002 Subject: Determining the trust path to a particular key In-Reply-To: <001c01c27faa$8866c6c0$2ca63992@umcrookston.edu> Message-ID: On Tue, 29 Oct 2002, Richie Laager wrote: > > I've heard of gpgwww. Jason Harris runs it on his keyserver. The URL > below will trace the path between my key and yours, for example. > http://keyserver.kjsl.com/~jharris/gpgwww.cgi?from=0x5E1F1BCE&to=0xBCC > 7863F > > Since trust paths do not have to be symmetrical, the trust path in > the opposite direction can differ. The path between our keys is like > this for example. To trace the path from your key back to mine, > simply reverse the arguments: > http://keyserver.kjsl.com/~jharris/gpgwww.cgi?from=0xBCC7863F&to=0x5E1 > F1BCE Thanks, that's the sort of thing I was looking for, but as you say, it would be really useful to be able to run it on your own keyring honouring the trust levels you assign. Since the update-trustdb algorithm for gnupg must perform all the necessary calculations, I'd have thought that it shouldn't have been too difficult to modify the same algorithm to trace the path to a particular key (theoretically, anyway ;-) ). > I don't know about running this locally. Do you know if the source for gpgwww.cgi is available anywhere? All the best, Julian -- Julian T. J. Midgley http://www.xenoclast.org/ Cambridge, England. PGP: BCC7863F FP: 52D9 1750 5721 7E58 C9E1 A7D5 3027 2F2E BCC7 863F From lomax@zmail.sk Wed Oct 30 08:13:02 2002 From: lomax@zmail.sk ( kevin lomax) Date: Wed Oct 30 08:13:02 2002 Subject: advapi32.dll Message-ID: <200210300714.g9U7EUVo000698@web2.zoznam.sk> > I had the same problem that was fixed with Version 1.2.1-1 note the > -1. thnx a lot, i will go and search 4 it. lomax From wk@gnupg.org Wed Oct 30 09:15:02 2002 From: wk@gnupg.org (Werner Koch) Date: Wed Oct 30 09:15:02 2002 Subject: advapi32.dll In-Reply-To: <20021029165316.79C4.GEORGE@Schoelles.com> (George Schoelles's message of "Tue, 29 Oct 2002 17:11:50 -0800") References: <1193569542.20021030000527@zmail.sk> <20021029165316.79C4.GEORGE@Schoelles.com> Message-ID: <8765vkibty.fsf@alberti.g10code.de> On Tue, 29 Oct 2002 17:11:50 -0800, George Schoelles said: > I had the same problem that was fixed with Version 1.2.1-1 note the > -1. I have symlinked the -1 build to the original anounced one. This seems to be easier than to answer this question over and over again. Salam-Shalom, Werner From dominik@nextbyte.de Wed Oct 30 11:18:02 2002 From: dominik@nextbyte.de (Dominik Schwald) Date: Wed Oct 30 11:18:02 2002 Subject: gpg: protection algorithm 254 is not supported Message-ID: <3DBEBAB0.6070408@nextbyte.de> Hi, i've got a small GnuPG Problem. using windows98 with gpg1.2.1-1 i've some problems with decrypting. i've got 2 secret keys for 2 different email adresses. The older one has no problems in decrypting data, but when i try to decrypt anything, that was encrypted for the new key i get the following output: C:\Programme\gnupg1.2.1-1>gpg -d test.asc gpg: protection algorithm 254 is not supported gpg: encrypted with 2048-bit ELG-E key, ID 2AB52944, created 2002-10-10 "Dominik Schwald (nextbyte Software GmbH) " gpg: public key decryption failed: unknown cipher algorithm gpg: decryption failed: secret key not available Of course the secret Key IS avaliable and ultimatively trusted... What is wrong here? Regards, dominik PS: Using GNU/Linux i don't have any problems with 2 secret keys... From gadicath@dishevelled.net Wed Oct 30 13:45:01 2002 From: gadicath@dishevelled.net (David Clarke) Date: Wed Oct 30 13:45:01 2002 Subject: Multiple keyring support In-Reply-To: <20021029150412.GE23711@jabberwocky.com> References: <20020513164309.GF22953@justpickone.org> <20020515155549.GD9193@justpickone.org> <20021027173327.GA9370@san.rr.com> <20021029150412.GE23711@jabberwocky.com> Message-ID: <20021030124607.GA9216@gadicath.mine.nu> On Tue, 29 Oct 2002, David Shaw wrote: > Now you still have the current pubring listed first in key listings, > but new keys go to the catch-all ring. To override, restore > writability to pubring.gpg. > > (I'm not saying this is necessarily optimal, but it does give you what > you want). It's certainly not as nice as it used to be, especially when you want to move or update keys. I'd be interested in hearing why the behavior changed. David -- Two wrongs don't make a right, but three lefts do. From dshaw@jabberwocky.com Wed Oct 30 15:22:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 30 