Internal GPG error
Hi. We're running NT 4 and GPG =
1.0.6. We have an automated process that receives email with =
attachments from customers and processes the decrypted =
attachments. We added the GPG capability to the existing Secret =
Agent encryption last April and everything has been working nearly =
flawlessly. The encryption/decryption is handled by a shelled =
process to the command prompt.
In the past two weeks, however, we've =
gotten two errors that seem to be internal to GPG and which cause a Dr. =
Watson error. The specific error is: "Access violation =
(0xc0000005), Address: 0x004787d3". Because the errors occur =
in the shell process, it is difficult to get specific error information =
back so we could take appropriate action. (Yeah, I know, we =
should try Crypto_TW and we'd be able to monitor errors, but that won't =
happen until we have some resources available to code the =
change.)
Anyway, here's the captured command =
line statement and GPG's response. No output file is created, and =
it generates a Dr. Watson (the painful details are available for anyone =
who wants them). Other files from the same recipient decrypt =
without problem most of the time. Has anyone encountered this =
before? What is its likely cause?
C:\>C:\WinNT\System32\cmd.exe /C C:\WinNT\System32\gpg.exe =
-r"[keyname here]" =
-o"C:\HOST\Dwight\test\020910084054.txt" -q --batch =
--no-verbose --passphrase-fd 0 --decrypt =
c:\host\dwight\test\badfilepartial.gpg =
<C:\HOST\dwight\test\q4s17.tmp
gpg: encrypted with 1024-bit =
ELG-E key, ID 98213D32, created 2002-05-21
"[keyname here]"
gpg: Problem reading source =
(793 bytes remaining)
gpg: handle plaintext =
failed: file read error
gpg: WARNING: encrypted =
message has been manipulated!
------_=_NextPart_001_01C258F5.DFD2A130--
From vedaal@lok.com Tue Sep 10 22:27:02 2002
From: vedaal@lok.com (vedaal@lok.com)
Date: Tue Sep 10 21:27:02 2002
Subject: decrypting {verifying sig} without compressing
Message-ID: <200209101927.g8AJRwHV000374@compute1.lok.com>
> Message: 2 To: "gnupg-users" Subject: Re: Is
> there a way to decrypt, but not decompress ? From: Werner Koch
> Date: Tue, 10 Sep 2002 09:13:39 +0200
>
> On Tue, 10 Sep 2002 01:21:54 -0400, Jason S Mantor said:
>
> > I'm just blue skying here, but it would save me a lot of hastle if
> > I could decrypt and check the sig on an archive but not decompress
> > the message. When
>
> No, this is not possible. The data is signed, then compressed,
> the encrypted. To check the signature we need to decompress it.
> Furthermore the compression protocol is partly OpenPGP specific.
a workaround could be possible, if it could be arranged that the messages would be encrypted and then signed
{two procedures, first encrypt, then sign the encrypted message as a detached sig}
if you could request this of the people who send you signed and encrypted messages, this might accomplish what you are seeking
hth,
vedaal
From alex@FUCKUP.fantastyka.net Wed Sep 11 16:12:02 2002
From: alex@FUCKUP.fantastyka.net (Janusz A. Urbanowicz)
Date: Wed Sep 11 15:12:02 2002
Subject: Discussion medium proposal.
In-Reply-To: <004c01c25802$286239a0$83c29a44@sardine>
References: <004c01c25802$286239a0$83c29a44@sardine>
Message-ID: <20020911131242.GB16469@FUCKUP.fantastyka.net>
On Mon, Sep 09, 2002 at 09:09:40AM -0400, Justin Troutman wrote:
> I would like to propose another medium in which to discuss GnuPG
> matters, albeit hopefully satisfactory to you.
>
> A few friends of mine who run a small, stable IRC server have
> graciously allowed me the opportunity to place a "#gnupg"
> channel on the server.
>
> The server is public, but has a small user-base and stable
> uptimes. The operators are very knowledgeable and would be more
> than happy to have a channel
> which pertains to GnuPG discussion.
>
> My idea is that this may be another convenient way in which to
> discuss GnuPG, without the hassle of most large IRC servers
> which are drowned in lag and thousands of users, without relying
> solely on the mailing list.
>
> If you are interested in this idea, feel free to reply with any
> questions you might have.
While I think it is a good idea to have such kind of medium, using IRC on
single server is not that good idea. or using IRC at all.
What I suggest is to use SILC (http://silcnet.org). It is similar to IRC in
general feel and appearance, it has support in Irssi IRC client, but the
network is designed to be more robust - and is protected by cryptography.
Everything is encrypted and users are distinguished by their key ids.
The authors of SILC promise to include support of OpenPGP keys in future.
If anyone thinks its a good idea, please join the 'official' SILC network,
channel G10 (note the missing leading '#').
Cheers.
Alex
From daniel.maier@gmx.net Thu Sep 12 01:22:01 2002
From: daniel.maier@gmx.net (Daniel Maier)
Date: Thu Sep 12 00:22:01 2002
Subject: Pass phrase in config file
Message-ID: <9087494870.20020910225953@gmx.net>
Hallo,
I use GnuPG with The Bat! Whenever I receive an encrypted message I have
to type in my name and pass phrase. Is it possible to store these
parameters during a session or in a config file so that GnuPG
automatically decyphers using my name and pass phrase?
Daniel
From wk@gnupg.org Thu Sep 12 10:42:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Thu Sep 12 09:42:01 2002
Subject: GnuPG 1.1.92 released
Message-ID: <878z27ps2t.fsf@alberti.gnupg.de>
Hi!
GnuPG 1.1.92 has been released yesterday evening. This is hopefully
the last snapshot before we release 1.2. It has a couple of new
features and fixes some bugs of course. There are a few new things,
so *please read the news* below. The only up to date language is
German, we hope top get most other translations updated for
1.2. Please test it.
=20=20=20=20=20
The GnuPG primary server is {http,ftp}://ftp.gnupg.org/gcrypt/ but we
would appreciate if you can use one of the mirrors as listed below.
we made sure that those mirrors already carry this release.
=20=20=20=20=20
alpha/gnupg/gnupg-1.1.92.tar.gz (2.4M)
alpha/gnupg/gnupg-1.1.92.tar.gz.sig
=20=20=20=20=20
and a diff against 1.1.91:
=20=20=20=20=20
alpha/gnupg/gnupg-1.1.91-1.1.92.diff.gz (547k)
=20=20=20=20=20
a Windows binary is also available:
alpha/binary/gnupg-w32cli-1.1.92.zip (1.0M)
MD5 sums are:
3198a34dd9deaaa0c501699847d66a77 gnupg-1.1.92.tar.gz
883dd8f29d49ed4577064c1e3cc5bcd8 gnupg-1.1.91-1.1.92.diff.gz
8dfc942102f3f700ac48f53760758432 gnupg-w32cli-1.1.92.zip
Here are the NEWS:
* The use of MDCs have increased. A MDC will be used if the
recipients directly request it, if the recipients have AES,
AES192, AES256, or TWOFISH in their cipher preferences, or if
the chosen cipher has a blocksize not equal to 64 bits
(currently this is also AES, AES192, AES256, and TWOFISH).
* GnuPG will no longer automatically disable compression when
processing an already-compressed file unless a MDC is being
used. This is to give the message a certain amount of
resistance to the chosen-ciphertext attack while communicating
with other programs (most commonly PGP earlier than version 7.x)
that do not support MDCs.
* The option --interactive now has the desired effect when
importing keys.
* The file permission and ownership checks on files have been
clarified. Specifically, the homedir (usually ~/.gnupg) is
checked to protect everything within it. If the user specifies
keyrings outside this homedir, they are presumed to be shared
keyrings and therefore *not* checked. Configuration files
specified with the --options option and the IDEA cipher
extension specified with --load-extension are checked, along
with their enclosing directories.
* IMPORTANT:=20
The default configuration file is now ~/.gnupg/gpg.conf. If an
old ~/.gnupg/options is found it will still be used. This
change is required to have a more consistent naming scheme with
forthcoming tools.
* The configure option --with-static-rnd=3Dauto allows to build gpg
with all available entropy gathering modules included. At
runtime the best usable one will be selected from the list
linux, egd, unix. This is also the default for systems lacking
a /dev/random device.
* The default character set is now taken from the current locale;
it can still be overridden by the --charset option. Using the
option -vvv shows the used character set.
* --emulate-checksum-bug and --emulate-3des-s2k-bug have been
removed.
Happy hacking,
=20=20=20=20
The GnuPG Team.
=20=20=20=20
p.s.
The mirror sites below have been verified to already carry this new
release. The list of sites mirroring ftp.gnupg.org is also available
at http://www.gnupg.org/mirrors.html. BTW, Africa is a white spot in
the mirror list - anyone?
Asia
Japan
ftp://ftp.ayamura.org/pub/gnupg/
Europe
Austria
ftp://gd.tuwien.ac.at/privacy/gnupg/
http://gd.tuwien.ac.at/privacy/gnupg/
Denmark
ftp://sunsite.dk/pub/security/gcrypt/
Finland
ftp://ftp.jyu.fi/pub/crypt/gcrypt/
ftp://trumpetti.atm.tut.fi/gcrypt/
http://trumpetti.atm.tut.fi/gcrypt/
rsync://trumpetti.atm.tut.fi/gcrypt/
France
ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/
Germany
ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/
Greece
ftp://igloo.linux.gr/pub/crypto/gnupg/
Italy
ftp://ftp.linux.it/pub/mirrors/gnupg/
http://ftp.linux.it/pub/mirrors/gnupg/
rsync://ftp.linux.it/gnupg/
Netherlands
ftp://ftp.demon.nl/pub/mirrors/gnupg/
Switzerland
ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/
United Kingdom
ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/
http://www.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/
From justinrt@bellsouth.net Thu Sep 12 11:41:02 2002
From: justinrt@bellsouth.net (Justin Troutman)
Date: Thu Sep 12 10:41:02 2002
Subject: Discussion medium proposal.
References: <004c01c25802$286239a0$83c29a44@sardine> <20020911131242.GB16469@FUCKUP.fantastyka.net>
Message-ID: <002001c25a37$435f10c0$1ac19a44@sardine>
----- Original Message -----
From: Janusz A. Urbanowicz
To: Justin Troutman
Cc:
Sent: Wednesday, September 11, 2002 9:12 AM
Subject: Re: Discussion medium proposal.
> While I think it is a good idea to have such kind of medium, using IRC on
> single server is not that good idea. or using IRC at all.
Actually, there are 3 active servers for this IRC network I speak of,
although, I understand your point. The offer still stands, either way.
> What I suggest is to use SILC (http://silcnet.org). It is similar to IRC
in
> general feel and appearance, it has support in Irssi IRC client, but the
> network is designed to be more robust - and is protected by cryptography.
> Everything is encrypted and users are distinguished by their key ids.
Ahh, SILCnet. This is a superb idea. As I've been familiar with it for quite
some time, the initial idea of using it here had not occurred to me then.
As it does utilize cryptography, it does fill an appropriate niche.
Thanks for your reply, as well as this idea.
As I said, the offer for the IRC channel still stands. Whichever is the
most convenient and appropriate for the purpose is quite alright by me.
SILCnet may very well be. However, my only question is, for the purpose of
a discussion medium alone, would a cryptographically-sound structure be
necessary? I ask this because I see that many do not even utilize
cryptography (GnuPG) on this mailing list, (encrypting, signing, et cetera.)
although some do.
Using cryptography is a great practice, as I do everyday, don't get me
wrong, but this happened to cross my mind.
> The authors of SILC promise to include support of OpenPGP keys in future.
True. I feel this is a promising step towards the future use of the SILC
client.
Cheers,
Justin
From wk@gnupg.org Thu Sep 12 11:46:06 2002
From: wk@gnupg.org (Werner Koch)
Date: Thu Sep 12 10:46:06 2002
Subject: GnuPG 1.1.92 released
Message-ID: <8765xbegqe.fsf@alberti.gnupg.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
GnuPG 1.1.92 has been released yesterday evening. This is hopefully
the last snapshot before we release 1.2. It has a couple of new
features and fixes some bugs of course. There are a few new things,
so *please read the news* below. The only up to date language is
German, we hope top get most other translations updated for
1.2. Please test it.
The GnuPG primary server is {http,ftp}://ftp.gnupg.org/gcrypt/ but we
would appreciate if you can use one of the mirrors as listed below.
we made sure that those mirrors already carry this release.
alpha/gnupg/gnupg-1.1.92.tar.gz (2.4M)
alpha/gnupg/gnupg-1.1.92.tar.gz.sig
and a diff against 1.1.91:
alpha/gnupg/gnupg-1.1.91-1.1.92.diff.gz (547k)
a Windows binary is also available:
alpha/binary/gnupg-w32cli-1.1.92.zip (1.0M)
MD5 sums are:
3198a34dd9deaaa0c501699847d66a77 gnupg-1.1.92.tar.gz
883dd8f29d49ed4577064c1e3cc5bcd8 gnupg-1.1.91-1.1.92.diff.gz
8dfc942102f3f700ac48f53760758432 gnupg-w32cli-1.1.92.zip
Here are the NEWS:
* The use of MDCs have increased. A MDC will be used if the
recipients directly request it, if the recipients have AES,
AES192, AES256, or TWOFISH in their cipher preferences, or if
the chosen cipher has a blocksize not equal to 64 bits
(currently this is also AES, AES192, AES256, and TWOFISH).
* GnuPG will no longer automatically disable compression when
processing an already-compressed file unless a MDC is being
used. This is to give the message a certain amount of
resistance to the chosen-ciphertext attack while communicating
with other programs (most commonly PGP earlier than version 7.x)
that do not support MDCs.
* The option --interactive now has the desired effect when
importing keys.
* The file permission and ownership checks on files have been
clarified. Specifically, the homedir (usually ~/.gnupg) is
checked to protect everything within it. If the user specifies
keyrings outside this homedir, they are presumed to be shared
keyrings and therefore *not* checked. Configuration files
specified with the --options option and the IDEA cipher
extension specified with --load-extension are checked, along
with their enclosing directories.
* IMPORTANT:
The default configuration file is now ~/.gnupg/gpg.conf. If an
old ~/.gnupg/options is found it will still be used. This
change is required to have a more consistent naming scheme with
forthcoming tools.
* The configure option --with-static-rnd=3Dauto allows to build gpg
with all available entropy gathering modules included. At
runtime the best usable one will be selected from the list
linux, egd, unix. This is also the default for systems lacking
a /dev/random device.
* The default character set is now taken from the current locale;
it can still be overridden by the --charset option. Using the
option -vvv shows the used character set.
* --emulate-checksum-bug and --emulate-3des-s2k-bug have been
removed.
Happy hacking,
The GnuPG Team.
p.s.
The mirror sites below have been verified to already carry this new
release. The list of sites mirroring ftp.gnupg.org is also available
at http://www.gnupg.org/mirrors.html. BTW, Africa is a white spot in
the mirror list - anyone?
Asia
Japan
ftp://ftp.ayamura.org/pub/gnupg/
Europe
Austria
ftp://gd.tuwien.ac.at/privacy/gnupg/
http://gd.tuwien.ac.at/privacy/gnupg/
Denmark
ftp://sunsite.dk/pub/security/gcrypt/
Finland
ftp://ftp.jyu.fi/pub/crypt/gcrypt/
ftp://trumpetti.atm.tut.fi/gcrypt/
http://trumpetti.atm.tut.fi/gcrypt/
rsync://trumpetti.atm.tut.fi/gcrypt/
France
ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/
Germany
ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/
Greece
ftp://igloo.linux.gr/pub/crypto/gnupg/
Italy
ftp://ftp.linux.it/pub/mirrors/gnupg/
http://ftp.linux.it/pub/mirrors/gnupg/
rsync://ftp.linux.it/gnupg/
Netherlands
ftp://ftp.demon.nl/pub/mirrors/gnupg/
Switzerland
ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/
United Kingdom
ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/
http://www.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.1.92 (GNU/Linux)
iD8DBQE9gFQLbH7huGIcwBMRAv+1AKCuQctCs0Y2m4X/KzElI5UV5oeknACglK+A
1MpzBfa/VhryTUrP8m6s/mA=
=qQmg
-----END PGP SIGNATURE-----
From pt@radvis.nu Thu Sep 12 12:20:01 2002
From: pt@radvis.nu (Per Tunedal)
Date: Thu Sep 12 11:20:01 2002
Subject: When will the new GPG version 1.0.7 be released for Windows?
EOM
Message-ID: <5.1.0.14.2.20020911131935.00bdcf70@qix.netcorps.com>
From kontakt@baukonzept.com Thu Sep 12 12:20:04 2002
From: kontakt@baukonzept.com (G=?ISO-8859-1?B?/A==?=nther Hiesz)
Date: Thu Sep 12 11:20:04 2002
Subject: No keys in the recipientwindow
Message-ID:
Hello,
I need help because if i want encrypt and sign but there are no keys in the
recipientwindow.
I imported keys allreadey and i can see them in the keyring but i cannot
find them to work.
My imported key works with my imported passphrase.
What is wrong.
Thanks=20
G=FCntheer Hiesz
Using OSX 10.1.5
And GnuPG 1.0.7
From twoaday@freakmail.de Thu Sep 12 14:13:01 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Thu Sep 12 13:13:01 2002
Subject: Pass phrase in config file
In-Reply-To: <9087494870.20020910225953@gmx.net>
References: <9087494870.20020910225953@gmx.net>
Message-ID: <20020912105529.GA613@daredevil.joesixpack.net>
On Tue Sep 10 2002; 22:59, Daniel Maier wrote:
> to type in my name and pass phrase. Is it possible to store these
> parameters during a session or in a config file so that GnuPG
> automatically decyphers using my name and pass phrase?
What about the GPG-Agent for Windows?
With it you can cache the passphrase instead of saving it in
cleartext into a file. And it's more comfortable, because any
program that uses GPG can use it. You just need to put the
"use-agent" option in your GPG options file.
You can download it here: http://www.winpt.org/agent.html
It's a W32 port of the original gpg-agent.c sources from the
GPG 1.1.x version.
Timo
From twoaday@freakmail.de Thu Sep 12 14:13:04 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Thu Sep 12 13:13:04 2002
Subject: Pass phrase in config file
In-Reply-To: <9087494870.20020910225953@gmx.net>
References: <9087494870.20020910225953@gmx.net>
Message-ID: <20020912105529.GA613@daredevil.joesixpack.net>
On Tue Sep 10 2002; 22:59, Daniel Maier wrote:
> to type in my name and pass phrase. Is it possible to store these
> parameters during a session or in a config file so that GnuPG
> automatically decyphers using my name and pass phrase?
What about the GPG-Agent for Windows?
With it you can cache the passphrase instead of saving it in
cleartext into a file. And it's more comfortable, because any
program that uses GPG can use it. You just need to put the
"use-agent" option in your GPG options file.
You can download it here: http://www.winpt.org/agent.html
It's a W32 port of the original gpg-agent.c sources from the
GPG 1.1.x version.
Timo
From samuel@Update.UU.SE Thu Sep 12 14:21:01 2002
From: samuel@Update.UU.SE (Samuel ]slund)
Date: Thu Sep 12 13:21:01 2002
Subject: Getting GPG to not create configfiles?
Message-ID: <20020912112202.GA19361@Update.UU.SE>
Hi
I have not used any more reacent version of GnuPG than 1.0.6 but i can not
remember anything about this in the anouncements.
A while ago I had a reason to use GPG for symetric encryption,
specifically I vas going to give it and a passphrase to someone else to
get some files across when I was away. I could not find any way to tell
it not to create the (unneccessary) configuration files before
symetrically encrypting a message.
Are there such a switch in the new version of GnuPG?
//Samuel
From wk@gnupg.org Thu Sep 12 15:34:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Thu Sep 12 14:34:02 2002
Subject: Getting GPG to not create configfiles?
In-Reply-To: <20020912112202.GA19361@Update.UU.SE> ("Samuel ]slund"'s
message of "Thu, 12 Sep 2002 13:22:02 +0200")
References: <20020912112202.GA19361@Update.UU.SE>
Message-ID: <87elbzbcvs.fsf@alberti.gnupg.de>
On Thu, 12 Sep 2002 13:22:02 +0200, Samuel ]slund said:
> get some files across when I was away. I could not find any way to tell
> it not to create the (unneccessary) configuration files before
> symetrically encrypting a message.
Use a homedir different from ~/.gnupg and gpg won't create any files.
Shalom-Salam,
Werner
From apavelec@benefit-services.com Thu Sep 12 16:20:01 2002
From: apavelec@benefit-services.com (Adam Pavelec)
Date: Thu Sep 12 15:20:01 2002
Subject: GnuPG 1.1.92 released
References: <8765xbegqe.fsf@alberti.gnupg.de>
Message-ID: <00c001c25a5f$53e5d780$2027a8c0@apavelec>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Hi!
>
> GnuPG 1.1.92 has been released yesterday evening. This is
> hopefully the last snapshot before we release 1.2.
> .
> .
> .
> Happy hacking,
>
> The GnuPG Team.
Is this still a developmental release? There is no mention of
1.1.92 at http://www.gnupg.org/download.html If this is indeed
a release to be used in a production environment, I would really
appreciate it if the download page would be kept up to date.
- --Adam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6
iEYEARECAAYFAj2AlDoACgkQDwRQnkBSh2vgpQCdGkoJQmmJBuhz3VVybci/jfrT
nFIAnRgycMw7LSr/0p+hGd2/LAC0TIVe
=MR3X
-----END PGP SIGNATURE-----
From dshaw@jabberwocky.com Thu Sep 12 16:24:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Thu Sep 12 15:24:01 2002
Subject: When will the new GPG version 1.0.7 be released for Windows? EOM
In-Reply-To: <5.1.0.14.2.20020911131935.00bdcf70@qix.netcorps.com>
References: <5.1.0.14.2.20020911131935.00bdcf70@qix.netcorps.com>
Message-ID: <20020912132437.GD5305@akamai.com>
On Wed, Sep 11, 2002 at 01:20:54PM +0200, Per Tunedal wrote:
> When will the new GPG version 1.0.7 be released for Windows?
It will not be. However, version 1.2 (with many Windows improvements)
will be released for Windows soon. The (hopefully last) development
snapshot for 1.2 was released last night.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
From dshaw@jabberwocky.com Thu Sep 12 16:32:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Thu Sep 12 15:32:01 2002
Subject: GnuPG 1.1.92 released
In-Reply-To: <00c001c25a5f$53e5d780$2027a8c0@apavelec>
References: <8765xbegqe.fsf@alberti.gnupg.de> <00c001c25a5f$53e5d780$2027a8c0@apavelec>
Message-ID: <20020912133234.GE5305@akamai.com>
On Thu, Sep 12, 2002 at 09:21:33AM -0400, Adam Pavelec wrote:
> > Hi!
> >
> > GnuPG 1.1.92 has been released yesterday evening. This is
> > hopefully the last snapshot before we release 1.2.
> > .
> > .
> > .
> > Happy hacking,
> >
> > The GnuPG Team.
>
> Is this still a developmental release? There is no mention of
> 1.1.92 at http://www.gnupg.org/download.html If this is indeed
> a release to be used in a production environment, I would really
> appreciate it if the download page would be kept up to date.
Development release. We're now following the common even-odd model,
so if the minor release number is odd, it's a development release
(e.g. 1.1 == development. 1.2 == stable).
That said, 1.1.92 is intended to become 1.2 soon.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
From alex@FUCKUP.fantastyka.net Thu Sep 12 16:35:02 2002
From: alex@FUCKUP.fantastyka.net (Janusz A. Urbanowicz)
Date: Thu Sep 12 15:35:02 2002
Subject: GnuPG 1.1.92 released
In-Reply-To: <00c001c25a5f$53e5d780$2027a8c0@apavelec>
References: <8765xbegqe.fsf@alberti.gnupg.de> <00c001c25a5f$53e5d780$2027a8c0@apavelec>
Message-ID: <20020912133513.GA27079@FUCKUP.fantastyka.net>
--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Sep 12, 2002 at 09:21:33AM -0400, Adam Pavelec wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> > Hi!
> >=20
> > GnuPG 1.1.92 has been released yesterday evening. This is
> > hopefully the last snapshot before we release 1.2. =20
> > .
> > .
> > .
> > Happy hacking,
> >=20
> > The GnuPG Team.
>=20
> Is this still a developmental release? There is no mention of
> 1.1.92 at http://www.gnupg.org/download.html If this is indeed
> a release to be used in a production environment, I would really
> appreciate it if the download page would be kept up to date.
This is not. It is a development snapshot. See last sentence you left in the
quote.
Alex
--opJtzjQTFsWo+cga
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9gJgRTfkBjn4ugD0RA4SBAJ9OkxHE409KwnnT0hnR1L96YcNg2gCeIH4w
6cXb66yoyiOEnNE2sRgDYDE=
=65yz
-----END PGP SIGNATURE-----
--opJtzjQTFsWo+cga--
From samuel@Update.UU.SE Thu Sep 12 16:38:01 2002
From: samuel@Update.UU.SE (Samuel ]slund)
Date: Thu Sep 12 15:38:01 2002
Subject: Getting GPG to not create configfiles?
In-Reply-To: <87elbzbcvs.fsf@alberti.gnupg.de>
References: <20020912112202.GA19361@Update.UU.SE> <87elbzbcvs.fsf@alberti.gnupg.de>
Message-ID: <20020912133924.GB19361@Update.UU.SE>
On Thu, Sep 12, 2002 at 02:39:35PM +0200, Werner Koch wrote:
> On Thu, 12 Sep 2002 13:22:02 +0200, Samuel ]slund said:
>
> > get some files across when I was away. I could not find any way to tell
> > it not to create the (unneccessary) configuration files before
> > symetrically encrypting a message.
>
> Use a homedir different from ~/.gnupg and gpg won't create any files.
I hope you are talking about the new version of GnuPG, because v1.0.6
hapily creates files in other directories.
I tried:
gpg --homedir /tmp -c .emacs
gpg --homedir ~/tmp -c .emacs
on Debian Linux
and
gpg.exe --homedir e:/musik --symmetric .emacs
on windows 2k
in all cases GnuPG created the pubring.gpg and secring.gpg files in the
specified directories.
I tried assigning a homedir that did not exist and got this result:
samuel@Tempo:~$ gpg --homedir /foo -c .emacs
gpg: keyblock resource `/foo': file open error
gpg: keyblock resource `/foo': file open error
File `.emacs.gpg' exists. Overwrite (y/N)? y
gpg: can't create `/foo/random_seed': No such file or directory
samuel@Tempo:~$
The encrypted file decrypted Ok.
//Samuel
From wk@gnupg.org Thu Sep 12 19:24:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Thu Sep 12 18:24:02 2002
Subject: Window binary signature
Message-ID: <87n0qn9npz.fsf@alberti.gnupg.de>
--=-=-=
Hi!
I forgot to upload the signature for the windows binary. It is now
available and for your convenience attach to thsi mail.
Shalom-Salam,
Werner
--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=gnupg-w32cli-1.1.92.zip.sig
Content-Transfer-Encoding: base64
iD8DBQA9f1QcaLeriVdUjc0RAoB6AJ4tryyRscFGGkxBhRxXSAzIkZpM/ACfQ64aGcHg3tTeeKv3
OEqTHO1IwO0=
--=-=-=--
From hhekim@mail.com Fri Sep 13 10:36:02 2002
From: hhekim@mail.com (Hakan Hekim)
Date: Fri Sep 13 09:36:02 2002
Subject: using my own public key
Message-ID: <20020913073652.54671.qmail@mail.com>
Hello,
When I encrypt a file, I think gpg uses my secret key as default. How can I specify gpg to use my public key in order to encrypt it for myself.
----- Original Message -----
From: Timo Schulz
Date: Thu, 12 Sep 2002 12:55:29 +0200
To: gnupg-users@gnupg.org
Subject: Re: Pass phrase in config file
Re: On Tue Sep 10 2002; 22:59, Daniel Maier wrote:
Re:
Re: > to type in my name and pass phrase. Is it possible to store these
Re: > parameters during a session or in a config file so that GnuPG
Re: > automatically decyphers using my name and pass phrase?
Re:
Re: What about the GPG-Agent for Windows?
Re:
Re: With it you can cache the passphrase instead of saving it in
Re: cleartext into a file. And it's more comfortable, because any
Re: program that uses GPG can use it. You just need to put the
Re: "use-agent" option in your GPG options file.
Re:
Re: You can download it here: http://www.winpt.org/agent.html
Re:
Re: It's a W32 port of the original gpg-agent.c sources from the
Re: GPG 1.1.x version.
Re:
Re:
Re: Timo
Re:
Re: _______________________________________________
Re: Gnupg-users mailing list
Re: Gnupg-users@gnupg.org
Re: http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re:
--------------------------------
If there is no wind, row....
--------------------------------
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
From wk@gnupg.org Fri Sep 13 11:24:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Sep 13 10:24:02 2002
Subject: GPG 1.1.92 bogus error for IDEA plugin
In-Reply-To: ("Larry Ellis"'s
message of "Thu, 12 Sep 2002 16:20:14 -0500")
References:
Message-ID: <87admm70na.fsf@alberti.gnupg.de>
On Thu, 12 Sep 2002 16:20:14 -0500, Larry Ellis said:
> I took your advice anyway, and rebuilt the dll myself after updating the def
> file, and IDEA is still not detected. There seems to be some other issue.
Okay, I found the bug. There is a new version of the binary availabe
at:
ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.1.92a.zip
a patch to the source is in the same directory. I have also asked
Kenneth to upload a new dll to his server. It should appear soon as
ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip
ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip.sig
It is a ZIP file with the source and comments on how to build it using
mingw32/cpd.
Shalom-Salam,
Werner
From holzmann@mhnet.de Fri Sep 13 13:07:02 2002
From: holzmann@mhnet.de (Micha Holzmann)
Date: Fri Sep 13 12:07:02 2002
Subject: using my own public key
In-Reply-To: <20020913073652.54671.qmail@mail.com>
References: <20020913073652.54671.qmail@mail.com>
Message-ID: <20020913100809.GA17018@idm-06.pf.kramski.de>
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Quoting Hakan Hekim :
>=20
> Hello,
> When I encrypt a file, I think gpg uses my secret key as default. How can=
I specify gpg to use my public key in order to encrypt it for myself.
