From heiko.teichmeier@sw-meerane.de Mon Sep 1 08:21:02 2003 From: heiko.teichmeier@sw-meerane.de (Heiko Teichmeier) Date: Mon Sep 1 07:21:02 2003 Subject: Generating keys for several email addresses. In-Reply-To: <20030830042523.GA914@benfinney.id.au> References: <3F500F93.7050009@netcabo.pt> <20030830042523.GA914@benfinney.id.au> Message-ID: <3F52D6E3.90000@sw-meerane.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ben Finney schrieb: > On 30-Aug-2003, Ricardo Tedim wrote: > >>I have three email addresses and I would like to use a single secret >>keyring associated to all of them. >>[...] >>A single key with all my email addresses associated to it (is it >>possible?)? > > > Certainly. You can have multiple "uid" records on a single key, and > this is the recommended way to show multiple identifiers for the same > person on the key. > > > Ok, but I'd heard that these feature is not PGP-kompatible - or is it not so? I had want to use a key with multiple identities too, but I want to be compatible to PGP. - -- Mit freundlichen Gr=FC=DFen Stadtwerke Meerane GmbH Teichmeier Netzmeister NB Elt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ heiko.teichmeier@sw-meerane.de Tel: +49 3764 791720 Fax: +49 3764 791719 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.sw-meerane.de ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *************************************** * !!! Achtung !!! * * Neuer GPG-Schl=FCssel in Gebrauch * *************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/UtbiPUJoyhqxajsRAv9EAJ0Xz2+E6ULjbaskMMSN3/nSMgZ1cgCfc3wU qGZm+jU/ypy3BjimDR9zqto=3D =3DM1s2 -----END PGP SIGNATURE----- From ben@benfinney.id.au Mon Sep 1 10:06:02 2003 From: ben@benfinney.id.au (Ben Finney) Date: Mon Sep 1 09:06:02 2003 Subject: Generating keys for several email addresses. In-Reply-To: <3F52D6E3.90000@sw-meerane.de> References: <3F500F93.7050009@netcabo.pt> <20030830042523.GA914@benfinney.id.au> <3F52D6E3.90000@sw-meerane.de> Message-ID: <20030901070723.GD15634@benfinney.id.au> --WChQLJJJfbwij+9x Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 01-Sep-2003, Heiko Teichmeier wrote: > Ben Finney schrieb: > > Certainly. You can have multiple "uid" records on a single key, and > > this is the recommended way to show multiple identifiers for the > > same person on the key. > > Ok, but I'd heard that these feature is not PGP-kompatible - or is it > not so? PGP doesn't do subkeys or multiple UIDs, AFAIK; you won't be able to take your GPG key and use it in PGP without some loss of information. However, the public-key, signature and encryption blocks generated are still compatible with the PGP protocol, and readable by PGP clients. --=20 \ "For my birthday I got a humidifier and a de-humidifier. I put | `\ them in the same room and let them fight it out." -- Steven | _o__) Wright | Ben Finney --WChQLJJJfbwij+9x Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj9S8CoACgkQt6wuUb1BcUvPBACeL+NA9biuiQlDh7x17O+F9XZU 32kAmwbj4CTF6syKhVmIagwo9i48Aber =ozIt -----END PGP SIGNATURE----- --WChQLJJJfbwij+9x-- From JPClizbe@Comcast.net Mon Sep 1 12:08:01 2003 From: JPClizbe@Comcast.net (John Clizbe) Date: Mon Sep 1 11:08:01 2003 Subject: Generating keys for several email addresses. In-Reply-To: <20030901070723.GD15634@benfinney.id.au> References: <3F500F93.7050009@netcabo.pt> <20030830042523.GA914@benfinney.id.au> <3F52D6E3.90000@sw-meerane.de> <20030901070723.GD15634@benfinney.id.au> Message-ID: <3F530CB5.5010907@Comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ben Finney wrote: > PGP doesn't do subkeys or multiple UIDs, AFAIK; you won't be able to > take your GPG key and use it in PGP without some loss of information. > However, the public-key, signature and encryption blocks generated are > still compatible with the PGP protocol, and readable by PGP clients. > Subkey, no. Multiple UIDs and photo UID, Yes. From within PGPKeys, navigate Keys --> Add --> Name to add an additional UID. It will then ask you for name and email address. Fill it in and click OK. Wouldn't hurt to self-sign the new UID either. All UIDs on my key were created with PGP 7.03 & 8.02. Then I copy & paste into GPGshell. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/UwyxHQSsSmCNKhARApYhAJ9odWdXC7rHU2f0zSA1NTjphsFtEgCgiyiO Ptw3Apl6nkIr1fjWB2xwW+g= =/fgS -----END PGP SIGNATURE----- From hrueda@telebucaramanga.com.co Tue Sep 2 01:57:02 2003 From: hrueda@telebucaramanga.com.co (Humberto Rueda) Date: Tue Sep 2 00:57:02 2003 Subject: Encryption takes 20 seconds !! Message-ID: I'm trying to encrypt a file with only 1 line (no more than 100 characters) with the following command: echo mypassphrase | gpg -a -se --passphrase-fd 0 --yes --force-v3-sigs -u 5509C4C5 --always-trust -r 39A83377 --output q.gpg q and it takes 18-20 seconds to finish. GPG was installed on a Sun machine with Solaris environment on it. What could be the reason? _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From ben@benfinney.id.au Tue Sep 2 04:57:02 2003 From: ben@benfinney.id.au (Ben Finney) Date: Tue Sep 2 03:57:02 2003 Subject: Encryption takes 20 seconds !! In-Reply-To: References: Message-ID: <20030902015844.GB375@benfinney.id.au> --p4qYPpj5QlsIQJ0K Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 01-Sep-2003, Humberto Rueda wrote: > [encryption of a single line] takes 18-20 seconds to finish. GPG was > installed on a Sun machine with Solaris environment on it. >=20 > What could be the reason? What is the CPU, and what speed is it running at? Perhaps it is slow at doing anything CPU-intensive. What is the keysize? Larger keysizes take (exponentially?) longer to work with. What is the version of Solaris? Does the version of Solaris have non-blocking entropy generation? Perhaps GPG is waiting for more entropy from the OS and is blocking. (I don't know what entropy services are available in Solaris.) --=20 \ "If you write the word 'monkey' a million times, do you start | `\ to think you're Shakespeare?" -- Steven Wright | _o__) | Ben Finney --p4qYPpj5QlsIQJ0K Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj9T+VMACgkQt6wuUb1BcUtwCwCeIzBYtw8mahmoaw7e6fymLnyY +5wAn3L3V2hgYtgqeDn7E3Zbcv6R4zXf =H/rx -----END PGP SIGNATURE----- --p4qYPpj5QlsIQJ0K-- From osxvoodoo@hotmail.com Tue Sep 2 12:24:01 2003 From: osxvoodoo@hotmail.com (osxvoodoo) Date: Tue Sep 2 11:24:01 2003 Subject: Key import - time warp or clock problem Message-ID: After badgering one of my cohorts for over a year, I finally managed to get him to start using GPG - Mac OS X. I spent the better part of the day today getting everything together for him - so he would have an easy time installing GPG. He is quite the newbie and gives up VERY easy... so all it would take would be one "type this in the terminal" and he would give up on the whole process. Just the facts - I have no control. He is in a remote location so I can't help him locally. Anyway - I created a nice little shell script to get him up and running, help him generate his key, send it to the keyserver, then retrieve my key from the server. All went well with the script (I tested it several times and have over 10+ years of PGP/GPG experience). So I go and retrieve his key from the keyserver, and first of all it won't import. I keep getting this error: key XXXXXXX has been created 4133 seconds in future (time warp or clock problem) After messing with it a bit I managed to get it imported. Then I started looking at the key and noticed he has no subkey. This is what I get if I do a --list-keys gpg: key XXXXXXXX has been created 4133 seconds in future (time warp or clock problem) pub 1024D/XXXXXXXX 2003-09-01 Mr. Name Thats it - no subkey listed! So what now... how do I get him out of this mess with the least amount of trouble on his end? What needs to be done to his key? From avbidder@fortytwo.ch Tue Sep 2 12:42:02 2003 From: avbidder@fortytwo.ch (Adrian von Bidder) Date: Tue Sep 2 11:42:02 2003 Subject: Encryption takes 20 seconds !! In-Reply-To: <20030902015844.GB375@benfinney.id.au> References: <20030902015844.GB375@benfinney.id.au> Message-ID: <200309021142.58581@fortytwo.ch> --Boundary-02=_iYGV/wJ8pVB8dFz Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Tuesday 02 September 2003 03:58, Ben Finney wrote: > On 01-Sep-2003, Humberto Rueda wrote: > > [encryption of a single line] takes 18-20 seconds to finish. GPG was > > installed on a Sun machine with Solaris environment on it. > > > > What could be the reason? > > What is the CPU, and what speed is it running at? Perhaps it is slow at > doing anything CPU-intensive. SPARC without hardware multiplication? GPG compiled for a SPARC without hw= =20 mul? (I know that ssl speeds up by something like 10 fold when the compiler= =20 is told to use SPARC with hwmul - search in the debian lists for the=20 discussion, was quite a while ago). greetings =2D- vbi =2D-=20 featured link: http://fortytwo.ch/gpg/subkeys --Boundary-02=_iYGV/wJ8pVB8dFz Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iKcEABECAGcFAj9UZiJgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l66jcAn1/mfOX9G9mFDkBI1ewP2MOq VNlpAKC/Ak9ZHjpDsxthI5UgUAXzpVzqcA== =GC38 -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.5&md5sum=5dff868d11843276071b25eb7006da3e --Boundary-02=_iYGV/wJ8pVB8dFz-- From dshaw@jabberwocky.com Tue Sep 2 15:38:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Sep 2 14:38:01 2003 Subject: Key import - time warp or clock problem In-Reply-To: References: Message-ID: <20030902123911.GA10203@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Sep 01, 2003 at 07:04:33PM -0400, osxvoodoo wrote: > After badgering one of my cohorts for over a year, I finally managed to > get him to start using GPG - Mac OS X. I spent the better part of the > day today getting everything together for him - so he would have an > easy time installing GPG. He is quite the newbie and gives up VERY > easy... so all it would take would be one "type this in the terminal" > and he would give up on the whole process. Just the facts - I have no > control. He is in a remote location so I can't help him locally. > > Anyway - I created a nice little shell script to get him up and > running, help him generate his key, send it to the keyserver, then > retrieve my key from the server. All went well with the script (I > tested it several times and have over 10+ years of PGP/GPG experience). > So I go and retrieve his key from the keyserver, and first of all it > won't import. I keep getting this error: > > key XXXXXXX has been created 4133 seconds in future (time warp or clock > problem) > > After messing with it a bit I managed to get it imported. Then I > started looking at the key and noticed he has no subkey. This is what I > get if I do a --list-keys > > gpg: key XXXXXXXX has been created 4133 seconds in future (time warp or > clock problem) > pub 1024D/XXXXXXXX 2003-09-01 Mr. Name > > Thats it - no subkey listed! > > So what now... how do I get him out of this mess with the least amount > of trouble on his end? > What needs to be done to his key? Two problems: 1) His clock is a little over an hour fast... or your clock is a little over an hour slow. It's not much of a problem since the warning message should go away after an hour when the clocks catch up with each other, but he (or you) should fix the clocks anyway. 2) He needs an encryption subkey, so he needs to do: gpg --edit mrname@isp.com addkey (type passphrase) 3 (pick a size. The default is reasonable). (pick an expiration date. The default is reasonable). y y quit y David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9Uj28qGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJiYIAn3p1akBGv2q3QB8VF7w0yikuFo/rAJ9O x0qrowuWJiDDFhddb3XYmuWJRA== =9HSC -----END PGP SIGNATURE----- From shavital@netbox.com Tue Sep 2 17:43:02 2003 From: shavital@netbox.com (Charly Avital) Date: Tue Sep 2 16:43:02 2003 Subject: Key import - time warp or clock problem In-Reply-To: References: Message-ID: --============_-1149608579==_ma============ Content-Type: text/plain; charset="us-ascii" Have you enabled, at your end, the following two options (quoting from man gpg): --ignore-time-conflict GnuPG normally checks that the timestamps associated with keys and signatures have plausi- ble values. However, sometimes a signature seems to be older than the key due to clock problems. This option makes these checks just a warning. See also --ignore-valid-from for timestamp issues on subkeys. --ignore-valid-from GnuPG normally does not select and use subkeys created in the future. This option allows the use of such keys and thus exhibits the pre-1.0.7 behaviour. You should not use this option unless you there is some clock problem. See also --ignore-time-conflict for timestamp issues with signatures. The fact that the key shows now subkey might be due to: - it's a "legacy" key, without subkey. Or, - because of the possible time problem ("GnuPG normally does not select and use subkeys created in the future"...). Charly Mac OS 10.2.6 - Gnupg 1.2.3 At 7:04 PM -0400 9/1/03, osxvoodoo wrote: [...] > >key XXXXXXX has been created 4133 seconds in future (time warp or clock >problem) > >After messing with it a bit I managed to get it imported. Then I >started looking at the key and noticed he has no subkey. This is what I >get if I do a --list-keys > >gpg: key XXXXXXXX has been created 4133 seconds in future (time warp or >clock problem) >pub 1024D/XXXXXXXX 2003-09-01 Mr. Name > >Thats it - no subkey listed! > >So what now... how do I get him out of this mess with the least amount >of trouble on his end? >What needs to be done to his key? [...] --============_-1149608579==_ma============ Content-Type: text/html; charset="us-ascii" Re: Key import - time warp or clock problem
Have you enabled, at your end, the following two options (quoting from man gpg):
 --ignore-time-conflict
        GnuPG  normally  checks  that  the   timestamps
               associated with keys and signatures have plausi-
               ble  values.   However,  sometimes  a signature
               seems  to  be  older  than  the key due to clock
               problems.  This option makes these checks just a
               warning.    See   also --ignore-valid-from  for
                timestamp issues on subkeys.

--ignore-valid-from
                GnuPG normally does not select and  use  subkeys
               created in  the future.  This option allows the
                use of such keys and thus exhibits the pre-1.0.7
               behaviour.   You  should  not  use this  option
                unless you there is  some  clock  problem.   See
               also --ignore-time-conflict for timestamp issues
                with signatures.


The fact that the key shows now subkey might be due to:
- it's a "legacy" key, without subkey.
Or,
- because of the possible time problem ("GnuPG normally does not select and use subkeys created in the future"...).

Charly
Mac OS 10.2.6 - Gnupg 1.2.3

At 7:04 PM -0400 9/1/03, osxvoodoo wrote:
[...]
>
>key XXXXXXX has been created 4133 seconds in future (time warp or clock
>problem)
>
>After messing with it a bit I managed to get it imported. Then I
>started looking at the key and noticed he has no subkey. This is what I
>get if I do a --list-keys
>
>gpg: key XXXXXXXX has been created 4133 seconds in future (time warp or
>clock problem)
>pub  1024D/XXXXXXXX 2003-09-01 Mr. Name <mrname@isp.com>
>
>Thats it - no subkey listed!
>
>So what now... how do I get him out of this mess with the least amount
>of trouble on his end?
>What needs to be done to his key?
[...]