15:22:01 2002 Subject: Multiple keyring support In-Reply-To: <20021030124607.GA9216@gadicath.mine.nu> References: <20020513164309.GF22953@justpickone.org> <20020515155549.GD9193@justpickone.org> <20021027173327.GA9370@san.rr.com> <20021029150412.GE23711@jabberwocky.com> <20021030124607.GA9216@gadicath.mine.nu> Message-ID: <20021030142225.GF3924@jabberwocky.com> On Wed, Oct 30, 2002 at 11:46:07PM +1100, David Clarke wrote: > On Tue, 29 Oct 2002, David Shaw wrote: > > Now you still have the current pubring listed first in key listings, > > but new keys go to the catch-all ring. To override, restore > > writability to pubring.gpg. > > > > (I'm not saying this is necessarily optimal, but it does give you what > > you want). > > It's certainly not as nice as it used to be, especially when you want to > move or update keys. I'd be interested in hearing why the behavior > changed. I'm not sure why it changed. Werner would have to say. I am interested in the problem though. It seems to me that the 1.0.6 behavior is just as "bad" as the 1.0.7 - it's just different and easier to work around to get what you want. In 1.0.6, a user is forced to put the catchall keyring last. What if the user wants it somewhere else? What if there was a way to flag a particular keyring (from either gpg.conf or the command line) as the default one, and that keyring became the one that new keys were imported into? Would that solve everyone's problem? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Oct 30 18:33:02 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 30 18:33:02 2002 Subject: gpg: protection algorithm 254 is not supported In-Reply-To: <3DBEBAB0.6070408@nextbyte.de> References: <3DBEBAB0.6070408@nextbyte.de> Message-ID: <20021030173321.GJ3924@jabberwocky.com> On Tue, Oct 29, 2002 at 05:43:28PM +0100, Dominik Schwald wrote: > Hi, > > i've got a small GnuPG Problem. using windows98 with gpg1.2.1-1 i've > some problems with decrypting. > > i've got 2 secret keys for 2 different email adresses. The older one has > no problems in decrypting data, but when i try to decrypt anything, that > was encrypted for the new key i get the following output: > > C:\Programme\gnupg1.2.1-1>gpg -d test.asc > gpg: protection algorithm 254 is not supported > gpg: encrypted with 2048-bit ELG-E key, ID 2AB52944, created 2002-10-10 > "Dominik Schwald (nextbyte Software GmbH) " > gpg: public key decryption failed: unknown cipher algorithm > gpg: decryption failed: secret key not available > > Of course the secret Key IS avaliable and ultimatively trusted... > > What is wrong here? This is a problem if you have a key generated with 1.0.7 or later, import it to 1.0.6 and then import it back into 1.0.7 or later. 1.0.6 corrupts the key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From lomax Wed Oct 30 20:11:01 2002 From: lomax (lomax) Date: Wed Oct 30 20:11:01 2002 Subject: cypher algorithm - which one? In-Reply-To: <20021030142225.GF3924@jabberwocky.com> References: <20020513164309.GF22953@justpickone.org> <20020515155549.GD9193@justpickone.org> <20021027173327.GA9370@san.rr.com> <20021029150412.GE23711@jabberwocky.com> <20021030124607.GA9216@gadicath.mine.nu> <20021030142225.GF3924@jabberwocky.com> Message-ID: <512201455.20021030221450@zmail.sk> hi, are there any recommendations for any specific cypher algorithm? can one make any assumption about they security? which one is safe, which one is safer? which one would u recommend? [encryption speed doesn't play any role]. any links to comparisons? thnx in forward, -- lomax From dshaw@jabberwocky.com Wed Oct 30 23:01:01 2002 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Oct 30 23:01:01 2002 Subject: cypher algorithm - which one? In-Reply-To: <512201455.20021030221450@zmail.sk> References: <20020513164309.GF22953@justpickone.org> <20020515155549.GD9193@justpickone.org> <20021027173327.GA9370@san.rr.com> <20021029150412.GE23711@jabberwocky.com> <20021030124607.GA9216@gadicath.mine.nu> <20021030142225.GF3924@jabberwocky.com> <512201455.20021030221450@zmail.sk> Message-ID: <20021030220149.GD20737@jabberwocky.com> On Wed, Oct 30, 2002 at 10:14:50PM +0300, lomax wrote: > hi, > > are there any recommendations for any specific cypher algorithm? > > can one make any assumption about they security? which one is safe, > which one is safer? > > which one would u recommend? [encryption speed doesn't play any role]. > any links to comparisons? If speed doesn't matter, and you want the safest choice, then that's 3DES. It's been around the longest, and it's withstood more challenges than any other cipher. See http://www.samsimpson.com/pgpfaq.html for more. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From krause@sdbk.de Thu Oct 31 11:26:01 2002 From: krause@sdbk.de (Sebastian D.B. Krause) Date: Thu Oct 31 11:26:01 2002 Subject: gnupg1.0.5 gpa0.4.3 In-Reply-To: ("Patrick Tchoquessi"'s message of "Mon, 28 Oct 2002 16:45:13 +0100") References: Message-ID: <87r8e8fap3.fsf@sdbk.de> On 3346 September 1993, Patrick Tchoquessi wrote: > may somebody tell why I get this failure by running GPA: > can ' t open `/root/.gnupg/keyservers`: No such file or directory. > I'm working on suse linux 8.0 > can I just "touch" this file No, you should just stop working as root. From Jim_Hendrick@KEANE-NNE.com Thu Oct 31 14:40:01 2002 From: Jim_Hendrick@KEANE-NNE.com (James R. Hendrick) Date: Thu Oct 31 14:40:01 2002 Subject: Java API for gnupg Message-ID: <0D3BC21D7A74D411981400508B6C76F8A15615@mail.keane-nne.com> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C280E3.834A95B0 Content-Type: text/plain; charset="iso-8859-1" Hi, I have searched the archive for this list and don't see a Java API for gnupg. I have pulled down gpgme, but really want to be able to use Java to do some simple things. The basic needs are to provide encryption for data exchange that will use one of two transport mechanisms called from a Java application: - FTP to and from remote systems - a custom transfer application for more "real-time" communication that can send/receive messages in more of a transaction oriented format. Have I missed something in my search of the archive? Thanks in advance! Jim Hendrick ------_=_NextPart_001_01C280E3.834A95B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Java API for gnupg

Hi,
        I have searched the archive for this list and don't see = a Java API for gnupg. I have pulled down gpgme, but really want to be = able to use Java to do some simple things. The basic needs are to = provide encryption for data exchange that will use one of two transport = mechanisms called from a Java application:

- FTP to and from remote = systems
- a custom transfer application for = more "real-time" communication that can send/receive messages = in more of a transaction oriented format.

Have I missed something in my search = of the archive?

Thanks in advance!

Jim Hendrick






------_=_NextPart_001_01C280E3.834A95B0-- From jolo@ph-freiburg.de Thu Oct 31 15:06:01 2002 From: jolo@ph-freiburg.de (Armin Herbert) Date: Thu Oct 31 15:06:01 2002 Subject: Questions regarding "Web of Trust" Message-ID: <200210311506.40786.jolo@ph-freiburg.de> Hi, I have some questions regarding the whole Web of Trust thing. Yes I read = the=20 FAQ, I'll come to that later. Ok .. first, did I understand it right that there are now two sorts of tr= usts=20 in gpg: the already known Owner Trust (which is a confusing name for it, = I=20 believe), whose value says wether I trust the owner of a key to sign only= =20 valid keys, and the Validity, which specifies some kind of validity level= (I=20 believe a key is either valid or not .. I understand the point, but I don= 't=20 think it's good to have a validity level introduced, because I think I ca= n=20 handle it by not trusting users who sign invalid keys). Everything true so far? Then I'd like to know how I can change the Validity of a signed public ke= y. I=20 read in the manual "u" is reserved for public keys to which I've also got= the=20 private keys. Because I had problems with KMail (either it's only accepti= ng=20 ultimately trusted keys for encrypting mail or it also wants a high owner= =20 trust value to do so, I'm not quite sure yet) I've set a key of a friend = of=20 mine to validity "u", which according to the manual is the wrong value, I= =20 should have set it to "full". How can I change it? Final question: In the FAQ, part 7.3, is said "gpg --list-ownertrust" would print some=20 information about "assigned trust values (how much you trust the owner to= =20 correctly sign another person's key)". My GPG version 1.0.7 probably does= so,=20 but it's not human-readable as said in the FAQ. Is there any other comman= d to=20 list the owner trust values in a human-readable form? Thanks for your patience and for any answer :-) Armin From Anthony.Fok@bmo.com Thu Oct 31 16:16:02 2002 From: Anthony.Fok@bmo.com (Fok, Anthony) Date: Thu Oct 31 16:16:02 2002 Subject: file extension, gnupgp on Win Message-ID: <193E116FBC1BD411B4C10008C75ACF3B0AAEBFB2@nbnotobmail1.nesbittburns.ca> hi, im new to this and right now, im still messing around with the basic signing, encryption and decryption of the program, i was wondering if it is designed that the file extension is lost after the decryption, because the thing i have tried is this, encrypt file test.zip--->test.gpg then i decrypt it, test.gpg --->test it doesnt have an extension anymore, plz advise, thanks Anthony Fok **************************************************************************** This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this e-mail are those of the author and are not endorsed by the author's employer. From wk@gnupg.org Thu Oct 31 16:26:01 2002 From: wk@gnupg.org (Werner Koch) Date: Thu Oct 31 16:26:01 2002 Subject: Java API for gnupg In-Reply-To: <0D3BC21D7A74D411981400508B6C76F8A15615@mail.keane-nne.com> ("James R. Hendrick"'s message of "Thu, 31 Oct 2002 08:43:36 -0500") References: <0D3BC21D7A74D411981400508B6C76F8A15615@mail.keane-nne.com> Message-ID: <877kfyeiog.fsf@alberti.g10code.de> On Thu, 31 Oct 2002 08:43:36 -0500, James R Hendrick said: > - FTP to and from remote systems > - a custom transfer application for more "real-time" communication that can > send/receive messages in more of a transaction oriented format. OpenPGp is not the right protocol for this. You should use TLS or SSH instead. > Have I missed something in my search of the archive? > Thanks in advance! > Jim Hendrick From Jim_Hendrick@KEANE-NNE.com Thu Oct 31 16:51:01 2002 From: Jim_Hendrick@KEANE-NNE.com (James R. Hendrick) Date: Thu Oct 31 16:51:01 2002 Subject: Java API for gnupg Message-ID: <0D3BC21D7A74D411981400508B6C76F8A15616@mail.keane-nne.com> Yeah, you're probably right. I was looking for a simple "one shot" fix. Should have known better. The thing is that we need to implement a number of "external interfaces" between an application that we are writing (that will run on UNIX) and a wide varieity of older systems (including some decades old mainframes). Some of these simply need to be flat files and have no option other than FTP on their end, but they think that they could somehow arrange to PGP encrypt/decrypt before/after transfer (manually, using another system I believe). The real-time interface we can deal with better since we will have a "client" running on those external systems and can make the connection itself encrypted. I was looking for a "one size fits all" solution and had thought that if we could automatically do PGP on our end for the flat file transfer, and have access to an API for the real-time interface that it might serve both requirements. (I suppose if need be, we could put a dedicated hardware VPN in between the machines that can only do FTP and our servers.) I was (and still am) hoping for something easier/less-costly. If anyone has any other/better ideas, please sing out. Thanks, Jim -----Original Message----- From: Werner Koch [mailto:wk@gnupg.org] Sent: Thursday, October 31, 2002 10:23 AM To: James R. Hendrick Cc: 'gnupg-users@gnupg.org' Subject: Re: Java API for gnupg On Thu, 31 Oct 2002 08:43:36 -0500, James R Hendrick said: > - FTP to and from remote systems > - a custom transfer application for more "real-time" communication that can > send/receive messages in more of a transaction oriented format. OpenPGp is not the right protocol for this. You should use TLS or SSH instead. > Have I missed something in my search of the archive? > Thanks in advance! > Jim Hendrick From apapadop@cmu.edu Thu Oct 31 17:59:01 2002 From: apapadop@cmu.edu (Alexandros Papadopoulos) Date: Thu Oct 31 17:59:01 2002 Subject: file extension, gnupgp on Win In-Reply-To: <193E116FBC1BD411B4C10008C75ACF3B0AAEBFB2@nbnotobmail1.nesbittburns.ca> References: <193E116FBC1BD411B4C10008C75ACF3B0AAEBFB2@nbnotobmail1.nesbittburns.ca> Message-ID: <200210311150.46772.apapadop@cmu.