You can use the $HOME/options file. In order to work as you expect, make
an entry with:
encrypt-to
kind regards,
Micha Holzmann
--=20
Who the hell is General Failure, and why he is reading my disk?
--pWyiEgJYm5f9v55/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9gbkJZrmPvQ66gg8RApmjAJ4kjp2ewWJ2CDZojBPAIg19Ct4c8ACfYHzu
EnSHOUekZ6cOXt6DV8dUBVY=
=+9sa
-----END PGP SIGNATURE-----
--pWyiEgJYm5f9v55/--
From wk@gnupg.org Fri Sep 13 14:22:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Sep 13 13:22:02 2002
Subject: using my own public key
In-Reply-To: <20020913100809.GA17018@idm-06.pf.kramski.de> (Micha Holzmann's
message of "Fri, 13 Sep 2002 12:08:09 +0200")
References: <20020913073652.54671.qmail@mail.com>
<20020913100809.GA17018@idm-06.pf.kramski.de>
Message-ID: <87admm3zax.fsf@alberti.gnupg.de>
On Fri, 13 Sep 2002 12:08:09 +0200, Micha Holzmann said:
> You can use the $HOME/options file. In order to work as you expect, make
> an entry with:
BTW, since 1.1.92 options has been replaced by gpg.conf but it will
still be used as long as there is no gpg.conf. Just want to let you
know.
Shalom-Salam,
Werner
From holzmann@mhnet.de Fri Sep 13 15:07:02 2002
From: holzmann@mhnet.de (Micha Holzmann)
Date: Fri Sep 13 14:07:02 2002
Subject: using my own public key
In-Reply-To: <87admm3zax.fsf@alberti.gnupg.de>
References: <20020913073652.54671.qmail@mail.com> <20020913100809.GA17018@idm-06.pf.kramski.de> <87admm3zax.fsf@alberti.gnupg.de>
Message-ID: <20020913120802.GA21150@idm-06.pf.kramski.de>
--liOOAslEiF7prFVr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Quoting Werner Koch :
> On Fri, 13 Sep 2002 12:08:09 +0200, Micha Holzmann said:
>=20
> > You can use the $HOME/options file. In order to work as you expect, make
> > an entry with:
>=20
> BTW, since 1.1.92 options has been replaced by gpg.conf but it will
> still be used as long as there is no gpg.conf. Just want to let you
> know.
Oh! Good to know, i am still running 1.0.7 and 1.0.6 on a windows
client. I have read on the website that the version 1.2 will be released th=
is
month. I want to wait until the release. The reading of "whatsnew" or
"changes" is a must (then). ;-)
kind regards,
Micha Holzmann
--=20
Es gibt nichts gutes ausser man tut es...
--liOOAslEiF7prFVr
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9gdUiZrmPvQ66gg8RAorjAJoDRzGY634Va94yjE4dOeKTvhK4gQCfbtHr
mHv8+tRkm7pjjqUh76HapGU=
=4dyW
-----END PGP SIGNATURE-----
--liOOAslEiF7prFVr--
From johan-gnupg@almqvist.net Fri Sep 13 18:47:01 2002
From: johan-gnupg@almqvist.net (Johan Almqvist)
Date: Fri Sep 13 17:47:01 2002
Subject: Bug? lsign first, then sign
Message-ID: <20020913154846.GJ18223@almqvist.net>
--IU5/I01NYhRvwH70
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi!
$ gpg --version
gpg (GnuPG) 1.0.6
I imported a key, signed it locally first and signed it "for everyone"
later. When exporting the key, my signature wasn't attached to they key.
I had to remove the key from my key ring and import it again; now signing
it directly. After that, it worked fine. Is this intentional?
-Johan
--=20
Johan Almqvist
--IU5/I01NYhRvwH70
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9ggjdEVwMevfaF0sRAqWpAJ90ltd9Lx5MYMw7ayVolLlY/FVrUwCcCEed
1x/Zqyicx/++NotmcXXyTNw=
=ot7i
-----END PGP SIGNATURE-----
--IU5/I01NYhRvwH70--
From johan-gnupg@almqvist.net Fri Sep 13 18:53:02 2002
From: johan-gnupg@almqvist.net (Johan Almqvist)
Date: Fri Sep 13 17:53:02 2002
Subject: Changing "main" user ID
Message-ID: <20020913155441.GK18223@almqvist.net>
--Ls2Gy6y7jbHLe9Od
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello again!
I understand that this may be a purely superficial matter, but is it
possible to change what gpg considers to be the "main" user ID of my key?
$ gpg --list-sigs 50327DF9
pub 1024R/50327DF9 1995-11-15 Fredrik Roubert
sig F98EC641 1997-04-01 Tomas Gradin
sig 50327DF9 2002-06-23 Fredrik Roubert
sig 7888E2C5 2002-06-24 Hans Wachtmeister
sig F7DA174B 2002-09-13 Johan Almqvist (SFS)
$ gpg --list-keys F7DA174B
pub 1024D/F7DA174B 2000-06-22 Johan Almqvist (SFS)
uid Johan Almqvist
uid Johan Almqvist (LUNA)
uid Johan Almqvist (interAF)
uid Johan Almqvist (LUDAT)
uid Johan Almqvist (Propellerheads)
uid Johan Almqvist (JUNO)
uid Johan Almqvist (DF)
sub 2048g/B3CACF7B 2000-06-22
I'd like "Johan Almqvist " to show in the top listing
instead of "Johan Almqvist (SFS)"
-Johan
--=20
Johan Almqvist
--Ls2Gy6y7jbHLe9Od
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9ggpAEVwMevfaF0sRArJqAKCUsUa/aD9HBTUbQF/Vy3ql9GkCcQCeOQ4m
H8+wg6SJTvKtMX5ejjdQALU=
=lwoK
-----END PGP SIGNATURE-----
--Ls2Gy6y7jbHLe9Od--
From dshaw@jabberwocky.com Fri Sep 13 19:10:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Sep 13 18:10:02 2002
Subject: Bug? lsign first, then sign
In-Reply-To: <20020913154846.GJ18223@almqvist.net>
References: <20020913154846.GJ18223@almqvist.net>
Message-ID: <20020913161039.GA5588@akamai.com>
On Fri, Sep 13, 2002 at 05:48:46PM +0200, Johan Almqvist wrote:
> Hi!
>
> $ gpg --version
> gpg (GnuPG) 1.0.6
>
> I imported a key, signed it locally first and signed it "for everyone"
> later. When exporting the key, my signature wasn't attached to they key.
> I had to remove the key from my key ring and import it again; now signing
> it directly. After that, it worked fine. Is this intentional?
This was changed in 1.0.7. GnuPG now prompts the user to see if they
want to "promote" the local signature to a full exportable signature.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
From dshaw@jabberwocky.com Fri Sep 13 19:11:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Sep 13 18:11:02 2002
Subject: Changing "main" user ID
In-Reply-To: <20020913155441.GK18223@almqvist.net>
References: <20020913155441.GK18223@almqvist.net>
Message-ID: <20020913161146.GB5588@akamai.com>
On Fri, Sep 13, 2002 at 05:54:41PM +0200, Johan Almqvist wrote:
> Hello again!
>
> I understand that this may be a purely superficial matter, but is it
> possible to change what gpg considers to be the "main" user ID of my key?
[..]
> I'd like "Johan Almqvist " to show in the top listing
> instead of "Johan Almqvist (SFS)"
In GnuPG 1.0.7 there is a "primary" command in the --edit menu. Just
select the user ID that you want to be primary.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
From mail@mark-kirchner.de Fri Sep 13 19:38:01 2002
From: mail@mark-kirchner.de (Mark Kirchner)
Date: Fri Sep 13 18:38:01 2002
Subject: Changing "main" user ID
In-Reply-To: <20020913161146.GB5588@akamai.com>
References: <20020913155441.GK18223@almqvist.net>
<20020913161146.GB5588@akamai.com>
Message-ID: <9834610276.20020913183849@mark-kirchner.de>
Hello,
On Friday, September 13, 2002, 6:11:46 PM, David wrote:
> On Fri, Sep 13, 2002 at 05:54:41PM +0200, Johan Almqvist wrote:
>> [changing main id]
>
> In GnuPG 1.0.7 there is a "primary" command in the --edit menu. Just
> select the user ID that you want to be primary.
I don't know about the original poster, but sometimes I would like to
change the "main id" of keys that I don't own. (I know, no real need
to do that; call it aesthetical reasons :-) The "primary" command
responds with "Need the secret key to do this" when I try that.
(v1.1.92)
I assume that the "main id" has no particular relevance (for the key /
encryption / security) so that changing it would just be a cosmetical
thing. Am I missing something?
Regards,
Mark Kirchner
--
Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc
From vedaal@compute3.lok.com Fri Sep 13 19:46:01 2002
From: vedaal@compute3.lok.com (vedaal@compute3.lok.com)
Date: Fri Sep 13 18:46:01 2002
Subject: signing with a v3 rsa key in 1.1.9.2
Message-ID: <200209131646.g8DGkxPF006006@compute3.lok.com>
have tried to sign with my default v3 rsa key, using the windows binary for 1.1.9.2
the key is listed as my default key in the gnupg options,
and the keyrings have not been changed since using 1.1.9.2
the key has worked well for signing for all other versions of gnupg,
but now, gives the following error messages:
C:\gnupg>gpg --clearsign d:\a1.txt
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: protection algorithm 1 (IDEA) is not supported
gpg: the IDEA cipher plugin is not present
gpg: please see http://www.gnupg.org/why-not-idea.html for more information
gpg: no default secret key: unknown cipher algorithm
gpg: d:\a1.txt: clearsign failed: unknown cipher algorithm
there is no problem when i try to sign with any other v3 rsa key
my default v3 rsa key was generated in 2.6.x
the other v3 rsa keys (that work ok) were generated in pgp 6.5.8
pgpdump shows nothing remarkable about the key,
and it has worked fine for all previous gnupg versions, up to 1.1.9.1 {Nullify}
vedaal
From Martin Schoch Fri Sep 13 19:52:02 2002
From: Martin Schoch (Martin Schoch)
Date: Fri Sep 13 18:52:02 2002
Subject: GPG 1.1.92 bogus error for IDEA plugin
In-Reply-To: <87admm70na.fsf@alberti.gnupg.de>
References:
<87admm70na.fsf@alberti.gnupg.de>
Message-ID: <149710261.20020913185315@compuserve.com>
On Friday, September 13, 2002, 10:29:45 AM Werner Koch wrote:
WK> ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.1.92a.zip
WK> ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip
WK> ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip.sig
Thanks for your great and excellent work! With the binary under
Windows 2K SP2 I have a problem with IDEA - it seems that gnupg
searches the plugin idea.dll under "hardcoded" directory...
I have in the options file the line:
load-extension idea
But gpg --versions says:
Unterstützte Verfahren:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
gpg: LoadLibrary failed ec=126
gpg: GetProcAddress failed ec=127
gpg: GetProcAddress failed ec=127
gpg: invalid module `c:\lib\gnupg\idea': 127
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160
Compress: Uncompressed, ZIP, ZLIB
--
Best regards,
Martin Schoch mailto:maschoch@compuserve.com
From dshaw@jabberwocky.com Fri Sep 13 20:55:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Sep 13 19:55:01 2002
Subject: Changing "main" user ID
In-Reply-To: <9834610276.20020913183849@mark-kirchner.de>
References: <20020913155441.GK18223@almqvist.net> <20020913161146.GB5588@akamai.com> <9834610276.20020913183849@mark-kirchner.de>
Message-ID: <20020913175530.GA6066@akamai.com>
On Fri, Sep 13, 2002 at 06:38:49PM +0200, Mark Kirchner wrote:
> Hello,
>
> On Friday, September 13, 2002, 6:11:46 PM, David wrote:
> > On Fri, Sep 13, 2002 at 05:54:41PM +0200, Johan Almqvist wrote:
> >> [changing main id]
> >
> > In GnuPG 1.0.7 there is a "primary" command in the --edit menu. Just
> > select the user ID that you want to be primary.
>
> I don't know about the original poster, but sometimes I would like to
> change the "main id" of keys that I don't own. (I know, no real need
> to do that; call it aesthetical reasons :-) The "primary" command
> responds with "Need the secret key to do this" when I try that.
> (v1.1.92)
>
> I assume that the "main id" has no particular relevance (for the key /
> encryption / security) so that changing it would just be a cosmetical
> thing. Am I missing something?
It is just a cosmetic change, but you are not permitted to make the
change for keys you do not own. Only the key owner can decide how
their key is displayed.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
From vedaal@lok.com Fri Sep 13 21:07:02 2002
From: vedaal@lok.com (vedaal@lok.com)
Date: Fri Sep 13 20:07:02 2002
Subject: follow-up : signing with a v3 rsa key in GnuPG 1.1.92
Message-ID: <200209131808.g8DI8UPF029482@compute3.lok.com>
have just generated a new v3 rsa key in pgp 2.6.3 multi 6
(default settings, nothing fancy, same as 2.6.3)
imported it to gnupg, made it the default key, and got the same error message as before
here is the key:
the passphrase is the same as the keyname:
263m6test
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: 2.6.3ia-multi06
comment: passhrase: 263m6test
lQOfAz2CHIcAAAEIANE+IpggTNk4XCbTrHtgxm4t+Ks3doUgMYZZw82SjLhzR5IS
NsaPgmGYLuql3/33Y0yjRukXgzhmUuahvo/L1mt153YABC8jfS17zu4EH9+WRghL
B8YR1gHNtQbQy9B1TFoIHryW9s7Qy4uMm858nRWnjV7lm2QE1XCWoDMtc0zN2mS7
ALCFf4rP6S5AoRTtKEXmPUBXpmgBQXK/RnCSxnHWFG0ScjVf7s520SAhidUJ9tli
1snUAz3zeAXXYIFy/IfFKERGAj/gtuJQPT+e2sEuP/LsULVnHyAWCwbJR3tuYMoY
pPtaejqozZfMZNS/4r03t3U2hM/awEBc9tBA67UABREBnkmaqObtCCQH8e7mN6A/
KE0mxopMk/Wr5HvpKyHGDh3oRWNTAeQ/xqqpoa+lz/uiAuGsPZSZmWKyZ1SijoUB
vLSx11Rri7TC2gz9TnIJNfwTKbbCRmU+wLjymTlqh9QKjgTaMoVh7NS54E6RK4jl
8CTx/9jzC44yePU05niY57HtKZCZXERi7ZNJKNlD7k3r0SJVmeS6lCJCDRvQzUVP
6A7QIPeiTc9rH6T0B7XDbc2bJfywwQlYg+L4v1yATqyvKBLqWzO4NW0yJG+RKD8K
Y9nZzJtzXMwiftrWMIjM7Fr2O5w+MIls8UIdm8aP0KEE/r+BcPS+OKdIBhYS3Cyc
8Z2IGQghEyRPlQQAG/kNIrg2BmhlzWfNigPWjCQJMEesjjQtROuDeKmRRas+Ajep
/euqBfLDbLMX6L80VzqXTpJijVFTuiVnRWL1nVry100VRDHXDuw8uICB7x8GDzc6
xGRKehbUCCJwKGyULBDedFdF4VLBicJYqOWfjvNvPWt2kuNykBwHwxjEvmgEAJxw
0BLkYb+R4qYzJ+QHQtn1DqpvFTYy/d6KqBvnCJZTpgD3m5JpKarOarE+Fa6H/hSc
swKGSIkeqh6kBCAEChyOOeBRPd11TvAFw4Eql0mN/DETLDUMFvAFA8eVdSDST4Nm
paNR9lTY8j9PclPuW89Mz+pMDfOSF7LANk00wJiiA/+i0t5D0VIGkXDlZuAP7rTk
USIzQJgVfUTac+xbtOf5D2vA2Czkcnx31k36HXrCm6bC81xjBPTZDLTuVMJSffEq
3FhsLVpMhKtlilBQdkuR+yvWtrygjrDmv0Jwhh+Obicv2rBs3TAY/db0KbK+ZSQn
cNOUQsu3oM/rlnVTwwStWEIhtAkyNjNtNnRlc3Q=
=m1x0
-----END PGP PRIVATE KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia-multi06
mQENAz2CHIcAAAEIANE+IpggTNk4XCbTrHtgxm4t+Ks3doUgMYZZw82SjLhzR5IS
NsaPgmGYLuql3/33Y0yjRukXgzhmUuahvo/L1mt153YABC8jfS17zu4EH9+WRghL
B8YR1gHNtQbQy9B1TFoIHryW9s7Qy4uMm858nRWnjV7lm2QE1XCWoDMtc0zN2mS7
ALCFf4rP6S5AoRTtKEXmPUBXpmgBQXK/RnCSxnHWFG0ScjVf7s520SAhidUJ9tli
1snUAz3zeAXXYIFy/IfFKERGAj/gtuJQPT+e2sEuP/LsULVnHyAWCwbJR3tuYMoY
pPtaejqozZfMZNS/4r03t3U2hM/awEBc9tBA67UABRG0CTI2M202dGVzdIkBFQMF
ED2CHMLAQFz20EDrtQEBDYIH/12Rfd+83iB6htKZc+xb/YH1jsEI+tW927I/zVWY
R1jgAakwjqTUJryieZYQ0a/9a/mJQqCllu7uy9JrCkvhLzvwSQB0YzuWHHhKuFKA
/B+kdUnce7UPIuSgI4c5ClxtI8ICe1YVgnM7JwDwJq4IKIptQXd4yTIZs87Af/UO
4B9KsLbuH8bTmKTaebshMghctaIsopklRKD5tEskB3r5DL9y0ebo0KMuvggkXHcj
5X3B//OKYitDeLGxrKeKwf2Wfm3PCuVhj0c2Skq4uR6TGlDhFdiCu1lwZc8jPbJn
fbdCAjsI81UY2TJZXPg3qlhPncX66pNTtRGps0Azh11pags=
=gPgV
-----END PGP PUBLIC KEY BLOCK-----
can anyone else reproduce this problem,
or might it be something unique to the windows binary?
tia
vedaal
From mail@mark-kirchner.de Fri Sep 13 21:25:01 2002
From: mail@mark-kirchner.de (Mark Kirchner)
Date: Fri Sep 13 20:25:01 2002
Subject: Changing "main" user ID
In-Reply-To: <20020913175530.GA6066@akamai.com>
References: <20020913155441.GK18223@almqvist.net>
<20020913161146.GB5588@akamai.com> <9834610276.20020913183849@mark-kirchner.de>
<20020913175530.GA6066@akamai.com>
Message-ID: <11941064567.20020913202623@mark-kirchner.de>
On Friday, September 13, 2002, 7:55:30 PM, David wrote:
> On Fri, Sep 13, 2002 at 06:38:49PM +0200, Mark Kirchner wrote:
>> [snip]
>> I assume that the "main id" has no particular relevance (for the key /
>> encryption / security) so that changing it would just be a cosmetical
>> thing. Am I missing something?
>
> It is just a cosmetic change, but you are not permitted to make the
> change for keys you do not own.
Uh, yes I got that already :-)
> Only the key owner can decide how their key is displayed.
I hope you don't mind me asking, but: Says who? Of course, the
programmers do, but: Is there a special reason behind it, is it in the
OpenPGP-Standard? Which would lead to the next question: Why is it in
there?
Call me old-fashioned, but: All the necessary data is there, the data
is public (at least it's from the "public" key) and gpg runs on _my_
machine, so IMHO _I_ should be the one to decide how the data is
/displayed/. (Of course, within reasonable limits.)
I don't want to change someone else public key, I don't want to add to
or remove something from it, it's just a matter of how it's displayed
on my machine. (At least I interpreted your "cosmetic change" that
way.)
Regards,
Mark Kirchner
--
Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc
From dshaw@jabberwocky.com Fri Sep 13 21:59:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Sep 13 20:59:01 2002
Subject: Changing "main" user ID
In-Reply-To: <11941064567.20020913202623@mark-kirchner.de>
References: <20020913155441.GK18223@almqvist.net> <20020913161146.GB5588@akamai.com> <9834610276.20020913183849@mark-kirchner.de> <20020913175530.GA6066@akamai.com> <11941064567.20020913202623@mark-kirchner.de>
Message-ID: <20020913185941.GC6066@akamai.com>
On Fri, Sep 13, 2002 at 08:26:23PM +0200, Mark Kirchner wrote:
> On Friday, September 13, 2002, 7:55:30 PM, David wrote:
> > On Fri, Sep 13, 2002 at 06:38:49PM +0200, Mark Kirchner wrote:
> >> [snip]
> >> I assume that the "main id" has no particular relevance (for the key /
> >> encryption / security) so that changing it would just be a cosmetical
> >> thing. Am I missing something?
> >
> > It is just a cosmetic change, but you are not permitted to make the
> > change for keys you do not own.
>
> Uh, yes I got that already :-)
>
> > Only the key owner can decide how their key is displayed.
>
> I hope you don't mind me asking, but: Says who? Of course, the
> programmers do, but: Is there a special reason behind it, is it in the
> OpenPGP-Standard? Which would lead to the next question: Why is it in
> there?
Actually, it isn't in there. The standard is really mostly a
'on-the-wire' spec. It often says little or nothing about
interpretation. There is nothing in the spec to prevent such a thing.
An easy way to do it would be to add the primary uid indicator to the
unhashed area of the self-signature. Of course, if you are doing
something local then you can do whatever you want.
> Call me old-fashioned, but: All the necessary data is there, the data
> is public (at least it's from the "public" key) and gpg runs on _my_
> machine, so IMHO _I_ should be the one to decide how the data is
> /displayed/. (Of course, within reasonable limits.)
> I don't want to change someone else public key, I don't want to add to
> or remove something from it, it's just a matter of how it's displayed
> on my machine. (At least I interpreted your "cosmetic change" that
> way.)
That's the problem here... what happens after you export the key to
give to a friend? Should GnuPG strip the primary uid subpacket that
you added? How does it know that it was one that you added and not
someone else? Should it strip unhashed primary uid subpackets when
importing keys? Why or why not?
There are sometimes very good reasons for adding unhashed data to
self-signatures on keys you don't own (to add a MDC flag for example).
In this case, it opens up a whole lot of potentially dangerous
questions for something that is, after all, cosmetic.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
From wk@gnupg.org Fri Sep 13 22:16:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Sep 13 21:16:01 2002
Subject: follow-up : signing with a v3 rsa key in GnuPG 1.1.92
In-Reply-To: <200209131808.g8DI8UPF029482@compute3.lok.com> (vedaal@lok.com's
message of "Fri, 13 Sep 2002 14:08:30 -0400")
References: <200209131808.g8DI8UPF029482@compute3.lok.com>
Message-ID: <87it193de6.fsf@alberti.gnupg.de>
On Fri, 13 Sep 2002 14:08:30 -0400, vedaal said:
> here is the key:
:secret key packet:
version 3, algo 1, created 1031937159, expires 0
skey[0]: [2048 bits]
skey[1]: [5 bits]
protect algo: 1 (hash algo: 1)
protect IV: 9e 49 9a a8 e6 ed 08 24
algo 1 is IDEA and you don't have the plugin installed. IF you are
running on Windows, get the 1.1.92a binary, the new ideaddl.zip and
use a full pathname for idea.dll with --load-extension.
Shalom-Salam,
Werner
From Jason_Mantor@hesc.com Fri Sep 13 22:19:01 2002
From: Jason_Mantor@hesc.com (Jason_Mantor@hesc.com)
Date: Fri Sep 13 21:19:01 2002
Subject: CR-LF on OpenVMS ?
Message-ID:
Just sharing what I learned:
A very helpful person suggested using --textmode when encrypting
the file on VMS using GPG.
It took some time to set this up with the school, but that did the trick.
Now the file decrypts properly on NT using GPG.
Thanks to everyone's suggestions and efforts the kids at this school
will get their college loans and scholarships much more quickly : )
-JSM
Jason S. Mantor, MCP
Senior Computer Programmer/Analyst
New York State Higher Education Services Corporation
Email: Jason_Mantor@hesc.com
Telephone: (518) 402-3545
From mail@mark-kirchner.de Fri Sep 13 22:42:02 2002
From: mail@mark-kirchner.de (Mark Kirchner)
Date: Fri Sep 13 21:42:02 2002
Subject: Changing "main" user ID
In-Reply-To: <20020913185941.GC6066@akamai.com>
References: <20020913155441.GK18223@almqvist.net>
<20020913161146.GB5588@akamai.com> <9834610276.20020913183849@mark-kirchner.de>
<20020913175530.GA6066@akamai.com>
<11941064567.20020913202623@mark-kirchner.de> <20020913185941.GC6066@akamai.com>
Message-ID: <14445697579.20020913214336@mark-kirchner.de>
On Friday, September 13, 2002, 8:59:41 PM, David wrote:
> On Fri, Sep 13, 2002 at 08:26:23PM +0200, Mark Kirchner wrote:
>> Call me old-fashioned, but: All the necessary data is there, the data
>> is public (at least it's from the "public" key) and gpg runs on _my_
>> machine, so IMHO _I_ should be the one to decide how the data is
>> /displayed/. (Of course, within reasonable limits.)
>> I don't want to change someone else public key, I don't want to add to
>> or remove something from it, it's just a matter of how it's displayed
>> on my machine. (At least I interpreted your "cosmetic change" that
>> way.)
>
> That's the problem here... what happens after you export the key to
> give to a friend? Should GnuPG strip the primary uid subpacket that
> you added?
Oh, ok, it's a subpacket, I really should have known / remebered that.
That explains a lot.
> How does it know that it was one that you added and not
> someone else? Should it strip unhashed primary uid subpackets when
> importing keys? Why or why not?
>
> There are sometimes very good reasons for adding unhashed data to
> self-signatures on keys you don't own (to add a MDC flag for example).
> In this case, it opens up a whole lot of potentially dangerous
> questions for something that is, after all, cosmetic.
I totally agree with you.
Before I go on further, let me point out that it's really a minor
thing, I was rather curious than being interested in seeing that point
changed in gpg (or changing it myself).
Having said that, I think it wouldn't be necessary to change or add a
subpacket: Since it's only a matter of how I prefer the key data to be
displayed, my preference could as well be stored outside the keyring
in some config-file.
But I see where this leads to: It isn't really a "problem" of gpg
itself, the same effect could (and probably should) be achieved by the
software that uses gpg and/or displays the keyring (GPGshell in my
case).
Thank you very much for the info.
Regards,
Mark Kirchner
--
Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc
From vedaal@lok.com Sat Sep 14 00:22:02 2002
From: vedaal@lok.com (vedaal@lok.com)
Date: Fri Sep 13 23:22:02 2002
Subject: followup: signing with a v3 rsa key in 1.1.9.2
Message-ID: <200209132122.g8DLMgHV008640@compute1.lok.com>
> Message: 11 From: vedaal@compute3.lok.com To: gnupg-users@gnupg.org
> Subject: signing with a v3 rsa key in 1.1.9.2 Date: Fri, 13 Sep 2002
> 12:46:59 -0400
>
> have tried to sign with my default v3 rsa key, using the windows
>binary for 1.1.9.2
>
> the key is listed as my default key in the gnupg options, and the
> keyrings have not been changed since using 1.1.9.2
>
> the key has worked well for signing for all other versions of gnupg,
> but now, gives the following error messages:
>
> C:\gnupg>gpg --clearsign d:\a1.txt gpg: NOTE: THIS IS A DEVELOPMENT
> VERSION! gpg: It is only intended for test purposes and should
> NOT be gpg: used in a production environment or with production
> keys! gpg: protection algorithm 1 (IDEA) is not supported
> gpg: the IDEA cipher plugin is not present gpg: please see
> http://www.gnupg.org/why-not-idea.html for more information gpg:
> no default secret key: unknown cipher algorithm gpg: d:\a1.txt:
> clearsign failed: unknown cipher algorithm
>
> there is no problem when i try to sign with any other v3 rsa key
>
> my default v3 rsa key was generated in 2.6.x the other v3 rsa keys
> (that work ok) were generated in pgp 6.5.8
found the reason:
rsa v3 keys generated in 6.5.8 have the symmetric algo as 'cast-5' by default,
while in 2.6.x it is 'idea'
what is unusual, is that if the key is checked in 'key properties' in pgp keys,
the symmetric algo is listed as 'idea' for 'any' v3 rsa key, no matter how it was generated,
the actual algo used will be listed in pgpdump,
so, the 2.6.x keys need the 'idea' module installed,
while v3 rsa keys generated in later versions,
{or in 2.6.x Multi with the option specified as a non-'idea' algorithm},
do not
vedaal
From htidore@yahoo.com Sat Sep 14 00:59:01 2002
From: htidore@yahoo.com (Hanny Tidore)
Date: Fri Sep 13 23:59:01 2002
Subject: importing secring.skr
In-Reply-To: <20020910133315.GB666@akamai.com>
Message-ID: <20020913215945.75194.qmail@web14003.mail.yahoo.com>
Thanks David,
It works. I forgot to include --import the other time.
That's why it didn't work.
-=ht
--- David Shaw wrote:
> On Tue, Sep 10, 2002 at 06:08:52AM -0700, Hanny
> Tidore wrote:
> > Sorry, a little correction. My secret keyring is
> > secring.skr
> >
> > I am using version 1.0.6 and I have tried to use
> > --allow-secret-key-import option. However when I
> tried
> > gpg --list-secret-key, I don't see the secret key.
>
> What does GnuPG respond with when you do
>
> gpg --allow-secret-key-import --import secring.skr
>
> ?
>
> David
>
> --
> David Shaw | dshaw@jabberwocky.com | WWW
> http://www.jabberwocky.com/
>
+---------------------------------------------------------------------------+
> "There are two major products that come out of
> Berkeley: LSD and UNIX.
> We don't believe this to be a coincidence." -
> Jeremy S. Anderson
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
From rdmyers@netzon.net Sat Sep 14 05:16:02 2002
From: rdmyers@netzon.net (Rodney D. Myers)
Date: Sat Sep 14 04:16:02 2002
Subject: gpg error message
Message-ID: <20020913191651.5f1c9e9b.rdmyers@netzon.net>
--=.i9xHsjnUHB9KXO
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
I recently installed, for a Friend moving from windos to Linux,
sylpheed claws, gpupg 1.0.7, gpgme 0.3.9-1.