--============_-1149608579==_ma============-- From vedaal@hush.com Tue Sep 2 18:15:01 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Tue Sep 2 17:15:01 2003 Subject: feature request // showing the session key of an encrypted message as it is being used to encrypt Message-ID: <200309021516.h82FGlTK070843@mailserver3.hushmail.com> would it be possible to have an option for GnuPG to display the session key as it is being used to encrypt the message? this way, the sender would be able to store the message sent, together with the session key used (both stored together, encrypted, if desired by the sender) so that, at some later time, the sender can have a way of remembering what was sent (this can be done now by saving the plaintext with the message, but is not the same as actually being able to decrypt what was sent) with Respect, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From jbruni@mac.com Tue Sep 2 18:35:02 2003 From: jbruni@mac.com (Joseph Bruni) Date: Tue Sep 2 17:35:02 2003 Subject: feature request // showing the session key of an encrypted message as it is being used to encrypt In-Reply-To: <200309021516.h82FGlTK070843@mailserver3.hushmail.com> Message-ID: <1FEA39FC-DD5B-11D7-8CFC-003065B1243E@mac.com> Encrypt the message to both your key as well as the recipient. Then you can decrypt the message at your leisure. The session key would then be protected by your private key. On Tuesday, September 2, 2003, at 08:16 AM, vedaal@hush.com wrote: > this way, the sender would be able to store the message sent, together > with the session key used > (both stored together, encrypted, if desired by the sender) > so that, at some later time, the sender can have a way of remembering > what was sent From eleuteri@myrealbox.com Tue Sep 2 19:08:02 2003 From: eleuteri@myrealbox.com (David Picon Alvarez) Date: Tue Sep 2 18:08:02 2003 Subject: feature request // showing the session key of an encrypted message as it is being used to encrypt References: <200309021516.h82FGlTK070843@mailserver3.hushmail.com> Message-ID: <003401c3716b$93fc2300$b19d87d9@enterprise> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > would it be possible to have an option for GnuPG to display the session > key as it is being used to encrypt the message? AFAIK, there is an option to do this. From the man. - --show-session-key Display the session key used for one message. See --override-session-key for the counterpart of this option. HTH, - --David. -----BEGIN PGP SIGNATURE----- Comment: This message is digitally signed and can be verified for authenticity. iQIVAwUBP1S/GKYOp7uFKb/EAQLbEw/+IaRZfiyJvfJMCTAVLA4KeNknu/z6LJO5 LIQhjxDtLaplZEBqX+7eHb2M2W5ucBAlo8exKSUOkfM5A9j3aJH6yLw4JN3XYg+p xQVXFTbwQl8KqwFqdZh2GPvLVDOvABerC8NqVJBQdglPIHf/0jaEvG5p8xpUclZT tSDLF9AyJ/n+rJXZ21S2nDnaGVIcPUnJJXwIdDoJZbFWDebeYh16qXS8fMDSHudv un1Q7u4OYj9dwGEc8onS5SsGqblG5oNVdEO/iKMN0g34dsFSPaHQQ+yFVz8q9z+X ek5ZKBMHbIM7GR9CApXpUIieJII0DMyWbEFmK4Xt/sny9+biCrEALL1zolkL0Gl2 iqhMW/yLM9xFwSfbYAUBgD8ImBWlFfckDnetVQyc5JPGy3BRsnUPpKSoTcW0LpoT mH9DXhSOjS1vfSoHALwTtyPWebACGoeoTOn+VSvN64I2xZahBDN4GY54REvr8RRc CRVar72IoNFtDPHcVgsWHLC3lzUhMbzKhfP4AxBg70fN8mnF75pvkmzncAZ8Mht/ kfajpMZtIvJab4WBLsJunzqCpq042N2H450sSi2ZkyoBvMd/7hWlMnZacEwALx+n iyJHYeppY+8ErofZOY7m1sUoZzEoBL9vPyaHQ3Fkxx0XJSC7x/6HRc4qP4Ftrayg pzUmH46Wp+o= =+WpW -----END PGP SIGNATURE----- From aapo.anderson@plaana.fi Wed Sep 3 08:51:01 2003 From: aapo.anderson@plaana.fi (Aapo Anderson) Date: Wed Sep 3 07:51:01 2003 Subject: upgrading gnupg Message-ID: <3F55821A.9020404@plaana.fi> I was looking through the thread's in the past few months, but didn't find anything on the subject. I'm using gnupg in the W2K-environment and want to upgrade gnupg from 1.2.2 to 1.2.3. Do I just unpack and put the new files on the old files in the my gnupg-directory? Will my old keys, created in 1.2.2 work properly with 1.2.3? Just wondering since I've had problems with my key's in different versions of gnupg. Thanks! AA From JPClizbe@Comcast.net Wed Sep 3 10:50:02 2003 From: JPClizbe@Comcast.net (John Clizbe) Date: Wed Sep 3 09:50:02 2003 Subject: upgrading gnupg In-Reply-To: <3F55821A.9020404@plaana.fi> References: <3F55821A.9020404@plaana.fi> Message-ID: <3F559D57.1010808@Comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aapo Anderson wrote: > I was looking through the thread's in the past few months, but didn't > find anything on the subject. > > I'm using gnupg in the W2K-environment and want to upgrade gnupg from > 1.2.2 to 1.2.3. Do I just unpack and put the new files on the old files > in the my gnupg-directory? Will my old keys, created in 1.2.2 work > properly with 1.2.3? Just wondering since I've had problems with my > key's in different versions of gnupg. > > Thanks! > > AA That's all there is too it. gnupg.org distros all live in one directory. Nullify build have directories for Doc, Lib, and Locale files. unzip to a temp folder and drag to the proper new home. Backup *.gpg and gpg.conf files just to be safe. I also take the time to export the trustdb, do the --update-trustdb maintenance; and run gpg --rebuild-keydb-caches a couple times. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) - GPGshell v2.90 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/VZ0cHQSsSmCNKhARArLZAKC9Ti2gNVgBMMpXGc61ZmArSzNGdQCg+YCn mcYVfPlx4gzlovCZmB4yJyE= =5Ype -----END PGP SIGNATURE----- -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) From rallister@altern.org Wed Sep 3 11:37:01 2003 From: rallister@altern.org (Richard Allister) Date: Wed Sep 3 10:37:01 2003 Subject: gnupg + Outlook howto Message-ID: <3F55A879.2030702@altern.org> hi@all, can someone please give a link to a good plugin that gives me the opportunity to use gpg with MS Outlook 2000 ! Thanks in advance for your reply and best regards ! Richard From osxvoodoo@hotmail.com Wed Sep 3 12:35:02 2003 From: osxvoodoo@hotmail.com (osxvoodoo) Date: Wed Sep 3 11:35:02 2003 Subject: Key import - time warp or clock problem Message-ID: Thx for the info guys! The problem resolved itself after an hour or so. My clock is set fine so it must be his clock. Even the proper sub-id showed up fine after XX time. - thx From admin@petridish.org Wed Sep 3 15:32:01 2003 From: admin@petridish.org (Admin @ Petridish.org) Date: Wed Sep 3 14:32:01 2003 Subject: Key import - time warp or clock problem Message-ID: <200309031245.h83CjWp10911@unixhost101.spider.web.com> Hello, I was wondring if someone could point me to an online doc on how to set a different hash algo in gpg I spent a while sniffing around on the net - to no avail. If there isisnt a manual or faq that explains it, would someone mind laying out a thumbnail sketch of how to do it? I have heard that sha1 has been broken and I wanted to begin using md5 -respectfully john From admin@petridish.org Wed Sep 3 15:58:01 2003 From: admin@petridish.org (Admin @ Petridish.org) Date: Wed Sep 3 14:58:01 2003 Subject: Changing the Hash algo in gpg1.2.3 Message-ID: <200309031311.h83DBKp22720@unixhost101.spider.web.com> I am sorry I sent this on another thread by mistake. Please forgive me (won't happen again) (posting b4 coffee) here was my question, now that it has a more aptly named title Hello, I was wondring if someone could point me to an online doc on how to set a different hash algo in gpg I spent a while sniffing around on the net - to no avail. If there isisnt a manual or faq that explains it, would someone mind laying out a thumbnail sketch of how to do it? I have heard that sha1 has been broken and I wanted to begin using md5 -respectfully john From vedaal@hush.com Wed Sep 3 16:09:02 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Wed Sep 3 15:09:02 2003 Subject: feature request // showing the session key of an encrypted message as it is being used to encrypt Message-ID: <200309031310.h83DAat5005078@mailserver2.hushmail.com> >Message: 6 >Date: Tue, 2 Sep 2003 08:35:47 -0700 >Subject: Re: feature request // showing the session key of an encrypted >message as it is being used to encrypt >From: Joseph Bruni >To: gnupg-users@gnupg.org > >Encrypt the message to both your key as well as the recipient. Then >you >can decrypt the message at your leisure. The session key would then >be >protected by your private key. > > >On Tuesday, September 2, 2003, at 08:16 AM, vedaal@hush.com wrote: > >> this way, the sender would be able to store the message sent, >together >> with the session key used >> (both stored together, encrypted, if desired by the sender) >> so that, at some later time, the sender can have a way of remembering >> what was sent sorry, i should have been clearer in the original post, the point is, for messages where the sender doesn't want to encrypt to self, (or even to an anonymous key) but is sending an encrypted message encrypted to only one key (the receiver's), since GnuPG obviously knows which session key it is using for the symmetric encryption, and then is encrypting it to the receiver's key, it seemed like it might not be too much extra work to have an option to allow it to display the session key that it is using, and then the sender could save it tia, with Respect, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From sathishkumarbt@yahoo.com Wed Sep 3 16:10:03 2003 From: sathishkumarbt@yahoo.com (sathish kumar) Date: Wed Sep 3 15:10:03 2003 Subject: Helpp!!!!!!!!!!!!! Message-ID: <20030903131159.73346.qmail@web14602.mail.yahoo.com> --0-1880503178-1062594719=:73262 Content-Type: text/plain; charset=us-ascii hello friends, I want to unsubscribe from the group , So any can help me out about this Plzzzzzzzz sathish kumar bt --------------------------------- Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software --0-1880503178-1062594719=:73262 Content-Type: text/html; charset=us-ascii
hello friends,
                     I want to unsubscribe from the group ,
                      So any can help me out about this Plzzzzzzzz
                 sathish kumar bt

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software --0-1880503178-1062594719=:73262-- From dshaw@jabberwocky.com Wed Sep 3 16:17:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Sep 3 15:17:02 2003 Subject: Changing the Hash algo in gpg1.2.3 In-Reply-To: <200309031311.h83DBKp22720@unixhost101.spider.web.com> References: <200309031311.h83DBKp22720@unixhost101.spider.web.com> Message-ID: <20030903131842.GC23368@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 03, 2003 at 08:55:49AM -0500, Admin @ Petridish.org wrote: > I was wondring if someone could point me to an online doc on how to > set a different hash algo in gpg I spent a while sniffing around on > the net - to no avail. > > If there isisnt a manual or faq that explains it, would someone mind > laying out a thumbnail sketch of how to do it? > > I have heard that sha1 has been broken and I wanted to begin using > md5 It's the other way around. MD5 isn't broken, but there have been some weaknesses found in it. It's still vastly stronger than most people need, but people are tending to use SHA1 anyway. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9V6jIqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJ5nkAoKHzgfdihB57qqp3BRln0chbZDpDAKCB 6tMbELhWnq5EwqBF+4ZRottvzQ== =BIQo -----END PGP SIGNATURE----- From thomas@northernsecurity.net Wed Sep 3 16:38:02 2003 From: thomas@northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Wed Sep 3 15:38:02 2003 Subject: Changing the Hash algo in gpg1.2.3 In-Reply-To: <200309031311.h83DBKp22720@unixhost101.spider.web.com> References: <200309031311.h83DBKp22720@unixhost101.spider.web.com> Message-ID: <20030903133817.GB29060@northernsecurity.net> --gatW/ieO32f1wygP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 03, 2003 at 08:55:49AM -0500, Admin @ Petridish.org wrote: > I have heard that sha1 has been broken and I wanted to begin using md5 Where did you hear that? Unless the implementation is broken sha1 is more secure then md5. "[Sha1] is slightly slower than MD5, but the larger message digest makes=20 it more secure against brute-force collision and inversion attacks" [1]=20 [1] http://www.rsasecurity.com/rsalabs/faq/3-6-5.html /Thomas --=20 =3D=3D thomas@northernsecurity.net | thomas@se.linux.org =3D=3D Encrypted e-mails preferred | GPG KeyID: 114AA85C -- --gatW/ieO32f1wygP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/Ve7JEgljnRFKqFwRAqLiAKC+RtneMhGZOHI6R7p938vnW89vWACeLHyH /DMdY1lGCKvFCP+Zq9NZwb8= =V2KV -----END PGP SIGNATURE----- --gatW/ieO32f1wygP-- From admin@petridish.org Wed Sep 3 18:16:02 2003 From: admin@petridish.org (Admin @ Petridish.org) Date: Wed Sep 3 17:16:02 2003 Subject: Changing the Hash algo in gpg1.2.3 Message-ID: <200309031530.h83FUAp29041@unixhost101.spider.web.com> >> I have heard that sha1 has been broken and I wanted to begin using md5 > >Where did you hear that? I heard if from a friend I made on another mailing list that has nothing to do with encryption. He brought it up because my clear armored signature indicated that I was using sha1 but he was sincere enough that I figured I would go to 'source' and as this list. I can't find any evidence of Sha1 being compromised on the net and I appreciate the reassurance that Sha1 is the better hashing method. As I understand it, even with the birthday attack roughly equalizing the brute force needed the sha1 hash is still more secure. again, thank you for the clarification. -john From dlc@users.sourceforge.net Wed Sep 3 18:35:02 2003 From: dlc@users.sourceforge.net (darren chamberlain) Date: Wed Sep 3 17:35:02 2003 Subject: Key import - time warp or clock problem In-Reply-To: <200309031245.h83CjWp10911@unixhost101.spider.web.com> References: <200309031245.h83CjWp10911@unixhost101.spider.web.com> Message-ID: <5d01a4b35df9ed9456e6958848d7e9ae32283576@tumbleweed.boston.