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 31 October 2002 10:16, Fok, Anthony wrote: > hi, im new to this and right now, im still messing around with the > basic signing, encryption and decryption of the program, i was > wondering if it is designed that the file extension is lost after the > decryption, because the thing i have tried is this, > > encrypt file test.zip--->test.gpg then i decrypt it, test.gpg > --->test > > it doesnt have an extension anymore, plz advise, thanks > > Anthony Fok > AFAIK, this is not the default behavior. If you don't specify an output=20 filename on the command line prior to encryption, you will end up with=20 test.zip.gpg, which will then decrypt to test.zip. The command I use on linux is: gpg --encrypt --recipient xxx@ddd.ooo test.zip =2E..that creates an encrypted file test.zip.gpg - -A - --=20 http://andrew.cmu.edu/~apapadop/pub_key.asc 3DAD 8435 DB52 F17B 640F D78C 8260 0CC1 0B75 8265 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9wV9mgmAMwQt1gmURAmVWAJ48UqTPdzs68myUXdsx+HLRjXxAzwCcCBZ+ miT9ffmmGHQExjBaYqdOf9Q=3D =3DQiIE -----END PGP SIGNATURE----- From luther.miller@softagon.com Thu Oct 31 19:29:03 2002 From: luther.miller@softagon.com (Luther Miller) Date: Thu Oct 31 19:29:03 2002 Subject: file extension, gnupgp on Win Message-ID: I just recently started using gpg on Windows 2000. If I encrypt a file called "test.csv" and I do not include an output filename, then "test.gpg" is created (not "test.csv.gpg"). I have not tried yet, but I am also curious what the file will be called upon decryption. ______________________________________________________________ Luther Miller * MCSD/MCAD, Senior Software Architect/Engineer Softagon Corporation * www.softagon.com Pier 1, Bay 1 * San Francisco, CA 94111 (415)733-9584 * (510)387-3490 cell * (415)394-9001 fax -----Original Message----- From: Alexandros Papadopoulos [mailto:apapadop@cmu.edu]=20 Sent: Thursday, October 31, 2002 8:51 AM To: Fok, Anthony Cc: 'gnupg-users@gnupg.org' Subject: Re: file extension, gnupgp on Win -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 31 October 2002 10:16, Fok, Anthony wrote: > hi, im new to this and right now, im still messing around with the > basic signing, encryption and decryption of the program, i was > wondering if it is designed that the file extension is lost after the > decryption, because the thing i have tried is this, > > encrypt file test.zip--->test.gpg then i decrypt it, test.gpg > --->test > > it doesnt have an extension anymore, plz advise, thanks > > Anthony Fok > AFAIK, this is not the default behavior. If you don't specify an output=20 filename on the command line prior to encryption, you will end up with=20 test.zip.gpg, which will then decrypt to test.zip. The command I use on linux is: gpg --encrypt --recipient xxx@ddd.ooo test.zip ...that creates an encrypted file test.zip.gpg - -A - --=20 http://andrew.cmu.edu/~apapadop/pub_key.asc 3DAD 8435 DB52 F17B 640F D78C 8260 0CC1 0B75 8265 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9wV9mgmAMwQt1gmURAmVWAJ48UqTPdzs68myUXdsx+HLRjXxAzwCcCBZ+ miT9ffmmGHQExjBaYqdOf9Q=3D =3DQiIE -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From Anthony.Fok@bmo.com Thu Oct 31 19:45:01 2002 From: Anthony.Fok@bmo.com (Fok, Anthony) Date: Thu Oct 31 19:45:01 2002 Subject: file extension, gnupgp on Win Message-ID: <193E116FBC1BD411B4C10008C75ACF3B0AAEBFBA@nbnotobmail1.nesbittburns.ca> sorry to bother everyone, i have found a solution to this prob and it hought this would be the best way to get this out to the few like me that didnt know it i'd like to thank 'Alexandros Papadopoulos' and Michael Gold for their help the solution is when encrypting the file, using the -o option, add the extension .gpg manually so if my file is file.xyz then i would go gpg -e -r name -o file.xyz.gpg file.xyz then we will get file.xyz.gpg then decrypt will cut off the .gpg and be left with original file i understand that this is alrdy done in linux, i guess unix as well, but i think the default for windows is not, thats why i had this problem...so i guess this would really be more of a windows issue > -----Original Message----- > From: Fok, Anthony > Sent: Thursday, October 31, 2002 10:17 AM > To: 'gnupg-users@gnupg.org' > Subject: file extension, gnupgp on Win > > hi, im new to this and right now, im still messing around with the basic > signing, encryption and decryption of the program, i was wondering if it > is designed that the file extension is lost after the decryption, because > the thing i have tried is this, > > encrypt file test.zip--->test.gpg then i decrypt it, test.gpg --->test > > it doesnt have an extension anymore, plz advise, thanks > > Anthony Fok > **************************************************************************** This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this e-mail are those of the author and are not endorsed by the author's employer.