When I start sylpheed, I get an error requester telling me GNUPG is
not installed correctly.
I set his system up as close to mine as possible, and mine works.
GPG appears to be installed correctly, but I'm not so sure right now.
Thanks for any tips and/or suggestions.
--
Rodney D. Myers
ICQ# : 18002350 Have A NORML Day
AIM#: mailman452 Yahoo Chat: Mailman42_5
They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety.
Ben Franklin
--=.i9xHsjnUHB9KXO
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9gpwVRzSENXJW+i8RAgpfAJ9W/sx1rbEl+Lo0eUVdBbC0jj+dDgCfYyTo
5h3L+bGsy/A9LYOgpzIV8nk=
=VQLD
-----END PGP SIGNATURE-----
--=.i9xHsjnUHB9KXO--
From esj@harvee.billerica.ma.us Sat Sep 14 05:52:02 2002
From: esj@harvee.billerica.ma.us (Eric S. Johansson)
Date: Sat Sep 14 04:52:02 2002
Subject: camram related question
References: <20020913191651.5f1c9e9b.rdmyers@netzon.net>
Message-ID: <3D82A4A5.2030400@harvee.billerica.ma.us>
camram is in antispam system based on adding a proof of work postage
stamp (hashcash) to mail messages. If you want the full spiel, go to
www.camram.org or e-mail me directly please.
Proof of work postage stamps have a variety of problems not the least of
which is the human factors issue of convincing people to sit and wait
while their machine calculates one stamp for every recipient. As a
result, we would like to automatically transition user from hashcash
based stamps to a PGP compatible signature based stamp.
To this end, we would like to propagate public keys by embedding them in
every mail message containing a hashcash stamp. We considered and
rejected indirect distribution mechanisms for a variety of reasons but
primarily because these keys are going to be generated (hopefully) in
large numbers and are effectively disposable.
I would like to find out if I can generate ASCII armored keys that are
just keys. No web of Trust or any of the other overhead.
I would also like to know where the key rings breakdown in terms of size
and how can one query them to see if a key is present matching a
specific e-mail address.
Thanks in advance for any replies
---eric
From Martin Schoch Sat Sep 14 10:53:01 2002
From: Martin Schoch (Martin Schoch)
Date: Sat Sep 14 09:53:01 2002
Subject: Error Message loading extension
Message-ID: <803680261.20020914095323@compuserve.com>
Hello list,
I would like to load the new IDEA extension with the new 1.1.92
under Windows 2k SP2 - the line in option file is:
load-extension c:\programme\gnupp\lib\idea
but I have still an error message with gpg --version, what does it
error code=487 mean:
gpg: LoadLibrary failed ec=487
gpg: GetProcAddress failed ec=127
gpg: GetProcAddress failed ec=127
gpg: invalid module `c:\programme\gnupp\lib\idea': 127
--
Regards,
Martin mailto:maschoch@compuserve.com
From Robin Lynn Frank Sat Sep 14 18:41:03 2002
From: Robin Lynn Frank (Robin Lynn Frank)
Date: Sat Sep 14 17:41:03 2002
Subject: Changing defaults?
Message-ID: <1032018117.10405.TMDA@omega.paradigm-omega.net>
Is there a way with 1.0.7 to change defaults from, say, sha1 to ripe160, or
ciohers to twofish? I'm getting tired of typing so much.
BTW, if a similar question I posted via gmane shows up, my apologies.
--
Robin Lynn Frank
Paradigm-Omega, LLC
=====================================
Notice: Incoming e-mail is subject to security
restrictions, including confirmation requests.
=====================================
From ambassadorsean@juno.com Sun Sep 15 00:33:01 2002
From: ambassadorsean@juno.com (Sean M McMahon)
Date: Sat Sep 14 23:33:01 2002
Subject: Newbie here- how do I use this thing?
Message-ID: <20020914.173342.-162317.0.ambassadorsean@juno.com>
Hi- my name is Sean and I have no technical expertise whatsoever.
I have built computers and taken networking classes and I have basic
computer skills, but I don't know anything about internet security.
Basically I have a website with a form on it, and that form is going to
send personal information to me via e-mail (ie. credit cards).
Unfortunately I cannot use a third party processor to deal with the
credit careds because I am working as part of a larger company and must
run orders through them. I have been told that I can use GnuPG to encrypt
the results of this form when they are sent as an e-mail to me and that
then I can de-encrypt it myself...but after downloading the program I
have no idea how to use it.
Can anyone tell me what I need to do to get this to work? My
website is for a good cause...proceeds go to help buy back the Amazon
Rainforest to prevent deforestation! Thanks for any help you can give in
advance,
~Sean
________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today! For your FREE software, visit:
http://dl.www.juno.com/get/web/.
From dscribner@yahoo.com Sun Sep 15 01:37:01 2002
From: dscribner@yahoo.com (David Scribner)
Date: Sun Sep 15 00:37:01 2002
Subject: 1.0.7 defaults ?
In-Reply-To:
Message-ID: <20020914223752.49358.qmail@web13501.mail.yahoo.com>
--- Paradigm-Omega wrote:
> I've looked through the documentation, but may have missed it.
> Is there any way to change the default from sha1 to ripe160?
> Or, change the default cipher to twofish?
If you're wanting to change the prefered hashes and cipher algos
in your key, this can be done with 'gpg --edit-key '
This will bring up the interactive key editing menu (type 'help'
to get a full list of interactive menu options). Typing
'showpref' will display the current preferences for the key,
listing the cipher algos, hashes and compression libs. You can
change the preferences in the list by typing 'pref' to compare
the preference values with those shown with 'showpref' (which is
more verbose), and then using 'setpref ' to set your
key's preferences to the values given in the , and then
update the preferences with 'updpref'.
For example, S7 is AES, S10 is TWOFISH, etc. for a couple of the
cipher algos, H3 is RIPEMD160, and H2 is SHA1 for hashes, and Z2
is ZLIB and Z1 is ZIP for compression. Let's say that you want
to change your preferences to use only TWOFISH for the cipher
algo, RIPEMD160 for the hash and ZLIB for compression...
$ gpg --edit-key 0x91EC5F05
Command> showpref
pub 1024D/18E19CAB created: 2002-03-02 expires: never
trust: u/u
(1). Ima GnuPGuser
Cipher: AES, TWOFISH, CAST5, BLOWFISH, 3DES
Hash: RIPEMD160, SHA1
Compression: ZLIB, ZIP
Command> pref
pub 1024D/18E19CAB created: 2002-03-02 expires: never
trust: u/u
(1). Ima GnuPGuser
S7 S10 S3 S4 H3 H2 Z2 Z1
Command> setpref S10 H3 Z2
Command> updpref
Command> quit
$
This will change your key's preferences for the chosen cipher
algos, hash and compression to be used to those you specified in
the .
You can also include in your ~/.gnupg/options (soon to be
~/.gnupg/gpg.conf with the release of 1.2) the option
'--cipher-algo ' where is one of the supported
cipher algos (can be found with 'gpg --version'), or you could
also also indicate in your options file the line
'--preference-list ' (where is a list of
preferences as would be used with 'setpref' in the --edit-key's
interactive menu.
I hope this is what you were looking for. More information on
setting your preferences using both the interactive menu in
'--edit-key' and the options file can be found in the man pages
if needed.
Dave
=====
David D. Scribner
IT Consulting & Services
CompTIA Linux+, Network+, A+ Certified
Ph: (817) 461-4018 eFax: (630) 214-7769
dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/
GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
From Robin Lynn Frank Sun Sep 15 02:01:02 2002
From: Robin Lynn Frank (Robin Lynn Frank)
Date: Sun Sep 15 01:01:02 2002
Subject: 1.0.7 defaults ?
In-Reply-To: <20020914223752.49358.qmail@web13501.mail.yahoo.com>
References: <20020914223752.49358.qmail@web13501.mail.yahoo.com>
Message-ID: <1032044476.6394.TMDA@omega.paradigm-omega.net>
On Saturday 14 September 2002 15:37, David Scribner wrote:
#
# I hope this is what you were looking for. More information on
# setting your preferences using both the interactive menu in
# '--edit-key' and the options file can be found in the man pages
# if needed.
#
# Dave
#
# =====
# David D. Scribner
# IT Consulting & Services
# CompTIA Linux+, Network+, A+ Certified
# Ph: (817) 461-4018 eFax: (630) 214-7769
# dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/
# GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06
#
Thank you very much. That is exactly what I needed.
--
Robin Lynn Frank
Paradigm-Omega, LLC
=====================================
Notice: Incoming e-mail is subject to security
restrictions, including confirmation requests.
=====================================
From dscribner@yahoo.com Sun Sep 15 03:35:01 2002
From: dscribner@yahoo.com (David Scribner)
Date: Sun Sep 15 02:35:01 2002
Subject: 1.0.7 defaults ?
In-Reply-To: <1032044476.6394.TMDA@omega.paradigm-omega.net>
Message-ID: <20020915003550.6096.qmail@web13502.mail.yahoo.com>
--- Robin Lynn Frank wrote:
> Thank you very much. That is exactly what I needed.
No problem... glad to of helped!
Dave
=====
David D. Scribner
IT Consulting & Services
CompTIA Linux+, Network+, A+ Certified
Ph: (817) 461-4018 eFax: (630) 214-7769
dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/
GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
From skquinn@speakeasy.net Sun Sep 15 11:46:02 2002
From: skquinn@speakeasy.net (Shawn K. Quinn)
Date: Sun Sep 15 10:46:02 2002
Subject: Discussion medium proposal.
In-Reply-To: <004c01c25802$286239a0$83c29a44@sardine>
References: <004c01c25802$286239a0$83c29a44@sardine>
Message-ID: <200209150347.31250.skquinn@speakeasy.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday September 9 2002 08:09, Justin Troutman wrote:
> Here is a message I originally sent to Werner. I would appreciate
> any feedback on the idea. Much thanks for your time.
I see you got no replies to this when originally sent. I was going back=20
over old messages and noticed this one so=20
> I would like to propose another medium in which to discuss GnuPG
> matters, albeit hopefully satisfactory to you.
>
> A few friends of mine who run a small, stable IRC server have
> graciously allowed me the opportunity to place a "#gnupg"
> channel on the server.
>
> The server is public, but has a small user-base and stable
> uptimes. The operators are very knowledgeable and would be more
> than happy to have a channel which pertains to GnuPG discussion.
I think this is mostly a good idea.
> My idea is that this may be another convenient way in which to
> discuss GnuPG, without the hassle of most large IRC servers
> which are drowned in lag and thousands of users, without relying
> solely on the mailing list.
The fact it's isolated has benefits. The downside is that this makes it=20
more difficult for some IRC clients to access (I maintain a presence on=20
EFnet IRC and this would mean I would probably need to open a second=20
instance of my client to participate).
Is this server still up? If so, would you mind telling us where it is?
- --=20
Shawn K. Quinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9hEkgQVXDBVmaIp0RAvFWAKC0+JgoxMKiE690V3lSLVw4cInBpACgjSqU
O47E2aPWDoZ5UdgZUO3syIc=3D
=3DqLdD
-----END PGP SIGNATURE-----
From skquinn@speakeasy.net Sun Sep 15 11:54:02 2002
From: skquinn@speakeasy.net (Shawn K. Quinn)
Date: Sun Sep 15 10:54:02 2002
Subject: Large keyrings, GnuPG slowdowns/Seahorse segfaults
Message-ID: <200209150354.46124.skquinn@speakeasy.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My apologies if this is too far off topic, but there doesn't appear to=20
be a Seahorse-specific mailing list.
Up until a few minutes ago (when I realized this was slowing down even=20
standalone operation of GnuPG greatly) I had a >11 megabyte public=20
keyring. This caused Seahorse to segfault after about a couple of=20
minutes. I was mainly just curious if anyone else had experienced=20
similar behavior from Seahorse?
I was also wondering where, if anywhere, on the priority list were=20
optimizations for users with large keyrings. I realize average users=20
will have keyrings of maybe 2 megabytes max, but shouldn't there should=20
be some way of keeping things from becoming dog slow with large=20
keyrings?
- --=20
Shawn K. Quinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9hErUQVXDBVmaIp0RAtjDAJ4p5d9sMeIpey5eTIQP+k511lwRagCgg76s
cDbb+bnC2VuPOyAaTY2cEuo=3D
=3Dl5wL
-----END PGP SIGNATURE-----
From mail@mark-kirchner.de Sun Sep 15 12:03:02 2002
From: mail@mark-kirchner.de (Mark Kirchner)
Date: Sun Sep 15 11:03:02 2002
Subject: Newbie here- how do I use this thing?
In-Reply-To: <20020914.173342.-162317.0.ambassadorsean@juno.com>
References: <20020914.173342.-162317.0.ambassadorsean@juno.com>
Message-ID: <472999042.20020915110419@mark-kirchner.de>
Hi Sean,
On Saturday, September 14, 2002, 11:33:42 PM, Sean wrote:
> Basically I have a website with a form on it, and that form is going to
> send personal information to me via e-mail (ie. credit cards).
> [snip]
> I have been told that I can use GnuPG to encrypt the results of this
> form when they are sent as an e-mail to me and that then I can
> de-encrypt it myself...but after downloading the program I have no
> idea how to use it.
While it would theoretically possible to install gpg on the webserver
(only if you have the right access permissions on that server!) and
use it via a script (e.g. modified formmail) to encrypt the data that
has to be mailed to you, that would not give you the kind of security
you probably have in mind. Please take a look at the way, the data has
to take to reach you:
customer's computer -> webserver -> mailserver -> your computer
Since gpg is running on the webserver, only the second and third part
of the way can be secured with it. There are a few possible solutions:
- The webserver has to communicate securely with the customer, this
can be done with SSL.
- Then the webserver can use gpg to encrypt the data with your
(public) key and send it to you.
Or the data could be stored on the webserver and you use a
SSL-secured connection to access and retrieve the data (with your
webbrowser and not via e-mail).
> Can anyone tell me what I need to do to get this to work?
Sorry, I can't give you actual implementation tips. Getting SSL to
work depends on the type of webserver you use (shared hosting
environment / your own server / server of your company?) and other
things. If you use the services / servers of a webhosting firm, it's
probably a shared hosting environment, you should ask your webhoster
how to set up a SSL-secured form. In other cases, the admin of the
webserver should know how to do it.
I never used gpg in a script or on a webserver, so I can't help you
with that either, maybe others on this list can. Also, please take a
look at the gpg-FAQ, point 4.14 (http://www.gnupg.org/faq.html#q4.14).
Regards,
Mark Kirchner
--
Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc
From justinrt@bellsouth.net Sun Sep 15 12:43:02 2002
From: justinrt@bellsouth.net (Justin Troutman)
Date: Sun Sep 15 11:43:02 2002
Subject: Discussion medium proposal.
References: <004c01c25802$286239a0$83c29a44@sardine> <200209150347.31250.skquinn@speakeasy.net>
Message-ID: <001a01c25c9b$6ca78780$44709d42@sardine>
----- Original Message -----
From: Shawn K. Quinn
To:
Sent: Sunday, September 15, 2002 4:47 AM
Subject: Re: Discussion medium proposal.
>I see you got no replies to this when originally sent. I was going back
>over old messages and noticed this one so
I appreciate the reply.
>The fact it's isolated has benefits. The downside is that this makes it
>more difficult for some IRC clients to access (I maintain a presence on
>EFnet IRC and this would mean I would probably need to open a second
>instance of my client to participate).
True, it's isolation brings forth benefits. The largest channel consists of
10 to 15 regular users, with a maximum of about 25. There are a few
channels with >5 users, making the total userbase very small compared to
Efnet, by far.
With this small userbase, we don't go through much hassle with lag time or
incompetent users who enjoy flooding the channel, et cetera.
>Is this server still up? If so, would you mind telling us where it is?
Yes it is and not at all. Here is a list of the server hosts, most all of
which connect at port 6667 by default:
sphinx.or.us.gammaforce.org
monolith.ok.us.gammaforce.org
monolith.projectgamma.com
irc.csoft.net
resin.csoft.net
When you arrive, you can join #gnupg or #projectgamma (base channel for the
Gamma security project, which is dormant at the moment), of which contains
most of the server operators and regulars.
I feel that this would be a great addition for discussion, along with the
mailing list, in that a group discussion can take place in real time. If
anything, it can only provide convenience in some way to some people. The
offer will stand, either way.
Feel free to drop by and check things out.
Cheers,
Justin Troutman
Cryptographic Design/Consultancy
From wk@gnupg.org Sun Sep 15 12:57:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Sep 15 11:57:01 2002
Subject: Large keyrings, GnuPG slowdowns/Seahorse segfaults
In-Reply-To: <200209150354.46124.skquinn@speakeasy.net> ("Shawn K. Quinn"'s
message of "Sun, 15 Sep 2002 03:54:44 -0500")
References: <200209150354.46124.skquinn@speakeasy.net>
Message-ID: <87lm63sh7f.fsf@alberti.gnupg.de>
On Sun, 15 Sep 2002 03:54:44 -0500, Shawn K Quinn said:
> keyring. This caused Seahorse to segfault after about a couple of
> minutes. I was mainly just curious if anyone else had experienced
> similar behavior from Seahorse?
I don't know the current state of Seahirs. If it uses one of the
latest gpgme versions, gpgme might be the responsible for it. The
problem has hopefully been fixed in the gpgme CVS.
> will have keyrings of maybe 2 megabytes max, but shouldn't there should
> be some way of keeping things from becoming dog slow with large
Eventually there will be a new and far mor efficient database for
keys. We partially implemented this already for gpgsm.
Salam-Shalom,
Werner
From mat.harris@genestate.com Sun Sep 15 13:37:01 2002
From: mat.harris@genestate.com (Mat Harris)
Date: Sun Sep 15 12:37:01 2002
Subject: gpg just died
Message-ID: <20020915103813.GA5707@genestate.com>
i have been using gpg for several months with mutt (my mail client) and
no problems, I love it. but recently, I had to reinstall my RedHat 7.3
server and although I saved all my home directories, the install
overwrote my keyrings with empty files.
I didn't think this was much of a problem because I have backups of my
secret keys. However, when I copied over the backups, or try to do
_anything_ with my secret key, I get errors like this:
gpg: [don't know]: invalid packet (ctb=25)
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks failed: invalid keyring
this is bad as use my secret key regularly. what can I don, I have tried
uninstalling and reinstalling gpg, but no change
--
Mat Harris OpenGPG Public Key ID: CC14DD34
mat.harris@genestate.com matthewh.genestate.com
From graham.todd@ntlworld.com Sun Sep 15 14:09:02 2002
From: graham.todd@ntlworld.com (Graham)
Date: Sun Sep 15 13:09:02 2002
Subject: Large keyrings, GnuPG slowdowns/Seahorse segfaults
In-Reply-To: <200209150354.46124.skquinn@speakeasy.net>
References: <200209150354.46124.skquinn@speakeasy.net>
Message-ID: <200209151215.54084.graham.todd@ntlworld.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 15 Sep 2002 9:54 am, Shawn K. Quinn wrote:
> My apologies if this is too far off topic, but there doesn't appear
> to be a Seahorse-specific mailing list.
>
> Up until a few minutes ago (when I realized this was slowing down
> even standalone operation of GnuPG greatly) I had a >11 megabyte
> public keyring. This caused Seahorse to segfault after about a couple
> of minutes. I was mainly just curious if anyone else had experienced
> similar behavior from Seahorse?
Yes, I have. The problem is that although GPG has marched on, adding=20
ever new facilities, front ends for it have become out of date. With=20
the exception of GPA (which Werner says is being consolidated and=20
updated) there apears to be no activity at all in this area, and those=20
that exist only offer minimal keyring management. I'd like to see for=20
Linux the equivalent of GPGShell in Windows, which although a=20
proprietary product (but free) allows you to have a PGP like interface=20
to GPG in which you can even alter settings and key bindings.
I suspect that Seahorse was written for earlier versions of GPG that had=20
a size limit on the keyring (though I do not know for sure, and my=20
emails to the developers go unanswered).
>
> I was also wondering where, if anywhere, on the priority list were
> optimizations for users with large keyrings. I realize average users
> will have keyrings of maybe 2 megabytes max, but shouldn't there
> should be some way of keeping things from becoming dog slow with
> large keyrings?
Large keyrings can now be accommodated by GPG, but I suspect (as I said=20
above) that development on front ends has ceased to accommodate this.
- --=20
Graham
GPG Key: send an email to encryption.keys@ntlworld.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy
iD8DBQE9hGvnIwtBZOk1250RAvs1AKC2wX5ukPu85wAbwvE9axQdgHxy/ACfSIN2
t6p3E2Jcd5T7IUTL8cBOkbQ=3D
=3DRBgM
-----END PGP SIGNATURE-----
From ingo.kloecker@epost.de Sun Sep 15 14:12:01 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Sun Sep 15 13:12:01 2002
Subject: Large keyrings, GnuPG slowdowns/Seahorse segfaults
In-Reply-To: <200209150354.46124.skquinn@speakeasy.net>
References: <200209150354.46124.skquinn@speakeasy.net>
Message-ID: <200209151256.26496@erwin.ingo-kloecker.de>
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 15 September 2002 10:54, Shawn K. Quinn wrote:
> I was also wondering where, if anywhere, on the priority list were
> optimizations for users with large keyrings. I realize average users
> will have keyrings of maybe 2 megabytes max, but shouldn't there
> should be some way of keeping things from becoming dog slow with
> large keyrings?
You should try if running 'gpg --rebuild-keydb-caches' helps. I just ran=20
it again yesterday and the time needed for a run of 'gpg=20
=2D --check-trustdb' went down from about 10 seconds to about 1 second.
BTW, why is this command neither listed in the manual page nor in the=20
output of 'gpg --help'?
Regards,
Ingo
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9hGdSGnR+RTDgudgRAvlKAJ4/r5drtE6nhls1WvDFG6KLj3SB5QCeNKM5
zYywyXtnRX8rQLkOPNvCx2U=3D
=3D/u0V
=2D----END PGP SIGNATURE-----
From aaronl@vitelus.com Sun Sep 15 14:55:01 2002
From: aaronl@vitelus.com (Aaron Lehmann)
Date: Sun Sep 15 13:55:01 2002
Subject: Large keyrings, GnuPG slowdowns/Seahorse segfaults
In-Reply-To: <200209151256.26496@erwin.ingo-kloecker.de>
References: <200209150354.46124.skquinn@speakeasy.net> <200209151256.26496@erwin.ingo-kloecker.de>
Message-ID: <20020915115600.GA7443@vitelus.com>
On Sun, Sep 15, 2002 at 12:56:13PM +0200, Ingo Klöcker wrote:
> On Sunday 15 September 2002 10:54, Shawn K. Quinn wrote:
> > I was also wondering where, if anywhere, on the priority list were
> > optimizations for users with large keyrings. I realize average users
> > will have keyrings of maybe 2 megabytes max, but shouldn't there
> > should be some way of keeping things from becoming dog slow with
> > large keyrings?
>
> You should try if running 'gpg --rebuild-keydb-caches' helps. I just ran
> it again yesterday and the time needed for a run of 'gpg
> - --check-trustdb' went down from about 10 seconds to about 1 second.
Wow! This makes gpg --check-trustdb take a twentieth of the time here.
From wk@gnupg.org Sun Sep 15 20:49:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Sep 15 19:49:02 2002
Subject: gpg just died
In-Reply-To: <20020915103813.GA5707@genestate.com> (Mat Harris's message of
"Sun, 15 Sep 2002 11:38:13 +0100")
References: <20020915103813.GA5707@genestate.com>
Message-ID: <87vg57qgt8.fsf@alberti.gnupg.de>
On Sun, 15 Sep 2002 11:38:13 +0100, Mat Harris said:
> gpg: [don't know]: invalid packet (ctb=25)
I bet you downgraded from 1.0.7 to 1.0.6. There is a pacth somewere
to fix this minor parser problem in 1.0.6 but obviously Redhat does
not include this. You better go with 1.0.7 - RPMs shoudl be
available somewhere.
Salam-Shalom,
Werner
From wk@gnupg.org Sun Sep 15 20:59:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Sep 15 19:59:02 2002
Subject: Large keyrings, GnuPG slowdowns/Seahorse segfaults
In-Reply-To: <200209151256.26496@erwin.ingo-kloecker.de> (Ingo
=?iso-8859-1?q?Kl=F6cker's?= message of "Sun, 15 Sep 2002 12:56:13 +0200")
References: <200209150354.46124.skquinn@speakeasy.net>
<200209151256.26496@erwin.ingo-kloecker.de>
Message-ID: <87r8fvqgci.fsf@alberti.gnupg.de>
On Sun, 15 Sep 2002 12:56:13 +0200, Ingo Klöcker said:
> BTW, why is this command neither listed in the manual page nor in the
> output of 'gpg --help'?
It is a migration command and mentioned in the NEWS file. I am pretty
sure that I suggested to use the rebuild command in the orginal
annoucemnet for 1.0.7 too. From NEWS:
* The way signature stati are store has changed so that v3
signatures can be supported. To increase the speed of many
operations for existing keyrings you can use the new
--rebuild-keydb-caches command.
Folks packaging gnupg should defintely read the NEWS file and consider
to employ migration post-install script. Anyway, I'll add this
command to the man page of course but I guess it won't help much given
the "structure" of the man page.
Shalom-Salam,
Werner
From ingo.kloecker@epost.de Sun Sep 15 21:44:02 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Sun Sep 15 20:44:02 2002
Subject: Large keyrings, GnuPG slowdowns/Seahorse segfaults
In-Reply-To: <87r8fvqgci.fsf@alberti.gnupg.de>
References: <200209150354.46124.skquinn@speakeasy.net> <200209151256.26496@erwin.ingo-kloecker.de> <87r8fvqgci.fsf@alberti.gnupg.de>
Message-ID: <200209152046.48468@erwin.ingo-kloecker.de>
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 15 September 2002 20:04, Werner Koch wrote:
> On Sun, 15 Sep 2002 12:56:13 +0200, Ingo Kl=F6cker said:
> > BTW, why is this command neither listed in the manual page nor in
> > the output of 'gpg --help'?
>
> It is a migration command and mentioned in the NEWS file. I am pretty
> sure that I suggested to use the rebuild command in the orginal
> annoucemnet for 1.0.7 too.
I know you did. But most people installing some packaged gpg won't read=20
the announcement.
> From NEWS:
>
> * The way signature stati are store has changed so that v3
> signatures can be supported. To increase the speed of many
> operations for existing keyrings you can use the new
> --rebuild-keydb-caches command.
That's almost the last item in a very long list of news. Many people=20
will either stop before this item or read over it not noting its=20
importance. People are lazy.
> Folks packaging gnupg should defintely read the NEWS file and
> consider to employ migration post-install script.
I doubt that a post-install script would be applied to the keyrings of=20
all users. Especially when the users' home directories are on an NFS=20
mounted device. In this case often root can't access these directories=20
and so can't a post-install script.
> Anyway, I'll add
> this command to the man page of course but I guess it won't help much
> given the "structure" of the man page.
At least I will then find the command when I'm looking for it.
Wouldn't it be possible to run this command automatically when the users=20
run GnuPG 1.0.7 for the first time? Many people are compiling GnuPG=20
1.0.7 from source (there is for example still no official RPM from=20
SuSE). And a lot of those people obviously don't have a look at the=20
NEWS file (or they stop reading when they are halfway through).
Also adding a corresponding item to the FAQ ("Q: Why is gpg so slow? A:=20
You did run gpg --rebuild-keydb-caches after updating from GnuPG 1.0.6=20
or below, right?") would be good. Maybe it's already there. I haven't=20
checked.
Regards,
Ingo
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9hNWWGnR+RTDgudgRAolEAKCcIc5k7F3Alpv6YCCaAVtsv6b6OwCg17/K
TqrGnmOHOqqJn7zxMxbm4ho=3D
=3D204s
=2D----END PGP SIGNATURE-----
From wk@gnupg.org Sun Sep 15 22:27:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Sep 15 21:27:02 2002
Subject: Large keyrings, GnuPG slowdowns/Seahorse segfaults
In-Reply-To: <200209152046.48468@erwin.ingo-kloecker.de> (Ingo
=?iso-8859-1?q?Kl=F6cker's?= message of "Sun, 15 Sep 2002 20:46:46 +0200")
References: <200209150354.46124.skquinn@speakeasy.net>
<200209151256.26496@erwin.ingo-kloecker.de>
<87r8fvqgci.fsf@alberti.gnupg.de>
<200209152046.48468@erwin.ingo-kloecker.de>
Message-ID: <87d6rfqc93.fsf@alberti.gnupg.de>
On Sun, 15 Sep 2002 20:46:46 +0200, Ingo Klöcker said:
> I doubt that a post-install script would be applied to the keyrings of
> all users. Especially when the users' home directories are on an NFS
> mounted device. In this case often root can't access these directories
So the script should send an announcemnt to all users. Afaiak, Debian
does this in some cases.
> Wouldn't it be possible to run this command automatically when the users
> run GnuPG 1.0.7 for the first time? Many people are compiling GnuPG
Some won't like it and it is not really required.
> Also adding a corresponding item to the FAQ ("Q: Why is gpg so slow? A:
> You did run gpg --rebuild-keydb-caches after updating from GnuPG 1.0.6
That is a good idea.
Salam-Shalom,
Werner
From mat.harris@genestate.com Mon Sep 16 11:41:01 2002
From: mat.harris@genestate.com (Mat Harris)
Date: Mon Sep 16 10:41:01 2002
Subject: gpg just died
In-Reply-To: <87vg57qgt8.fsf@alberti.gnupg.de>
References: <20020915103813.GA5707@genestate.com> <87vg57qgt8.fsf@alberti.gnupg.de>
Message-ID: <20020916084150.GA18943@genestate.com>
actually, it is from a fresh install. i have not played with the gpg
program itself at all
On Sun, Sep 15, 2002 at 07:54:43 +0200, Werner Koch wrote:
> On Sun, 15 Sep 2002 11:38:13 +0100, Mat Harris said:
>
> > gpg: [don't know]: invalid packet (ctb=25)
>
> I bet you downgraded from 1.0.7 to 1.0.6. There is a pacth somewere
> to fix this minor parser problem in 1.0.6 but obviously Redhat does
> not include this. You better go with 1.0.7 - RPMs shoudl be
> available somewhere.