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Admin @ Petridish.org [2003-09-03 10:15]: > I was wondring if someone could point me to an online doc on how to > set a different hash algo in gpg I think you want the digest-algo option: --digest-algo name Use name as the message digest algorithm. Running the program with the command --version yields a list of supported algo- rithms. > If there isisnt a manual or faq that explains it, would someone mind > laying out a thumbnail sketch of how to do it? It's in the man page; search for digest-algo. > I have heard that sha1 has been broken and I wanted to begin using md5 I don't think either has been "broken". There is some speculation that multiple inputs might have the same md5 checksum, but as far as I know no one has come up with an example. I've heard that SHA-1 is less likely to produce those conflicts. (darren) - -- I believe in God, only I spell it Nature. -- Frank Lloyd Wright -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: This message is digitally signed and can be verified for authenticity. iD8DBQE/VgqCzsinjrVhZaoRAi/WAJ0TKstP0yZH7OM1ggMbAXeS7AMtWACfXq2V V1BcB+U4HkOB5C7N5k/DAOY= =IIkx -----END PGP SIGNATURE----- From robert.kerry@thephpsite.com Wed Sep 3 20:08:02 2003 From: robert.kerry@thephpsite.com (Robert Kerry) Date: Wed Sep 3 19:08:02 2003 Subject: Passphrase Message-ID: <001501c3723e$31ce2c40$0d02a8c0@AMARDOFFICE13> Hi, Is it possible to send the key passphrase to gnupg in the initial command when clearsigning to prevent an input prompt? e.g. /usr/bin/gpg --passphrase " --Boundary-02=_3kiV/tUiKO6EWoA Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline =2D-desig-revoke Generate a designated revocation certificate for a key. T= his allows a user (with the permission of the keyholder) = to revoke someone elses key. Is this a possible solution for revoking old keys that are simply out of us= e,=20 including those where the secret key has been lost? How does the keyholder authorise this remote revocation? If the secret key is still required, it can only be exported from a working= =20 GnuPG installation, so why the need for the remote option? How does this differ from the keyholder revoking the key locally? I can't find any info on this option, other than the brief man page sentenc= e=20 above. =2D-=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk http://www.dclug.org.uk http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 --Boundary-02=_3kiV/tUiKO6EWoA Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/Vik3iAEJSii8s+MRAgZtAKDfHMPXalYzwzk1+pwyQk3ZVMcQRgCffIBz dJRcQfqKuO36sjIoLU0Cayc= =QAP8 -----END PGP SIGNATURE----- --Boundary-02=_3kiV/tUiKO6EWoA-- From JPClizbe@Comcast.net Wed Sep 3 21:01:02 2003 From: JPClizbe@Comcast.net (John Clizbe) Date: Wed Sep 3 20:01:02 2003 Subject: Passphrase In-Reply-To: <001501c3723e$31ce2c40$0d02a8c0@AMARDOFFICE13> References: <001501c3723e$31ce2c40$0d02a8c0@AMARDOFFICE13> Message-ID: <3F562CBB.5000103@Comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Robert Kerry wrote: > Hi, > > Is it possible to send the key passphrase to gnupg in the initial > command when clearsigning to prevent an input prompt? > > e.g. > > /usr/bin/gpg --passphrase " > ??? > > Thanks for any help, > > > Rob The --passphrase-fd lets you specify any file descriptor as the source of the passphrase. "0" is stdin. You can send the passphrase through other file descriptors if you need to use stdin for your data. echo secret | gpg -e --passphrase-fd 0 ....... Searching the list archives for passphrase && stdin should give you a wealth of examples for just about any environment. 'passphrase' alone in the subject line produced around 340 matches. Although, if your going to save this command if a file somewhere, you'd be probably just as safe, and have an easier time implementing, if you used a key with no passphrase. 8-}( - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBP1YsuHhXEXG5/HPTAQGzKAf+LNMK8hG6ylwFtdpcfqLDC2MKiSWznKW8 DfGDkHeXkfP9stR7WHiBR8dyaSkzjubf+EEB/uXiifAJXr1HEmPMM3U7SnrL6YOM zW1yMWW5sd5MW59gO4XkXwvkLC2jdE2efnY/2UE0JZdyFXTFmTeuBmtrkPd+l6QE +6qWm7fblhVNESYn/7kX75/YpxAYPS++DZUYoCem1+lwAuL/ubQBP0K0NcaKNfUS hd5k9u1ByoQBnkBlbge+OoGuL2r21nwaCDi++Fp2S/XxlC436eOT8uETtC14o1a1 Rfqh2HxEoEGpvDf1IEpWv2av7NPdtbTwD2kwQs0Kx9HKNWsT/aWDQQ== =TLZs -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Wed Sep 3 21:16:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Sep 3 20:16:02 2003 Subject: desig-revoke In-Reply-To: <200309031847.35496.linux@codehelp.co.uk> References: <200309031847.35496.linux@codehelp.co.uk> Message-ID: <20030903181702.GB31034@jabberwocky.com> On Wed, Sep 03, 2003 at 06:47:30PM +0100, Neil Williams wrote: > --desig-revoke > Generate a designated revocation certificate for a > key. This allows a user (with the permission of > the keyholder) to revoke someone elses key. > > Is this a possible solution for revoking old keys that are simply > out of use, including those where the secret key has been lost? Yes. That is one of the intended uses of designated revocations. > How does the keyholder authorise this remote revocation? They must authorize it ahead of time - essentially this is a special signature added by the keyholder which authorizes a particular key to issue revocations. Note that the keyholder needs their secret key to issue the authorization, so designated revocation doesn't magically fix the problem of a lost secret key. > If the secret key is still required, it can only be exported from a > working GnuPG installation, so why the need for the remote option? This lets someone revoke someone elses key, in effect (though with the permission of the keyholder). This is useful for companies with many employee keys - rather than escrowing a revocation certificate for thousands of employees, they can just be a designated revoker for those keys. Another example would be to appoint a trusted friend as your designated revoker. If something happens to you, they can then revoke your key (which, presumably, you would be in no shape to do). David From linux@codehelp.co.uk Wed Sep 3 21:42:01 2003 From: linux@codehelp.co.uk (Neil Williams) Date: Wed Sep 3 20:42:01 2003 Subject: desig-revoke In-Reply-To: <20030903181702.GB31034@jabberwocky.com> References: <200309031847.35496.linux@codehelp.co.uk> <20030903181702.GB31034@jabberwocky.com> Message-ID: <200309031944.44452.linux@codehelp.co.uk> --Boundary-02=_cajV/bIiaG0Hsz5 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 03 Sep 2003 7:17 pm, David Shaw wrote: > On Wed, Sep 03, 2003 at 06:47:30PM +0100, Neil Williams wrote: > They must authorize it ahead of time - essentially this is a special > signature added by the keyholder which authorizes a particular key to > issue revocations. Note that the keyholder needs their secret key to > issue the authorization, so designated revocation doesn't magically > fix the problem of a lost secret key. After reading a private reply to this post, it appears that the main proble= m=20 is that some keyservers list the key as already revoked just because the=20 desig-revoke certificate is present. Ooops. I can't afford for my key to appear revoked ahead of time. (I looked at one of the hkp servers.) > your designated revoker. If something happens to you, they can then > revoke your key (which, presumably, you would be in no shape to do). > > David :-) "Reports of my death have been greatly exaggerated." MT =2D-=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk http://www.dclug.org.uk http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 --Boundary-02=_cajV/bIiaG0Hsz5 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/VjaciAEJSii8s+MRAkkuAKCPpGxoV3C/tKCZNvHIkT1DJff6fwCgk0pP cDdamXY7NduMb2JCZG/3dqE= =07Km -----END PGP SIGNATURE----- --Boundary-02=_cajV/bIiaG0Hsz5-- From Kyle Hasselbacher Wed Sep 3 21:43:02 2003 From: Kyle Hasselbacher (Kyle Hasselbacher) Date: Wed Sep 3 20:43:02 2003 Subject: desig-revoke In-Reply-To: <200309031847.35496.linux@codehelp.co.uk> References: <200309031847.35496.linux@codehelp.co.uk> Message-ID: <20030903184415.GC23069@longshot.toehold.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 03, 2003 at 06:47:30PM +0100, Neil Williams wrote: >--desig-revoke > Generate a designated revocation certificate for a key. This > allows a user (with the permission of the keyholder) to > revoke someone elses key. > >Is this a possible solution for revoking old keys that are simply out of use, >including those where the secret key has been lost? Yes, but only if you plan ahead. To designate a revoker requires the secret key. When you create the key (or after), you designate some Other, who you trust to revoke your key at the right time. If your secret key is lost, you can contact this Other and request revocation. That way, it's a nice alternative to a fixed expiration date. It can also be useful if you want one of your keys to be able to revoke another. For instance, if you have a separate key for work or a laptop, you can make your more secure key the designated revoker for when the job or laptop is lost. - -- Kyle Hasselbacher The attacker must vanquish; kyle@toehold.com the defender need only survive. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/VjZ/10sofiqUxIQRAjyeAJ4mwhwzCX62Uxem6FR5syxPm+ip8ACfSfi/ tdb2xUzFlCiicfZZEH/LyN4= =BpNV -----END PGP SIGNATURE----- From robert.kerry@thephpsite.com Wed Sep 3 21:47:02 2003 From: robert.kerry@thephpsite.com (Robert Kerry) Date: Wed Sep 3 20:47:02 2003 Subject: Passphrase In-Reply-To: <3F562CBB.5000103@Comcast.net> Message-ID: <001601c3724b$fdadb800$0d02a8c0@AMARDOFFICE13> Hi John, > Searching the list archives for passphrase && stdin should > give you a wealth > of examples for just about any environment. 'passphrase' alone in the > subject line produced around 340 matches. Thanks, I found the MLM from Google so I didn't know about http://marc.theaimsgroup.com :o) I found a post which gives me exactly what I need, although for my own sanity can you tell me how GnuPG knows that $passphrase is the passphrase and $msg is the message in the stdin? --------------------------- $command="echo '$passphrase\n$msg' | gpg --clearsign --passphrase-fd 0" --------------------------- Thanks, Rob > -----Original Message----- > From: gnupg-users-admin@gnupg.org > [mailto:gnupg-users-admin@gnupg.org] On Behalf Of John Clizbe > Sent: 03 September 2003 19:03 > To: gnupg-users@gnupg.org > Subject: Re: Passphrase > > > -----BEGIN PGP SIGNED MESSAGE----- > > Robert Kerry wrote: > > > Hi, > > > > Is it possible to send the key passphrase to gnupg in the initial > > command when clearsigning to prevent an input prompt? > > > > e.g. > > > > /usr/bin/gpg --passphrase " > > > ??? > > > > Thanks for any help, > > > > > > Rob > > The --passphrase-fd lets you specify any file descriptor as > the source of > the passphrase. "0" is stdin. You can send the passphrase > through other file > descriptors if you need to use stdin for your data. > > echo secret | gpg -e --passphrase-fd 0 ....... > > Searching the list archives for passphrase && stdin should > give you a wealth > of examples for just about any environment. 'passphrase' alone in the > subject line produced around 340 matches. > > Although, if your going to save this command if a file > somewhere, you'd be > probably just as safe, and have an easier time implementing, > if you used a > key with no passphrase. 8-}( > > > - -- > John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet > Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 > "Most men take the straight and narrow. A few take the road less > traveled. I chose to cut through the woods." > "*Hundreds* of customers like and use $CO's Unix products." > - Darl McBride, CEO Caldera/$CO Group > (This .sig block was sponsored by IBM. All hail IBM.) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iQEVAwUBP1YsuHhXEXG5/HPTAQGzKAf+LNMK8hG6ylwFtdpcfqLDC2MKiSWznKW8 > DfGDkHeXkfP9stR7WHiBR8dyaSkzjubf+EEB/uXiifAJXr1HEmPMM3U7SnrL6YOM > zW1yMWW5sd5MW59gO4XkXwvkLC2jdE2efnY/2UE0JZdyFXTFmTeuBmtrkPd+l6QE > +6qWm7fblhVNESYn/7kX75/YpxAYPS++DZUYoCem1+lwAuL/ubQBP0K0NcaKNfUS > hd5k9u1ByoQBnkBlbge+OoGuL2r21nwaCDi++Fp2S/XxlC436eOT8uETtC14o1a1 > Rfqh2HxEoEGpvDf1IEpWv2av7NPdtbTwD2kwQs0Kx9HKNWsT/aWDQQ== > =TLZs > -----END PGP SIGNATURE----- > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.506 / Virus Database: 303 - Release Date: 01/08/2003 > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.506 / Virus Database: 303 - Release Date: 01/08/2003 From dshaw@jabberwocky.com Wed Sep 3 21:59:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Sep 3 20:59:02 2003 Subject: desig-revoke In-Reply-To: <200309031944.44452.linux@codehelp.co.uk> References: <200309031847.35496.linux@codehelp.co.uk> <20030903181702.GB31034@jabberwocky.com> <200309031944.44452.linux@codehelp.co.uk> Message-ID: <20030903190003.GC31034@jabberwocky.com> On Wed, Sep 03, 2003 at 07:44:44PM +0100, Neil Williams wrote: Content-Description: signed data > On Wednesday 03 Sep 2003 7:17 pm, David Shaw wrote: > > On Wed, Sep 03, 2003 at 06:47:30PM +0100, Neil Williams wrote: > > They must authorize it ahead of time - essentially this is a special > > signature added by the keyholder which authorizes a particular key to > > issue revocations. Note that the keyholder needs their secret key to > > issue the authorization, so designated revocation doesn't magically > > fix the problem of a lost secret key. > > After reading a private reply to this post, it appears that the main problem > is that some keyservers list the key as already revoked just because the > desig-revoke certificate is present. > > Ooops. I can't afford for my key to appear revoked ahead of time. I'm not sure what you mean here. Can you give me an example? David From ben@benfinney.id.au Thu Sep 4 04:51:02 2003 From: ben@benfinney.id.au (Ben Finney) Date: Thu Sep 4 03:51:02 2003 Subject: Helpp!!!!!!!!!!!!! In-Reply-To: <20030903131159.73346.qmail@web14602.mail.yahoo.com> References: <20030903131159.73346.qmail@web14602.mail.yahoo.com> Message-ID: <20030904015236.GA949@benfinney.id.au> --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 03-Sep-2003, sathish kumar wrote: > hello friends, > I want to unsubscribe from the group , > So any can help me out about this Plzzzzzzzz > sathish kumar bt Every message from this list has information on how to unsubscribe. Look at the full message headers and you'll see: List-Unsubscribe: , --=20 \ "Welchen Teil von 'Gestalt' verstehen Sie nicht? (What part of | `\ 'gestalt' don't you understand?)" -- Karsten M. Self | _o__) | Ben Finney --BOKacYhQ+x31HxR3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj9WmuEACgkQt6wuUb1BcUtNKwCdEv4lZkvgRn2xnVE+EgZv8yuf qPAAoM7OmljWIv8eLo0X4bmJuVXRVgIn =Txkd -----END PGP SIGNATURE----- --BOKacYhQ+x31HxR3-- From chris@niekel.net Thu Sep 4 11:34:01 2003 From: chris@niekel.net (Chris Niekel) Date: Thu Sep 4 10:34:01 2003 Subject: Outlook express messes up when it receives gpg-signed mail? Message-ID: <20030903165137.GJ14663@mimar.dyndns.org> --hLTC+yGFJlatjToQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I sent my mother an email-message the other day, and signed it, as I do most of my mail. Today, my mother complained that I sent an empty message.=20 When I sent an unsigned message, the text gets displayed, but when I send a signed message, see sees an empty body, with two attachments. Is there some configuration-option so that I can sign my mail and she can read it without clicking too much. She doesn't need to verify my signature, just read the text-attachment of it. Thanks, Chris Niekel --=20 I've been down so long, if I'd cheer up, I'd still be depressed. - Lisa Simpson, Moanin' Lisa Blues. --hLTC+yGFJlatjToQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/VhwZgQ3S2XWlk0sRAhUJAJ9CGsb3WPJZ5znpwPG/mD2MqFnGiQCfZGOi k4xzlRBIL5svUZQVoSHmmfw= =y7jA -----END PGP SIGNATURE----- --hLTC+yGFJlatjToQ-- From Martin.Taylor@reedelsevier.com Thu Sep 4 11:43:01 2003 From: Martin.Taylor@reedelsevier.com (Taylor, Martin C (RENBSUK)) Date: Thu Sep 4 10:43:01 2003 Subject: gnupg + Outlook howto Message-ID: <64D0F890D831FE4F959F68F4F287B82AE525D4@renbsukexch01> > Date: Wed, 03 Sep 2003 10:38:17 +0200 > From: Richard Allister > To: gnupg-users@gnupg.org > Subject: gnupg + Outlook howto > > hi@all, > can someone please give a link to a good plugin that gives me the > opportunity to use gpg with MS Outlook 2000 ! > Thanks in advance for your reply and best regards ! > Richard > I have found the G-DATA plugin to be adequate - see http://www3.gdata.de/gpg/ . I had a bit of a problem uninstalling it, but I suspect this was an Outlook installation issue more than a plugin issue. Martin Taylor From rjbs-gnupg@lists.manxome.org Thu Sep 4 14:41:01 2003 From: rjbs-gnupg@lists.manxome.org (Ricardo SIGNES) Date: Thu Sep 4 13:41:01 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030903165137.GJ14663@mimar.dyndns.org> References: <20030903165137.GJ14663@mimar.dyndns.org> Message-ID: <20030904113857.GI19422@manxome.org> --N8NGGaQn1mzfvaPg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Chris Niekel [2003-09-03T12:51:38] > Is there some configuration-option so that I can sign my mail and she > can read it without clicking too much. She doesn't need to verify my > signature, just read the text-attachment of it. My first suggestion is that if you love your mother, you won't let her use Outlook Express! It is a brick in the road to sorrows. Consider making a send-hook that sets pgp_create_traditional, otherwise. --=20 rjbs --N8NGGaQn1mzfvaPg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/VyRR5IEwYcR13KMRApAaAJ9B7LrSQoB7BCTVSV8RFvbrFaBHVwCglEWZ KZkDaDvj4/XS6h78rc/OpQA= =iEnl -----END PGP SIGNATURE----- --N8NGGaQn1mzfvaPg-- From eugene@esmiley.net Thu Sep 4 15:34:02 2003 From: eugene@esmiley.net (Eugene Smiley) Date: Thu Sep 4 14:34:02 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030903165137.GJ14663@mimar.dyndns.org> References: <20030903165137.GJ14663@mimar.dyndns.org> Message-ID: <3F573189.9030206@esmiley.