>
>
> Salam-Shalom,
>
> Werner
--
Mat Harris OpenGPG Public Key ID: CC14DD34
mat.harris@genestate.com matthewh.genestate.com
From lee@vital.co.uk Mon Sep 16 12:14:03 2002
From: lee@vital.co.uk (Lee Evans)
Date: Mon Sep 16 11:14:03 2002
Subject: gpg just died
In-Reply-To: <20020916084150.GA18943@genestate.com>
Message-ID: <953E0CDD2787A94A95AA2ECE337E1364024177@vital-exchange.vitalintranet2.co.uk>
> actually, it is from a fresh install. i have not played with
> the gpg program itself at all
No, but you probably had version 1.0.7 on your old machine, and RedHat
only installed 1.0.6. You should upgrade.
Regards
Lee
--
Lee Evans
From mat.harris@genestate.com Mon Sep 16 12:19:02 2002
From: mat.harris@genestate.com (Mat Harris)
Date: Mon Sep 16 11:19:02 2002
Subject: gpg just died
In-Reply-To: <953E0CDD2787A94A95AA2ECE337E1364024177@vital-exchange.vitalintranet2.co.uk>
References: <20020916084150.GA18943@genestate.com> <953E0CDD2787A94A95AA2ECE337E1364024177@vital-exchange.vitalintranet2.co.uk>
Message-ID: <20020916092013.GA23221@genestate.com>
ok, i will try upgrading but since i have tried it on three different
machines... well, i'll give anything a go once.
On Mon, Sep 16, 2002 at 10:15:43 +0100, Lee Evans wrote:
> > actually, it is from a fresh install. i have not played with
> > the gpg program itself at all
>
> No, but you probably had version 1.0.7 on your old machine, and RedHat
> only installed 1.0.6. You should upgrade.
>
> Regards
> Lee
> --
> Lee Evans
--
Mat Harris OpenGPG Public Key ID: CC14DD34
mat.harris@genestate.com matthewh.genestate.com
From pt@radvis.nu Mon Sep 16 13:44:02 2002
From: pt@radvis.nu (Per Tunedal)
Date: Mon Sep 16 12:44:02 2002
Subject: Newbie here- how do I use this thing?
In-Reply-To: <472999042.20020915110419@mark-kirchner.de>
References: <20020914.173342.-162317.0.ambassadorsean@juno.com>
<20020914.173342.-162317.0.ambassadorsean@juno.com>
Message-ID: <5.1.0.14.2.20020916123840.00bddcf0@qix.netcorps.com>
Hi Sean,
I have found a page that uses the concept your driving at:
http://disastry.dhs.org/contact.htm
Take a look and send a mail to the chap.
Per Tunedal
At 11:04 2002-09-15 +0200, you wrote:
>Hi Sean,
>
>On Saturday, September 14, 2002, 11:33:42 PM, Sean wrote:
> > Basically I have a website with a form on it, and that form is going to
> > send personal information to me via e-mail (ie. credit cards).
> > [snip]
> > I have been told that I can use GnuPG to encrypt the results of this
> > form when they are sent as an e-mail to me and that then I can
> > de-encrypt it myself...but after downloading the program I have no
> > idea how to use it.
>
>While it would theoretically possible to install gpg on the webserver
>(only if you have the right access permissions on that server!) and
>use it via a script (e.g. modified formmail) to encrypt the data that
>has to be mailed to you, that would not give you the kind of security
>you probably have in mind. Please take a look at the way, the data has
>to take to reach you:
>
> customer's computer -> webserver -> mailserver -> your computer
>
>Since gpg is running on the webserver, only the second and third part
>of the way can be secured with it. There are a few possible solutions:
>- The webserver has to communicate securely with the customer, this
> can be done with SSL.
>- Then the webserver can use gpg to encrypt the data with your
> (public) key and send it to you.
> Or the data could be stored on the webserver and you use a
> SSL-secured connection to access and retrieve the data (with your
> webbrowser and not via e-mail).
>
> > Can anyone tell me what I need to do to get this to work?
>
>Sorry, I can't give you actual implementation tips. Getting SSL to
>work depends on the type of webserver you use (shared hosting
>environment / your own server / server of your company?) and other
>things. If you use the services / servers of a webhosting firm, it's
>probably a shared hosting environment, you should ask your webhoster
>how to set up a SSL-secured form. In other cases, the admin of the
>webserver should know how to do it.
>I never used gpg in a script or on a webserver, so I can't help you
>with that either, maybe others on this list can. Also, please take a
>look at the gpg-FAQ, point 4.14 (http://www.gnupg.org/faq.html#q4.14).
>
>Regards,
>Mark Kirchner
>
>--
>Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
From agreene@pobox.com Mon Sep 16 16:03:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Mon Sep 16 15:03:01 2002
Subject: Newbie here- how do I use this thing?
In-Reply-To: <"from ambassadorsean"@juno.com>
References: <20020914.173342.-162317.0.ambassadorsean@juno.com>
Message-ID: <20020916090333.A16407@cp5340.hyatsv01.md.comcast.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 14-Sep-2002/17:33 -0400, Sean M McMahon wrote:
>Hi- my name is Sean and I have no technical expertise whatsoever.
>I have built computers and taken networking classes and I have basic
>computer skills, but I don't know anything about internet security.
>Basically I have a website with a form on it, and that form is going to
>send personal information to me via e-mail (ie. credit cards).
>Unfortunately I cannot use a third party processor to deal with the
>credit careds because I am working as part of a larger company and must
>run orders through them. I have been told that I can use GnuPG to encrypt
>the results of this form when they are sent as an e-mail to me and that
>then I can de-encrypt it myself...but after downloading the program I
>have no idea how to use it.
What kind of web server is it (IIS, Apache, etc) and on what platform is it
running (NT/2000, Linux, Solaris, BSD, etc)?
What scripting or programming tools are available to you (Perl, PHP,
C/C++, VBScript, etc)?
There are lots of ways to do this. Whatever you do, don't leave the
unencrypted customer data on the web server. If it gets cracked, that data
will be stolen. Your donors wouldn't appreciate that.
- --
Anthony E. Greene
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Messenger: TonyG05 HomePage:
Linux. The choice of a GNU generation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D
iD8DBQE9hdaLpCpg3WyUI50RAnuwAJsGNalv7ZCGWjXj4zAHFWEl7b+7dACg+it8
Tm4dof9BsWciIRfBq6vTGS4=
=Hkor
-----END PGP SIGNATURE-----
From pt@radvis.nu Mon Sep 16 16:29:02 2002
From: pt@radvis.nu (Per Tunedal)
Date: Mon Sep 16 15:29:02 2002
Subject: PGP-signed webpages
Message-ID: <5.1.0.14.2.20020916151140.00bdddd0@qix.netcorps.com>
Hi,
does anyone know about any windows-utility for pgp-signing web-pages? It
would be fine if there was a utility for checking signed pages as well.
It is possible to do it manually, but not very straightforward. There are a
lot of steps in editing the HTML-code before and after (!) signing. A
utility would be handy. Maybe it would not be very difficult to make one?
I have found a few exempels of signed webpages, eg:
http://www.cranfield.ac.uk/docs/email/pgp/html/signed_html.html
http://www.pobox.com/~ejnbell/pgp-www.html
Per Tunedal
From avbidder@fortytwo.ch Mon Sep 16 17:00:01 2002
From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder)
Date: Mon Sep 16 16:00:01 2002
Subject: PGP-signed webpages
In-Reply-To: <5.1.0.14.2.20020916151140.00bdddd0@qix.netcorps.com>
References: <5.1.0.14.2.20020916151140.00bdddd0@qix.netcorps.com>
Message-ID: <1032184886.24298.89.camel@atlas>
--=-thGksNH3I4hH2JEW2a2D
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Mon, 2002-09-16 at 15:29, Per Tunedal wrote:
> Hi,
> does anyone know about any windows-utility for pgp-signing web-pages? It=20
> would be fine if there was a utility for checking signed pages as well.
Sorry, no tools, as I don't sign webpages myself. Just a thought:
I don't think having webpages signed is very reliable - the HTTP
protocol negotiates supported character encodings of the server and
client and might just decide to recode the document to a character set
supported on the client side.=20
I don't know if any current webserver actually does this, but it's
something to consider.
cheers
-- vbi
--=20
secure email with gpg http://fortytwo.ch/gpg
NOTICE: subkey signature! request key 92082481 from keyserver.kjsl.com
--=-thGksNH3I4hH2JEW2a2D
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iHQEABECADQFAj2F5DYtGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt
YWlsLjIwMDIwODIyAAoJECqqZti935l6FSgAn3FTP8VJqJYvij4AKQcrCIYV/8ss
AKC7O6k8FNzNbIorCyCP78q/jJ60XA==
=vnpR
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/gpg/policy/email.20020822
--=-thGksNH3I4hH2JEW2a2D--
From invg4@cogeco.ca Mon Sep 16 18:02:02 2002
From: invg4@cogeco.ca (Mister)
Date: Mon Sep 16 17:02:02 2002
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
Message-ID: <20020916110311.16798490.invg4@cogeco.ca>
Hello,
I am running Redhat 7.3 which installed gpg 1.0.6 when i loaded the system. I downloaded the tarball of gpg 1.0.7 and installed it, now i have version 1.0.6 in /usr/bin which the system still uses and gpg 1.0.7 in /usr/local/bin which does work. How can i tell the system to use the new version ?
Thanks in advance
Dan Gordon
From wk@gnupg.org Mon Sep 16 19:27:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Mon Sep 16 18:27:02 2002
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
In-Reply-To: <20020916110311.16798490.invg4@cogeco.ca> (Mister's message of
"Mon, 16 Sep 2002 11:03:11 -0400")
References: <20020916110311.16798490.invg4@cogeco.ca>
Message-ID: <87y9a1c2rv.fsf@alberti.gnupg.de>
On Mon, 16 Sep 2002 11:03:11 -0400, Mister said:
> I am running Redhat 7.3 which installed gpg 1.0.6 when i loaded the
> system. I downloaded the tarball of gpg 1.0.7 and installed it, now
> i have version 1.0.6 in /usr/bin which the system still uses and gpg
> 1.0.7 in /usr/local/bin which does work. How can i tell the system
> to use the new version ?
Either by reordering your PATH variable or by installing GnuPG in
/usr: ./configure --prefix=/usr && make && su -c 'make install'. The
latter has the disadvantage that the packaing system does not know
about it. You might also want to have a look into the scripst
gnupg.specs file which should explain how to create an RPM.
Shalom-Salam,
Werner
From sbutler@fchn.com Mon Sep 16 20:00:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Mon Sep 16 19:00:01 2002
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
Message-ID: <9A86613AB85FF346BB1321840DB42B4BDF2D28@jupiter.fchn.com>
1. Be sure that /usr/local/bin comes before /usr/bin in your $PATH
environmental variable (probably not preferred).
2. rm gpg in /usr/bin and ensure that /usr/local/bin is in $PATH
3. rm gpg in /usr/bin and replace it with a link to gpg in /usr/local/bin.
-----Original Message-----
From: Mister [mailto:invg4@cogeco.ca]
Sent: Monday, September 16, 2002 8:03 AM
To: Gnupg users list
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
Hello,
I am running Redhat 7.3 which installed gpg 1.0.6 when i loaded the system.
I downloaded the tarball of gpg 1.0.7 and installed it, now i have version
1.0.6 in /usr/bin which the system still uses and gpg 1.0.7 in
/usr/local/bin which does work. How can i tell the system to use the new
version ?
Thanks in advance
Dan Gordon
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
From lee@vital.co.uk Mon Sep 16 20:08:01 2002
From: lee@vital.co.uk (Lee Evans)
Date: Mon Sep 16 19:08:01 2002
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
References: <9A86613AB85FF346BB1321840DB42B4BDF2D28@jupiter.fchn.com>
Message-ID: <002e01c25da3$be30d940$42c0a8c0@HOMER>
alternatively (and preferably), just remove the gpg rpm (rpm -e gnupg)
installed by redhat. that will remove the older 1.0.6 /usr/bin/ gpg
regards
Lee
--
Lee Evans
----- Original Message -----
From: "Steve Butler"
To: "'Mister'" ; "Gnupg users list"
Sent: Monday, September 16, 2002 5:59 PM
Subject: RE: gpg 1.0.7 and 1.0.6 on redhat 7.3
> 1. Be sure that /usr/local/bin comes before /usr/bin in your $PATH
> environmental variable (probably not preferred).
>
> 2. rm gpg in /usr/bin and ensure that /usr/local/bin is in $PATH
>
> 3. rm gpg in /usr/bin and replace it with a link to gpg in
/usr/local/bin.
>
> -----Original Message-----
> From: Mister [mailto:invg4@cogeco.ca]
> Sent: Monday, September 16, 2002 8:03 AM
> To: Gnupg users list
> Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
>
>
> Hello,
> I am running Redhat 7.3 which installed gpg 1.0.6 when i loaded the
system.
> I downloaded the tarball of gpg 1.0.7 and installed it, now i have
version
> 1.0.6 in /usr/bin which the system still uses and gpg 1.0.7 in
> /usr/local/bin which does work. How can i tell the system to use the new
> version ?
>
> Thanks in advance
> Dan Gordon
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all copies
of the original message.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
From johan-gnupg@almqvist.net Mon Sep 16 20:20:02 2002
From: johan-gnupg@almqvist.net (Johan Almqvist)
Date: Mon Sep 16 19:20:02 2002
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
In-Reply-To: <20020916110311.16798490.invg4@cogeco.ca>
References: <20020916110311.16798490.invg4@cogeco.ca>
Message-ID: <20020916172133.GD23155@almqvist.net>
--rS8CxjVDS/+yyDmU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Mister [020916 17:03]:
> I am running Redhat 7.3 which installed gpg 1.0.6 when i loaded the syste=
m.
> I downloaded the tarball of gpg 1.0.7 and installed it, now i have versi=
on
> 1.0.6 in /usr/bin which the system still uses and gpg 1.0.7 in
> /usr/local/bin which does work. How can i tell the system to use the new
> version ?
Please wrap your lines.
Besides the solutions already proposed, you could do
rpm -ta gnupg-1.0.7.tar.gz
cd /usr/src/redhat/RPMS/i386/
rpm -Uvh gnupg-1.0.7-1.i386.rpm
-Johan
--=20
Johan Almqvist
--rS8CxjVDS/+yyDmU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9hhMdEVwMevfaF0sRAoJTAJwOB7JIZzDNYqe31jDnYo83W+ciqwCgjMSE
kkmjzoFjNPEObeJTu68Zun8=
=Wmhi
-----END PGP SIGNATURE-----
--rS8CxjVDS/+yyDmU--
From invg4@cogeco.ca Mon Sep 16 20:30:02 2002
From: invg4@cogeco.ca (Mister)
Date: Mon Sep 16 19:30:02 2002
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
In-Reply-To: <20020916172133.GD23155@almqvist.net>
References: <20020916110311.16798490.invg4@cogeco.ca>
<20020916172133.GD23155@almqvist.net>
Message-ID: <20020916133116.1c0949cf.invg4@cogeco.ca>
On Mon, 16 Sep 2002 19:21:33 +0200
Johan Almqvist wrote:
>
> Please wrap your lines.
Sorry i thought they were wrapping at 72, hope this is better.
>
> Besides the solutions already proposed, you could do
>
> rpm -ta gnupg-1.0.7.tar.gz
> cd /usr/src/redhat/RPMS/i386/
> rpm -Uvh gnupg-1.0.7-1.i386.rpm
Thanks for your help.
Regards,
Dan Gordon
From pt@radvis.nu Mon Sep 16 20:37:02 2002
From: pt@radvis.nu (Per Tunedal)
Date: Mon Sep 16 19:37:02 2002
Subject: PGP-signed webpages
In-Reply-To: <1032184886.24298.89.camel@atlas>
References: <5.1.0.14.2.20020916151140.00bdddd0@qix.netcorps.com>
<5.1.0.14.2.20020916151140.00bdddd0@qix.netcorps.com>
Message-ID: <5.1.0.14.2.20020916192330.00bf9058@qix.netcorps.com>
--=====================_26152194==_.REL
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 16:01 2002-09-16 +0200, you wrote:
>134892d.jpg Re PGP-signed webpages.emsPGP-signed webpages.ems <0880.0002>>
>Content-Type: text/plain
>Content-Transfer-Encoding: quoted-printable
>
>
>*** PGP Signature Status: unknown
>*** Signer: Unknown, Key ID = 0xBDDF997A
>*** Signed: 2002-09-16 17:01:25
>*** Verified: 2002-09-16 17:59:40
>*** BEGIN PGP VERIFIED MESSAGE ***
>
>On Mon, 2002-09-16 at 15:29, Per Tunedal wrote:
> > Hi,
> > does anyone know about any windows-utility for pgp-signing web-pages? It=20
> > would be fine if there was a utility for checking signed pages as well.
>
>Sorry, no tools, as I don't sign webpages myself. Just a thought:
>
>I don't think having webpages signed is very reliable - the HTTP
>protocol negotiates supported character encodings of the server and
>client and might just decide to recode the document to a character set
>supported on the client side.=20
>
>I don't know if any current webserver actually does this, but it's
>something to consider.
>
>cheers
>-- vbi
>
>--=20
>secure email with gpg http://fortytwo.ch/gpg
>
>NOTICE: subkey signature! request key 92082481 from keyserver.kjsl.com
>
>
>*** END PGP VERIFIED MESSAGE ***
Hi vbi,
interesting if signing av web-pages is rubbish. I just found that a company
called "ArticSoft
" sells a software called "WebAssurity Protector" for signing of webpages:
"WebAssurity Protector ensures the integrity of your web site content by
enabling you to sign web pages and their attachments."
Is that thus rubbish as well? What means are left for assuring the
integrity of a site?
Their site: http://www.articsoft.com/webassurity-sign.htm
Per Tunedal
--=====================_26152194==_.REL
Content-Type: image/jpeg; name="134892d.jpg";
x-mac-type="4A504547"; x-mac-creator="4A565752"
Content-ID: <5.1.0.14.2.20020916192330.00bf9058@qix.netcorps.com.0>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="134892d.jpg"
/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/2wBDAQEBAQEBAQEBAQEBAQEBAQEBAQEB
AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/wAARCAAgACADASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD+lr4Q
/sRfsX/tKftaf8FUvHX7Rf7In7MHx+8baT+2/wDC7wnpfjH41/AL4U/FTxVpvhWx/wCCYf8AwTo1
ix8M6f4h8deE9e1ez8P2er67rmqWujW95Hp1vqOs6rfQ2yXOo3ks30//AMOnf+CWX/SNP9gD/wAQ
3/Z1/wDnc14B4a/4WL/an/BZv/hU/wDw0B/wsD/hv/4Jf2B/wy5/wyx/wvb/AJRx/wDBLP8AtX/h
Bv8Ahtb/AIxl/wCQL/aX/CTf8LL/AOZO/wCEh/4Q3/i4H/CKUXv/AA2fdeI/EeiQf8Pf9O0zXP2f
/BX9meMLP/hwW/hzwd8RfCvws8AfELXf+EctdQ+3+Lbr9oD4leLfB3iL4F+Nf+Eu8LeKv2WLD4p/
Ffx/q/w6/wCEB+CWnfC34xfDUA+AP+Cgvwe/ZR/4JuftW/sn/tC/s6/C7T/2FZ4P2b/209C0/wCI
/wCxv+xT4m8V+B/Hfxrk+Kn7BmqfC74TftU/C39l7wBZr8Vvg/4w+HumfHwXHhj4g6n4auNItLLx
D43+DHjr4d/Hjwr8OvHfh79lv+Ce37ePw3/4KF/AS4+MfgPw/wCKPBOv+DvHGsfCP4w/Dvxb4d8c
aBqHgL4seG9E8NeJdT0rSLj4g+CPhz4j8VeB/EfhHxl4M+Inw28Zah4I8H6x4h+Hnjbwvc+MvA/w
3+IK+L/ht4P+NfGfxA+Llr4N8GwePdV/bst/2gvG3xM+G9v8Cf2Lf2grb/gk/ea58ZbX9n74daTp
fxb8e+NvGf7Ofwd/aM8I/B79kz4mal46sfGv7ZXxyvvFGlfEX4S+JLHTfB/7LWgfDfV/if8ABb4B
/HD8/f8Agnr4t/ap8Bf8FVde+GHgHU2+NPgL48WetftF/wDBQbxt4VtrPR/2dvAlh4n+Eeq6Z+zh
4t+GPw7fx5qmn/BHxH9v8A/Bz4I/BbSPBuqfETU/j5+zxbePvGnxR8aftD+Kfg0njr9mHOljMoqY
2rlNXP8AI8Hnqyyrm+C4fxmYQo51m+X4bF4bCY7E5XgeWUsRRwFTF0JYqrUlRpRU4UqU6uKqUsPU
9jLsnqZlhM2xcMdluE/snBrG/V8wxTwVXMoqtTpVcLldWrTWDxGYUqVSWLWX1cVh8Xi8PRrLL6WM
xMFh5fqL4K8OfBfxRqP/AAW2s/2iPhZ4P+NfwX0j9s/wX418ffDDx54I8KfEfwz4r0r4d/8ABLD/
AIJoeP7a3uvBXjiC48Ka7qGnar4a0/WfD8WtLFbWniHTtK1CO7sbm0hvYPD/ANoTQ/8Agi1ffs7f
tUftu6b+xB+wB+0R438D/D/9p/476lpfj39mf4M+D/iP8ffiP8Gvhdqnx9+JGnP4h+JXwbvPG2u+
INetryz1Txh4+j8NeM5dOl8RzeIdWh1W5ju7aQ0f9tb/AIJ6fAL9pb/gqv8ABz9tD9o39l/4c6h4
1/bf+FfiyD4V/Hfxz4Bs7zxB4Vg/4Jn/APBNuDSfE1z4H8V3ck914ffxN4dvodE1m80v+zrrXfDe
px6XczahoF+LL1Hxd/wU+/4IUfEDSviJoXjz9r3/AIJ3+NtE+L2n6XpPxY0bxd4z+DniTSvihpWh
232PRdM+Imn6yL208a6fo9p/oul2XiWHU7bT7b9xaRwxfLWh45+NUX7W3xE/aR8Vat8C/wBmaTR/
2g/+Cgf7Ren+FoP2n/iLqmmGf4d/C7w5b2t1r/h3wp4v8OLqV0nws/Y0+Bml+Kr1/gh+ybF4ivvE
H7SfxD1fxv46+OHjjxZol5+0L8Wvj1+sv/BEf4L6v+z1o/8AwUm+D3iL4geJPit4m8Hf8FI9aTxX
8SvGGpXmq+JfHPi3XP2HP2F/EvirxPq15eyMftGr+IdZ1K8W1sbfStD06GSLT/DugeHNBtdN0DTb
HwG/4KGf8EBv2XfC6eCv2dv2sf8Agnv8F/CcVxqNzB4f+HfxH+GfhrTLaTWLi3vNVW0ttOvYktLf
Ub61h1C8tLbyrW41EPqEsLXks08nb/8ABJn4r/DL44+J/wDgqX8WPg18QPB/xS+GXjb/AIKXanqn
hLx74B8Q6X4q8J+IrCP9g79g2wnn0nXdGubvT7v7JqFpeabfxRTmaw1KzvNOvY4L20uIIvzvhXw1
yLhnibinjic8RnHGvGNShHN+IcyqTrVsJlODhBYHhjh+lWqV3kfC+CqxnjKWU4etU9vj69bG47E4
yv7GdHrr4yrWo0MMrU8Nh03TpQ0UqkvjrVWkvaVpK0XUaVopRioq9//Z
--=====================_26152194==_.REL--
From dshaw@jabberwocky.com Mon Sep 16 20:59:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Mon Sep 16 19:59:02 2002
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
In-Reply-To: <002e01c25da3$be30d940$42c0a8c0@HOMER>
References: <9A86613AB85FF346BB1321840DB42B4BDF2D28@jupiter.fchn.com> <002e01c25da3$be30d940$42c0a8c0@HOMER>
Message-ID: <20020916175956.GA6288@akamai.com>
On Mon, Sep 16, 2002 at 06:08:56PM +0100, Lee Evans wrote:
> alternatively (and preferably), just remove the gpg rpm (rpm -e gnupg)
> installed by redhat. that will remove the older 1.0.6 /usr/bin/ gpg
Note that RedHat has a RPM for 1.0.7. If you install it, it will
simply replace the older 1.0.6 RPM.
ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i386/RedHat/RPMS/gnupg-1.0.7-6.i386.rpm
The new RPM requires OpenLDAP.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
From rmalayter@bai.org Mon Sep 16 21:35:02 2002
From: rmalayter@bai.org (Ryan Malayter)
Date: Mon Sep 16 20:35:02 2002
Subject: GnuPG and Windows Registry variables
Message-ID: <22FD1855C2B16C40A1F6DE406420021E01482ECF@mail.bai.org>
From: Werner Koch [mailto:wk@gnupg.org]=20
>Done. However, lacking an NT system I can't=20
>test this for myself. There will be a new=20
>snapshot this week.
I tested this on NT4 Sp6, Win2k Sp2, and WinXP sp1. Expansion of
REG_EXPAND_SZ variables is working in 1.1.92 - thanks Werner! One minor
tweak is needed, I think: variable expansion only works for keys in the
"HKEY_CURRENT_USER" hive. Most Windows applications search
HKEY_CURRENT_USER for a configuration value, and if they don't find it,
look for a global setting under the same key in HKEY_CURRENT_MACHINE. I
think GnuPG should probably work the same way.
That way you can set up a REG_EXPAND_SZ variable
HomeDir=3D"%APPDATA%\GnuPG" in HKEY_LOCAL_MACHINE that will work for all
users. But this default HomeDir value could still be overridden and
customized by each indiviudal user if desired.
Thanks for all your efforts,
Ryan Malayter
Sr. Network & Database Administrator
Bank Administration Institute
Chicago, Illinois, USA
PGP Key: http://www.malayter.com/pgp-public.txt
:::::::::::::::::::::::::::::::
There is only one basic human right, the right to do as you damn well
please. And with it comes the only basic human duty, the duty to take
the consequences.
- PJ O'Rourke=20
From gkade@bigbrother.net Mon Sep 16 22:28:02 2002
From: gkade@bigbrother.net (Gregory Ade)
Date: Mon Sep 16 21:28:02 2002
Subject: PGP 7.x breaks GnuPG?
Message-ID: <1032204529.20723.74.camel@pslgregory>
--=-AZzm+XVDJC9FYxMZgAjM
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
I think I've posted something similar to this here before, but I've just
run into it again.
One of the clients we're working with apparently upgraded their version
of PGP, and now encrypted files they're sending to us are no longer able
to be decrypted by GPG 1.0.7.
gregory@burdata(pts/3):tmp 81 > gpg --verbose \
? --homedir=3D/usr/psl/config/GnuPG -d \
? --output GAPVSEYP_091202_210616 GAPVSEYP_091202_210616.ASC,1
gpg: armor header: Version: PGP 7.1
gpg: public key is D77143A7
gpg: using secondary key D77143A7 instead of primary key 8BBAD4AB
gpg: using secondary key D77143A7 instead of primary key 8BBAD4AB
gpg: encrypted with 1024-bit ELG-E key, ID D77143A7, created 2000-04-06
"Cast & Crew Payroll (Payroll) "
gpg: TWOFISH encrypted data
gpg: decryption failed: bad key
That's all I can get out of it. I can post additional debug output if
requested; none of it makes any sense to me.
This worked last week just fine, and nothing on our side of the file
exchange was changed at all, so I'm assuming the sender changed their
PGP software.
How do I get this to work again? So far as I can tell, none of the keys
have changed. I tried importing our secret key from GPG into
PGPFreeware (6.5.8, i think, from http://www.pgpi.com), but that didn't
work, either.
I'm at a loss, and really don't want to have to switch our systems over
to PGP from GnuPG...
Thanks in advance.
--=20
Gregory K. Ade
http://bigbrother.net/~gkade
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
--=-AZzm+XVDJC9FYxMZgAjM
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQA9hjDweQUEYOr0hEsRArVWAJ41GMPKUFBFnEhGvZriXop8WiLKcgCfXDJE
/91I6v8d9FW6c6wwdP6LgEs=
=xa/H
-----END PGP SIGNATURE-----
--=-AZzm+XVDJC9FYxMZgAjM--
From jharris@widomaker.com Mon Sep 16 22:45:02 2002
From: jharris@widomaker.com (Jason Harris)
Date: Mon Sep 16 21:45:02 2002
Subject: direct key signatures for testing (designated revoker + other types)
Message-ID: <20020916194611.GB364@pm1.ric-21.lft.widomaker.com>
--ADZbWkCsHQ7r3kzd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
[certain keyserver managers Bcc'd]
I need keys with direct key signatures (tag 0x1f, which can specify
designated revokers, but I'm looking for all variations) to test some
new keyserver code. If you own or know of any such keys, please let
me know where I can find copies of them.
Thanks.
--=20
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web: http://jharris.cjb.net/
--ADZbWkCsHQ7r3kzd
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9hjUCSypIl9OdoOMRArlcAJ9zdlWYr7kiBVdRwHDtGRE9MHycNgCfXS73
vqFZw3rFfRvrA40dI7V26Ks=
=PyzD
-----END PGP SIGNATURE-----
--ADZbWkCsHQ7r3kzd--
From skweek@parinux.org Mon Sep 16 23:01:01 2002
From: skweek@parinux.org (skweek)
Date: Mon Sep 16 22:01:01 2002
Subject: Problems to migate PGP 7.0 Key to GPG
Message-ID: <3D86388B.000003.01384@dub>
Hello ! :)
Voila my problem is simple, i don't know how to export my pgp 7.0 keys
(public/private) and my key ring.
I read many tutorials treating gpg but all speaks about generation of new
key to the gpg format but I will want reuse my key PGP. Is it possible? If
you can you describe the procedure to make it?
Your fairthfully
Skweek
Skweek@parinux.org
From avbidder@fortytwo.ch Mon Sep 16 23:04:02 2002
From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder)
Date: Mon Sep 16 22:04:02 2002
Subject: PGP-signed webpages
In-Reply-To: <5.1.0.14.2.20020916192330.00bf9058@qix.netcorps.com>
References: <5.1.0.14.2.20020916151140.00bdddd0@qix.netcorps.com>
<5.1.0.14.2.20020916151140.00bdddd0@qix.netcorps.com>
<5.1.0.14.2.20020916192330.00bf9058@qix.netcorps.com>
Message-ID: <1032206695.588.57.camel@altfrangg>
--=-OuK9V8Dtpd7+DX6iiTIw
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Mon, 2002-09-16 at 19:30, Per Tunedal wrote:
> >I don't think having webpages signed is very reliable - the HTTP
> >protocol negotiates supported character encodings of the server and
> >client and might just decide to recode the document to a character set
> >supported on the client side.=3D20
> >
> >I don't know if any current webserver actually does this, but it's
> >something to consider.
> Hi vbi,
> interesting if signing av web-pages is rubbish.=20
I didn't exactly say it's rubbish. I just said it's probably not
reliable.=20
The intent to protect webpages is certainly ok; and sign webpages
offline has various advantages over having them just transmitted over
SSL - notably a cracker can obviously not just replace it and nobody
notices. (Well, in theory. In practice, probably only few people would
ever verify a signed website if it's read not only by crypto-freaks).
The big problem, as I said, is that it's in theory perfectly legal for
the webserver to encode the webpage into a different character set so
that the browser can read it. Or for the browser to recode it (again) to
the platform native character set prior to saving it.
In the end, you might end up with webpages, that verify sometimes - with
users not reacting if a webpage does not verify, rendering signatures
basically useless.
Using only US ASCII (which every browser should understand without the
need to convert it...) and/or configuring the browser to serve the pages
as 'binary' (but this would probably cause browsers to do stupid
things...) would be possible countermeasures to still enable signatures.
Or serving the content by ftp.
For the future, one could hope that the XML signing standard would be
supported by browsers (Honestly, I doubt it. But it would be a
possibility).
> I just found that a company=20
> called "ArticSoft
> " sells a software called "WebAssurity Protector" for signing of webpages=
:
>=20
> "WebAssurity Protector ensures the integrity of your web site content by=20
> enabling you to sign web pages and their attachments."
>=20
> Is that thus rubbish as well? What means are left for assuring the=20
> integrity of a site?
Companies will sell anything at all. Read the 'cryptogram' newsletter,
the section titled 'dogsomething' (dogshed? doghouse?).
I don't know what this particular product does - but I doubt they could
work around the encoding problem.
cheers
-- vbi
--=20
secure email with gpg http://fortytwo.ch/gpg
NOTICE: subkey signature! request key 92082481 from keyserver.kjsl.com
--=-OuK9V8Dtpd7+DX6iiTIw
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iHQEABECADQFAj2GOWctGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt
YWlsLjIwMDIwODIyAAoJEIukMYvlp/fW6Z4An2L9SsLmO1FGuXDxtNqQGg8dRSzw
AKCO4oMoVk4ZGlG+iP7+1P564jpANA==
=BzM/
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/gpg/policy/email.20020822
--=-OuK9V8Dtpd7+DX6iiTIw--
From apavelec@benefit-services.com Mon Sep 16 23:23:02 2002
From: apavelec@benefit-services.com (Adam Pavelec)
Date: Mon Sep 16 22:23:02 2002
Subject: Problems to migate PGP 7.0 Key to GPG
References: <3D86388B.000003.01384@dub>
Message-ID: <005901c25dbf$083f7b70$2027a8c0@apavelec>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Voila my problem is simple, i don't know how to export my pgp 7.0 keys
> (public/private) and my key ring.
>
> I read many tutorials treating gpg but all speaks about generation of new
> key to the gpg format but I will want reuse my key PGP. Is it possible?
If
> you can you describe the procedure to make it?
Here's how I have done it: [This is assuming you are using a
PGP 7.x client for Win32]
1) In PGP Keys, right-click your key
2) Select "Export" from the drop-down menu
3) Make sure you select "Include Private Key(s)"
4) Save the .asc file to the location of your choice
By the way, when importing your keypair, make sure you include
the following option:
- --allow-secret-key-import
eg:
gpg --import %key path% --allow-secret-key-import
(where %key path% is the location of the key you saved in step
4, above)
HTH,
- --Adam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj2GPcEACgkQDwRQnkBSh2u1WwCeOOvGgAwGvWg7rv9u1dLgSIuj
Es0AoNBEO75RacaTvoZuCV2A7H2AL6kP
=U+kP
-----END PGP SIGNATURE-----
From wk@gnupg.org Mon Sep 16 23:39:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Mon Sep 16 22:39:02 2002
Subject: GnuPG and Windows Registry variables
In-Reply-To: <22FD1855C2B16C40A1F6DE406420021E01482ECF@mail.bai.org> ("Ryan
Malayter"'s message of "Mon, 16 Sep 2002 13:35:42 -0500")
References: <22FD1855C2B16C40A1F6DE406420021E01482ECF@mail.bai.org>
Message-ID: <87fzw9irxy.fsf@alberti.gnupg.de>
On Mon, 16 Sep 2002 13:35:42 -0500, Ryan Malayter said:
> I tested this on NT4 Sp6, Win2k Sp2, and WinXP sp1. Expansion of
Thanks.
> HKEY_CURRENT_USER for a configuration value, and if they don't find it,
> look for a global setting under the same key in HKEY_CURRENT_MACHINE. I
> think GnuPG should probably work the same way.
Done.
Shalom-Salam,
Werner
From chandra.oruganty@enersysinc.com Tue Sep 17 00:11:02 2002
From: chandra.oruganty@enersysinc.com (ORUGANTY, CHANDRA)
Date: Mon Sep 16 23:11:02 2002
Subject: Unable to Revoke Certificate.
Message-ID: <5FE7F394DE8843498AD28202B292053E06B6CD@esimxs2.enersysinc.com>
Hello All,
I'm new to Privacy Gaurd. I downloaded GPG for windows 1.0.6 and
when I tried to revoke certificate using the command gpg --gen-revoke
"Chandrasekhar Oruganty '". I got the following
Error. Please Help.
gpg: secret key `Chandrasekhar Oruganty ' not found:
eof
Chandra
From dscribner@yahoo.com Tue Sep 17 07:35:01 2002
From: dscribner@yahoo.com (David Scribner)
Date: Tue Sep 17 06:35:01 2002
Subject: FAQ update for MUAs supporting GnuPG
Message-ID: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
Greetings!
I'm updating section 4.15 (and others) in the GnuPG FAQ file and
wish to update the MUAs that support GnuPG either natively, or
with plug-ins or external tools as the list has grown
tremendously since 4.15 was first added to the FAQ.
I have the following information which I've collected on the
more popular mail user agents:
MUA OpenPGP ASCII How? (N,P,T)
---------------------------------------------------------------
Becky2 Y Y P (BkGnuPG)
Calypso N Y P (Unixmail)
Elm N Y T (mailpgp,morepgp)
Emacs/GNUS Y Y T (Mailcrypt)
Emacs/Mew Y Y N
Emacs/VM N Y T (Mailcrypt)
Eudora Y Y P (EuroraGPG)
Eudora Pro Y Y P (EudoraGPG)
Evolution Y Y N
GNUMail.app Y Y P (PGPBundle)
GPGMail Y Y N
KMail Y Y N
Lotus Notes N Y P
Mozilla Y Y P (Enigmail)
Mulberry Y Y P
Mutt Y Y N
Netscape 4.x N Y P
Netscape 7.x Y Y P (Enigmail)
Novell Groupwise N Y P
Outlook N Y P (G-Data)
Outlook Express N Y P (GPGOE)
Pegasus N Y P (QDPGP,PM-PGP)
Pine N Y T (pgpenvelope,(gpg|pgp)4pine)
Sylpheed Y Y N
Sylpheed-claws Y Y N
The Bat! N Y P (Ritlabs)
TkRat Y Y N
XFmail Y Y N
OpenPG - PGP/MIME, ASCII - Clearsign
N - Native, P - Plug-in, T - External Tool
The information needs to be both confirmed for accuracy as some
MUAs may have added OpenPGP support since being included on this
list, or just plain wrong (my apologies), as well as possibly
expanded.
So, if you know of a correction to this list, know a plug-in or
tool that isn't listed and provides GnuPG ability to the MUA, or
are perhaps using a MUA that supports GnuPG and isn't on this
list, please respond with an update!
BTW, the table won't be added to the FAQ... it's just to provide
me with accurate information from which to summarize from. Other
corrections and additions to the FAQ will be coming out this
week as well, so I certainly appreciate your help!
Thanks!
David
=====
David D. Scribner
IT Consulting & Services
CompTIA Linux+, Network+, A+ Certified
Ph: (817) 461-4018 eFax: (630) 214-7769
dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/
GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
From heiko.teichmeier@sw-meerane.de Tue Sep 17 08:29:01 2002
From: heiko.teichmeier@sw-meerane.de (Heiko Teichmeier)
Date: Tue Sep 17 07:29:01 2002
Subject: FAQ update for MUAs supporting GnuPG
Message-ID: <01C25E1B.AEC88520.heiko.teichmeier@sw-meerane.de>
Hi,
I think for the MUA Postme exist a plugin to use pgp/gpg. =
(www.postme.de).
PS: Postme is a fine small MUA for Win...
Mit freundlichen Gr=FC=DFen
Stadtwerke Meerane GmbH
Teichmeier
Netzmeister NB Elt
Tel.: (03764)7917-20
Fax: (03764)7917-21
heiko.teichmeier@sw-meerane.de
PS: immer aktuell im Internet
www.sw-meerane.de
-----Original Message-----
From: David Scribner [SMTP:dscribner@yahoo.com]
Sent: Tuesday, September 17, 2002 6:36 AM
To: GnuPG Users
Subject: FAQ update for MUAs supporting GnuPG
Greetings!
I'm updating section 4.15 (and others) in the GnuPG FAQ file and
wish to update the MUAs that support GnuPG either natively, or
with plug-ins or external tools as the list has grown
tremendously since 4.15 was first added to the FAQ.
I have the following information which I've collected on the
more popular mail user agents:
MUA OpenPGP ASCII How? (N,P,T)
---------------------------------------------------------------
Becky2 Y Y P (BkGnuPG)
Calypso N Y P (Unixmail)
Elm N Y T (mailpgp,morepgp)
Emacs/GNUS Y Y T (Mailcrypt)
Emacs/Mew Y Y N
Emacs/VM N Y T (Mailcrypt)
Eudora Y Y P (EuroraGPG)
Eudora Pro Y Y P (EudoraGPG)
Evolution Y Y N
GNUMail.app Y Y P (PGPBundle)
GPGMail Y Y N
KMail Y Y N
Lotus Notes N Y P
Mozilla Y Y P (Enigmail)
Mulberry Y Y P
Mutt Y Y N
Netscape 4.x N Y P
Netscape 7.x Y Y P (Enigmail)
Novell Groupwise N Y P
Outlook N Y P (G-Data)
Outlook Express N Y P (GPGOE)
Pegasus N Y P (QDPGP,PM-PGP)
Pine N Y T (pgpenvelope,(gpg|pgp)4pine)
Sylpheed Y Y N
Sylpheed-claws Y Y N
The Bat! N Y P (Ritlabs)
TkRat Y Y N
XFmail Y Y N
OpenPG - PGP/MIME, ASCII - Clearsign
N - Native, P - Plug-in, T - External Tool
The information needs to be both confirmed for accuracy as some
MUAs may have added OpenPGP support since being included on this
list, or just plain wrong (my apologies), as well as possibly
expanded.
So, if you know of a correction to this list, know a plug-in or
tool that isn't listed and provides GnuPG ability to the MUA, or
are perhaps using a MUA that supports GnuPG and isn't on this
list, please respond with an update!
BTW, the table won't be added to the FAQ... it's just to provide
me with accurate information from which to summarize from. Other
corrections and additions to the FAQ will be coming out this
week as well, so I certainly appreciate your help!
Thanks!
David
=3D=3D=3D=3D=3D
David D. Scribner
IT Consulting & Services
CompTIA Linux+, Network+, A+ Certified
Ph: (817) 461-4018 eFax: (630) 214-7769
dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/
GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From alex@conostix.com Tue Sep 17 12:09:02 2002
From: alex@conostix.com (Alexandre Dulaunoy)
Date: Tue Sep 17 11:09:02 2002
Subject: gpg 1.0.7 and 1.0.6 on redhat 7.3
In-Reply-To: <20020916110311.16798490.invg4@cogeco.ca>
Message-ID:
You should remove the 1.0.6 with rpm (rpm -e).
rpm -e gnupg-1.0.6
(Before that make a backup of your keyring)
Hope this helps.
adulau
On Mon, 16 Sep 2002, Mister wrote:
> Hello,
> I am running Redhat 7.3 which installed gpg 1.0.6 when i loaded the system. I downloaded the tarball of gpg 1.0.7 and installed it, now i have version 1.0.6 in /usr/bin which the system still uses and gpg 1.0.7 in /usr/local/bin which does work. How can i tell the system to use the new version ?
>
> Thanks in advance
> Dan Gordon
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
--
Alexandre Dulaunoy -- http://www.foo.be/
3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD --- AD993-6BONE
"People who fight may lose.People who do not fight have already lost."
Bertolt Brecht
From disastry@saiknes.lv Tue Sep 17 12:09:06 2002
From: disastry@saiknes.lv (disastry@saiknes.lv)
Date: Tue Sep 17 11:09:06 2002
Subject: followup: signing with a v3 rsa key in 1.1.9.2
Message-ID: <3D86D43E.3915EE68@saiknes.lv>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
vedaal wrote:
> found the reason:
>
> rsa v3 keys generated in 6.5.8 have the symmetric algo as 'cast-5' by default,
not by default.
6.5.8 uses CAST5 or 3DES for RSA v3 keys _only_ if IDEA is disabled.
> while in 2.6.x it is 'idea'
with 2.6.3ia-multi06 you can use CAST5 and other ciphers too..
> what is unusual, is that if the key is checked in 'key properties' in pgp keys,
> the symmetric algo is listed as 'idea' for 'any' v3 rsa key, no matter how it was generated,
>
> the actual algo used will be listed in pgpdump,
6.5.8ckt shows the cipher that was used to encrypt secret key.
> so, the 2.6.x keys need the 'idea' module installed,
> while v3 rsa keys generated in later versions,
they need IDEA module too, normally
> {or in 2.6.x Multi with the option specified as a non-'idea' algorithm},
> do not
>
> vedaal
__
Disastry http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPYa4BDBaTVEuJQxkEQOeEQCg7PGjjufhMFCg/e594D7GAESgglQAoL2p
ZpL396OSMJV5bkYbPfYHeW3i
=h+tH
-----END PGP SIGNATURE-----
From disastry@saiknes.lv Tue Sep 17 12:09:10 2002
From: disastry@saiknes.lv (disastry@saiknes.lv)
Date: Tue Sep 17 11:09:10 2002
Subject: using my own public key
Message-ID: <3D86D4B3.1C9B5787@saiknes.lv>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Werner Koch wrote:
> BTW, since 1.1.92 options has been replaced by gpg.conf but it will
> still be used as long as there is no gpg.conf. Just want to let you
> know.
fine, this means I can have different options files for GPG 1.0.7 and 1.1.92 :)
__
Disastry http://disastry.dhs.org/
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPYa4jzBaTVEuJQxkEQMbYACg8Ah87XT/X0WpAQcyOqMKbnSRy9sAoLCz
h02fE/zUJtl1g0I3IucMXaQO
=UQgF
-----END PGP SIGNATURE-----
From alex@FUCKUP.fantastyka.net Tue Sep 17 13:55:01 2002
From: alex@FUCKUP.fantastyka.net (Janusz A. Urbanowicz)
Date: Tue Sep 17 12:55:01 2002
Subject: FAQ update for MUAs supporting GnuPG
In-Reply-To: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
References: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
Message-ID: <20020917105558.GE1729@FUCKUP.fantastyka.net>
--lEGEL1/lMxI0MVQ2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Sep 16, 2002 at 09:36:10PM -0700, David Scribner wrote:
> Greetings!
>=20
> I'm updating section 4.15 (and others) in the GnuPG FAQ file and
> wish to update the MUAs that support GnuPG either natively, or
> with plug-ins or external tools as the list has grown
> tremendously since 4.15 was first added to the FAQ.
>=20
> I have the following information which I've collected on the
> more popular mail user agents:
>=20
> MUA OpenPGP ASCII How? (N,P,T)
> ---------------------------------------------------------------
> Becky2 Y Y P (BkGnuPG)
> Calypso N Y P (Unixmail)
> Elm N Y T (mailpgp,morepgp)
Elm ME+ suports PGP/GPG natively:
Elm ME+ N Y N
Alex
--lEGEL1/lMxI0MVQ2
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9hwo+TfkBjn4ugD0RAzAxAKCWb7ozW5QYfVgCNAXecgLPbCtM5gCghY2n
39rbvd58CCrmnelWdg9kSlE=
=pdSB
-----END PGP SIGNATURE-----
--lEGEL1/lMxI0MVQ2--
From Josh Huber Tue Sep 17 15:26:02 2002
From: Josh Huber (Josh Huber)
Date: Tue Sep 17 14:26:02 2002
Subject: FAQ update for MUAs supporting GnuPG
In-Reply-To: <20020917043610.42334.qmail@web13504.mail.yahoo.com> (David
Scribner's message of "Mon, 16 Sep 2002 21:36:10 -0700 (PDT)")
References: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
Message-ID: <87admg94yk.fsf@mail.paradoxical.net>
David Scribner writes:
> Greetings!
>
> I'm updating section 4.15 (and others) in the GnuPG FAQ file and
> wish to update the MUAs that support GnuPG either natively, or
> with plug-ins or external tools as the list has grown
> tremendously since 4.15 was first added to the FAQ.
>
> I have the following information which I've collected on the
> more popular mail user agents:
>
> MUA OpenPGP ASCII How? (N,P,T)
> ---------------------------------------------------------------
> [...]
> Emacs/GNUS Y Y T (Mailcrypt)
A couple things:
Gnus should be spelled "Gnus" not "GNUS", which is the spelling for
pre-v5.x versions of Gnus. (I think! I wasn't using it then :)
Someone correct me if I'm wrong...
Gnus has support for GnuPG a couple ways, either with Mailcrypt as an
add on package, or with gpg.el which is more of a native support
package. (it is in the contrib directory though...but only because of
copyright assignment issues...)
Perhaps this should be reflected as
Emacs/GNUS Y Y T (Mailcrypt, contrib/gpg.el)
?
--
Josh Huber
From Martin Schoch Tue Sep 17 17:19:03 2002
From: Martin Schoch (Martin Schoch)
Date: Tue Sep 17 16:19:03 2002
Subject: Which idea.dll under Win2k?
Message-ID: <57594174.20020917161833@compuserve.com>
Hello list,
As said some days ago - I wanted to include the idea.dll as
extension to gpg under Windows 2k SP2.
But I get an error message (ec=487) with gpg --version
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
gpg: LoadLibrary failed ec=487
gpg: GetProcAddress failed ec=127
gpg: GetProcAddress failed ec=127
gpg: invalid module `c:\programme\gnupp\lib\idea.dll': 127
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160
Compress: Uncompressed, ZIP, ZLIB
Do I have a wrong idea.dll version? It's marked here as
idea.dll 13.09.2002 10:02 7680
But I have downloaded it from:
ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip
Thanks for help.
--
Best regards,
Martin mailto:maschoch@compuserve.com
From wk@gnupg.org Tue Sep 17 17:45:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Tue Sep 17 16:45:01 2002
Subject: Which idea.dll under Win2k?
In-Reply-To: <57594174.20020917161833@compuserve.com> (Martin Schoch's
message of "Tue, 17 Sep 2002 16:18:33 +0200")
References: <57594174.20020917161833@compuserve.com>
Message-ID: <87n0qgvfr7.fsf@alberti.gnupg.de>
On Tue, 17 Sep 2002 16:18:33 +0200, Martin Schoch said:
> ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip
That is the correct one (if the signature is okay). However, it has
not been extensively tested. I have an idea whats going wrong, given
that I don't build Windows DLL every day I have to investigate again
how to do it correctly.
Shalom-Salam,
Werner
From pt@radvis.nu Tue Sep 17 20:41:01 2002
From: pt@radvis.nu (Per Tunedal)
Date: Tue Sep 17 19:41:01 2002
Subject: FAQ update for MUAs supporting GnuPG
In-Reply-To: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
Message-ID: <5.1.0.14.2.20020917193627.00bde600@qix.netcorps.com>
Hi!
I have a suggestion for improvement of the "Frontend" web-page
http://www.gnupg.org/frontends.html :
Make two sections; one for Windows and one for Unix!
It will make it easier for users to find a suitable solution.
Per Tunedal
At 21:36 2002-09-16 -0700, you wrote:
>Greetings!
>
>I'm updating section 4.15 (and others) in the GnuPG FAQ file and
>wish to update the MUAs that support GnuPG either natively, or
>with plug-ins or external tools as the list has grown
>tremendously since 4.15 was first added to the FAQ.
>
>I have the following information which I've collected on the
>more popular mail user agents:
>
>MUA OpenPGP ASCII How? (N,P,T)
>---------------------------------------------------------------
>Becky2 Y Y P (BkGnuPG)
>Calypso N Y P (Unixmail)
>Elm N Y T (mailpgp,morepgp)
>Emacs/GNUS Y Y T (Mailcrypt)
>Emacs/Mew Y Y N
>Emacs/VM N Y T (Mailcrypt)
>Eudora Y Y P (EuroraGPG)
>Eudora Pro Y Y P (EudoraGPG)
>Evolution Y Y N
>GNUMail.app Y Y P (PGPBundle)
>GPGMail Y Y N
>KMail Y Y N
>Lotus Notes N Y P
>Mozilla Y Y P (Enigmail)
>Mulberry Y Y P
>Mutt Y Y N
>Netscape 4.x N Y P
>Netscape 7.x Y Y P (Enigmail)
>Novell Groupwise N Y P
>Outlook N Y P (G-Data)
>Outlook Express N Y P (GPGOE)
>Pegasus N Y P (QDPGP,PM-PGP)
>Pine N Y T (pgpenvelope,(gpg|pgp)4pine)
>Sylpheed Y Y N
>Sylpheed-claws Y Y N
>The Bat! N Y P (Ritlabs)
>TkRat Y Y N
>XFmail Y Y N
>
>OpenPG - PGP/MIME, ASCII - Clearsign
>N - Native, P - Plug-in, T - External Tool
>
>The information needs to be both confirmed for accuracy as some
>MUAs may have added OpenPGP support since being included on this
>list, or just plain wrong (my apologies), as well as possibly
>expanded.
>
>So, if you know of a correction to this list, know a plug-in or
>tool that isn't listed and provides GnuPG ability to the MUA, or
>are perhaps using a MUA that supports GnuPG and isn't on this
>list, please respond with an update!
>
>BTW, the table won't be added to the FAQ... it's just to provide
>me with accurate information from which to summarize from. Other
>corrections and additions to the FAQ will be coming out this
>week as well, so I certainly appreciate your help!
>
>Thanks!
>David
>
>=====
>David D. Scribner
>IT Consulting & Services
>CompTIA Linux+, Network+, A+ Certified
>Ph: (817) 461-4018 eFax: (630) 214-7769
>dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/
>GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! News - Today's headlines
>http://news.yahoo.com
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
From mailinglisten@berndhaug.net Tue Sep 17 21:21:01 2002
From: mailinglisten@berndhaug.net (Bernd Haug)
Date: Tue Sep 17 20:21:01 2002
Subject: UID order, UID printed by default in gpg-1.06
Message-ID: <3D8772D4.9030305@berndhaug.net>
Greetings,
I'm new to this list. Hello. :)
Sorry for my English, I'm not a native speaker.
I got a question about the order in which UIDs are displayed:
I got a Keypair on which I have 2 UIDs - private and work.
Since we (pity) got no mail encryption policy at work, I use the
key(s) mostly for private matters.
Nevertheless, I added (= after creating the key) the work UID for
cases I need some more security on the official address.
Now, the Name directly associated w/ the private Key is the private
address, so (just to make the point - I don't know if I just made
myself clear), and the job addr is in a uid field.
$ gpg --list-secret-keys --with-colons
sec:...:Bernd Haug (Graz.at.eu -- http\x3a//www.berndhaug.net)\
:...
uid:...:Bernd Haug (Systems administration IICM Software\
Technology @ TU Graz, Austria) :
$
With the pubkey, however, the job addr is on the PK, and the private
one is just a UID.
$ gpg
pub:...:Bernd Haug (Systems administration IICM Software Technology @\
TU Graz, Austria) :...
uid:...:Bernd Haug (Graz.at.eu -- http\x3a//www.berndhaug.net)\
:
$
I guess this is mainly a cosmetic consideration, since the alias w/
the private addr is also printed when checking sigs, but still I would
like the order by priority of the uses of the key; call me anal
retentive if you must.
On the other Hand, I wouldn't bet that that mixup doesn't bring social
engineering problems. Could someone with sociological and/or
psychological knowledge bring clarity here?
Interesting fact: Even if the order seems to be correct in the secret
key, I still get the uid w/ the job address printed out when I'm asked
for my passwd for signing.
Have I put my point understandably?
And can tell me what I can do about it?
Yours, Bernd
From factotum@gvdnet.dk Tue Sep 17 23:48:02 2002
From: factotum@gvdnet.dk (Martin Christensen)
Date: Tue Sep 17 22:48:02 2002
Subject: FAQ update for MUAs supporting GnuPG
In-Reply-To: <20020917043610.42334.qmail@web13504.mail.yahoo.com> (David
Scribner's message of "Mon, 16 Sep 2002 21:36:10 -0700 (PDT)")
References: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
Message-ID: <877khkuyua.fsf@gvdnet.dk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "David" == David Scribner writes:
David> I'm updating section 4.15 (and others) in the GnuPG FAQ file
David> and wish to update the MUAs that support GnuPG either natively,
David> or with plug-ins or external tools as the list has grown
David> tremendously since 4.15 was first added to the FAQ.
"Support" is not just one single thing. Being able to verify and
decrypt messages in a particular format is one kind of support, and
signing and encrypting another.
David> BTW, the table won't be added to the FAQ...
Why not? I think it provides a nice overview.
Martin
- --
Homepage: http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG
iEYEARECAAYFAj2HlR0ACgkQYu1fMmOQldWAmQCgsxGQRUBklJbkUayNkWIUCTEU
dFAAn0HxRhPnwkvJ6k5wIWrPwKhQFl6d
=7S1j
-----END PGP SIGNATURE-----
From vedaal@lok.com Wed Sep 18 01:19:02 2002
From: vedaal@lok.com (vedaal@lok.com)
Date: Wed Sep 18 00:19:02 2002
Subject: followup v3 rsa key
Message-ID: <200209172214.g8HMEcfB025356@compute2.lok.com>
> Message: 4 Date: Tue, 17 Sep 2002 09:05:34 +0200 From:
> disastry@saiknes.lv To: gnupg-users
> Subject: Re: followup: signing with a v3 rsa key in 1.1.9.2
...
> vedaal wrote: > found the reason: > > rsa v3 keys generated in 6.5.8
> have the symmetric algo as 'cast-5' by default,
>
> not by default 6.5.8 uses CAST5 or 3DES for RSA v3 keys _only_ if .
> IDEA is disabled .
>
> > while in 2.6.x it is 'idea'
>
> with 2.6.3ia-multi06 you can use CAST5 and other ciphers too..