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Niekel wrote: > I sent my mother an email-message the other day, and signed it, as > I do most of my mail. Today, my mother complained that I sent an > empty message. > > When I sent an unsigned message, the text gets displayed, but when > I send a signed message, see sees an empty body, with two > attachments. > > Is there some configuration-option so that I can sign my mail and > she can read it without clicking too much. She doesn't need to > verify my signature, just read the text-attachment of it. Richardo already responded with a solution for mutt. I am going to give you the "why does it do that". You signed your message using PGP/MIME which neither Outlook nor Outlook Express can handle. Sometimes the message shows up as several attachments instead. You will find that the number of people who use an email program that doesn't support PGP/MIME is quite high. Until more mainstream software supports it, it's better to use PGP-Inline signing unless you are part of a group where everyone is known to be able to handle PGP/MIME. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/VzGG6QPtAqft/S8RAtBxAJ9e2/n58YHetZFr30nfQJGjXYCwzwCgvEtm t7aukHCkLjjKQe45yh6oB9w= =ROpx -----END PGP SIGNATURE----- From jan@gondor.com Thu Sep 4 16:05:01 2003 From: jan@gondor.com (Jan Niehusmann) Date: Thu Sep 4 15:05:01 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <3F573189.9030206@esmiley.net> References: <20030903165137.GJ14663@mimar.dyndns.org> <3F573189.9030206@esmiley.net> Message-ID: <20030904130703.GA2948@gondor.com> --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Sep 04, 2003 at 08:35:21AM -0400, Eugene Smiley wrote: > You will find that the number of people who use an email program that > doesn't support PGP/MIME is quite high. Until more mainstream software > supports it, it's better to use PGP-Inline signing unless you are part > of a group where everyone is known to be able to handle PGP/MIME. The problem is not that Outlook doesn't support PGP/MIME. Many programs do not support PGP/MIME and still display the message correctly (and add one attachment of unknown type with the signature). But Outlook, for some unknown reason, ignores the following MIME headers in the message: Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline These headers clearly state that the part is not an attachment but should be shown inline, and that it contains pure text that doesn't need a special handler to be displayed. But Outlook still chooses to show the message part as an attachment. I'd say this is clearly a bug (and not just a missing feature). So I prefer to use PGP/MIME instead of inline-pgp, because it works very reliable (I still have to see a single PGP/MIME message with a broken signature because of some ill reencoding) and supports signing of attachments. Jan --wac7ysb48OaltWcw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/Vzj3nIUccvEtoGURApR7AJoDyMGanYR+ZxT4FTitcW6dfYS2mQCgihSv Gh7dF8cffxGnF2rfWVFRRcc= =K2+1 -----END PGP SIGNATURE----- --wac7ysb48OaltWcw-- From robert.kerry@thephpsite.com Thu Sep 4 17:33:02 2003 From: robert.kerry@thephpsite.com (Robert Kerry) Date: Thu Sep 4 16:33:02 2003 Subject: Script line Message-ID: <002d01c372f1$ae3c7b70$0d02a8c0@AMARDOFFICE13> Hi, Can anyone see anything wrong with this script line? It's part of a PHP script although should be the same in most C based languages. $command = "echo '$passphrase\n$plaintext' | gpg --clearsign --batch --passphrase-fd 0"; Thanks for any help, Rob --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.506 / Virus Database: 303 - Release Date: 01/08/2003 From mcoca@gnu.org Thu Sep 4 18:06:01 2003 From: mcoca@gnu.org (Miguel Coca) Date: Thu Sep 4 17:06:01 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030904130703.GA2948@gondor.com> References: <20030903165137.GJ14663@mimar.dyndns.org> <3F573189.9030206@esmiley.net> <20030904130703.GA2948@gondor.com> Message-ID: <20030904150725.GA7761@mycroft> --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 04, 2003 at 15:07:03 +0200, Jan Niehusmann wrote: > But Outlook, for some unknown reason, ignores the following MIME headers > in the message: > Content-Type: text/plain; charset=3Diso-8859-1 > Content-Disposition: inline Outlook seems to do this right, at least last time I tried. It's Outlook Express that is the problem. > These headers clearly state that the part is not an attachment but > should be shown inline, and that it contains pure text that doesn't need > a special handler to be displayed. >=20 > But Outlook still chooses to show the message part as an attachment. I'd > say this is clearly a bug (and not just a missing feature). Even worse, recent versions of Outlook Express (in the default configuration) won't even let the user open the attached text. The option to open the attachment is grayed out. To open it you must disable an option about "disallow opening files that might contain a virus". Apparently, text/plain is a "dangerous file type" now :-) Greetings, --=20 Miguel Coca (mcoca@gnu.org) http://zipi.fi.upm.es/~e970095/ OpenPGP: E60A CBF4 5C6F 914E B6C1 C402 8C4D C7B6 27FC 3CA8 --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/V1UtjE3Htif8PKgRAt07AKDEKbH0/kYqVGmBBWtedNnNERms/QCgpuFI 7b0B546XxkQCYu0//gMp7dU= =HNpQ -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q-- From robert.kerry@thephpsite.com Thu Sep 4 18:30:02 2003 From: robert.kerry@thephpsite.com (Robert Kerry) Date: Thu Sep 4 17:30:02 2003 Subject: Script line In-Reply-To: <20030904150435.GC410@schiele.dyndns.org> Message-ID: <003e01c372f9$b4310340$0d02a8c0@AMARDOFFICE13> Hi, > This shows your passphrase to other users on the system > because they can read > your command line parameters. There is a reason why it is > not possible to use > the passphrase as a command line parameter for GnuPG. It goes through a bi-directional pipe which I think prevents any security issues. I was wondering whether you can see any mistakes as it's not working. Thanks, Rob > -----Original Message----- > From: Robert Schiele [mailto:rschiele@uni-mannheim.de] > Sent: 04 September 2003 16:05 > To: Robert Kerry > Cc: gnupg-users@gnupg.org > Subject: Re: Script line > > > On Thu, Sep 04, 2003 at 03:34:40PM +0100, Robert Kerry wrote: > > Hi, > > > > Can anyone see anything wrong with this script line? It's > part of a PHP > > script although should be the same in most C based languages. > > > > > > $command = "echo '$passphrase\n$plaintext' | gpg --clearsign --batch > > --passphrase-fd 0"; > > > Robert > > -- > Robert Schiele Tel.: +49-621-181-2517 > Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.506 / Virus Database: 303 - Release Date: 01/08/2003 From bogus@does.not.exist.com Thu Sep 4 23:11:02 2003 From: bogus@does.not.exist.com (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu Sep 4 22:11:02 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030903165137.GJ14663@mimar.dyndns.org> References: <20030903165137.GJ14663@mimar.dyndns.org> Message-ID: <200309042211.32966@erwin.ingo-kloecker.de> On Wednesday 03 September 2003 18:51, Chris Niekel wrote: > I sent my mother an email-message the other day, and signed it, as I > do most of my mail. Today, my mother complained that I sent an empty > message. > > When I sent an unsigned message, the text gets displayed, but when I > send a signed message, see sees an empty body, with two attachments. > > Is there some configuration-option so that I can sign my mail and she > can read it without clicking too much. She doesn't need to verify my > signature, just read the text-attachment of it. The others already explained that OE sucks. Do your mother a favor and install a less dangerous and more standard compliant email client like for example Netscape/Mozilla on her machine. Regards, Ingo From jharris@widomaker.com Fri Sep 5 04:14:02 2003 From: jharris@widomaker.com (Jason Harris) Date: Fri Sep 5 03:14:02 2003 Subject: subkey lookups In-Reply-To: <20030904224241.GD4380@pm1.ric-08.lft.widomaker.com> References: <20030904224241.GD4380@pm1.ric-08.lft.widomaker.com> Message-ID: <20030905011525.GA63587@pm1.ric-00.lft.widomaker.com> --x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 04, 2003 at 06:42:41PM -0400, Jason Harris wrote: =20 > Once I reload keyserver.kjsl.com, I'll have lookups on subkey keyids > functioning for most cases. A test query on my home machine: >=20 > %pksclient $pk index 0x7EEF44BE -vf [followup] OK, sending keys (with subkeys) to keyserver.kjsl.com, whether they have any new data or not, is sufficient to register their subkey keyids and make the new lookups work. If anyone wants to test any keys, you have about an hour before I start reloading them en-masse. 0x49E1CBC9 and the key above are already in there: Public Key Server -- Verbose Index ``0x49E1CBC9 '' (p1 o= f 4) Public Key Server -- Verbose Index ``0x49E1CBC9 '' Type bits/keyID Date User ID __________________________________________________________________________ pub 4096R/99242560 2002-01-28 David M. Shaw Key fingerprint =3D 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 New! attempt to lookup keyholder on biglumber.com. =2E.. sub 2048g/1643B926 2002-01-28 Key fingerprint =3D F0EC 51D9 2ED0 C183 8977 DDD0 AE28 27D1 1643 B926 sig 0x18 99242560 2002-01-28 [keybind, hash: type 2, f1 ac] sub 1024D/49E1CBC9 2002-01-28 Key fingerprint =3D FC2A 0E9B 5122 7D7B 5923 2CE6 E266 5C87 49E1 CBC9 sig 0x18 99242560 2002-01-28 [keybind, hash: type 2, 2d 85] sig 0x18 99242560 2002-01-28 [keybind, hash: type 2, f1 ac] --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/V+OsSypIl9OdoOMRAgoqAJ9IAq+ZqEzyDXelTq/5AKLs5jneOACfQwWQ QWJ1yniKpTK50YVWHzbu3pE= =oYsq -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn-- From ben@benfinney.id.au Fri Sep 5 05:53:01 2003 From: ben@benfinney.id.au (Ben Finney) Date: Fri Sep 5 04:53:01 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030903165137.GJ14663@mimar.dyndns.org> References: <20030903165137.GJ14663@mimar.dyndns.org> Message-ID: <20030905025458.GA3369@benfinney.id.au> --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 03-Sep-2003, Chris Niekel wrote: > [sending email to be read with MS Outlook] > When I sent an unsigned message, the text gets displayed, but when I > send a signed message, see sees an empty body, with two attachments. The mail is sent as a MIME "multipart/signed" message, which is a valid MIME message type. The message body is "Content-Type: text/plain" and the signature is "Content-Type: application/pgp-signature". Every part of this is "Content-Disposition: inline", signalling that the content, if understood, should be shown inline (not as an attachment). It's quite valid for an MUA not to understand MIME at all, and show the whole message, MIME guff and all. The content is still readable, since the body is "text/plain". It's quite valid for a MUA process MIME, but to fail to understand a Content-Type (such as "application/pgp-signature") and show those parts as attachments. This is what commonly occurs with the signature in MUAs that don't know OpenPGP, and still allows the message body to be read (since all MIME MUAs understand "text/plain"). What Outlook is doing wrong, then, is failing to display a "text/plain", "inline"-disposition body. There's no reason for it to do this; both those are demonstrably understood by Outlook in other MIME messages. --=20 \ "If life deals you lemons, why not go kill someone with the | `\ lemons (maybe by shoving them down his throat)." -- Jack Handey | _o__) | Ben Finney --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj9X+wEACgkQt6wuUb1BcUs4jACg2s05PX78QRS1pyu9Gv3absBl GT8AoN841GP0koZGIl9+rA9pbOklj2Xt =Kn5f -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- From shannoncj@hotmail.com Sat Sep 6 00:27:01 2003 From: shannoncj@hotmail.com (Shannon Jensen) Date: Fri Sep 5 23:27:01 2003 Subject: How to stop from using Secondary key Message-ID: Hello, I'm new at gpg and encryption in general. Bear with me! I am using GPG1.0.6-2. I have a public key from a friend and when I try to encrypt to it, it says : gpg: using secondary key ******** instead of primary key ****** gpg: NOTE: secret key ******* is NOT protected. gpg: THIS key probably belongs to the owner gpg: reading from "xxxx" gpg: writing to "xxxx" gpg: ELG-E/RIJNDAEL encypted for: ******* When he gets the file, he can't decrypt and I think it's because of the encryption with the secondary key but I have no idea why it's doing that or how to make it stop. And it just started! It didn't do this before. Please help! and Post an answer in "dummy" terms please! Thanks! shannoncj@hotmail.com _________________________________________________________________ Need more e-mail storage? Get 10MB with Hotmail Extra Storage. http://join.msn.com/?PAGE=features/es From wk@gnupg.org Sat Sep 6 10:08:01 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Sep 6 09:08:01 2003 Subject: How to stop from using Secondary key In-Reply-To: (Shannon Jensen's message of "Fri, 05 Sep 2003 14:27:53 -0700") References: Message-ID: <874qzqe6k8.fsf@alberti.g10code.de> On Fri, 05 Sep 2003 14:27:53 -0700, Shannon Jensen said: > When he gets the file, he can't decrypt and I think it's because of > the encryption with the secondary key but I have no idea why it's Encryption to the subkey is the actual standard and the way at least 95% of all users do it. > doing that or how to make it stop. And it just started! It didn't do > this before. Please help! and Post an answer in "dummy" terms > please! You might have not seen the message before because you didn't used the --verbose (or -v) option. Check that the key gpg: ELG-E/RIJNDAEL encypted for: ******* is actual the key of the recipient. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From cerion@terpsichore.ws Sat Sep 6 14:21:02 2003 From: cerion@terpsichore.ws (Cerion Armour-Brown) Date: Sat Sep 6 13:21:02 2003 Subject: Multiple user id's... Message-ID: <200309061324.37855.cerion@terpsichore.ws> Hi, I want to create a key with multiple id's, for my different email address= es=20 and 'roles' - work, personal, web etc. But, in certain cases, I don't wa= nt=20 different people holding my public key to see my different email addresse= s. I read this mailing list history, where there was a discussion over when = to=20 use separate keys vs. multiple user id's... but what I want is to export=20 different versions of my public key, each version with only the id's I=20 specify... Is there a way to achieve this? Is there a reason this is a 'bad' thing = to=20 even want to do?! Cerion From ben@benfinney.id.au Sat Sep 6 14:57:02 2003 From: ben@benfinney.id.au (Ben Finney) Date: Sat Sep 6 13:57:02 2003 Subject: Multiple user id's... In-Reply-To: <200309061324.37855.cerion@terpsichore.ws> References: <200309061324.37855.cerion@terpsichore.ws> Message-ID: <20030906115842.GA27412@benfinney.id.au> --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 06-Sep-2003, Cerion Armour-Brown wrote: > I want to create a key with multiple id's, for my different email > addresses and 'roles' - work, personal, web etc. But, in certain > cases, I don't want different people holding my public key to see my > different email addresses. Once your public key is published, there's no way to prevent it being copied to various places. In particular, people are encouraged to uploade knopwn-good keys to public keyservers, where they are then available, in full, to anyone. If you don't want information to be available to everyone, don't put it on your public key. By design, the public key is meant to be distributed as widely as possible, so that everyone can verify (once they have a trust link to your key) that email from any of your uids is actually from you. If there are email addresses you only want communicated to certain parties, communicate those email addresses separately from the key, via a more controlled medium. --=20 \ "When I was little, my grandfather used to make me stand in a | `\ closet for five minutes without moving. He said it was elevator | _o__) practice." -- Steven Wright | Ben Finney --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj9Zy/AACgkQt6wuUb1BcUvchQCghbdBuc2po6n2BCmcGhuKqU4d FWUAn0vU3nKAxAXNvf2ggxULDCP7veFV =w9yx -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf-- From ben@benfinney.id.au Sat Sep 6 15:01:02 2003 From: ben@benfinney.id.au (Ben Finney) Date: Sat Sep 6 14:01:02 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030905025458.GA3369@benfinney.id.au> References: <20030903165137.GJ14663@mimar.dyndns.org> <20030905025458.GA3369@benfinney.id.au> Message-ID: <20030906120238.GB27412@benfinney.id.au> --/WwmFnJnmDyWGHa4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 05-Sep-2003, Ben Finney wrote: > What Outlook is doing wrong, then, is failing to display a > "text/plain", "inline"-disposition body. There's no reason for it to > do this; both those are demonstrably understood by Outlook in other > MIME messages. I didn't make it explicit in this message, but I concur with other list members who've said, in essence: "If your mother is trusting your technical advice, give her good technical advice and stop her using Outlook or Outlook Express". There are so many good reasons to avoid those clients, that "it messes up reading OpenPGP-signed messages" just adds to the list. --=20 \ "As the most participatory form of mass speech yet developed, | `\ the Internet deserves the highest protection from governmental | _o__) intrusion." -- U.S. District Court Judge Dalzell | Ben Finney --/WwmFnJnmDyWGHa4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj9ZzN0ACgkQt6wuUb1BcUtLegCgpPPFyQMY4fbtAV4q19tbIFEq q8oAoI5wm2gRqzJqEbp19t4UxuWXNLh3 =AcVl -----END PGP SIGNATURE----- --/WwmFnJnmDyWGHa4-- From JPClizbe@Comcast.net Sat Sep 6 21:12:01 2003 From: JPClizbe@Comcast.net (John Clizbe) Date: Sat Sep 6 20:12:01 2003 Subject: Multiple user id's... In-Reply-To: <200309061324.37855.cerion@terpsichore.ws> References: <200309061324.37855.cerion@terpsichore.ws> Message-ID: <3F5A23DC.8040509@Comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Cerion Armour-Brown wrote: > Hi, > I want to create a key with multiple id's, for my different email addresses > and 'roles' - work, personal, web etc. But, in certain cases, I don't want > different people holding my public key to see my different email addresses. > > I read this mailing list history, where there was a discussion over when to > use separate keys vs. multiple user id's... but what I want is to export > different versions of my public key, each version with only the id's I > specify... > Is there a way to achieve this? Is there a reason this is a 'bad' thing to > even want to do?! > You not going to achieve this using one key. First, you can safely assume that your key or key parts will find their way to a keyserver. Once they are on a keyserver, the IDs will once again be combined and viewable for all. If you wish for different e-mail addresses to be visible for different roles, then a separate key for each role is the correct model. It is also a common practice among some users of ggp/pgp. The work key may have an expiration date and/or be revoked if you change employment - datails you may not wish to have cluttering your personal "home" key. With few exceptions, there are no "good" and "bad" in key management. There are practices that fit differing needs. There is a Yahoo! group, PGP-Basics, that you may also wish to join and ask your question. They field this type of inquiry all the time. (http://groups.yahoo.com/group/PGP-Basics) - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBP1oj23hXEXG5/HPTAQFtWAf7Bvg27KeY/TZK8EPTkAQO4wSkrYnz9w44 uKCTQsg+6oJ6FLA+VnIXUUPwqE25V++EDE/8V8OFMk/dtNQkTaHi7NUwrjHIeCfd WOLGYyOmkI9R1TH7eca6A9//64mRowaq/87E33CvOoGkjn5P3MQUdsR42vViOLp3 VYFKr8qwTec0GKDIys7tymLw2Wc2eeM+oyQwCZuHRfobo9rsRM9EmE3iikEpozqO 8yGaMpPsjV7akjZYVJHT4W89mTQsGlA07+qR7ENqeaRC7Arah2za4KF564jHqTW7 PWmWujd0QsV4Uy+HOLTFPwA8GJV5X+RawO3Zb/ofv38fASwOfMtiYw== =N0L6 -----END PGP SIGNATURE----- From sean.bofinger@wotif.com Mon Sep 8 04:14:01 2003 From: sean.bofinger@wotif.com (Sean Bofinger) Date: Mon Sep 8 03:14:01 2003 Subject: multiple key encryption/decryption Message-ID: <3F5BD718.6050605@wotif.com> Hi everyone... This has probably been asked a few time before, so i do apologise in advance. What i am trying to do is this. I would like a single file encrypted such that any one of three given private keys can decrypt the file. Is this possible with GnuPG?? Thanks Sean From jbruni@mac.com Mon Sep 8 04:51:01 2003 From: jbruni@mac.com (Joseph Bruni) Date: Mon Sep 8 03:51:01 2003 Subject: multiple key encryption/decryption In-Reply-To: <3F5BD718.6050605@wotif.com> Message-ID: <1B40F318-E19F-11D7-B318-003065B1243E@mac.com> Yes, add multiple --recipient options. On Sunday, September 7, 2003, at 06:10 PM, Sean Bofinger wrote: > What i am trying to do is this. I would like a single file encrypted > such that any one of three given private keys can decrypt the file. > Is this possible with GnuPG?? > -- I was such an ugly kid... When I played in the sandbox, the cat kept covering me up. From JPClizbe@Comcast.net Mon Sep 8 05:39:02 2003 From: JPClizbe@Comcast.net (John Clizbe) Date: Mon Sep 8 04:39:02 2003 Subject: multiple key encryption/decryption In-Reply-To: <3F5BD718.6050605@wotif.com> References: <3F5BD718.6050605@wotif.com> Message-ID: <3F5BEBF1.9060101@Comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sean Bofinger wrote: > Hi everyone... Hello > This has probably been asked a few time before, so i do apologise in > advance. No apology needed > What i am trying to do is this. I would like a single file encrypted > such that any one of three given private keys can decrypt the file. Is > this possible with GnuPG?? Just specify each key as a recipient with either -r or --recipient. The example command below has wrapped, your's should be all one one line gpg --output memo.gpg --encrypt -r -r +Sam Spade --recipient 0xDEADBEEF memo - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/W+vtHQSsSmCNKhARArhGAJ0RMAzvGzBVDXWnEsnx4yfcOvnaDACgmXF3 QaTQiCjHEX0/iBjehWJJ1cw= =5fNw -----END PGP SIGNATURE----- From jharris@widomaker.com Mon Sep 8 21:50:01 2003 From: jharris@widomaker.com (Jason Harris) Date: Mon Sep 8 20:50:01 2003 Subject: new (2003-09-07) keyanalyze results Message-ID: <20030908185144.GF4380@pm1.ric-08.lft.widomaker.com> --kc4qbS5zHv4m4G2G Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2003-09-07/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 7345b5df340d1d338342124f25054096f79c5eff 12216798 preprocess.= keys 5b225613462f45e231c4a84cb572a2f453262f3b 9891488 othersets.txt 08d71a84495377cdcb6bfbac2e30c87431d9b0dd 2237608 msd-sorted.txt 772dcd939e02add4ab8a053dd4f9db668a3e8f3a 1487 index.html 2e2d6196110d39f494a501f6aa00e242d7a067da 2287 keyring_stats 7faa8ce37b063e2411f14ae34cab2643548f9efe 886450 msd-sorted.txt.bz2 3561906a575d7370d91956823ecfa8aa33ff5dcd 26 other.txt 2bafcc7e323aa4df46fe810aacbc8ba6c88e64b4 1923092 othersets.txt.bz2 55c9012ff152837ccae53da4d438e5fa1f7df69c 5484512 preprocess.keys.bz2 44ea635e672ddd7147ca64fefea08518a416c217 11741 status.txt 642f67d0e4f60921b746161e6ad5c013c4be0a42 212105 top1000table.html 556c90d172f27382cedcb519a4f1fbc8b0c474e7 30659 top1000table.html.gz 9c5880b4d9c7f8fe0853b7c6750f63b4268689e5 11143 top50table.html 6f15e123b20c89246bfa1cabb7da9e1b3fdc190a 1994 D3/D39DA0E3 --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --kc4qbS5zHv4m4G2G Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/XM+/SypIl9OdoOMRArF5AJ9k3pMxjL9dfzC/ONiRlgvqrJFJFQCfQyLe nBn3GMikCiodaqbJU8ZE6N4= =23N0 -----END PGP SIGNATURE----- --kc4qbS5zHv4m4G2G-- From Todd Tue Sep 9 04:48:01 2003 From: Todd (Todd) Date: Tue Sep 9 03:48:01 2003 Subject: gpg-agent and memory locking Message-ID: <20030909014941.GJ10308@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm looking to find out if gpg-agent locks memory to prevent the passphrase from getting swapped and if it does, should it also be setuid root as gpg (on systems that require root access to lock memory that is)? I've found a reference on this list that says it does do this and should be setuid but couldn't find anything else. Can anyone shed some light on this or point me to some docs that address it? - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ============================================================================ The limits of tyrants are prescribed by the endurance of those whom they oppress. -- Frederick Douglass -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE/XTG1uv+09NZUB1oRAlkOAJ9QK1aZM7sSogpqfwuCfZ60/BNd8ACcDOC3 9CQ8fQLblcj3L6X2D75q8aE= =yd/n -----END PGP SIGNATURE----- From wk@gnupg.org Tue Sep 9 12:43:01 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Sep 9 11:43:01 2003 Subject: gpg-agent and memory locking In-Reply-To: <20030909014941.GJ10308@psilocybe.teonanacatl.org> (Freedom_Lover@pobox.com's message of "Mon, 8 Sep 2003 21:49:41 -0400") References: <20030909014941.GJ10308@psilocybe.teonanacatl.org> Message-ID: <8765k29u2f.fsf@alberti.g10code.de> On Mon, 8 Sep 2003 21:49:41 -0400, Todd said: > I'm looking to find out if gpg-agent locks memory to prevent the passphrase > from getting swapped and if it does, should it also be setuid root as gpg > (on systems that require root access to lock memory that is)? Yes it does. However the use of secure memory in gpg-agent needs to be audited; it is likley that there are places where the passphrase could pop up in memory. I have also some severe doubts whether pinentry-qt makes proper use of secure memory. pinentry-gtk should be better becuase it uses a widget especially written to protect the passphrase. > I've found a reference on this list that says it does do this and should be > setuid but couldn't find anything else. On those system you need to make it setuid; the usual warning is not yet printed, though. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From rschiele@uni-mannheim.de Tue Sep 9 12:48:02 2003 From: rschiele@uni-mannheim.de (Robert Schiele) Date: Tue Sep 9 11:48:02 2003 Subject: Script line In-Reply-To: <002d01c372f1$ae3c7b70$0d02a8c0@AMARDOFFICE13> References: <002d01c372f1$ae3c7b70$0d02a8c0@AMARDOFFICE13> Message-ID: <20030904150435.GC410@schiele.dyndns.org> --Pk6IbRAofICFmK5e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 04, 2003 at 03:34:40PM +0100, Robert Kerry wrote: > Hi, >=20 > Can anyone see anything wrong with this script line? It's part of a PHP > script although should be the same in most C based languages. >=20 >=20 > $command =3D "echo '$passphrase\n$plaintext' | gpg --clearsign --batch > --passphrase-fd 0"; This shows your passphrase to other users on the system because they can re= ad your command line parameters. There is a reason why it is not possible to = use the passphrase as a command line parameter for GnuPG. Robert --=20 Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de --Pk6IbRAofICFmK5e Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/V1SDxcDFxyGNGNcRAqjWAKCVuZVWA3NP84jXFW4Jjzea546m9wCdGlov rQcfjM5sJQI2dPyHEjnvMAg= =j7Se -----END PGP SIGNATURE----- --Pk6IbRAofICFmK5e-- From willy@debian.org Tue Sep 9 12:48:07 2003 From: willy@debian.org (Matthew Wilcox) Date: Tue Sep 9 11:48:07 2003 Subject: [keyanalyze-discuss] new (2003-09-07) keyanalyze results In-Reply-To: <20030908185144.GF4380@pm1.ric-08.lft.widomaker.com> References: <20030908185144.GF4380@pm1.ric-08.lft.widomaker.com> Message-ID: <20030908195845.GV18654@parcelfarce.linux.theplanet.co.uk> On Mon, Sep 08, 2003 at 02:51:45PM -0400, Jason Harris wrote: > > New keyanalyze results are available at: > > http://keyserver.kjsl.com/~jharris/ka/2003-09-07/ The wild keysigning excesses of the summer are over; the graph is levelling off a bit: http://www.parisc-linux.org/~willy/footsie.png Jason, are you interested in hosting this on your own site? Updating it is quite trivial and completely automatable. -- "It's not Hollywood. War is real, war is primarily not about defeat or victory, it is about death. I've seen thousands and thousands of dead bodies. Do you think I want to have an academic debate on this subject?" -- Robert Fisk From ingo.kloecker@epost.de Tue Sep 9 21:28:03 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Tue Sep 9 20:28:03 2003 Subject: gpg-agent and memory locking In-Reply-To: <8765k29u2f.fsf@alberti.g10code.de> References: <20030909014941.GJ10308@psilocybe.teonanacatl.org> <8765k29u2f.fsf@alberti.g10code.de> Message-ID: <200309092028.21404@erwin.ingo-kloecker.de> --Boundary-02=_EvhX/1RF4MWLMNw Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 09 September 2003 11:42, Werner Koch wrote: > On Mon, 8 Sep 2003 21:49:41 -0400, Todd said: > > I'm looking to find out if gpg-agent locks memory to prevent the > > passphrase from getting swapped and if it does, should it also be > > setuid root as gpg (on systems that require root access to lock > > memory that is)? > > Yes it does. However the use of secure memory in gpg-agent needs to > be audited; it is likley that there are places where the passphrase > could pop up in memory. > > I have also some severe doubts whether pinentry-qt makes proper use > of secure memory. pinentry-gtk should be better becuase it uses a > widget especially written to protect the passphrase. pinentry-q t is highly unstable because of the "secure memory hack". Did=20 you ever have a look at the code? It constantly runs out of memory for=20 many people (seems to depend on the widget style). It would have been=20 much better if you'd also written a special widget for pinentry-qt. The=20 current implementation definitely sucks. Sorry, for the rant. But I'm not at all satisfied with some of the=20 things that came out of project Aegypten, e.g. pinentry-qt, the=20 certificate manager, the S/MIME certificate selection dialog in KMail.