...
i 'thought' i understood, but now i am more confused :(
please bear with me:
[1] am running 1.1.92a windows binary with the idea plugin correctly installed, and everything works as expected
[2] disabled the option of 'load-extension c:\gnupg\lib\idea'
[3] as expected, i cannot sign with my default v3 rsa key generated in 2.6.3
*but*
[4] i 'can' sign with another v3 rsa key that was generated in 6.5.8 ckt
[5] both pgpdump and pgpckt identify the symmetric algorithm for this other v3 rsa key, as idea
here is the v3 rsa key that 'can' be signed with, *without* the idea plug-in:
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: passphrase: test@key.test
lQOgAzroPPgAAAEIANnTx/gHfag7qRMG6cVUnYZJjLcsdF6JSaVs+PUDCZ8l2+Z2
V9tgxByp26bymIlq5qFFeoA5vCiKc8qzYiEVLJVVIIDjw/id2gq/TgmxoLAwiDQM
TUKdCFa6pmR/uaxyrnJxfUA7+Qh0R0OjoCxNlrmyO3eiKstsJGqSUFIQq7GhcHc4
nbV59zHhEWnH7DX7sDa9CgF11WxM3sjWp15iOoP1nixhmchDtQ7foUxLsCF36G/4
ijcbN2NjiCDYMFburN8fXgrQzYHAIIiVFE0J+fbXNfPRmnbhQdaC8rIdiQ3tExBb
N0qWhGPT9M4JOZd1yPdFMb9gbntd8VZkiPd6/3sABREB7Y6HhGg6ktEH//f0m1Ut
UCqRbRNAqSG5bw8ueN69mgxuUxkr/bSznqix6PiNkQCpsgoAT6uAzR/5jUMNelzf
JBe9tpsYYnzCbTGoOHK4syKu67xsZB23J2RODtyp5ufa6zrs65lpTI/AD8rgg4CP
F6oX+PzpEHqi71VNorr2mOrS5pS+42G+SiL8jWpDF+w6CWJbE2p2y+3qxFCPsoft
PjdpaSFkhQ3bvS1xxH6XuFTTtwRPxCBCnxvkJOiBDwzkjTigkaXW6c+eKWGg2cmy
N0zfGD+VKYlsyJgJME06jmDgZaI2GY/uXTNpPeQ8W4bgBNPdGY2JVjtScrD6rBBh
pc7D67io2M7dOoQEABY3L4+H9D2J3gJN+31CR+/uBW97Nqx8fopd5Ktvgdw9+S1R
KpffVytC/Emf+Lo89XJOTWGhPhMpyDpNaBWeg9eBQlQJoXfgGRa0lM7kV8rW9ZjK
jW0pTd01e5KwxkvXGOSzV//QvJ4QOOWal1Z3l0u3QgSFjbAENhux1twVDgLhBADx
t1nQwZhji+m9o5AQMVdjPvDGUK0MBL44pF8Px5z+XFJ97ub0JykQYWeTreUJJO5d
9RwFUmP/vEOWaWF95Kc4aojhwkOgArsVIEi/f+D3KMNWfOGVyzh6pf/GPh89JYF8
r8CuRUfXj4RwwUwCwQYDSbUk56TQO+4ITxlX4eH9SgP/S2lRBOhPVM0oIvBKSFld
BT4B5ssQjF75AfFVVIl1kpG/eBhDUSx7I2q49iTdb23mN21Clp50gglwpWbbVa4Z
6yOaorgrO0Fh7CfW9rY8cPPhuPP082NS1X6udUv2ZQdNd3+mmHrTDpYtMuU9GFzn
yk5Tb9me0OsXe9uXJmHm+jNFYbQUdGVzdCA8dGVzdEBrZXkudGVzdD4=
=0mID
-----END PGP PRIVATE KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: { Acts of Kindness better the World, and protect the Soul }
mQENAzroPPgAAAEIANnTx/gHfag7qRMG6cVUnYZJjLcsdF6JSaVs+PUDCZ8l2+Z2
V9tgxByp26bymIlq5qFFeoA5vCiKc8qzYiEVLJVVIIDjw/id2gq/TgmxoLAwiDQM
TUKdCFa6pmR/uaxyrnJxfUA7+Qh0R0OjoCxNlrmyO3eiKstsJGqSUFIQq7GhcHc4
nbV59zHhEWnH7DX7sDa9CgF11WxM3sjWp15iOoP1nixhmchDtQ7foUxLsCF36G/4
ijcbN2NjiCDYMFburN8fXgrQzYHAIIiVFE0J+fbXNfPRmnbhQdaC8rIdiQ3tExBb
N0qWhGPT9M4JOZd1yPdFMb9gbntd8VZkiPd6/3sABRG0FHRlc3QgPHRlc3RAa2V5
LnRlc3Q+iQEVAwUQOug8+PFWZIj3ev97AQH7NQgAo3sH+KcsPtAbyp5U02J9h3Ro
aiKpAYxg3rfUVo/RH6hmCWT/AlPHLPZZC/tKiPkuIm2V3Xqyum530N0sBYxNzgNp
us8mK9QurYj2omKzf1ltN+uNHR8vjB8s7jEd/CDCARu81PqNoVq2b9JRFGpGbAde
7kQ/a0r2/IsJ8fz0iSpCH0geoHt3sBk9MyEem4uG0e2NzlH2wBz4H8l8BNHRHBq0
6tGH4h11ZhH3FiNzJWibT2AvzLCqar2qK+6pohKSvIp8zEP7Y/iQzCvkuOfHsUOH
4Utgg85k09hRDZ3pRRL/4R+Z+/1uXb+n6yKbOmpmi7U7wc9IwZxtTlGXsNIf+Q==
=7h3m
-----END PGP PUBLIC KEY BLOCK-----
[6] here is the pgpdump result for the key:
PGPdump Results
Old: Secret Key Packet(tag 5)(928 bytes) Ver 3 - old Public key creation time - Thu Apr 26 15:21:28 UTC 2001 Valid days - 0[0 is forever] Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(2048 bits) - (deleted, post is already too big)
RSA e(5 bits) - 11
Sym alg - IDEA(sym 1) IV - ed 8e 87 84 68 3a 92 d1
Encrypted RSA d(2047 bits) - (deleted}
Encrypted RSA p(1024 bits) - "
Encrypted RSA q(1024 bits) - "
Encrypted RSA u(1023 bits) - "
Checksum - 45 61 Old: User ID Packet(tag 13)(20 bytes) User ID - test
this key was generated in 6.5.8ckt(build 5) with 'default' settings, without disabling idea
if it has idea as the symmetric algo protecting the key, why doesn't it need the idea plug-in to sign with,
and if idea is 'not' the symmetric algo ptrotecting the secret key, why does pgpdump (and ckt) identify it that way?
tia,
vedaal
From damienffm@web.de Wed Sep 18 01:43:01 2002
From: damienffm@web.de (damienffm)
Date: Wed Sep 18 00:43:01 2002
Subject: =?ISO-8859-1?Q?How_to_delete_a_key_from_server_whe?=
=?ISO-8859-1?Q?n_password_isn=B4t_accepted=3F=3F=3F?=
Message-ID: <3D87B025.7000507@web.de>
Hi,
Following problem: I have a keypair where the password isn=B4t accepted=20
anymore. So I can=B4t use this keypair neither for signing nor for=20
encrypting.
I want to erase the key from the keyservers. What have I to do to succed =
in this, because I don=B4t have the right password??? At least the one=20
that should be isn=B4t accepted.
thx
alexander
From dscribner@yahoo.com Wed Sep 18 02:46:02 2002
From: dscribner@yahoo.com (David Scribner)
Date: Wed Sep 18 01:46:02 2002
Subject: How_to_delete_a_key_from_server_when_password_isn´t_accepted???
In-Reply-To: <3D87B025.7000507@web.de>
Message-ID: <20020917234705.80245.qmail@web13509.mail.yahoo.com>
--- damienffm wrote:
> I want to erase the key from the keyservers. What have I to do
> to succed
> in this, because I don´t have the right password??? At least
> the one
> that should be isn´t accepted.
If you didn't generate a revocation certificate when you first
created the key pair, you're pretty much SOL as it would require
the keyserver operator to manually remove the key... and even
then, since most key servers sync themselves with others,
eradicating the key from all keyservers is pretty much a long
shot.
Apparently, this ability is "in the works" for some keyserver
software, but until then the best you can do is send information
to those contacts that you communicate with that the key is not
to be used any longer.
If you haven't done so already, create a revocation certificate
for your new key pair, move this onto a diskette (or print it
out) and file it away someplace safe. That way, should you find
yourself in the same situation down the road or forget your
passphrase (needed to create the certificate), you will have one
pre-generated that can be used and submitted to keyservers to
revoke the key.
HTH
David
=====
David D. Scribner
IT Consulting & Services
CompTIA Linux+, Network+, A+ Certified
Ph: (817) 461-4018 eFax: (630) 214-7769
dscribner_at_bigfoot.com http://www.bigfoot.com/~dscribner/
GnuPG/PGP: 3172 7408 58CA D9C2 F697 950F 9DDC 7AC7 91EC 5F06
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
From ingo.kloecker@epost.de Thu Sep 19 02:57:01 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Thu Sep 19 01:57:01 2002
Subject: FAQ update for MUAs supporting GnuPG
In-Reply-To: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
References: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
Message-ID: <200209190111.15158@erwin.ingo-kloecker.de>
--Boundary-02=_TgQi9+iRv7LvVTu
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Tuesday 17 September 2002 06:36, David Scribner wrote:
> I have the following information which I've collected on the
> more popular mail user agents:
>
> MUA OpenPGP ASCII How? (N,P,T)
> ---------------------------------------------------------------
> KMail Y Y N
Actually PGP/MIME is currently (or more correctly, in the upcoming=20
version of KMail) provided through a plugin while clearsigning is=20
builtin (native). So more correct would be
KMail Y(P) Y(N) P/N
Regards,
Ingo
--Boundary-02=_TgQi9+iRv7LvVTu
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQA9iQgTGnR+RTDgudgRAuRoAJ40xbuGVHDKb3Hox27LRtlTOaanfQCfRVXS
UuF6samz/V1Zx2Gs1DF47RM=
=N6GX
-----END PGP SIGNATURE-----
--Boundary-02=_TgQi9+iRv7LvVTu--
From disastry@saiknes.lv Thu Sep 19 12:19:01 2002
From: disastry@saiknes.lv (disastry@saiknes.lv)
Date: Thu Sep 19 11:19:01 2002
Subject: followup v3 rsa key
Message-ID: <3D897AFB.796A5B25@saiknes.lv>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
vedaal wrote:
> i 'thought' i understood, but now i am more confused :(
>
> please bear with me:
> [1] am running 1.1.92a windows binary with the idea plugin correctly installed, and everything works as expected
> [2] disabled the option of 'load-extension c:\gnupg\lib\idea'
> [3] as expected, i cannot sign with my default v3 rsa key generated in 2.6.3
> *but*
> [4] i 'can' sign with another v3 rsa key that was generated in 6.5.8 ckt
I don't think you can (at least I can not, see below)
> [5] both pgpdump and pgpckt identify the symmetric algorithm for this other v3 rsa key, as idea
>
> here is the v3 rsa key that 'can' be signed with, *without* the idea plug-in:
>
> -----BEGIN PGP PRIVATE KEY BLOCK-----
> Version: 6.5.8ckt http://www.ipgpp.com/
> Comment: passphrase: test@key.test
>
> lQOgAzroPPgAAAEIANnTx/gHfag7qRMG6cVUnYZJjLcsdF6JSaVs+PUDCZ8l2+Z2
> V9tgxByp26bymIlq5qFFeoA5vCiKc8qzYiEVLJVVIIDjw/id2gq/TgmxoLAwiDQM
[...]
> this key was generated in 6.5.8ckt(build 5) with 'default' settings, without disabling idea
tried with this key, couldn't sign without IDEA:
f:\TEMP>gpg --homedir . --clearsign aaa
gpg: protection algorithm 1 (IDEA) is not supported
gpg: the IDEA cipher plugin is not present
gpg: please see http://www.gnupg.org/why-not-idea.html for more information
gpg: no default secret key: unknown cipher algorithm
gpg: aaa: clearsign failed: unknown cipher algorithm
f:\TEMP>gpg --homedir . --version
gpg (GnuPG) 1.0.7
Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: .
Supported algorithms:
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Hash: MD5, SHA1, RIPEMD160
> if it has idea as the symmetric algo protecting the key, why doesn't it need the idea plug-in to sign with,
> and if idea is 'not' the symmetric algo ptrotecting the secret key, why does pgpdump (and ckt) identify it that way?
__
Disastry http://disastry.dhs.org/
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPYle0TBaTVEuJQxkEQPlwwCeOKqGw4bulEfj74ESsGfbxA8/fHEAoOgf
x/YBwtxPaxSIGLqCtDpXsjAQ
=XdFS
-----END PGP SIGNATURE-----
From Martin Schoch Thu Sep 19 16:39:02 2002
From: Martin Schoch (Martin Schoch)
Date: Thu Sep 19 15:39:02 2002
Subject: Which idea.dll under Win2k?
In-Reply-To: <87n0qgvfr7.fsf@alberti.gnupg.de>
References: <57594174.20020917161833@compuserve.com>
<87n0qgvfr7.fsf@alberti.gnupg.de>
Message-ID: <351435193.20020919153922@compuserve.com>
On Tuesday, September 17, 2002, 4:43:08 PM Werner Koch wrote:
>> ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip
WK> That is the correct one (if the signature is okay). However, it has
WK> not been extensively tested. I have an idea whats going wrong, given
WK> that I don't build Windows DLL every day I have to investigate again
WK> how to do it correctly.
I found one thing which could be interesting to find the problem:
The idea.dll which I have downloaded from the ftp above works
with Win98SE - but not with Win2k SP2.
--
Best regards,
Martin Schoch mailto:maschoch@compuserve.com
From ianm@cat.co.za Thu Sep 19 18:03:01 2002
From: ianm@cat.co.za (Ian McIntosh)
Date: Thu Sep 19 17:03:01 2002
Subject: Compiling GPG source
Message-ID:
Hi,
I have recently compiled GnuPG version 1.0.6 source for Windows using
Borland Command line compiler. Granted I had to make a few changes here and
there but it did eventually compile. The reason I used BCC is I use it for
other programs and wanted to compile with it rather that the other options I
have seen mentioned like MINGW32 and cygwin. My problem is that my compiled
version appears to function but I don't know if its working properly. You
see I have downloaded the pre-compiled binary for Windows (version 1.0.6)
for www.gnupg.org and am using this for comparison. To check if everything
works I generated a key-pair using the gnupg.org binary and the veiwed this
key-paier using gpg --list-keys. I then did gpg --list-keys with my newly
compiled BCC version to see if the keys were displayed.
This worked fine only that the key-pair displayed by the gnupg
binary --list-keys option was different to the key-pair displayed by the BCC
compiled version. Furthermore I could only encrypt using the gnupg binary
and the BCC version would spit out an error
gpg: **********: skipped: unusable public key
gpg: c:\dvs\gnupg\encrypt_tmp: encryption failed: unusable public key
Now if I genrate a key-pair using the BCC gpg. I can encrypt fine, but the
gnupg binary will not encrypt giving the same error as above.
I am a bit confused as to why this would happen. Any help would be much
appreciated.
Thanks
Ian
From chris@inferno.nadir.org Thu Sep 19 18:49:01 2002
From: chris@inferno.nadir.org (chris@inferno.nadir.org)
Date: Thu Sep 19 17:49:01 2002
Subject: FAQ update for MUAs supporting GnuPG
In-Reply-To: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
References: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
Message-ID: <20020919134826.GA10036@inferno.nadir.org>
* Am Mon, Sep 16, 2002 at 09:36:10PM -0700 , schrieb David Scribner:
> Greetings!
>
> I'm updating section 4.15 (and others) in the GnuPG FAQ file and
> wish to update the MUAs that support GnuPG either natively, or
> with plug-ins or external tools as the list has grown
> tremendously since 4.15 was first added to the FAQ.
>
Since all these MUAs handle the encryption another way, i think it would be
interesting to add another category which says which MUA can commuicate with
wich. Because of that old PGP/mime and app/pgp stuff it is often hard to
tell wether one can send encrypted mail or not.
Greetings Chris
--
GPG-Fingerprint: 88DA B106 D973 B2AF 7CCB 725A F76C 803C 758F 71C0
Get it at: http://www.kluenter.de/chris.gpg
From Antonio.Moreno-Gomez@harrisbank.com Thu Sep 19 19:00:02 2002
From: Antonio.Moreno-Gomez@harrisbank.com (Antonio.Moreno-Gomez@harrisbank.com)
Date: Thu Sep 19 18:00:02 2002
Subject: question
Message-ID:
This is a question or trouble report when using gnupg.
When using the following command: this is for gnupg1.06
gpg -r mykey --yes --always-trust --encrypt myfile
when myfile is this is the output file
abc.txt abc.gpg
abc abc.gpg
abc.stu.txt abc.stu.txt.gpg
abc.xyz.exe.txt abc.xyz.exe.txt.gpg
when abc.txt is used as the input file the expected file would had been
abc.txt.gpg but instead I get abc.gpg, which is the same as the output for
encrypting abc
Is this a bug or is this the way this software was designed? Assuming
this is wrong is there any fix for that or any detour?
When using regular pgp trying to encrypt abc.txt the output file is
abc.txt.pgp which is different from the pair abc ----> abc.pgp
thank you.
From mail@alexander-zimmermann.de Thu Sep 19 19:31:01 2002
From: mail@alexander-zimmermann.de (Alexander Zimmermann)
Date: Thu Sep 19 18:31:01 2002
Subject: Gnupg with GCC-3.x
Message-ID: <200209190958.g8J9wDk4027918@sauron.forwiss.uni-passau.de>
---2133775658-758783491-1032429499=:971
Content-Type: TEXT/plain; charset=us-ascii
Hello,
I've problems with gnupg when compiling with gcc-3.2. The checks fail
with:
- - - - -
Making all in checks
make[2]: Entering directory `/public/source/network/gnupg-1.0.7/checks'
../g10/gpg --homedir . --quiet --yes --import ./pubdemo.asc
gpg: ../cipher/tiger: error loading extension: ld.so.1: ../g10/gpg: fatal: libgcc_s.so.1: open failed: No such file or directory
make[2]: *** [prepared.stamp] Error 2
make[2]: Leaving directory `/public/source/network/gnupg-1.0.7/checks'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/public/source/network/gnupg-1.0.7'
make: *** [all] Error 2
- - - - -
If I set the LD_LIBRARY_PATH to point to libgcc_s.so.1 it works, but I
don't like to set any LD_LIBRARY_PATH.
Is there a solution for this?
--
mail@alexander-zimmermann.de
"They that would give up essential liberty for a little
temporary safety deserve neither liberty nor safety."
Benjamin Franklin, Historical Review of Pennsylvania, 1759
---2133775658-758783491-1032429499=:971
Content-Type: APPLICATION/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)
iD8DBQA9iZ+0JwH/T84NZFwRAtxHAKDUFdndou0OfxHw+h5slNe9u1EiTgCbBExm
ru6AMFA57vnYX9CzpJ/zp1I=
=YCTu
-----END PGP SIGNATURE-----
---2133775658-758783491-1032429499=:971--
From paul.healy@goodyear.com Thu Sep 19 20:28:01 2002
From: paul.healy@goodyear.com (paul.healy@goodyear.com)
Date: Thu Sep 19 19:28:01 2002
Subject: question
Message-ID:
I had same/similar issue and resolved by
creating the a ".bat" file with the single line of code
which explicitly names the output file the same as original
but with a ".asc" suffix. To encrypt I simply call the bat with the
filename as a parameter. Its worth noting that no matter what the
encrypted file is named, you can get the original filename backout
by using the flag --use-embedded-filename when the decrypt command is
issued.
The following command encrypts with your public key and signs with my
secret key without any user input/intervention.
"c:\gnupg\gpg.exe " --passphrase-fd 0 --encrypt --armor --yes --recipient
you@overthere.com --local-user me@here.com --sign --output "%1.asc" "%1"
< "C:\passphrase.txt"
Antonio.Moreno-Gomez@harrisbank.com@gnupg.org on 09/19/2002 12:04:46 PM
Sent by: gnupg-users-admin@gnupg.org
To: gnupg-users@gnupg.org, gnupg-devel@gnupg.org
cc:
Subject: question
This is a question or trouble report when using gnupg.
When using the following command: this is for gnupg1.06
gpg -r mykey --yes --always-trust --encrypt myfile
when myfile is this is the output file
abc.txt abc.gpg
abc abc.gpg
abc.stu.txt abc.stu.txt.gpg
abc.xyz.exe.txt abc.xyz.exe.txt.gpg
when abc.txt is used as the input file the expected file would had been
abc.txt.gpg but instead I get abc.gpg, which is the same as the output for
encrypting abc
Is this a bug or is this the way this software was designed? Assuming
this is wrong is there any fix for that or any detour?
When using regular pgp trying to encrypt abc.txt the output file is
abc.txt.pgp which is different from the pair abc ----> abc.pgp
thank you.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From malte_gell@t-online.de Fri Sep 20 03:41:02 2002
From: malte_gell@t-online.de (Malte Gell)
Date: Fri Sep 20 02:41:02 2002
Subject: Gnupg with GCC-3.x
In-Reply-To: <200209190958.g8J9wDk4027918@sauron.forwiss.uni-passau.de>
References: <200209190958.g8J9wDk4027918@sauron.forwiss.uni-passau.de>
Message-ID: <200209200239.49521.malte_gell@t-online.de>
Am Donnerstag, 19. September 2002 11:58 schrieb Alexander Zimmermann:
> fatal: libgcc_s.so.1: open failed: No such file or directory make[2]:
> *** [prepared.stamp] Error 2
> make[2]: Leaving directory
> `/public/source/network/gnupg-1.0.7/checks' make[1]: ***
> [all-recursive] Error 1
> make[1]: Leaving directory `/public/source/network/gnupg-1.0.7'
> make: *** [all] Error 2
> - - - - -
>
> If I set the LD_LIBRARY_PATH to point to libgcc_s.so.1 it works,
> but I don't like to set any LD_LIBRARY_PATH.
>
> Is there a solution for this?
GnuPG works fine with GCC 3.2 and 3.1.1 (don't know about older versions=20
of GCC3).
I have installed GCC 3.2 below /opt/GCC-3.2 so I added a line to my=20
/etc/ld.so.conf:
/opt/GCC-3.2/lib
and this is what you should do and after that just type ldconfig et=20
voila it works. Of course, the entry in /etc/ld.so.conf depends where=20
you have GCC 3.2 installed.
Malte
From martin.bretschneider@gmx.de Fri Sep 20 17:04:02 2002
From: martin.bretschneider@gmx.de (Martin Bretschneider)
Date: Fri Sep 20 16:04:02 2002
Subject: FAQ update for MUAs supporting GnuPG
In-Reply-To: <20020919134826.GA10036@inferno.nadir.org>
References: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
<20020919134826.GA10036@inferno.nadir.org>
Message-ID:
--=.G7DxN6Ra6bi0Xz
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
chris@inferno.nadir.org wrote:
> * Am Mon, Sep 16, 2002 at 09:36:10PM -0700 , schrieb David Scribner:
> > Greetings!
> >
> > I'm updating section 4.15 (and others) in the GnuPG FAQ file and
> > wish to update the MUAs that support GnuPG either natively, or
> > with plug-ins or external tools as the list has grown
> > tremendously since 4.15 was first added to the FAQ.
> >
> Since all these MUAs handle the encryption another way, i think it would
> be interesting to add another category which says which MUA can
> commuicate with wich. Because of that old PGP/mime and app/pgp stuff it
> is often hard to tell wether one can send encrypted mail or not.
Yep, I created a list half a year ago:
www.bretschneidernet.de/tips/secmua.html
If you look for pgp/mime using google, it is in the top 5:)
Martin
--
www.bretschneidernet.de OpenPGP_0x4EA52583 jabber_breti@jabber.org
(o_ Mark Twain:
(o_ (o_ (o_ //\ Where prejudice exists it
(\)_(\)_(\)_V_/_ always discolors our thoughts.
--=.G7DxN6Ra6bi0Xz
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9iweAGK1ebE6lJYMRApeVAJ9HumnGPCnCU3iz5Fd5cTz1A0+thgCghUdd
wQf6MXMghfTud88hE07Npmw=
=kyDO
-----END PGP SIGNATURE-----
--=.G7DxN6Ra6bi0Xz--
From wk@gnupg.org Fri Sep 20 18:09:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Sep 20 17:09:02 2002
Subject: [solved] Re: Which idea.dll under Win2k?
In-Reply-To: <57594174.20020917161833@compuserve.com> (Martin Schoch's
message of "Tue, 17 Sep 2002 16:18:33 +0200")
References: <57594174.20020917161833@compuserve.com>
Message-ID: <87lm5wg0pr.fsf@alberti.gnupg.de>
Hi!
ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip
I have replaced that one with a build working under W2000 etc. Martin
already tested it and Kenneth was nice enough to put it online.
The problem was that the DLL was not relocatable - I should implement
the required code in mingw32 so that we can forget on how to do it.
Shalom-Salam,
Werner
From jam@jamux.com Fri Sep 20 18:21:01 2002
From: jam@jamux.com (John A. Martin)
Date: Fri Sep 20 17:21:01 2002
Subject: FAQ update for MUAs supporting GnuPG
In-Reply-To: (Martin
Bretschneider's message of "Fri, 20 Sep 2002 13:33:20 +0200")
References: <20020917043610.42334.qmail@web13504.mail.yahoo.com>
<20020919134826.GA10036@inferno.nadir.org>
Message-ID: <87admc6608.fsf@athene.jamux.com>
--=-=-=
Content-Transfer-Encoding: quoted-printable
>>>>> "mb" =3D=3D Martin Bretschneider
>>>>> "Re: FAQ update for MUAs supporting GnuPG"
>>>>> Fri, 20 Sep 2002 13:33:20 +0200
mb> Yep, I created a list half a year ago:
mb> www.bretschneidernet.de/tips/secmua.html
Hmm.. XEmacs seems to be missing. IIRC XEmacs does Mew and Gnus the
same ways as does FSF Emacs.
Both emacsen also do VM which is very popular but I don't know whether
VM does PGP/MIME. VM, and other emacsen mail modes such as emh-e
(MH), can use Mailcrypt to do GPG as ASCII amour or to do PGP-2.6.
The web page for XEmacs is and for VM is
.
jam
--=-=-=
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
iD8DBQE9iz0dUEvv1b/iXy8RAnxeAJ0RLpo9EAAaJ/y5/QTPlnDN6mn7WQCdHaUS
HCCnSEX1jAFyFB1U4sVt7c4=
=7yHh
-----END PGP MESSAGE-----
--=-=-=--
From ajgpgml@tesla.inka.de Fri Sep 20 20:26:03 2002
From: ajgpgml@tesla.inka.de (Andreas John)
Date: Fri Sep 20 19:26:03 2002
Subject: Strange behaviour with --edit-key/uid (GPG1.1.92, Win32)
Message-ID: <003301c260ca$e1d52de0$0c02a8c0@de>
Hi!
I wonder if this is really correct behaviour of GPG:
If I start GPG with the following command:=20
C:\BIN>gpg --status-fd 1 --command-fd 0 --edit-key xxx>1.txt
The UserIDs are not printed into the redirected File of StdOut (FD 1); =
they're still listed in the DOS-Box on the screen.
(And yes, they're also not going into StdErr (FD 2) -- at least on my =
machine (Win98))
Why I would need this: I want to parse the UserID-Lists to allow =
Delete-UserID via my very own little Frontend. And I also cannot rely on =
the order given by
gpg --list-keys --with-colons --fixed-list-mode xxx
as I have at least one key where the UID-Numbers are different than the =
printed order.
Any solutions to this problem?
Bye!
From wk@gnupg.org Fri Sep 20 21:21:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Sep 20 20:21:01 2002
Subject: Strange behaviour with --edit-key/uid (GPG1.1.92, Win32)
In-Reply-To: <003301c260ca$e1d52de0$0c02a8c0@de> ("Andreas John"'s message
of "Fri, 20 Sep 2002 19:24:43 +0200")
References: <003301c260ca$e1d52de0$0c02a8c0@de>
Message-ID: <87admccyna.fsf@alberti.gnupg.de>
On Fri, 20 Sep 2002 19:24:43 +0200, Andreas John said:
> The UserIDs are not printed into the redirected File of StdOut (FD 1); they're still listed in the DOS-Box on the screen.
> (And yes, they're also not going into StdErr (FD 2) -- at least on my machine (Win98))
There are reasons for printing them directly to the terminal.
gpg --with-colons --edit-key ...
Salam-Shalom,
Werner
From pokasick@northstar.org Fri Sep 20 21:42:02 2002
From: pokasick@northstar.org (O'Kasick, Paul W.)
Date: Fri Sep 20 20:42:02 2002
Subject: What creates the Windows Registry key that points to the keyring
location?
Message-ID: <0A43416BFC82D511B6A800508BA598BF38FC21@NS002>
Hi,
I'm setting up to use gnupg, and I want to change the location of the
keyrings. The machine that I've been using to get familiar with gnupg had
the registry entry. I don't know how the entry was created on my machine.
I just recently learned of its existence. I've created and exported our key
on the production machine, but there was no registry entry created.
HKEY_CURRENT_USER\Software\GNU\GnuPG... was located on my machine.
Unfortunately, I deleted it in the attempt to figure out what action creates
it.
Is there some action using gpg that I can take to create the entry, or do I
need to create this myself. Thanks for any help you can provide.
Paul
From wk@gnupg.org Fri Sep 20 22:05:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Sep 20 21:05:02 2002
Subject: What creates the Windows Registry key that points to the
keyring location?
In-Reply-To: <0A43416BFC82D511B6A800508BA598BF38FC21@NS002> ("O'Kasick, Paul
W."'s message of "Fri, 20 Sep 2002 13:43:45 -0500")
References: <0A43416BFC82D511B6A800508BA598BF38FC21@NS002>
Message-ID: <871y7ocwlp.fsf@alberti.gnupg.de>
--=-=-=
On Fri, 20 Sep 2002 13:43:45 -0500, O'Kasick, Paul W said:
> HKEY_CURRENT_USER\Software\GNU\GnuPG... was located on my machine.
> Unfortunately, I deleted it in the attempt to figure out what action creates
It is created manually or by using the attached regedit script -
adjust it for your needs. See also the file README.W32.
Shalom-Salam,
Werner
--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=gnupg-w32.reg
REGEDIT4
[HKEY_CURRENT_USER\Software\GNU\GNUPG]
"HomeDir"="C:\\GnuPG"
"gpgProgram"="C:\\GnuPG\\gpg.exe"
[HKEY_CURRENT_USER\Control Panel\Mingw32\NLS]
"MODir"="C:\\GnuPG\\Locale"
--=-=-=--
From paul.healy@goodyear.com Sat Sep 21 01:07:01 2002
From: paul.healy@goodyear.com (paul.healy@goodyear.com)
Date: Sat Sep 21 00:07:01 2002
Subject: SUN/OS - getting syntax errors when making gpg.exe
Message-ID:
SunOS 5.6 / sparc-sun-solaris2.6
I've had success installing on hp/ux but am failing on SUN/OS
Can someone send me precompiled gpg.exe to tide me over till I can
compile my own?
Below is screen caputre from "make" command.
Does anyone have any ideas how to resolve the syntax errors.
$ make
make all-recursive
make[1]: Entering directory `/ttapps/gnu/gnupg-1.0.7'
Making all in intl
make[2]: Entering directory `/ttapps/gnu/gnupg-1.0.7/intl'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/ttapps/gnu/gnupg-1.0.7/intl'
Making all in zlib
make[2]: Entering directory `/ttapps/gnu/gnupg-1.0.7/zlib'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/ttapps/gnu/gnupg-1.0.7/zlib'
Making all in util
make[2]: Entering directory `/ttapps/gnu/gnupg-1.0.7/util'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/ttapps/gnu/gnupg-1.0.7/util'
Making all in mpi
make[2]: Entering directory `/ttapps/gnu/gnupg-1.0.7/mpi'
cc -E -I.. -I../include -DHAVE_CONFIG_H mpih-add1.S | grep -v '^#' >
_mpih-add1.s
cc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -c _mpih-add1.s
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 15: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 15: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 20: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 20: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 24: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 25: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 25: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 26: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 27: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 27: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 28: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 28: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 30: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 31: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 31: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 33: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 37: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 38: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 38: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 39: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 40: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 45: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 47: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 48: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 49: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 51: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 53: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 54: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 55: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 57: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 59: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 60: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 61: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 63: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 65: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 66: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 67: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 69: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 69: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 70: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 70: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 71: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 71: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 72: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 72: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 76: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 76: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 81: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 83: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 84: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 85: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 87: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 87: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 88: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 88: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 89: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 89: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 90: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 90: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 95: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 98: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 98: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 102: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 103: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 105: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 110: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 110: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 115: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 116: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 118: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 123: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 126: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 126: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 130: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 131: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 131: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 132: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 133: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 133: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 134: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 134: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 136: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 137: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 137: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 140: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 140: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 144: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 145: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 147: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 149: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 150: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 151: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 153: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 155: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 156: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 157: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 159: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 161: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 162: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 163: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 165: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 167: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 169: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 169: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 170: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 170: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 171: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 171: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 172: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 172: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 176: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 176: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 179: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 180: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 182: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 184: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 186: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 186: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 187: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 187: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 188: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 188: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 189: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 189: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 192: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 192: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 196: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 197: error:
statement syntax
/opt/SUNWspro/bin/../SC4.0/bin/fbe: "_mpih-add1.s", line 199: error:
statement syntax
cc: assembler failed for _mpih-add1.s
make[2]: *** [mpih-add1.o] Error 2
make[2]: Leaving directory `/ttapps/gnu/gnupg-1.0.7/mpi'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/ttapps/gnu/gnupg-1.0.7'
make: *** [all] Error 2
From George@Schoelles.com Sat Sep 21 16:39:01 2002
From: George@Schoelles.com (George Schoelles)
Date: Sat Sep 21 15:39:01 2002
Subject: [solved] Re: Which idea.dll under Win2k?
In-Reply-To: <87lm5wg0pr.fsf@alberti.gnupg.de>
References: <57594174.20020917161833@compuserve.com> <87lm5wg0pr.fsf@alberti.gnupg.de>
Message-ID: <20020921062634.A132.GEORGE@Schoelles.com>
This new dll gives the following under win2k:
Supported algorithms:
gpg: GetProcAddress failed ec=127
gpg: Lib\idea: not a gnupg extension: 127
> Hi!
>
> ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip
>
> I have replaced that one with a build working under W2000 etc. Martin
> already tested it and Kenneth was nice enough to put it online.
>
> The problem was that the DLL was not relocatable - I should implement
> the required code in mingw32 so that we can forget on how to do it.
>
>
> Shalom-Salam,
>
> Werner
George Schoelles
From maschoch@compuserve.com Sat Sep 21 18:16:01 2002
From: maschoch@compuserve.com (Martin Schoch)
Date: Sat Sep 21 17:16:01 2002
Subject: [solved] Re: Which idea.dll under Win2k?
References: <57594174.20020917161833@compuserve.com> <87lm5wg0pr.fsf@alberti.gnupg.de> <20020921062634.A132.GEORGE@Schoelles.com>
Message-ID: <000601c26181$de73c640$3c00a8c0@vaio>
Hello
Did you have the _whole_ path in the config file, like:
load-extension c:\programs\gnupg\lib\idea.dll
Martin
> This new dll gives the following under win2k:
>
> Supported algorithms:
> gpg: GetProcAddress failed ec=127
> gpg: Lib\idea: not a gnupg extension: 127
From gnupg@xonx.de Sat Sep 21 19:22:02 2002
From: gnupg@xonx.de (Fred Bowman)
Date: Sat Sep 21 18:22:02 2002
Subject: Compiling GnuPG for Windows with MingW32
Message-ID: <3D8C9D0A.4090004@xonx.de>
Hi there.
Maybe this question belongs to the developer-list, but it asks more
about compiling than writing code (yes, both is part of "developing")
and could be interesting for many users, too.
Enhancing my security, I'm trying to compile my own GnuPG binaries. On
Linux, this wasn't a problem and worked quit fine (with 1.0.7).
The next step is to compile binaries for Windows (98 and 2000), but I
don't have any experience in working with Windows-compiler.
Somewhere in the list-archive, I found the information, that MingW32 is
a cross-compiler, which can build GnuPG on Linux and export Windows
binaries.
Are there any documentations or special hints about how to build GnuPG
on Linux and port it to Windows with MingW32?
Kind regards,
Fred
From wk@gnupg.org Sat Sep 21 20:01:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sat Sep 21 19:01:01 2002
Subject: Compiling GnuPG for Windows with MingW32
In-Reply-To: <3D8C9D0A.4090004@xonx.de> (Fred Bowman's message of "Sat, 21
Sep 2002 18:23:38 +0200")
References: <3D8C9D0A.4090004@xonx.de>
Message-ID: <87n0qb9t3c.fsf@alberti.gnupg.de>
On Sat, 21 Sep 2002 18:23:38 +0200, Fred Bowman said:
> Are there any documentations or special hints about how to build GnuPG
> on Linux and port it to Windows with MingW32?
Get my Mingw32/CPD kit (see gnupg/doc/README.W32), install it and then
do this:
cd gnupg-1.x.x
scripts/autogen.sh --build-w32
touch po/all
make
mkdir dist-w32
scripts/mk-w32-dist
cp mk-w32-dist/gnupg-w32cli-1.1.x.zip ~ftp/pub/
This assumes that you use the latest 1.1.92. It should include the
mk-w32-dist script; if not get it from the CVS.
Shalom-Salam,
Werner
From jmantor@nycap.rr.com Sun Sep 22 04:45:02 2002
From: jmantor@nycap.rr.com (Jason S. Mantor)
Date: Sun Sep 22 03:45:02 2002
Subject: GnuPG and Windows Registry variables
In-Reply-To: <87fzw9irxy.fsf@alberti.gnupg.de>
Message-ID:
OK, dumb question : Shouldn't that be HKEY_LOCAL_MACHINE ?
-JSM
-----Original Message-----
From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]On
Behalf Of Werner Koch
Sent: Monday, September 16, 2002 4:46 PM
To: Ryan Malayter
Cc: GNU Privacy Guard users
Subject: Re: GnuPG and Windows Registry variables
On Mon, 16 Sep 2002 13:35:42 -0500, Ryan Malayter said:
> I tested this on NT4 Sp6, Win2k Sp2, and WinXP sp1. Expansion of
Thanks.
> HKEY_CURRENT_USER for a configuration value, and if they don't find it,
> look for a global setting under the same key in HKEY_CURRENT_MACHINE. I
> think GnuPG should probably work the same way.
Done.
Shalom-Salam,
Werner
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From wk@gnupg.org Sun Sep 22 10:01:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Sep 22 09:01:02 2002
Subject: GnuPG and Windows Registry variables
In-Reply-To: ("Jason S.
Mantor"'s message of "Sat, 21 Sep 2002 21:49:13 -0400")
References:
Message-ID: <87bs6q8q8t.fsf@alberti.gnupg.de>
On Sat, 21 Sep 2002 21:49:13 -0400, Jason S Mantor said:
> OK, dumb question : Shouldn't that be HKEY_LOCAL_MACHINE ?
> -JSM
Sure, it is only wrong in my message.
Salam-Shalom,
Werner
From wk@gnupg.org Sun Sep 22 10:38:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Sep 22 09:38:01 2002
Subject: [Announce]GnuPG 1.2 released
Message-ID: <8765wy8q07.fsf@alberti.gnupg.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello!
We are pleased to announce the availability of a new stable release of
GnuPG: Version 1.2.0
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It is a complete and free replacement of PGP and
can be used to encrypt data and to create digital signatures. It
includes an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in RFC2440. This new
release implements most of OpenPGP's optional features, has somewhat
better interoperabilty with non-conforming OpenPGP implementations and
improved keyserver support.
Getting the Software
====================
GnuPG 1.2.0 can be downloaded from one of the *GnuPG mirror sites*.
The list of mirrors can be found at http://www.gnupg.org/mirrors.html.
See below for a list of mirrors already carrying this new released.
On the mirrors you should find the follwing files in the *gnupg*
directory:
gnupg-1.2.0.tar.bz2 (1.8 MB)
gnupg-1.2.0.tar.bz2.sig
GnuPG 1.2 source compressed using BZIP2 and OpenPGP signature.
gnupg-1.2.0.tar.gz (2.5 MB)
gnupg-1.2.0.tar.gz.sig
GnuPG source compressed using GZIP and OpenPGP signature.
gnupg-1.0.7-1.2.0.diff.gz (1.0 MB)
A patch file to upgrade a 1.0.7 GnuPG source. This file is
signed; you have to use GnuPG > 0.9.5 to verify the signature.
GnuPG has a feature to allow clear signed patch files which can
still be processed by the patch utility.
Select one of them. To shorten the download time, you probably want
to get the BZIP2 compressed file. Please try another mirror if
exceptional your mirror is not yet up to date.
In the *binary* directory, you should find these files:
gnupg-w32cli-1.2.0.zip (1.0 MB)
gnupg-w32cli-1.2.0.zip.sig
GnuPG compiled for Microsoft Windows and OpenPGP signature.
Note that this is a command line version and comes without a
graphical installer tool. You have to use an UNZIP utility to
extract the files and install them manually. The included file
README.W32 has further instructions.
Checking the Integrity
======================
In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:
* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
signature of the file gnupg-1.2.0.tar.bz2 you would use this command:
gpg --verify gnupg-1.2.0.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by that signing key. Make sure that you have the right key,
either by checking the fingerprint of that key with other sources
or by checking that the key has been signed by a trustworthy other
key.
Never use a GnuPG version you just downloaded to check the
integrity of the source - use an existing GnuPG installation.
* If you are not able to use an old version of GnuPG, you have to verify
the MD5 checksum. Assuming you downloaded the file
gnupg-1.2.0.tar.bz2, you would run the md5sum command like this:
md5sum gnupg-1.2.0.tar.bz2
and check that the output matches the first line from the
following list:
b22b10dacfeb5c2b0bc4ce9def2d1120 gnupg-1.2.0.tar.bz2
e93ceafc4395d1713d20044d523d18a7 gnupg-1.2.0.tar.gz
c735a9a4400e3e3b0b78f88aadedfd3d gnupg-1.0.7-1.2.0.diff.gz
af439e3ba82c8648041e8e9d902c3c01 gnupg-w32cli-1.2.0.zip
Upgrade Information
===================
The name of the default configuration file has changed from "options"
to "gpg.conf". The old name will still be used as long as no
"gpg.conf" exists. We recommend to rename your file after the
installation.
If you are upgrading from a version prior to 1.0.7, you may want to
run the command "gpg --rebuild-keydb-caches" once to speed up the
keyring access. Please note also that due to a bug in versions prior
to 1.0.6 it won't be possible to downgrade to such versions unless you
use the GnuPG version which comes with Debian's Woody release or you
apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt .
If you have any problems, please see the FAQ and the mailing list
archive at http://lists.gnupg.org. Please direct questions to the
gnupg-users@gnupg.org mailing list.
What's New
===========
Here is a list of major user visible changes since 1.0.7:
Configuration:
* The default configuration file is now ~/.gnupg/gpg.conf. If an
old ~/.gnupg/options is found it will still be used. This
change is required to have a more consistent naming scheme with
forthcoming tools.
* The configure option --with-static-rnd=auto allows to build gpg
with all available entropy gathering modules included. At
runtime the best usable one will be selected from the list
linux, egd, unix. This is also the default for systems lacking
a /dev/random device.
* All modules are now linked statically; the --load-extension
option is in general not useful anymore. The only exception is
to specify the deprecated IDEA cipher plugin.
* There are now various ways to restrict the ability GnuPG has to
exec external programs (for the keyserver helpers or photo ID
viewers). Read the README file for the complete list.
* The keyserver helper programs now live in
/usr/[local/]libexec/gnupg by default. If you are upgrading
from 1.0.7, you might want to delete your old copies in
/usr/[local/]bin. If you use an OS that does not use libexec
for whatever reason, use configure --libexecdir=/usr/local/lib
to place the keyserver helpers there.
New features:
* New "group" command to refer to several keys with one name.
* The option --interactive now has the desired effect when
importing keys.
* Full revocation key (aka "designated revoker") support.
* When using --batch with one of the --delete-key commands, the
key must be specified by fingerprint. See the man page for
details.
* New export option to leave off attribute packets (photo IDs)
during export. This is useful when exporting to HKP keyservers
which do not understand attribute packets.
* New import option to repair during import the HKP keyserver
mangling multiple subkeys bug. Note that this cannot completely
repair the damaged key as some crucial data is removed by the
keyserver, but it does at least give you back one subkey. This
is on by default for keyserver --recv-keys, and off by default
for regular --import.
* New commands: --personal-cipher-preferences,
--personal-digest-preferences, and
--personal-compress-preferences allow the user to specify which
algorithms are to be preferred. Note that this does not permit
using an algorithm that is not present in the recipient's
preferences (which would violate the OpenPGP standard). This
just allows sorting the preferences differently.
* New --attribute-fd command for frontends and scripts to get the
contents of attribute packets (i.e. photos)
Incompatible changes:
* Options --emulate-checksum-bug and --emulate-3des-s2k-bug have
been removed.
* The IDEA plugin has changed. Previous versions of the IDEA
plugin will no longer work with GnuPG. However, the current
version of the plugin will work with earlier GnuPG versions.
* ElGamal sign and encrypt is not anymore allowed in the key
generation dialog unless in expert mode. RSA sign and encrypt
has been added with the same restrictions.
OpenPGP compatibility:
* The use of MDCs have increased. A MDC will be used if the
recipients directly request it, if the recipients have AES,
AES192, AES256, or TWOFISH in their cipher preferences, or if
the chosen cipher has a blocksize not equal to 64 bits
(currently this is also AES, AES192, AES256, and TWOFISH).
* GnuPG will no longer automatically disable compression when
processing an already-compressed file unless a MDC is being
used. This is to give the message a certain amount of
resistance to the chosen-ciphertext attack while communicating
with other programs (most commonly PGP earlier than version 7.x)
that do not support MDCs.
* The preferred hash algorithms on a key are consulted when
encrypting a signed message to that key. Note that this is
disabled by default by a SHA1 preference in
--personal-digest-preferences.
* --cert-digest-algo allows the user to specify the hash algorithm
to use when signing a key rather than the default SHA1 (or MD5
for PGP2 keys). Do not use this feature unless you fully
understand the implications of this.
* --pgp7 mode automatically sets all necessary options to ensure
that the resulting message will be usable by a user of PGP 7.x.
Bug fixes:
* The file permission and ownership checks on files have been
clarified. Specifically, the homedir (usually ~/.gnupg) is
checked to protect everything within it. If the user specifies
keyrings outside this homedir, they are presumed to be shared
keyrings and therefore *not* checked. Configuration files
specified with the --options option and the IDEA cipher
extension specified with --load-extension are checked, along
with their enclosing directories.
* The LDAP keyserver handler now works properly with very old
(version 1) LDAP keyservers.
* [W32] Keyserver access does work with Windows NT.
Other changes:
* A warning is issued if the user forces the use of an algorithm
that is not listed in the recipient's preferences.
* In expert mode, the user can now re-sign a v3 key with a v4
self-signature. This does not change the v3 key into a v4 key,
but it does allow the user to use preferences, primary ID flags,
etc.
* Significantly improved photo ID support on non-unixlike
platforms.
* The default character set is now taken from the current locale;
it can still be overridden by the --charset option. Using the
option -vvv shows the used character set.
Internationalization
====================
GnuPG comes with support for these langauges:
American English Greek (el)
Catalan (ca) Indonesian (id)
Czech (cs) Italian (it)
Danish (da)[*] Japanese (ja)
Dutch (nl)[*] Polish (pl)
Esperanto (eo)[*] Brazilian Portuguese (pt_BR)[*]
Estonian (et)[*] Portuguese (pt)
French (fr)[*] Spanish (es)[*]
Galician (gl) Swedish (sv)[*]
German (de) Turkish (tr)
Languages marked with [*] were not updated for this releases and you
may notice untranslated messages. We will probably release an update
of the translations when we have received some translation updates.
May thanks to the translators for their ongoing support of GnuPG.
Happy Hacking,
The GnuPG team (David, Stefan, Timo and Werner)
p.s.
The mirror sites below have been verified to already carry this new
release. The full list of sites mirroring ftp.gnupg.org is available
at http://www.gnupg.org/mirrors.html.
Australia
Australia
ftp://ftp.planetmirror.com/pub/gnupg/
Asia
Japan
ftp://ftp.ayamura.org/pub/gnupg/
Europe
Austria
ftp://gd.tuwien.ac.at/privacy/gnupg/
http://gd.tuwien.ac.at/privacy/gnupg/
Denmark
ftp://sunsite.dk/pub/security/gcrypt/
Finland
ftp://ftp.jyu.fi/pub/crypt/gcrypt/
ftp://trumpetti.atm.tut.fi/gcrypt/
http://trumpetti.atm.tut.fi/gcrypt/
France
ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/
Germany
ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/
Greece
ftp://igloo.linux.gr/pub/crypto/gnupg/
Italy
ftp://ftp.linux.it/pub/mirrors/gnupg/
http://ftp.linux.it/pub/mirrors/gnupg/
Netherlands
ftp://ftp.demon.nl/pub/mirrors/gnupg/
Switzerland
ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/
United Kingdom
ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/
http://www.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9jWkpbH7huGIcwBMRAn2zAJwMBV5wm63NCdoO8USSFxKz1VzLcACeIHxk
8z7znh4OKJFUdvF74ZO79Qs=
=PttW
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From Weimer@CERT.Uni-Stuttgart.DE Sun Sep 22 14:45:01 2002
From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer)
Date: Sun Sep 22 13:45:01 2002
Subject: Agent implementation
Message-ID: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE>
Are there any sample implementations (for text console and X11) that
can be used with "gpg --use-agent"? I need something which can
actually be built without too much trouble, so something buried
somewhere in the =C4gypten project is probably out of question.
--=20
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
From wk@gnupg.org Sun Sep 22 15:25:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Sep 22 14:25:01 2002
Subject: Agent implementation
In-Reply-To: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE> (Florian Weimer's
message of "Sun, 22 Sep 2002 13:45:46 +0200")
References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE>
Message-ID: <87it0y6wod.fsf@alberti.gnupg.de>
On Sun, 22 Sep 2002 13:45:46 +0200, Florian Weimer said:
> Are there any sample implementations (for text console and X11) that
> can be used with "gpg --use-agent"? I need something which can
> actually be built without too much trouble, so something buried
> somewhere in the Ägypten project is probably out of question.
It is not that hard:
Get the latest libgcrypt *new*pg and build them. You probably don't
have libksba installed, so the configure script of newpg should figure
this out and only build the gpg-agent. If you have problems, please
complain.
The pinentry is one package with implementations for Qt, Gtk+ and
ncurses. I suggest to use the Gtk+ one which falls back to ncurses if
there is no DISPLAY.
Find both at
ftp://ftp.gnupg.org/gcrypt/alpha/aegypten/
Eventually the newpg stuff will be merged with GnuPG.
Salam-Shalom,
Werner
From Weimer@CERT.Uni-Stuttgart.DE Sun Sep 22 19:21:02 2002
From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer)
Date: Sun Sep 22 18:21:02 2002
Subject: Agent implementation
In-Reply-To: <87it0y6wod.fsf@alberti.gnupg.de> (Werner Koch's message of
"Sun, 22 Sep 2002 14:22:42 +0200")
References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE>
<87it0y6wod.fsf@alberti.gnupg.de>
Message-ID: <87d6r6ro4k.fsf@Login.CERT.Uni-Stuttgart.DE>
--=-=-=
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Werner Koch writes:
> On Sun, 22 Sep 2002 13:45:46 +0200, Florian Weimer said:
>
>> Are there any sample implementations (for text console and X11) that
>> can be used with "gpg --use-agent"? I need something which can
>> actually be built without too much trouble, so something buried
>> somewhere in the =C4gypten project is probably out of question.
>
> It is not that hard:
>
> Get the latest libgcrypt *new*pg and build them. You probably don't
> have libksba installed, so the configure script of newpg should figure
> this out and only build the gpg-agent. If you have problems, please
> complain.
newpg CVS HEAD needs the patch below.
However, it still doesn't work correctly, at least not out of the box.
./configure does not honor --prefix, and I think I know why:
# I know that it is in general not a good idea to evaluate bindir in
# the configuration but we want to hard code the defaults into some of
# the programs and doing this during a make install is not a good
# idea. We also have the problem that 2 of the programs are included
# in the package but the others are distributed in other packages.
*sigh*
But made it work nevertheless.
What about merging gpg-agent (and perhaps pinentry) into GnuPG *now*?
These packages are *so* useful.
--=20
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=diff
Index: Makefile.am
===================================================================
RCS file: /cvs/aegypten/newpg/Makefile.am,v
retrieving revision 1.12
diff -u -r1.12 Makefile.am
--- Makefile.am 21 Aug 2002 11:11:20 -0000 1.12
+++ Makefile.am 22 Sep 2002 15:41:58 -0000
@@ -23,8 +23,10 @@
if BUILD_GPGSM
sm = sm
+kbx = kbx
else
sm =
+kbx =
endif
if BUILD_AGENT
agent = agent
@@ -33,11 +35,13 @@
endif
if BUILD_SCDAEMON
scd = scd
+kbx = kbx
else
scd =
+kbx =
endif
-SUBDIRS = intl jnlib assuan common kbx ${sm} ${agent} ${scd} po doc tests
+SUBDIRS = intl jnlib assuan common ${kbx} ${sm} ${agent} ${scd} po doc tests
dist-hook:
Index: configure.ac
===================================================================
RCS file: /cvs/aegypten/newpg/configure.ac,v
retrieving revision 1.53
diff -u -r1.53 configure.ac
--- configure.ac 20 Sep 2002 14:13:27 -0000 1.53
+++ configure.ac 22 Sep 2002 15:41:58 -0000
@@ -203,13 +203,8 @@
# libksba is our X.509 support library
#
AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
-if test "$have_ksba" = "no"; then
- AC_MSG_ERROR([[
-***
-*** You need libksba to build this program..
-*** It should be available at the same place you
-*** got this software.
-***]])
+if test have_ksba = yes; then
+ AC_DEFINE(HAVE_KSBA)
fi
Index: common/maperror.c
===================================================================
RCS file: /cvs/aegypten/newpg/common/maperror.c,v
retrieving revision 1.15
diff -u -r1.15 maperror.c
--- common/maperror.c 16 Aug 2002 14:24:12 -0000 1.15
+++ common/maperror.c 22 Sep 2002 15:41:59 -0000
@@ -26,12 +26,15 @@
#include
#include
+#ifdef HAVE_KSBA
#include
+#endif /* HAVE_KSBA */
#include "util.h"
#include "errors.h"
#include "../assuan/assuan.h"
+#ifdef HAVE_KSBA
/* Note: we might want to wrap this in a macro to get our hands on
the line and file where the error occured */
int
@@ -62,7 +65,7 @@
}
return err;
}
-
+#endif /* HAVE_KSBA */
int
map_gcry_err (int err)
--=-=-=--
From johan-gnupg@almqvist.net Sun Sep 22 19:51:02 2002
From: johan-gnupg@almqvist.net (Johan Almqvist)
Date: Sun Sep 22 18:51:02 2002
Subject: Building rpm (was: GnuPG 1.2 released)
In-Reply-To: <8765wy8q07.fsf@alberti.gnupg.de>
References: <8765wy8q07.fsf@alberti.gnupg.de>
Message-ID: <20020922165305.GA15110@almqvist.net>
--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Werner Koch [020922 09:03]:
> We are pleased to announce the availability of a new stable release of
> GnuPG: Version 1.2.0
When trying to build an rpm (rpm -ta) no rpm is created. Is this a known
problem?
-Johan
--=20
Johan Almqvist
--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9jfVxEVwMevfaF0sRAoZXAKCBbYSzPf2h6m2mpuhworKLqWxDOwCgkEpl
qGDaO28z6NmntJekKp+FCuE=
=NWyR
-----END PGP SIGNATURE-----
--Kj7319i9nmIyA2yE--
From cova@ferrara.linux.it Sun Sep 22 20:04:02 2002
From: cova@ferrara.linux.it (Fabio Coatti)
Date: Sun Sep 22 19:04:02 2002
Subject: Building rpm (was: GnuPG 1.2 released)
In-Reply-To: <20020922165305.GA15110@almqvist.net>
References: <8765wy8q07.fsf@alberti.gnupg.de> <20020922165305.GA15110@almqvist.net>
Message-ID: <200209221902.52860.cova@ferrara.linux.it>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alle Sunday 22 September 2002 18:53, Johan Almqvist ha scritto:
> When trying to build an rpm (rpm -ta) no rpm is created. Is this a known
> problem?
I'm working right now to an updated spec file and new rpm packages. They
should be on-line tomorrow.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9jfe1WQfRfygzdKsRAo7jAKCK93N/Zn8O1GyblOnHY41X2dVuIgCdFIW9
ZFG/FJ7Uxb8JWNtgn4VizYA=
=uj0Z
-----END PGP SIGNATURE-----
From Weimer@CERT.Uni-Stuttgart.DE Sun Sep 22 20:19:02 2002
From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer)
Date: Sun Sep 22 19:19:02 2002
Subject: Agent implementation
In-Reply-To: <87d6r6ro4k.fsf@Login.CERT.Uni-Stuttgart.DE> (Florian Weimer's
message of "Sun, 22 Sep 2002 18:21:47 +0200")
References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE>
<87it0y6wod.fsf@alberti.gnupg.de>
<87d6r6ro4k.fsf@Login.CERT.Uni-Stuttgart.DE>
Message-ID: <87n0qa6iw1.fsf@Login.CERT.Uni-Stuttgart.DE>
--=-=-=
Florian Weimer writes:
> newpg CVS HEAD needs the patch below.
The patch is incomplete, see below.
In addition, gpg-agent does not do what I want: I start gpg-agent on
one terminal, and invoke gpg on some other (or even in a pipe, without
a terminal). gpg-agemt does not query for the passphrase on the first
terminal, but tries to use the terminal on which GnuPG is invoked,
which seems to fail badly.
Or is there something I do not understand?
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=diff
Index: Makefile.am
===================================================================
RCS file: /cvs/aegypten/newpg/Makefile.am,v
retrieving revision 1.12
diff -u -r1.12 Makefile.am
--- Makefile.am 21 Aug 2002 11:11:20 -0000 1.12
+++ Makefile.am 22 Sep 2002 16:59:18 -0000
@@ -23,8 +23,10 @@
if BUILD_GPGSM
sm = sm
+kbx = kbx
else
sm =
+kbx =
endif
if BUILD_AGENT
agent = agent
@@ -33,11 +35,13 @@
endif
if BUILD_SCDAEMON
scd = scd
+kbx = kbx
else
scd =
+kbx =
endif
-SUBDIRS = intl jnlib assuan common kbx ${sm} ${agent} ${scd} po doc tests
+SUBDIRS = intl jnlib assuan common ${kbx} ${sm} ${agent} ${scd} po doc tests
dist-hook:
Index: configure.ac
===================================================================
RCS file: /cvs/aegypten/newpg/configure.ac,v
retrieving revision 1.53
diff -u -r1.53 configure.ac
--- configure.ac 20 Sep 2002 14:13:27 -0000 1.53
+++ configure.ac 22 Sep 2002 16:59:19 -0000
@@ -203,13 +203,9 @@
# libksba is our X.509 support library
#
AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
-if test "$have_ksba" = "no"; then
- AC_MSG_ERROR([[
-***
-*** You need libksba to build this program..
-*** It should be available at the same place you
-*** got this software.
-***]])
+AH_TEMPLATE([HAVE_KSBA], [Defined if we have got the KSBA library.])
+if test have_ksba = yes; then
+ AC_DEFINE(HAVE_KSBA)
fi
Index: common/maperror.c
===================================================================
RCS file: /cvs/aegypten/newpg/common/maperror.c,v
retrieving revision 1.15
diff -u -r1.15 maperror.c
--- common/maperror.c 16 Aug 2002 14:24:12 -0000 1.15
+++ common/maperror.c 22 Sep 2002 16:59:20 -0000
@@ -26,12 +26,15 @@
#include
#include
+#ifdef HAVE_KSBA
#include
+#endif /* HAVE_KSBA */
#include "util.h"
#include "errors.h"
#include "../assuan/assuan.h"
+#ifdef HAVE_KSBA
/* Note: we might want to wrap this in a macro to get our hands on
the line and file where the error occured */
int
@@ -62,7 +65,7 @@
}
return err;
}
-
+#endif /* HAVE_KSBA */
int
map_gcry_err (int err)
--=-=-=--
From jharris@widomaker.com Mon Sep 23 04:36:02 2002
From: jharris@widomaker.com (Jason Harris)
Date: Mon Sep 23 03:36:02 2002
Subject: intermediate (2002-09-22) keyanalyze results
Message-ID: <20020923013621.GA3118@pm7-39.lft.widomaker.com>
--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
New intermediate keyanalyze results are available at:
http://jharris.cjb.net/ka/2002-09-22/ (which redirects to:)
http://keyserver.kjsl.com/~jharris/ka/2002-09-22/
Earlier intermediate reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
--=20
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web: http://jharris.cjb.net/
--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (FreeBSD)
iD8DBQE9jnAUSypIl9OdoOMRAu4XAJ9Lb4Qn+DfvU8ZZ1w+ryQ/FGVf1AgCgn8Rn
eSWbnsibAFuqbYu+sqqPN9o=
=WSEf
-----END PGP SIGNATURE-----
--cNdxnHkX5QqsyA0e--
From vedaal@lok.com Mon Sep 23 08:02:02 2002
From: vedaal@lok.com (vedaal@lok.com)
Date: Mon Sep 23 07:02:02 2002
Subject: follow-up v 3rsa key
Message-ID: <200209230502.g8N52hHV020935@compute1.lok.com>
> idea.dll under Win2k? (Martin Schoch 3. Compiling )
> GPG source (Ian McIntosh 4. Re: FAQ update for MUAs )
> supporting GnuPG (chris@inferno.nadir.org 5. question )
> Message: 1 Date: Thu, 19 Sep 2002 09:21:31 +0200 From:
> disastry@saiknes.lv To: gnupg-users
> Subject: Re: followup v3 rsa key
> vedaal wrote: > i 'thought' i understood, but now i am more confused
> :( > > please bear with me: > [1] am running 1.1.92a windows
> binary with the idea plugin correctly installed, and everything
> works as expected > [2] disabled the option of 'load-extension
> c:\gnupg\lib\idea' > [3] as expected, i cannot sign with my default
> v3 rsa key generated in 2.6.3 > *but* > [4] i 'can' sign with
> another v3 rsa key that was generated in 6.5.8 ckt
>
> I don't think you can (at least I can not, see below)
...