=20 I just hope that the BSI will demand improvements instead of putting=20 project Aegypten on the list of failed projects. Regards, Ingo --Boundary-02=_EvhX/1RF4MWLMNw Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQA/XhvEGnR+RTDgudgRAjI6AKChzjl8gZTg+BDrABgW5nUAQUVfcQCeJisf 4CRFZVY63u5SJx142jtfUvo= =C69A -----END PGP SIGNATURE----- --Boundary-02=_EvhX/1RF4MWLMNw-- From wk@gnupg.org Wed Sep 10 11:23:01 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Sep 10 10:23:01 2003 Subject: gpg-agent and memory locking In-Reply-To: <200309092028.21404@erwin.ingo-kloecker.de> ( =?iso-8859-1?q?Ingo_Kl=F6cker's_message_of?= "Tue, 9 Sep 2003 20:28:15 +0200") References: <20030909014941.GJ10308@psilocybe.teonanacatl.org> <8765k29u2f.fsf@alberti.g10code.de> <200309092028.21404@erwin.ingo-kloecker.de> Message-ID: <871xup834i.fsf@alberti.g10code.de> On Tue, 9 Sep 2003 20:28:15 +0200, Ingo Klöcker said: > > pinentry-q t is highly unstable because of the "secure memory hack". Did > you ever have a look at the code? It constantly runs out of memory for Yes. There is also a point in the BTS to use the framework we use for gtk and curses so that we dont need to fix general bugs at 2 places. > Sorry, for the rant. But I'm not at all satisfied with some of the > things that came out of project Aegypten, e.g. pinentry-qt, the > certificate manager, the S/MIME certificate selection dialog in KMail. Well, the pinentry was not g10 Code's job and Marcus and me did the gtk thing for our own pleasure ;-) Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From aduret@src.lip6.fr Wed Sep 10 12:54:02 2003 From: aduret@src.lip6.fr (Alexandre Duret-Lutz) Date: Wed Sep 10 11:54:02 2003 Subject: computing detached signature for a batch of files Message-ID: <2003-09-09-22-26-15+29474+duret_g@lrde.epita.fr> Hi people, I'm using gpg to build detached signatures for packages. When doing so, I generally have several files to sign. For instance I may have to sign foo-1.1.tar.gz and foo-1.1.tar.bz2. It's a burden to type my pass-phrase for each file I want to sign. Is there any way I could do this and still type my pass-phrase only once? I've already tried "gpg --detach-sign foo-1.1.tar.gz foo-1.1.tar.bz2", but that creates one signature instead of two signatures (I assume this is the signature for the concatenation of both files, but I haven't checked). Is there any option I'm missing? -- Alexandre Duret-Lutz From jharris@widomaker.com Wed Sep 10 16:37:02 2003 From: jharris@widomaker.com (Jason Harris) Date: Wed Sep 10 15:37:02 2003 Subject: computing detached signature for a batch of files In-Reply-To: <2003-09-09-22-26-15+29474+duret_g@lrde.epita.fr> References: <2003-09-09-22-26-15+29474+duret_g@lrde.epita.fr> Message-ID: <20030910133835.GN4380@pm1.ric-08.lft.widomaker.com> --vZP5dEP8Lu38qzQQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 09, 2003 at 10:26:15PM +0200, Alexandre Duret-Lutz wrote: > I'm using gpg to build detached signatures for packages. > When doing so, I generally have several files to sign. > For instance I may have to sign foo-1.1.tar.gz and foo-1.1.tar.bz2. >=20 > It's a burden to type my pass-phrase for each file I want to sign. > Is there any way I could do this and still type my pass-phrase only once? %check-sigs-and-sign foo-1.1.tar.* See "code" on my website. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://keyserver.kjsl.com/~jharris/ --vZP5dEP8Lu38qzQQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/XylZSypIl9OdoOMRApUKAKCVu2bGZRjQjEwcxYIIujtrWYxsbgCeOPi/ yC+FIYFZ+UTDdY+qA/IumR0= =OxgZ -----END PGP SIGNATURE----- --vZP5dEP8Lu38qzQQ-- From dshaw@jabberwocky.com Wed Sep 10 17:16:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Sep 10 16:16:01 2003 Subject: computing detached signature for a batch of files In-Reply-To: <2003-09-09-22-26-15+29474+duret_g@lrde.epita.fr> References: <2003-09-09-22-26-15+29474+duret_g@lrde.epita.fr> Message-ID: <20030910141736.GA2317@jabberwocky.com> On Tue, Sep 09, 2003 at 10:26:15PM +0200, Alexandre Duret-Lutz wrote: > Hi people, > > I'm using gpg to build detached signatures for packages. > When doing so, I generally have several files to sign. > For instance I may have to sign foo-1.1.tar.gz and foo-1.1.tar.bz2. > > It's a burden to type my pass-phrase for each file I want to sign. > Is there any way I could do this and still type my pass-phrase only once? > > I've already tried "gpg --detach-sign foo-1.1.tar.gz foo-1.1.tar.bz2", > but that creates one signature instead of two signatures (I assume > this is the signature for the concatenation of both files, but I haven't > checked). You assume correctly. It is the concatenation of both files. There is no way to do what you want inside of GnuPG itself (though as it happens, it's on my list of stuff to add at some point). You could write a script to do it, but of course the script would have to know the passphrase... and will thus be in insecure memory. Only you can decide whether this is a problem or not. Another solution is to use the gpg-agent. This caches your passphrase in a secure manner. David From lporter@hdsmith.com Thu Sep 11 00:21:02 2003 From: lporter@hdsmith.com (Lowell Porter) Date: Wed Sep 10 23:21:02 2003 Subject: Upgrading server Message-ID: <005701c377e1$70220310$d406a8c0@hdsmith.com> This is a multi-part message in MIME format. ------=_NextPart_000_0058_01C377B7.874BFB10 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello, I've been running GPG sucessfully for a few months using a script to automate everything on a Windows NT 4.0 server. A month or so ago we upgraded the server to Windows 2000, and since then I've had problems with GPG. One is my secring.gpg file keeps getting cleared and I have to replace it with my backup. Did the upgrade to Win2000 cause this or did something else do this? Once I put back in my secring.gpg, it will be cleared out again in a week or two. I'm getting tired of fixing this. Can anyone help? Thanks, Lowell ------=_NextPart_000_0058_01C377B7.874BFB10 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message
Hello,
I've = been running=20 GPG sucessfully for a few months using a script to automate everything = on a=20 Windows NT 4.0 server. A month or so ago we upgraded the server to = Windows 2000,=20 and since then I've had problems with GPG.  One is my secring.gpg = file=20 keeps getting cleared and I have to replace it with my backup. Did the = upgrade=20 to Win2000 cause this or did something else do this?  Once I put = back in my=20 secring.gpg, it will be cleared out again in a week or two. I'm getting = tired of=20 fixing this. Can anyone help?
 
Thanks,
 
Lowell=20
------=_NextPart_000_0058_01C377B7.874BFB10-- From Dmitri I GOULIAEV Thu Sep 11 01:59:02 2003 From: Dmitri I GOULIAEV (DIG) Date: Thu Sep 11 00:59:02 2003 Subject: (1) BAD signature and (2) auto SHA1 In-Reply-To: <8EEBC192-C4F9-11D7-9B7B-000393C2DC84@netbox.com>; from shavital@netbox.com on Sat, Aug 02, 2003 at 05:56:55PM +0300 References: <8EEBC192-C4F9-11D7-9B7B-000393C2DC84@netbox.com> Message-ID: <20030910175641.C26616@lifebook> --YrQNB5Deg1WGKZi3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Charly Avital ! Thank you for your informative response. On Sat, Aug 02, 2003 at 05:56:55PM +0300, Charly Avital wrote: [...] > - - text that contains "special characters", like accented letters,=20 > etc. ("high ASCII") may cause the signature verification to fail,=20 > unless the recipient's e-mail client's character set is utf-8. So, this= =20 > could be the recipient's "fault". But it could be also the sender's=20 > "fault", if his email client's character set is not utf-8. This issue=20 > can be very confusing. I suspect that I have something not properly configured on my side. I alrea= dy eliminated one threat: mimedecode from ``fetchmail''. What I have to do = is to eliminate other threats from ``sendmail'' and/or ``procmail''. I alre= ady verified that ``mutt'' is fine.=20 [... sometime later...] Finally (sometime ago), I found what was the cause for ``BAD signature'': m= y e-mail provider was adding some text to the signed part of the message. N= ot to every message, and only if the message was QP-encoded. Sometimes it w= as just empty string! Bad, bad provider... P.S. I know, I know. It was more than month ago -- I try to catch up! Best regards, --=20 DIG (Dmitri I GOULIAEV) 1024D/63A6C649: 26A0 E4D5 AB3F C2D4 0112 66CD 4343 C0AF 63A6 C649 --YrQNB5Deg1WGKZi3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/X6wpQ0PAr2OmxkkRAkvgAJwNTaWvBU5hAYBZFLZGFI7795fMIACfTNfd 7MunOmrna8vBO3fhsXdrnDU= =M6sm -----END PGP SIGNATURE----- --YrQNB5Deg1WGKZi3-- From Dmitri I GOULIAEV Thu Sep 11 01:59:06 2003 From: Dmitri I GOULIAEV (DIG) Date: Thu Sep 11 00:59:06 2003 Subject: (1) BAD signature and (2) auto SHA1 In-Reply-To: <20030804155050.GA31169@longshot.toehold.com>; from kyle-list-gpguser@toehold.com on Mon, Aug 04, 2003 at 10:50:50AM -0500 References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> Message-ID: <20030910175732.D26616@lifebook> --yhze8HlyfmXt1APY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Kyle Hasselbacher ! On Mon, Aug 04, 2003 at 10:50:50AM -0500, Kyle Hasselbacher wrote: > On Sat, Aug 02, 2003 at 04:21:03AM -0500, DIG wrote: >=20 > >1. First group of messages returns "BAD signature". What is the best way > >to find out whose fault it is (as in famous Russian question)? It is my > >fault, or it is the fault of my correspondent? >=20 > Someone else already answered this better than I. Basically it means the > message was altered since it was signed. It may have been altered by > software not sensitive to signatures, or it's a dreaded attacker trying to > falsify a message. That was exactly the case -- signed part of the message was altered. And th= e "attacker" was my e-mail provider. > >2. Second group of messages contains messages like this: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 >=20 > In Mutt, the easiest way might be to pipe the message to gpg and witness > the output. Type this: >=20 > |gpg --verify >=20 > It'll tell you if the signature is good. In newer versions of Mutt, you > can do "escape P", and it will check the message for in-line PGP like the > above and treat it accordingly. >=20 > Neither of those is automatic, though. Thanks for the tip, Kyle.=20 Now I use a semiautomatic solution. I just added next two lines: macro index \Cv "|gpg --verify\n" 'verify in-line PGP signature' macro pager \Cv "|gpg --verify\n" 'verify in-line PGP signature' =2E.. to my muttrc file. And to verify somebody's in-line signature, I just= press [Ctrl-V].=20 [To ALL] So, I already solved most of my problems with ``BAD signatures'' on this li= st.=20 But I still have difficulties with some of them. Is there some list or some= thing, where I could ask if my signature is correct (to be sure that it wil= l work for others)? Is it appropriate in this list to ask others if my sign= ature is correct or not? And IF this list is an appropriate place for askin= g such question, can I ask you what software you are using (in both cases)? P.S. I know, I know. It was more than month ago -- I try to catch up! Best regards, --=20 DIG (Dmitri I GOULIAEV) 1024D/63A6C649: 26A0 E4D5 AB3F C2D4 0112 66CD 4343 C0AF 63A6 C649 --yhze8HlyfmXt1APY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/X6xcQ0PAr2OmxkkRAv8qAKCZRTcwzFVOpwPdv6FAMDMKHe9LkwCgrYG4 tA760m4P0+R4wSEopSspZNQ= =Wnfz -----END PGP SIGNATURE----- --yhze8HlyfmXt1APY-- From Dmitri I GOULIAEV Thu Sep 11 01:59:10 2003 From: Dmitri I GOULIAEV (DIG) Date: Thu Sep 11 00:59:10 2003 Subject: Can't decrypt PGP 8 msg In-Reply-To: <200308061821.59285.linux@codehelp.co.uk>; from linux@codehelp.co.uk on Wed, Aug 06, 2003 at 06:21:55PM +0100 References: <200308051927.03518.linux@codehelp.co.uk> <3F301C75.1000500@esmiley.net> <200308061821.59285.linux@codehelp.co.uk> Message-ID: <20030910175820.E26616@lifebook> --ibq+fG+Ci5ONsaof Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Neil Williams ! On Wed, Aug 06, 2003 at 06:21:55PM +0100, Neil Williams wrote: > On Tuesday 05 Aug 2003 10:07 pm, Eugene Smiley wrote: >=20 > Eugene, why have your recent posts showed up with DOUBLE signatures? >=20 > Message was signed with unknown key. > The validity of the signature cannot be verified. > Status: No signature found > Message was signed by T. Eugene Smiley (Key ID: 0xA7EDFD2F). > The signature is valid, but the key is untrusted. >=20 > ?? >=20 > Has anyone else been seeing this? Yes, I saw it.=20 For me (and for my mutt-1.2.5.1i) his message is two parts message: ,---[ mutt: attachments ]--- | I 1 [text/plain, 7bit, us-ascii, 2.1K]= =20 | A 2 S/MIME Cryptographic Signature [applica/x-pkcs7-si, base64, 4.7K]= =20 `---[ ]--- First part is an in-line part, and second one is an attachment. When I just read his entire message (or just its first part), I can pass it= through the pipe (``gnupg --verify'') and I obtain this: ,---[ | gnupg --verify ]--- | gpg: Signature made Tue Aug 5 16:06:57 2003 CDT using DSA key ID A7EDFD2F | gpg: Good signature from "T. Eugene Smiley " | gpg: aka "GSWoT:1:215:A7EDFD2F" | gpg: aka "T. Eugene Smiley (Webmaster) " | gpg: WARNING: This key is not certified with a trusted signature! | gpg: There is no indication that the signature belongs to the ow= ner. | Primary key fingerprint: 5B8F E97F 9E56 077A 17A9 3B9A E903 ED02 A7ED FD= 2F `---[ ]--- But I do not know what to do with his second part. > The outside mime boundary contains: > Content-Type: application/x-pkcs7-signature; name=3D"smime.p7s" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename=3D"smime.p7s" > Content-Description: S/MIME Cryptographic Signature >=20 > Yet it doesn't verify as S/MIME - it comes up as unknown mime type in KMa= il.