> tried with this key, couldn't sign without IDEA:
>
> f:\TEMP>gpg --homedir . --clearsign aaa gpg: protection algorithm 1
> (IDEA) is not supported gpg: the IDEA cipher plugin is not present
> gpg: please see http://www.gnupg.org/why-not-idea.html for more
> information gpg: no default secret key: unknown cipher algorithm
> gpg: aaa: clearsign failed: unknown cipher algorithm
>
> f:\TEMP>gpg --homedir . --version gpg (GnuPG) 1.0.7 Copyright
maybe not in 1.0.7,
try with the 1.1.9.2 windows binary,
here is an armored signed message using the same v3 rsa test key, without loading the 'idea' plugin
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.1.92 (MingW32)
Comment: Acts of Kindness better the World, and protect the Soul
owEBVwGo/pANAwADAfFWZIj3ev97AawuYgx+Z3BndHJheS5jbHA9jpzNc2lnbmlu
ZyB3aXRoIHRlc3RAa2V5LnRlc3QNCokBFQMFAD2OnM3xVmSI93r/ewEDFQkH/iaV
BJbIwwzxWOdu68dBQGywOPdyHY+2Re6xj4tM/u8A67gvx92EQnsbDyS56NSbUihZ
0pcN2+YRbLE7ah7DNbYxQvjrMCsJg3adROWwt7/SF2kIXbKRl6RHVRys0fNVNhRL
pgfq5PAGWHQTtsXLsZLUl64oJBNVvAZobdA4HuE/TLfLht9hWHfswvKJUDH7omdV
fa2VVfVEIXCWOR3NpGmFIsHuliqKvNN/A4PZ5YNtcoumL1X5iLYIPhtdL9SB4M5W
Qw3VLEE2gwOfVBgyvTO+ZYUdqhsZB+r0WDeCFrYal6eqMoVqL1vpJb1JacGK20dT
A9T2JBk10C/9gjK67js=
=bEi/
-----END PGP MESSAGE-----
here is the version information, {'idea' is not loaded}
gpg (GnuPG) 1.1.92
Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: C:/GnuPG
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8),
AES256 (S9), TWOFISH (S10)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3)
Compress: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2)
i do have the idea.dll in the windows system, and in the gnupg\lib
but have disabled the load-extension c:\gnupg\lib\idea
what is most puzzling,
is that (at least for me on the 1.1.9.2 windows binary)
it distinguishes between v3 rsa keys generated in 2.6.3
and in 6.5.8,
does not allow signing with the 2.6.3 keys, but does allow with the 6.5.8
have not tried to sign using 1.0.7 .
tia,
vedaal
From wk@gnupg.org Mon Sep 23 12:15:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Mon Sep 23 11:15:02 2002
Subject: Agent implementation
In-Reply-To: <87n0qa6iw1.fsf@Login.CERT.Uni-Stuttgart.DE> (Florian Weimer's
message of "Sun, 22 Sep 2002 19:20:30 +0200")
References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE>
<87it0y6wod.fsf@alberti.gnupg.de>
<87d6r6ro4k.fsf@Login.CERT.Uni-Stuttgart.DE>
<87n0qa6iw1.fsf@Login.CERT.Uni-Stuttgart.DE>
Message-ID: <87vg4x3w8o.fsf@alberti.gnupg.de>
On Sun, 22 Sep 2002 19:20:30 +0200, Florian Weimer said:
> The patch is incomplete, see below.
Thanks.
> In addition, gpg-agent does not do what I want: I start gpg-agent on
> one terminal, and invoke gpg on some other (or even in a pipe, without
> a terminal). gpg-agemt does not query for the passphrase on the first
> terminal, but tries to use the terminal on which GnuPG is invoked,
This is intended. I think it would be confusing when the pinentry
pops up on another terminal and you have to switch to this terminal to
enter the passphrase - if you at all recognize that there is another
terminal waiting for an answer.
We can either add an option to gpg-agent to ignore requests to switch
the tty or DISPLAY or have an gpg option to do this. This is terminal
and locale switching is not very well tested, so expect more bugs.
Including gpg-agent in the current GnuPG package is not easy. We
might want to ask the Debian folks to make a gpg-agent only package.
Shalom-Salam,
Werner
From Weimer@CERT.Uni-Stuttgart.DE Mon Sep 23 12:34:01 2002
From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer)
Date: Mon Sep 23 11:34:01 2002
Subject: Agent implementation
In-Reply-To: <87vg4x3w8o.fsf@alberti.gnupg.de> (Werner Koch's message of
"Mon, 23 Sep 2002 11:12:39 +0200")
References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE>
<87it0y6wod.fsf@alberti.gnupg.de>
<87d6r6ro4k.fsf@Login.CERT.Uni-Stuttgart.DE>
<87n0qa6iw1.fsf@Login.CERT.Uni-Stuttgart.DE>
<87vg4x3w8o.fsf@alberti.gnupg.de>
Message-ID: <87ofap59qy.fsf@Login.CERT.Uni-Stuttgart.DE>
Werner Koch writes:
> This is intended. I think it would be confusing when the pinentry
> pops up on another terminal and you have to switch to this terminal to
> enter the passphrase - if you at all recognize that there is another
> terminal waiting for an answer.
In my case, screen would tell me that I'd have to look at a certain
window. I don't think such a setup is so obscure that it's unique.
My problem is that I plan to run GnuPG from within Emacs, and usually,
there's either no terminal at all, or a very dumb one (which is in no
way sufficient for pinentry-curses). That's why the current approach
just does not work.
> We can either add an option to gpg-agent to ignore requests to switch
> the tty or DISPLAY or have an gpg option to do this.
Again, for my needs, a gpg-agent option would be the best choice.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
From texmex@uni.de Mon Sep 23 15:34:02 2002
From: texmex@uni.de (Gregor Zattler)
Date: Mon Sep 23 14:34:02 2002
Subject: problems with pinentry, gpg-agent and multiple terminals (was: Re: Agent implementation)
In-Reply-To: <87vg4x3w8o.fsf@alberti.gnupg.de>
References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE> <87it0y6wod.fsf@alberti.gnupg.de> <87d6r6ro4k.fsf@Login.CERT.Uni-Stuttgart.DE> <87n0qa6iw1.fsf@Login.CERT.Uni-Stuttgart.DE> <87vg4x3w8o.fsf@alberti.gnupg.de>
Message-ID: <20020923122430.GA2317@pit.ID-43118.user.dfncis.de>
Hi Werner et al.,
* Werner Koch [23. Sep. 2002]:
> On Sun, 22 Sep 2002 19:20:30 +0200, Florian Weimer said:
> > In addition, gpg-agent does not do what I want: I start gpg-agent on
> > one terminal, and invoke gpg on some other (or even in a pipe, without
> > a terminal). gpg-agemt does not query for the passphrase on the first
> > terminal, but tries to use the terminal on which GnuPG is invoked,
>
> This is intended. I think it would be confusing when the pinentry
> pops up on another terminal and you have to switch to this terminal to
> enter the passphrase - if you at all recognize that there is another
> terminal waiting for an answer.
But that's what it behaves now:
I started gpg-agent via my .bash_profile as described in the
documentation. Then i tried to sign a file. First time nothing
happend butt an error message stating it could not find pinentry.
I made a link from pinentry to pinentry-gtk and tried again.
A "window" appeared at my console and i typed the passphrase.
When i signed another file with the same key i gpg did it without
asking me again. *good*
Then i startet X11 and a xterm and tried to sign a file with
the same key. gpg did it without asking me. *good*
!! Then in the same xterm i signed a file with a different key.
!! A few lines of text appeared:
!! "You need a passphrase to unlock the secret key for..." on this
!! xterm. Cursor is on the left. It looks like a terminal prompt.
!! So i type my other passphrase --> it appears in clear text on the
!! terminal: everybody can read it. *very bad*
I went back to the console: there is an "window" asking me for
the the second keys passphrase. Normally i would take notwendig
notice of this.
?? Then i played a bit with this console window. At some point i
?? hit "TAB" and then i was asked: "Display all 1125 possibilities?
?? (y or n)". *?*
[newest versions og gpg, pinentry and newpg as of yesterday]
I would like to have a simple terminal interface for passphrases,
so i can use it in scripts.
Ciao, Gregor
From twoaday@freakmail.de Mon Sep 23 16:13:02 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Mon Sep 23 15:13:02 2002
Subject: Agent implementation
In-Reply-To: <87it0y6wod.fsf@alberti.gnupg.de>
References: <87it0ys0wl.fsf@Login.CERT.Uni-Stuttgart.DE> <87it0y6wod.fsf@alberti.gnupg.de>
Message-ID: <20020922125602.GB2622@daredevil.joesixpack.net>
On Sun Sep 22 2002; 14:22, Werner Koch wrote:
> > actually be built without too much trouble, so something buried
> > somewhere in the Ägypten project is probably out of question.
>
> It is not that hard:
>
> Get the latest libgcrypt *new*pg and build them. You probably don't
> have libksba installed, so the configure script of newpg should figure
> this out and only build the gpg-agent. If you have problems, please
What about the original GPG-Agent from the GPG 1.1.1x branch? It
doesn't depend on other packages except GDK.
Are there plans to maintain this version or do we only use the one
from the Aegypten project?
Timo
From gnupg@nick.org Mon Sep 23 16:13:06 2002
From: gnupg@nick.org (Nick)
Date: Mon Sep 23 15:13:06 2002
Subject: Lost passphrase
Message-ID:
I searched through the FAQ and newsgroups, but to no avail.
I have my secret key, but not the passphrase. Is my only option a
brute-force attack on the passphrase? Can GnuPG be modified to ignore the
passphrase?
I just want to generate a revocation certificate for an old key that I am
no longer using.
Please cc me any response, and thanks in advance.
Nick
From spiette@generation.net Mon Sep 23 16:16:01 2002
From: spiette@generation.net (Simon Piette)
Date: Mon Sep 23 15:16:01 2002
Subject: gnupg and mutt's pgp_encryptself
Message-ID: <20020923091650.D24071@xim.dyndns.org>
--dc+cDN39EJAMEtIO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hello,
I am using stock mutt 1.2.5.1 with gnupg 1.0.6 on a RH 7.3 system. Each
time I encrypt a message for someone it is stored encrypted for my
recepient on my $record mailbox, but not for myself. With mutt 1.2,
pgp_encryptself is no longer a valid setting. What I have to do to have
it encrypted for me too?
TIA,
Simon Piette
--dc+cDN39EJAMEtIO
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9jxRCLm5A1Ar/ygYRAhZ8AJ99KqajePiJLtIuZ7S2wu+QK462qgCghSvf
/70dpAOLbaSzOBU3A/yoNpY=
=J6rY
-----END PGP SIGNATURE-----
--dc+cDN39EJAMEtIO--
From chilts@birdbrained.org Mon Sep 23 16:21:02 2002
From: chilts@birdbrained.org (Chris Hilts)
Date: Mon Sep 23 15:21:02 2002
Subject: Lost passphrase
In-Reply-To:
References:
Message-ID: <1052.68.15.139.117.1032787337.squirrel@www.birdbrained.org>
> I have my secret key, but not the passphrase. Is my only option a
> brute-force attack on the passphrase? Can GnuPG be modified to ignore
> the passphrase?
Wouldn't be much point in the passphrase if there were a way.. No,
unfortunately you're pretty much out of luck. When you make your new key,
make a revocation certificate at the same time and stash it somewhere
safe. This is a lesson I'm still learning, as you can tell by the various
public keys I have gently rotting on the keyservers.
Sorry I couldn't give you better news.
Chris Hilts
chilts@birdbrained.or
From rtilley@vt.edu Mon Sep 23 16:22:01 2002
From: rtilley@vt.edu (R. Bradley Tilley)
Date: Mon Sep 23 15:22:01 2002
Subject: RPMs
Message-ID: <200209230923.23772.rtilley@vt.edu>
Hello,
I must run RedHat at my workplace. This version (7.3) uses gnupg-1.0.6-5.=
I=20
would like to upgrade to the new release, but I must maintain compatibili=
ty=20
with other RH packages. Once the rpm versions are released, would it be s=
afe=20
for me to do 'rpm -Uvh gnupg_latest', or would it be better to wait until=
the=20
vendor releases a new package?
Thank you
From cova@ferrara.linux.it Mon Sep 23 16:33:01 2002
From: cova@ferrara.linux.it (Fabio Coatti)
Date: Mon Sep 23 15:33:01 2002
Subject: Lost passphrase
In-Reply-To:
References:
Message-ID: <20020923133326.29C182572B@hobbes.wired>
Il 19:01, domenica 22 settembre 2002, Nick ha scritto:
> I searched through the FAQ and newsgroups, but to no avail.
>
> I have my secret key, but not the passphrase. Is my only option a
> brute-force attack on the passphrase? Can GnuPG be modified to ignore the
> passphrase?
>
> I just want to generate a revocation certificate for an old key that I am
> no longer using.
>
> Please cc me any response, and thanks in advance.
>
> Nick
No way. Obviously, the passphrase is here just to avoid that someone gets the
secret key. Otherwise the passphrase will have no meaning at all. If you have
chosen a good passphrase, you're out of luck. Time to create a new keypair, I
fear.
--
Fabio Coatti http://www.ferrara.linux.it/members/cova
Ferrara Linux Users Group http://ferrara.linux.it
GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703
Old SysOps never die... they simply forget their password.
From cova@ferrara.linux.it Mon Sep 23 16:41:02 2002
From: cova@ferrara.linux.it (Fabio Coatti)
Date: Mon Sep 23 15:41:02 2002
Subject: RPMs
In-Reply-To: <200209230923.23772.rtilley@vt.edu>
References: <200209230923.23772.rtilley@vt.edu>
Message-ID: <20020923134125.B85722572B@hobbes.wired>
Il 15:23, lunedì 23 settembre 2002, hai scritto:
> Hello,
>
> I must run RedHat at my workplace. This version (7.3) uses gnupg-1.0.6-5. I
> would like to upgrade to the new release, but I must maintain compatibility
> with other RH packages. Once the rpm versions are released, would it be
> safe for me to do 'rpm -Uvh gnupg_latest', or would it be better to wait
> until the vendor releases a new package?
I've tested the RPMS on Mdk82 and the upgrade went just fine. I'm placing the
RPMS on line just now.
You can do a safe upgrade by simply copying the contents of ~/.gnupg
directory to some other place, then rename .gnupg/options to gpg.conf and,
once the new gpg is installed, launch gpg --rebuild-keydb-caches
If something goes wrong, uninistall gnupg-1.2.0, install back 1.0.6 and copy
the old .gnupg dir back into your home dir.
--
Fabio Coatti http://www.ferrara.linux.it/members/cova
Ferrara Linux Users Group http://ferrara.linux.it
GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703
Old SysOps never die... they simply forget their password.
From wk@gnupg.org Mon Sep 23 16:43:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Mon Sep 23 15:43:02 2002
Subject: gnupg and mutt's pgp_encryptself
In-Reply-To: <20020923091650.D24071@xim.dyndns.org> (Simon Piette's message
of "Mon, 23 Sep 2002 09:16:50 -0400")
References: <20020923091650.D24071@xim.dyndns.org>
Message-ID: <87vg4w3jt2.fsf@alberti.gnupg.de>
On Mon, 23 Sep 2002 09:16:50 -0400, Simon Piette said:
> recepient on my $record mailbox, but not for myself. With mutt 1.2,
> pgp_encryptself is no longer a valid setting. What I have to do to have
> it encrypted for me too?
Put a line
encrypt-to
into gpg.conf (or options if you are using a pre 1.0 version
Shalom-Salam,
Werner
From pplf@wanadoo.fr Mon Sep 23 17:12:01 2002
From: pplf@wanadoo.fr (pplf)
Date: Mon Sep 23 16:12:01 2002
Subject: RPMs
References: <200209230923.23772.rtilley@vt.edu> <20020923134125.B85722572B@hobbes.wired>
Message-ID: <3D8F21D6.4080008@wanadoo.fr>
Fabio Coatti wrote:
> I've tested the RPMS on Mdk82 and the upgrade went just fine. I'm placing the
> RPMS on line just now.
Where are these RPMS ? ftp://crypto.ferrara.linux.it/pub/gpg/ has nothing...
--
pplf - French OpenPGP page "OpenPGP en francais"
http://www.openpgp.fr.st
pplf@wanadoo.fr
"Microsoft solutions aren't solutions. They are problems" C.Casteyde
From cova@ferrara.linux.it Mon Sep 23 17:36:01 2002
From: cova@ferrara.linux.it (Fabio Coatti)
Date: Mon Sep 23 16:36:01 2002
Subject: RPMs
In-Reply-To: <3D8F21D6.4080008@wanadoo.fr>
References: <200209230923.23772.rtilley@vt.edu> <20020923134125.B85722572B@hobbes.wired> <3D8F21D6.4080008@wanadoo.fr>
Message-ID: <20020923143618.F2840A8CB@hobbes.wired>
Il 16:14, lunedì 23 settembre 2002, pplf ha scritto:
> Fabio Coatti wrote:
> > I've tested the RPMS on Mdk82 and the upgrade went just fine. I'm placing
> > the RPMS on line just now.
>
> Where are these RPMS ? ftp://crypto.ferrara.linux.it/pub/gpg/ has
> nothing...
Try now :))
--
Fabio Coatti http://www.ferrara.linux.it/members/cova
Ferrara Linux Users Group http://ferrara.linux.it
GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703
Old SysOps never die... they simply forget their password.
From cova@ferrara.linux.it Mon Sep 23 17:57:02 2002
From: cova@ferrara.linux.it (Fabio Coatti)
Date: Mon Sep 23 16:57:02 2002
Subject: RPMs
In-Reply-To: <200209231043.48509.rtilley@vt.edu>
References: <200209230923.23772.rtilley@vt.edu> <20020923143618.F2840A8CB@hobbes.wired> <200209231043.48509.rtilley@vt.edu>
Message-ID: <20020923145726.8CDCAA8CB@hobbes.wired>
Il 16:43, lunedì 23 settembre 2002, hai scritto:
> Do the rpms have md5sums?
They are signed with my own key; the subkey taht I've used is quite new, so
I'm uploading now to the keyservers. Anyway, the sums are the following:
6951f30e067fcbfe42ffb8c81e88b772 gnupg-1.2.0-1.src.rpm
2ef28bb0243feb7cf9b04aade7485a24 gnupg-1.2.0-1.i386.rpm
84358730e036a29935582914c1467113 gnupg-1.2.0-1mdk82.i586.rpm
I'm sending my key directly to you.
--
Fabio Coatti http://www.ferrara.linux.it/members/cova
Ferrara Linux Users Group http://ferrara.linux.it
GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703
Old SysOps never die... they simply forget their password.
From pplf@wanadoo.fr Mon Sep 23 18:06:02 2002
From: pplf@wanadoo.fr (pplf)
Date: Mon Sep 23 17:06:02 2002
Subject: RPMs
References: <200209230923.23772.rtilley@vt.edu> <20020923143618.F2840A8CB@hobbes.wired> <200209231043.48509.rtilley@vt.edu> <20020923145726.8CDCAA8CB@hobbes.wired>
Message-ID: <3D8F2E93.1030506@wanadoo.fr>
Fabio Coatti wrote:
> I'm sending my key directly to you.
As the mainainer of the official RPM GnuPg version, is your PGP key
signed by Werner koch ?
--
pplf - French OpenPGP page "OpenPGP en francais"
http://www.openpgp.fr.st
pplf@wanadoo.fr
"Microsoft solutions aren't solutions. They are problems" C.Casteyde
From robin@kallisti.2y.net Mon Sep 23 18:09:02 2002
From: robin@kallisti.2y.net (Robin)
Date: Mon Sep 23 17:09:02 2002
Subject: ARRRGHHH Had GPG working, now it doesnt.
In-Reply-To: <200209010554.g815s0ki010833@orion.dwf.com>
References: <200209010554.g815s0ki010833@orion.dwf.com>
Message-ID: <20020923145439.GG8630@kallisti.2y.net>
--aZoGpuMECXJckB41
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Aug 31, 2002 at 11:54:00PM -0600, Reg Clemens wrote:
> Signature made Thu Aug 29 00:27:17 2002 MDT using DSA key ID BDDF=
997A
> Can't check signature: public key not found
Catching up on old email...
I have the same problem. 1.0.6 used to automatically look up on a
keyserver for the key, which was very handy for reading lists where
people signed messages. 1.0.7, and I just tested 1.2.0 don't do this (a
pity, it was a very Good Thing IMHO).
Is there any way to turn this on again? My ~/.gnupg/options simply
consists of:
keyserver pgp.mit.edu
I remember having a brief foray into the manual, to no avail.
--=20
Robin JabberID:
Hostes alienigeni me abduxerunt. Qui annus est?
PGP Key 0x768B8765 Fingerprint=3D33C8 EA9C 61F1 F117 EEED 24A5 3BCE 4F77 76=
8B 8765
--aZoGpuMECXJckB41
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9jysuO85Pd3aLh2URAscgAJwLBUAf2Wv7wpmdoqhRRxFgVXW0UwCeKdmH
YSEngfNiVpQBGGq/vgGITx4=
=Xg1a
-----END PGP SIGNATURE-----
--aZoGpuMECXJckB41--
From cova@ferrara.linux.it Mon Sep 23 18:10:02 2002
From: cova@ferrara.linux.it (Fabio Coatti)
Date: Mon Sep 23 17:10:02 2002
Subject: RPMs
In-Reply-To: <3D8F2E93.1030506@wanadoo.fr>
References: <200209230923.23772.rtilley@vt.edu> <20020923145726.8CDCAA8CB@hobbes.wired> <3D8F2E93.1030506@wanadoo.fr>
Message-ID: <20020923151048.1DE29A8CB@hobbes.wired>
Il 17:09, lunedì 23 settembre 2002, pplf ha scritto:
> Fabio Coatti wrote:
> > I'm sending my key directly to you.
>
> As the mainainer of the official RPM GnuPg version, is your PGP key
> signed by Werner koch ?
Unfortunately Werner has the policy to sign keys only when he can see some
document (ID cards, passport..) and I've been to Germany, but not close
enough to Werner to allow me to visit him :))
--
Fabio Coatti http://www.ferrara.linux.it/members/cova
Ferrara Linux Users Group http://ferrara.linux.it
GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703
Old SysOps never die... they simply forget their password.
From dshaw@jabberwocky.com Mon Sep 23 18:16:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Mon Sep 23 17:16:02 2002
Subject: ARRRGHHH Had GPG working, now it doesnt.
In-Reply-To: <20020923145439.GG8630@kallisti.2y.net>
References: <200209010554.g815s0ki010833@orion.dwf.com> <20020923145439.GG8630@kallisti.2y.net>
Message-ID: <20020923151650.GE8805@akamai.com>
On Tue, Sep 24, 2002 at 02:54:39AM +1200, Robin wrote:
> On Sat, Aug 31, 2002 at 11:54:00PM -0600, Reg Clemens wrote:
> > Signature made Thu Aug 29 00:27:17 2002 MDT using DSA key ID BDDF997A
> > Can't check signature: public key not found
> Catching up on old email...
> I have the same problem. 1.0.6 used to automatically look up on a
> keyserver for the key, which was very handy for reading lists where
> people signed messages. 1.0.7, and I just tested 1.2.0 don't do this (a
> pity, it was a very Good Thing IMHO).
> Is there any way to turn this on again? My ~/.gnupg/options simply
> consists of:
> keyserver pgp.mit.edu
> I remember having a brief foray into the manual, to no avail.
Put this in your options file:
keyserver-options auto-key-retrieve
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
From Josh Huber Mon Sep 23 18:30:02 2002
From: Josh Huber (Josh Huber)
Date: Mon Sep 23 17:30:02 2002
Subject: RPMs
In-Reply-To: <20020923151048.1DE29A8CB@hobbes.wired> (Fabio Coatti's message
of "Mon, 23 Sep 2002 17:10:47 +0200")
References: <200209230923.23772.rtilley@vt.edu>
<20020923145726.8CDCAA8CB@hobbes.wired> <3D8F2E93.1030506@wanadoo.fr>
<20020923151048.1DE29A8CB@hobbes.wired>
Message-ID: <87n0q8vi2i.fsf@mail.paradoxical.net>
Fabio Coatti writes:
> Unfortunately Werner has the policy to sign keys only when he can
^^^^^^^^^^^^^
> see some document (ID cards, passport..)
You must mean fortunately, right? :)
You say it like it's a bad policy.
--
Josh Huber
From cova@ferrara.linux.it Mon Sep 23 18:36:02 2002
From: cova@ferrara.linux.it (Fabio Coatti)
Date: Mon Sep 23 17:36:02 2002
Subject: RPMs
In-Reply-To: <87n0q8vi2i.fsf@mail.paradoxical.net>
References: <200209230923.23772.rtilley@vt.edu> <20020923151048.1DE29A8CB@hobbes.wired> <87n0q8vi2i.fsf@mail.paradoxical.net>
Message-ID: <20020923153706.C5CC625739@hobbes.wired>
Il 17:31, lunedì 23 settembre 2002, Josh Huber ha scritto:
> Fabio Coatti writes:
> > Unfortunately Werner has the policy to sign keys only when he can
>
> ^^^^^^^^^^^^^
>
> > see some document (ID cards, passport..)
>
> You must mean fortunately, right? :)
>
> You say it like it's a bad policy.
You're right. My english is not so good and sometimes (too often, I fear) I
make mistakes like this. "Unfortunately" is referred to the fact that is very
difficult for me to have my keys signed by Werner :))
--
Fabio Coatti http://www.ferrara.linux.it/members/cova
Ferrara Linux Users Group http://ferrara.linux.it
GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703
Old SysOps never die... they simply forget their password.
From norbert@luenow.de Mon Sep 23 19:01:02 2002
From: norbert@luenow.de (=?iso-8859-1?Q?Norbert_L=FCnow?=)
Date: Mon Sep 23 18:01:02 2002
Subject: export private key
In-Reply-To: <20020923153706.C5CC625739@hobbes.wired>
Message-ID: <000001c2631a$bd2f7a20$18c30a0a@big>
hallo,
I am a new user of gnupg and find that it works fine. Thinking about the
security of the system without having detailed knowledges of it a thought
came into my mind which I would like to reflect:
I think the system is very safe until somebody has access to your system.
There is nothing easier then to export the private key and do what he wants
to do with it.
Why is gnupg not asking for the passphrase before it exports the private
key???
I would feel much safer (I think thats no correct english but I cant express
me better :) or is the a mistake in my thoughts?
ru, norbert
From Martin Schoch Mon Sep 23 19:15:02 2002
From: Martin Schoch (Martin Schoch)
Date: Mon Sep 23 18:15:02 2002
Subject: Signature as attachment ?
Message-ID: <1785884481.20020923181547@compuserve.com>
Hallo list,
Sometimes I got a signed message - but the signature is shown
as attachment - and in this way my EMail client isn't able to
check the signature...
It this standard or is my client not smart enough?
--
Best regards,
Martin mailto:maschoch@compuserve.com
From johan-gnupg@almqvist.net Mon Sep 23 19:15:06 2002
From: johan-gnupg@almqvist.net (Johan Almqvist)
Date: Mon Sep 23 18:15:06 2002
Subject: export private key
In-Reply-To: <000001c2631a$bd2f7a20$18c30a0a@big>
References: <20020923153706.C5CC625739@hobbes.wired> <000001c2631a$bd2f7a20$18c30a0a@big>
Message-ID: <20020923161652.GB19935@almqvist.net>
--kXdP64Ggrk/fb43R
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Please do not start new threads by replying to unrelated messages.
* Norbert L=FCnow [020923 18:02]:
> I think the system is very safe until somebody has access to your system.
> There is nothing easier then to export the private key and do what he wan=
ts
> to do with it.
What can the intruder do with the "stolen" private key without your
passphrase?
> Why is gnupg not asking for the passphrase before it exports the private
> key???
Because the intruder can steal the file secring.gpg instead?
-Johan
--=20
Johan Almqvist
--kXdP64Ggrk/fb43R
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9jz50EVwMevfaF0sRArY2AJ9WKIb2xU5qDLicgDe2uv1iKzj1xACeNBk3
0taIRaJibiUuWzmRPMjI8gk=
=74OJ
-----END PGP SIGNATURE-----
--kXdP64Ggrk/fb43R--
From jharris@widomaker.com Mon Sep 23 19:46:02 2002
From: jharris@widomaker.com (Jason Harris)
Date: Mon Sep 23 18:46:02 2002
Subject: RPMs
In-Reply-To: <20020923145726.8CDCAA8CB@hobbes.wired>
References: <200209230923.23772.rtilley@vt.edu> <20020923143618.F2840A8CB@hobbes.wired> <200209231043.48509.rtilley@vt.edu> <20020923145726.8CDCAA8CB@hobbes.wired>
Message-ID: <20020923164628.GA1695@pm7-21.lft.widomaker.com>
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Sep 23, 2002 at 04:57:25PM +0200, Fabio Coatti wrote:
> They are signed with my own key; the subkey taht I've used is quite new, =
so=20
> I'm uploading now to the keyservers. Anyway, the sums are the following:
(I don't see it on any of them yet. Which one(s) did you use?)
> 6951f30e067fcbfe42ffb8c81e88b772 gnupg-1.2.0-1.src.rpm
> 2ef28bb0243feb7cf9b04aade7485a24 gnupg-1.2.0-1.i386.rpm
> 84358730e036a29935582914c1467113 gnupg-1.2.0-1mdk82.i586.rpm
Signing your message(s) would be good, esp. when checksums are involved.
> I'm sending my key directly to you.
[for everyone else]
It looks like it has been at:
http://www.ferrara.linux.it/members/cova/0x5374C703.asc
since yesterday.
--=20
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web: http://jharris.cjb.net/
--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (FreeBSD)
iD8DBQE9j0VjSypIl9OdoOMRArdpAJwPQGx+ND9RTy6zzX0KsUolgOgImgCgrFEB
ydsD4IJgILedLknXIvJwbyI=
=FXVV
-----END PGP SIGNATURE-----
--VS++wcV0S1rZb1Fb--
From Martin Schoch