=20 > The block is also VERY long (4.7kb), more like an attached public key rat= her=20 > than a signature? (yet it lacks the BEGIN/END PGP KEYBLOCK lines or=20 > comments). gpg complains of a lack of OpenPGP data when the block is save= d as=20 > a file. The email itself verifies nicely, it's just the double signature = that=20 > is confusing me. Best regards, --=20 DIG (Dmitri I GOULIAEV) 1024D/63A6C649: 26A0 E4D5 AB3F C2D4 0112 66CD 4343 C0AF 63A6 C649 --ibq+fG+Ci5ONsaof Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/X6yLQ0PAr2OmxkkRApeKAJ4kB6bci850VKuFO2U5I6whnJIKhwCeOe74 7p+dEnTQ+5EErp9ViZ11Res= =gvvz -----END PGP SIGNATURE----- --ibq+fG+Ci5ONsaof-- From eugene@esmiley.net Thu Sep 11 04:31:02 2003 From: eugene@esmiley.net (Eugene Smiley) Date: Thu Sep 11 03:31:02 2003 Subject: Can't decrypt PGP 8 msg In-Reply-To: <20030910175820.E26616@lifebook> References: <200308051927.03518.linux@codehelp.co.uk> <3F301C75.1000500@esmiley.net> <200308061821.59285.linux@codehelp.co.uk> <20030910175820.E26616@lifebook> Message-ID: <3F5FD046.7020306@esmiley.net> This is a cryptographically signed message in MIME format. --------------ms030406020902050203070006 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DIG wrote: > But I do not know what to do with his second part. > >> The outside mime boundary contains: Content-Type: >> application/x-pkcs7-signature; name="smime.p7s" >> Content-Transfer-Encoding: base64 Content-Disposition: >> attachment; filename="smime.p7s" Content-Description: S/MIME >> Cryptographic Signature The second part is an S/MIME signature using a Thawte certificate. >> Yet it doesn't verify as S/MIME - it comes up as unknown mime >> type in KMail. The block is also VERY long (4.7kb), more like an >> attached public key rather than a signature? (yet it lacks the >> BEGIN/END PGP KEYBLOCK lines or comments). gpg complains of a >> lack of OpenPGP data when the block is saved as a file. I discussed this with Neil off-list and his assesment, correct me if I am wrong Neil, is that it has to do with the Kmail plugins. Maybe one of these days, I'll venture over to the Kmail site like he suggested. >> The email itself verifies nicely, it's just the double signature >> that is confusing me. Ah, well I correspond with some users who use S/MIME and some who use PGP/GPG. I'm just too lazy to remember to switch back and forth between the two when I can do both. ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/X9A/6QPtAqft/S8RAo8eAKCWNAFLdLY8MQ0l5siz+0sW0pIsfwCfeCfp DEhtf3K+M0En/rdUdjJ6XXc= =KFE0 -----END PGP SIGNATURE----- --------------ms030406020902050203070006 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJzjCC AzgwggKhoAMCAQICEGZFcrfMdPXPY3ZFhNAukQEwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNV BAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgG A1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vydmlj ZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkG CSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4MzAwMDAw MDBaFw0wNDA4MjcyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2Vy dGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAw LjguMzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZ gpcO40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqd knWoJ67Ycvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ7JRr6aFp AgMBAAGjTjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTI5NzAS BgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQAxsUtH XfkBceX1U2xdedY9mMAmE2KBIqcS+CKV6BtJtyd7BDm6/ObyJOuR+r3sDSo491BVqGz3Da1M G7wD9LXrokefbKIMWI0xQgkRbLAaadErErJAXWr5edDqLiXdiuT82w0fnQLzWtvKPPZE6iZp h39Ins6ln+eE2MliYq0FxjCCA0UwggKuoAMCAQICAwpcNzANBgkqhkiG9w0BAQQFADCBkjEL MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du MQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYD VQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMB4XDTAzMDcxNjE4MDM1MVoX DTA0MDcxNTE4MDM1MVowYzEPMA0GA1UEBBMGU21pbGV5MRIwEAYDVQQqEwlULiBFdWdlbmUx GTAXBgNVBAMTEFQuIEV1Z2VuZSBTbWlsZXkxITAfBgkqhkiG9w0BCQEWEmV1Z2VuZUBlc21p bGV5Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP+Nt46kXLdVxRRG9q2 k+Bxhvh3oelkBlCaIJXH+hr/FMl4GTWBXGc0wAXcHm2fRPJHnxVtHVEK/P/OLtvvv7gBrK3J +3/VrB8SU9KlGb+dxqQFRc7y3keKkb+jgVnlYB9snQeaLeRkgItSR8iwVOPZg6QZ02GevxtO AEF12cWhdIWYWeLCquMRztPwt0wY6iQo0AyBUBPpfLfJveINobKonPTV5QLdrs68YUHYr0dj cl53gMpqSSzTHLcrna04mcC5s8GXQBjJ+cKOvDRVkVXYZ4rYxgMPeJ4njB72RSs+ABL6gAII kc1tc4PQlwgwXk/XNIcCCQg2NnJ3GghvJOcCAwEAAaNTMFEwDwYDVR0PAQH/BAUDAwfpgDAR BglghkgBhvhCAQEEBAMCBaAwHQYDVR0RBBYwFIESZXVnZW5lQGVzbWlsZXkubmV0MAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAUWKZs1Q+SPOXSGSFlm2v7kjFdC+HFnCqB1bP oCdVvnrK+sTQICA/yBciKm4O3zW02I+lCsJ4ZhBnjmforqmRjd9xZNfBY/4JbZRy2rzPkkvs dQV9ztduqv4A0rNU7Nmq7lTv1cg3o8PEl6FhR5V2m9kMiAJMaVCTOekGlPOlhB4wggNFMIIC rqADAgECAgMKXDcwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxX ZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYD VQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwg UlNBIDIwMDAuOC4zMDAeFw0wMzA3MTYxODAzNTFaFw0wNDA3MTUxODAzNTFaMGMxDzANBgNV BAQTBlNtaWxleTESMBAGA1UEKhMJVC4gRXVnZW5lMRkwFwYDVQQDExBULiBFdWdlbmUgU21p bGV5MSEwHwYJKoZIhvcNAQkBFhJldWdlbmVAZXNtaWxleS5uZXQwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDD/jbeOpFy3VcUURvatpPgcYb4d6HpZAZQmiCVx/oa/xTJeBk1 gVxnNMAF3B5tn0TyR58VbR1RCvz/zi7b77+4Aaytyft/1awfElPSpRm/ncakBUXO8t5HipG/ o4FZ5WAfbJ0Hmi3kZICLUkfIsFTj2YOkGdNhnr8bTgBBddnFoXSFmFniwqrjEc7T8LdMGOok KNAMgVAT6Xy3yb3iDaGyqJz01eUC3a7OvGFB2K9HY3Jed4DKakks0xy3K52tOJnAubPBl0AY yfnCjrw0VZFV2GeK2MYDD3ieJ4we9kUrPgAS+oACCJHNbXOD0JcIMF5P1zSHAgkINjZydxoI byTnAgMBAAGjUzBRMA8GA1UdDwEB/wQFAwMH6YAwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1Ud EQQWMBSBEmV1Z2VuZUBlc21pbGV5Lm5ldDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA A4GBAFFimbNUPkjzl0hkhZZtr+5IxXQvhxZwqgdWz6AnVb56yvrE0CAgP8gXIipuDt81tNiP pQrCeGYQZ45n6K6pkY3fcWTXwWP+CW2Uctq8z5JL7HUFfc7Xbqr+ANKzVOzZqu5U79XIN6PD xJehYUeVdpvZDIgCTGlQkznpBpTzpYQeMYID1TCCA9ECAQEwgZowgZIxCzAJBgNVBAYTAlpB MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMG VGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29u YWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDClw3MAkGBSsOAwIaBQCgggIPMBgGCSqGSIb3 DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDkxMTAxMzA0NlowIwYJKoZI hvcNAQkEMRYEFG4tQMR/XqBdxCiCVvs+UZhlOn+KMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZI hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3 DQMCAgEoMIGrBgkrBgEEAYI3EAQxgZ0wgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxX ZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYD VQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwg UlNBIDIwMDAuOC4zMAIDClw3MIGtBgsqhkiG9w0BCRACCzGBnaCBmjCBkjELMAkGA1UEBhMC WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQK EwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJz b25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwAgMKXDcwDQYJKoZIhvcNAQEBBQAEggEAdVhZ FpViV3EIIeT3VhGwYKuSuq/stGsZ87EiyNvcOnVejqZDFA3aQrgW9CUv71t2vx0Ezqk01xjh OcbqZLvWgOB8xQKYPk3mwzIPMtB+KKXfHsZHmQwvoi4v/LyFuCLilEBK1UUT/kh2hYDWMG7H +MWz8w5rGrTo1Ja/zhPi436sJfMasrB1LNvveBF+TBHeXlnZ18dWweb2+0ox8nib1qdtOgVo fh0jS944DS+vG3WYhthn8UHDjmKhWe3mfsYc+ks0ePqXeGHYSkuWIolKShL5htJ58qQE8Qui JEATZ1uZSrzkZ2ZUBRZQUAzarnDxxUk3anSQMI821HOeC9t+MAAAAAAAAA== --------------ms030406020902050203070006-- From admin@petridish.org Thu Sep 11 06:38:02 2003 From: admin@petridish.org (John J. Courie II) Date: Thu Sep 11 05:38:02 2003 Subject: question regarding relative security of md5 vs sha1 In-Reply-To: <20030910175732.D26616@lifebook> References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> <20030910175732.D26616@lifebook> Message-ID: <3F5FF2FC.1050703@petridish.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 so let me get this straight, if moore's law is 'true' than a mathmetical analysis of hash sizes will result in it being ~30 years before md5 will be susceptible to bf/dict/b-day attacks, but it will be about about 80 before sha1 will be susceptible to cracks of that level. I know this is sort of OT but I couldn't think of anyone more qualified than the experts of the crypto software I am using. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/X/JhQaD/lhl2qUYRAiCjAJ957Xr8sX//32btx2DzHdy6H2pKrACdHA/3 NGz+q6gVTFaBurJwJRd8lnw= =MeGI -----END PGP SIGNATURE----- From JPClizbe@comcast.net Thu Sep 11 10:29:02 2003 From: JPClizbe@comcast.net (John Clizbe) Date: Thu Sep 11 09:29:02 2003 Subject: (1) BAD signature and (2) auto SHA1 In-Reply-To: <20030910175732.D26616@lifebook> References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> <20030910175732.D26616@lifebook> Message-ID: <3F602475.8040706@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DIG wrote: > [To ALL] > > So, I already solved most of my problems with ``BAD signatures'' on > this list. > > But I still have difficulties with some of them. Is there some list or > something, where I could ask if my signature is correct (to be sure > that it will work for others)? Is it appropriate in this list to ask > others if my signature is correct or not? And IF this list is an > appropriate place for asking such question, can I ask you what software > you are using (in both cases)? > This list is good. There is also the PGP-Basics Yahoo![1] group. PGP valididated fine: *** PGP SIGNATURE VERIFICATION *** *** Status: Good Signature from Invalid Key *** Alert: Please verify signer's key before trusting signature. *** Signer: Dmitri I GOULIAEV (0x63A6C649) *** Signed: 9/10/2003 5:57:32 PM *** Verified: 9/11/2003 2:20:22 AM *** BEGIN PGP VERIFIED MESSAGE *** GPG 1.2.3 (Mozilla w/ Enigmail as well as GPGshell) wouldn't verify. I suspect it's the multipart MIME. Didn't try WinPT [1] http://groups.yahoo.com/group/PGP-Basics/ - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/YCRyHQSsSmCNKhARAhdiAKCMUbJifahk1FoIuNkBQFTs75auugCfa9Ym BvdJSMJjc7c0qa5g/uGwyEg= =tCU8 -----END PGP SIGNATURE----- From JPClizbe@comcast.net Thu Sep 11 10:40:02 2003 From: JPClizbe@comcast.net (John Clizbe) Date: Thu Sep 11 09:40:02 2003 Subject: question regarding relative security of md5 vs sha1 In-Reply-To: <3F5FF2FC.1050703@petridish.org> References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> <20030910175732.D26616@lifebook> <3F5FF2FC.1050703@petridish.org> Message-ID: <3F602701.2080906@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John J. Courie II wrote: > so let me get this straight, if moore's law is 'true' than a mathmetical > analysis of hash sizes will result in it being ~30 years before md5 will > be susceptible to bf/dict/b-day attacks, but it will be about about 80 > before sha1 will be susceptible to cracks of that level. I know this is > sort of OT but I couldn't think of anyone more qualified than the > experts of the crypto software I am using. IANAM, but that sounds about right. IIRC, Moore's "Law" was more an empirical observation than outright scientific law. The other consideration besides raw CPU power is the huge amount of storage required for any attacks that relie on known plaintexts. BTW, where can your key be found? - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/YCb+HQSsSmCNKhARAlgOAKDW22iwvrKXw2CfB9SvP9Kmd9m24ACg2A5t QW7iSuDzhLaUXKrcHRYpiGU= =K4PW -----END PGP SIGNATURE----- From anonymous@remailer.metacolo.com Thu Sep 11 10:52:01 2003 From: anonymous@remailer.metacolo.com (Anonymous Sender) Date: Thu Sep 11 09:52:01 2003 Subject: Can't decrypt PGP 8 msg Message-ID: <40406c23f53863562cd09e53df6bc395@remailer.metacolo.com> Eugene Smiley: > Ah, well I correspond with some users who use S/MIME and some who use > PGP/GPG. I'm just too lazy to remember to switch back and forth > between the two when I can do both. ;) Why sign your messages manuallly? You could automate the whole thing and never have to worry about it again. Tell your mail program to hnad your message over to a script (instead of sendmail or whatever you use), which signs/encrypts the message on a per recipient basis. Use S/MIME for some and OpenPGP for others. If done right, it will save you lots of 'signing' time. The above assumes a secure box, where your signing secret (sub)key and passphrase are stored on disk or handled by programs like gpg-agent. From dshaw@jabberwocky.com Thu Sep 11 14:59:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Sep 11 13:59:01 2003 Subject: question regarding relative security of md5 vs sha1 In-Reply-To: <3F5FF2FC.1050703@petridish.org> References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> <20030910175732.D26616@lifebook> <3F5FF2FC.1050703@petridish.org> Message-ID: <20030911120049.GA8917@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 10, 2003 at 11:58:52PM -0400, John J. Courie II wrote: > so let me get this straight, if moore's law is 'true' than a > mathmetical analysis of hash sizes will result in it being ~30 years > before md5 will be susceptible to bf/dict/b-day attacks, but it will > be about about 80 before sha1 will be susceptible to cracks of that > level. I know this is sort of OT but I couldn't think of anyone > more qualified than the experts of the crypto software I am using. It's not an easy question - susceptible to attacks by *whom*? Attacks become feasible for different groups at different times (people who have lots of fast computers and/or lots of money to spend on fast computers are going to be able to attack sooner). Also the difficulty of different attacks varies widely (a birthday attack is massively easier). Because of this, and other reasons, the years you'll hear from different people are likely to vary. For what it's worth, the year I've seen cited for the ability to do a birthday attack against MD5 is 1992 (yes, it passed already), and 2013 for SHA1.[1] It shouldn't be inferred that SHA1 suddenly becomes broken in 2013 - just that somewhat around that time, the difficulty of the attack goes from "practically impossible" to merely "absurdly difficult" (think distributed.net). Or someone could break it tomorrow with a brand new attack that doesn't involve brute forcing. Not everyone agrees with those dates, of course, but in any event MD5 has also had some successful analysis attacks against it.[2] It was never "broken", but regardless of whether the hash is short enough to be birthday attacked, it still would not be prudent to use it. David [1] http://secinf.net/uplarticle/4/cryptosizes.pdf [2] http://samsimpson.com/cryptography/pgp/pgpfaqnew.html#SubMD5Broke -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9gY/EqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJCAkAniE4YoSrPipeZyFDlJn6QkpJJv2iAKCW bJ7/lyN4xvJahZ3p/cAZHeUZUQ== =lZWY -----END PGP SIGNATURE----- From eugene@esmiley.net Thu Sep 11 16:06:02 2003 From: eugene@esmiley.net (Eugene Smiley) Date: Thu Sep 11 15:06:02 2003 Subject: Can't decrypt PGP 8 msg In-Reply-To: <40406c23f53863562cd09e53df6bc395@remailer.metacolo.com> References: <40406c23f53863562cd09e53df6bc395@remailer.metacolo.com> Message-ID: <3F6073C5.6010401@esmiley.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anonymous Sender wrote: > Eugene Smiley: > >> Ah, well I correspond with some users who use S/MIME and some who >> use PGP/GPG. I'm just too lazy to remember to switch back and >> forth between the two when I can do both. ;) > > > Why sign your messages manuallly? You could automate the whole > thing and never have to worry about it again. Tell your mail > program to hnad your message over to a script (instead of sendmail > or whatever you use), which signs/encrypts the message on a per > recipient basis. Use S/MIME for some and OpenPGP for others. If > done right, it will save you lots of 'signing' time. The above > assumes a secure box, where your signing secret (sub)key and > passphrase are stored on disk or handled by programs like > gpg-agent. The only signing time that I have is entering my passphrase. It would be even more work for me to create the system you suggest as my main PC is running XP and not Linux. What I am doing is completely valid. Many people complain about broken MUA's, specifically Outlook and Outlook Express, but where these two products handle S/MIME well many OSS MUA's don't. Consider it my way of pointing this out. Long live OSS. ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/YHPD6QPtAqft/S8RApDNAKD0tgXQFyFTIWfMZTj1SCFzog65xQCgj44i zbnBSgoIlZ8g8w9vuVHUC7U= =Jc0j -----END PGP SIGNATURE----- From dlc@users.sourceforge.net Thu Sep 11 19:37:02 2003 From: dlc@users.sourceforge.net (darren chamberlain) Date: Thu Sep 11 18:37:02 2003 Subject: (1) BAD signature and (2) auto SHA1 In-Reply-To: <20030910175732.D26616@lifebook> References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> <20030910175732.D26616@lifebook> Message-ID: <20030911163756.GB1254@boston.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * DIG [2003-09-11 08:50]: > Now I use a semiautomatic solution. I just added next two lines: > > macro index \Cv "|gpg --verify\n" 'verify in-line PGP signature' > macro pager \Cv "|gpg --verify\n" 'verify in-line PGP signature' > > ... to my muttrc file. And to verify somebody's in-line signature, I just press [Ctrl-V]. More recent versions of mutt have this builtin, via the command, bound to p by default. This is probably what you want. (darren) - -- Distrust any endeavor requiring an alarm clock. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: This message is digitally signed and can be verified for authenticity. iD8DBQE/YKTkzsinjrVhZaoRAocPAJ0SRTBJLzGk644EthxzAb9EeuOWegCeO8ya uNi7Ud4FGomdB+8ber7j4A0= =vYeA -----END PGP SIGNATURE----- From gibbelwurst@yahoo.de Thu Sep 11 19:39:02 2003 From: gibbelwurst@yahoo.de (=?iso-8859-1?q?Ronald=20Friedrichs?=) Date: Thu Sep 11 18:39:02 2003 Subject: Different uids with different trusts? Message-ID: <20030911164007.49034.qmail@web40907.mail.yahoo.com> Hi, I'm using GnuPG 1.2.3 (from Debian unstable) and have the following problem: Person A has two uids (let's say foo@a and bar@a) in his key, from which person B signed one (e.g. before person A added the second uid, let's say person B's signature is on uid foo@a). If person B now wants to encrypt to foo@a using gpg -e -r foo@a everything wents smooth, but as soon as person B tries to encrypt to bar@a using gpg -e -r bar@a he gets "There is no indication that this key really belongs to the owner". Why is this so? Person A has self-signatures on his uids and the key of A is signed by B, so why is the second uid not trusted? The situation doesn't change, if person B sets the owner-trust level of A's key to "full". Tia, Ronald __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de From dshaw@jabberwocky.com Thu Sep 11 20:14:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Sep 11 19:14:02 2003 Subject: Different uids with different trusts? In-Reply-To: <20030911164007.49034.qmail@web40907.mail.yahoo.com> References: <20030911164007.49034.qmail@web40907.mail.yahoo.com> Message-ID: <20030911171520.GB14932@jabberwocky.com> On Thu, Sep 11, 2003 at 06:40:07PM +0200, Ronald Friedrichs wrote: > Hi, > > I'm using GnuPG 1.2.3 (from Debian unstable) and have > the following problem: > > Person A has two uids (let's say foo@a and bar@a) in > his key, from which person B signed one (e.g. before > person A added the second uid, let's say person B's > signature is on uid foo@a). If person B now wants to > encrypt to foo@a using > > gpg -e -r foo@a > > everything wents smooth, but as soon as person B tries > to encrypt to bar@a using > > gpg -e -r bar@a > > he gets "There is no indication that this key really > belongs to the owner". > > Why is this so? Person A has self-signatures on his > uids and the key of A is signed by B, so why is the > second uid not trusted? It shouldn't be trusted. B signed foo@a, not bar@a. They're not the same, even though they may reside on the same key. This prevents (among other things) this attack: 1) Trent creates a key, and gets it signed by Charlie. 2) Baker trusts Charlie, so therefore believes that Trent's key is valid. 3) Trent then adds a new user ID "Alice". 4) Baker wants to encrypt to "Alice", but which key to use? They both appear valid. The right thing to happen is for the real Alice to be valid, but Trent's fake Alice to be invalid. David From linux@codehelp.co.uk Thu Sep 11 20:49:01 2003 From: linux@codehelp.co.uk (Neil Williams) Date: Thu Sep 11 19:49:01 2003 Subject: Can't verify Thawte S/MIME message (was: decrypt PGP 8 msg) In-Reply-To: <3F5FD046.7020306@esmiley.net> References: <20030910175820.E26616@lifebook> <3F5FD046.7020306@esmiley.net> Message-ID: <200309111852.46109.linux@codehelp.co.uk> --Boundary-02=_tZLY/gNQKnSjpHc Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Thursday 11 Sep 2003 2:30 am, Eugene Smiley wrote: > > But I do not know what to do with his second part. Nothing much - unless you also seek out a Thawte certificate or build anoth= er=20 plugin from source. > >> Yet it doesn't verify as S/MIME - it comes up as unknown mime > >> type in KMail. The block is also VERY long (4.7kb), more like an > >> attached public key rather than a signature? (yet it lacks the > >> BEGIN/END PGP KEYBLOCK lines or comments). gpg complains of a > >> lack of OpenPGP data when the block is saved as a file. > > I discussed this with Neil off-list and his assesment, correct me if I > am wrong Neil, is that it has to do with the Kmail plugins. Maybe one It does. The KMail cryptplug/gpgme-openpgp.so plugin, under a default build= ,=20 can't understand the Thawte portion. There's a second plugin that can be=20 built from the same source via the Aegypten project: Thawte offers X509 S/MIME certificates. Here's a step-by-step HOWTO that I= =20 used to get my Thawte certificate into GPGSM:=20 http://www.gnupg.org/aegypten/development.en.html Aegypten provide a tool that links the X509 into GPG - GPGSM http://www.gnupg.org/(en)/index.html Project Aegypten provides Sphinx-Clients (Mutt, KMail, ...) compatible to=20 S/MIME within a GnuPG framework. Within this project a few new tools have=20 been developed, most notably "gpgsm" as the S/MIME counterpart of "gpg". > of these days, I'll venture over to the Kmail site like he suggested. It's more of a GnuPG issue than KMail - a case of building a second plugin= =20 from source to go alonside gpgme-openpgp.so: http://www.gnupg.org/aegypten/development.en.html In the Cryptography section, add the Plug-In=20 /some/where/lib/cryptplug/gpgme-smime.so for S/MIME=20 and/or /some/where/lib/cryptplug/gpgme-openpgp.so for OpenPGP > Ah, well I correspond with some users who use S/MIME and some who use > PGP/GPG. I'm just too lazy to remember to switch back and forth > between the two when I can do both. ;) Similar. Eugene is the only person I have come across who uses Thawte and=20 OpenPGP - other users of Thawte tend to show up as 'unknown key - key not=20 available'. I might get around to it one day . . . . . =2D-=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk http://www.dclug.org.uk http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 --Boundary-02=_tZLY/gNQKnSjpHc Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/YLZtiAEJSii8s+MRAlAfAKD1/rlGjVSHUfQ3EJN/hnbghdgYOwCgh7L9 FVm9zTqH+eGl5Ad719NHjdI= =IrKv -----END PGP SIGNATURE----- --Boundary-02=_tZLY/gNQKnSjpHc-- From Todd Thu Sep 11 21:16:03 2003 From: Todd (Todd) Date: Thu Sep 11 20:16:03 2003 Subject: (1) BAD signature and (2) auto SHA1 In-Reply-To: <20030911163756.GB1254@boston.com> References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> <20030910175732.D26616@lifebook> <20030911163756.GB1254@boston.com> Message-ID: <20030911181720.GF25337@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 darren chamberlain wrote: > More recent versions of mutt have this builtin, via the > command, bound to p by default. This is > probably what you want. Just a minor clarification, but it's P. A lower case p will get you the previous subthread instead of the pgp check. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ============================================================================ Facts do not cease to exist because they are ignored. -- Aldous Huxley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE/YLwwuv+09NZUB1oRAvkJAJ9rmlqp6PhdUD7Pa9Bkmcq0g767GwCgwA0Y 6lFPHcLkfwDjGyztlqSrLXg= =Wu7/ -----END PGP SIGNATURE----- From jharris@widomaker.com Thu Sep 11 21:25:05 2003 From: jharris@widomaker.com (Jason Harris) Date: Thu Sep 11 20:25:05 2003 Subject: Can't verify Thawte S/MIME message (was: decrypt PGP 8 msg) In-Reply-To: <200309111852.46109.linux@codehelp.co.uk> References: <20030910175820.E26616@lifebook> <3F5FD046.7020306@esmiley.net> <200309111852.46109.linux@codehelp.co.uk> Message-ID: <20030911182630.GR4380@pm1.ric-08.lft.widomaker.com> --pB0laUf5g0yMYqsH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 11, 2003 at 06:52:41PM +0100, Neil Williams wrote: > Similar. Eugene is the only person I have come across who uses Thawte and= =20 > OpenPGP - other users of Thawte tend to show up as 'unknown key - key not= =20 > available'. I might get around to it one day . . . . . Is that because their certificates aren't encoded in their signatures, or because you lack all the Thawte root certificates? If the former, is there a way to search for the certificates of others at Thawte? (Yes, I know you can retrieve your own by logging in.) If the latter, I have a new page on CAs that links to their root certificates: http://keyserver.kjsl.com/~jharris/ca/index.html http://keyserver.kjsl.com/~jharris/ca/index.html.asc --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --pB0laUf5g0yMYqsH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/YL5VSypIl9OdoOMRAhzjAKCh7Cpap10zcSiEWAJP6b2q7KpOfwCgy/Kd xsClWNnp1jm8q+O+q6rCtJU= =x1AI -----END PGP SIGNATURE----- --pB0laUf5g0yMYqsH-- From gibbelwurst@yahoo.de Thu Sep 11 21:45:01 2003 From: gibbelwurst@yahoo.de (=?iso-8859-1?q?Ronald=20Friedrichs?=) Date: Thu Sep 11 20:45:01 2003 Subject: Different uids with different trusts? In-Reply-To: <20030911171520.GB14932@jabberwocky.com> Message-ID: <20030911184557.34623.qmail@web40904.mail.yahoo.com> --- David Shaw schrieb: > On Thu, Sep 11, 2003 at 06:40:07PM +0200, Ronald > > Why is this so? Person A has self-signatures on > > his uids and the key of A is signed by B, > > so why is the second uid not trusted? > > It shouldn't be trusted. B signed foo@a, not bar@a. > They're not the same, even though they may reside on > the same key. Ok, but let's say B sets the owner-trust of A to "full". This means B trusts A to sign only uids which are correct. But then, B automatically has to accept bar@a as valid, because this uid is (self-)signed by A. (?!) > This prevents > (among other things) this attack: > > 1) Trent creates a key, and gets it signed by > Charlie. > 2) Baker trusts Charlie, so therefore believes that > Trent's key is valid. > 3) Trent then adds a new user ID "Alice". > 4) Baker wants to encrypt to "Alice", but which key > to use? They both appear valid. With full owner-trust in Trent, they are indeed both valid for Baker. (Or, if Baker trust Trent more than Alice, the key of Trent is even more valid.) And I would consider this the right behaviour with such a owner-trust setting -- but gpg doesn't. Ronald > The right thing to happen is for the real Alice to > be valid, but Trent's fake Alice to be invalid. __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de From wk@gnupg.org Thu Sep 11 21:58:01 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Sep 11 20:58:01 2003 Subject: Can't verify Thawte S/MIME message In-Reply-To: <20030911182630.GR4380@pm1.ric-08.lft.widomaker.com> (Jason Harris's message of "Thu, 11 Sep 2003 14:26:30 -0400") References: <20030910175820.E26616@lifebook> <3F5FD046.7020306@esmiley.net> <200309111852.46109.linux@codehelp.co.uk> <20030911182630.GR4380@pm1.ric-08.lft.widomaker.com> Message-ID: <87he3jjgoj.fsf@alberti.g10code.de> On Thu, 11 Sep 2003 14:26:30 -0400, Jason Harris said: > Is that because their certificates aren't encoded in their signatures, > or because you lack all the Thawte root certificates? If the former, is IIRC, this is due to a lack of the authorityKeyIdentifier and that gpgsm currently assumes that there is only one root CA certificate with a given Issuer Name - its on my todo list to check all available root certs. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From dshaw@jabberwocky.com Thu Sep 11 21:58:04 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Sep 11 20:58:04 2003 Subject: Different uids with different trusts? In-Reply-To: <20030911184557.34623.qmail@web40904.mail.yahoo.com> References: <20030911171520.GB14932@jabberwocky.com> <20030911184557.34623.qmail@web40904.mail.yahoo.com> Message-ID: <20030911185917.GC14932@jabberwocky.com> On Thu, Sep 11, 2003 at 08:45:57PM +0200, Ronald Friedrichs wrote: > --- David Shaw schrieb: > On > Thu, Sep 11, 2003 at 06:40:07PM +0200, Ronald > > > Why is this so? Person A has self-signatures on > > > his uids and the key of A is signed by B, > > > so why is the second uid not trusted? > > > > It shouldn't be trusted. B signed foo@a, not bar@a. > > They're not the same, even though they may reside on > > > the same key. > > Ok, but let's say B sets the owner-trust of A to > "full". This means B trusts A to sign only uids which > are correct. But then, B automatically has to accept > bar@a as valid, because this uid is (self-)signed by > A. (?!) It doesn't work that way. Self-signatures do not count in the web of trust. > > This prevents > > (among other things) this attack: > > > > 1) Trent creates a key, and gets it signed by > > Charlie. > > 2) Baker trusts Charlie, so therefore believes that > > Trent's key is valid. > > 3) Trent then adds a new user ID "Alice". > > 4) Baker wants to encrypt to "Alice", but which key > > to use? They both appear valid. > > With full owner-trust in Trent, they are indeed both > valid for Baker. (Or, if Baker trust Trent more than > Alice, the key of Trent is even more valid.) And I > would consider this the right behaviour with such a > owner-trust setting -- but gpg doesn't. Neither does PGP, because that just not how the web of trust works. If it worked the way you describe, then it would be open to trivial spoofing attacks. David From ingo.kloecker@epost.de Thu Sep 11 23:55:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu Sep 11 22:55:02 2003 Subject: Can't decrypt PGP 8 msg In-Reply-To: <20030910212836.B2097@lifebook> References: <3F5FD046.7020306@esmiley.net> <20030910212836.B2097@lifebook> Message-ID: <200309112255.52906@erwin.ingo-kloecker.de> --Boundary-02=_YFOY/x7eqJ1FbVU Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Thursday 11 September 2003 04:28, DIG wrote: > Wed, Sep 10, 2003 at 09:30:46PM -0400 Eugene Smiley wrote: > > I discussed this with Neil off-list and his assesment, correct me > > if I am wrong Neil, is that it has to do with the Kmail plugins. > > Maybe one of these days, I'll venture over to the Kmail site like > > he suggested. > > OK, so it is probably of no use for me (mutt user). As mutt user this might be interesting for you (S/MIME support in mutt): http://lists.gnupg.org/pipermail/gpa-dev/2003-September/001452.html The cool thing is that the crypto plugins work with KMail and with mutt. Regards, Ingo --Boundary-02=_YFOY/x7eqJ1FbVU Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQA/YOFYGnR+RTDgudgRAo4oAKCMFyPvKmAS0vBLNm7or/2We+JeywCggle/ dwCqTzRGHznTbMuwCxlb/Po= =EvtU -----END PGP SIGNATURE----- --Boundary-02=_YFOY/x7eqJ1FbVU-- From dlc@users.sourceforge.net Fri Sep 12 00:57:03 2003 From: dlc@users.sourceforge.net (darren chamberlain) Date: Thu Sep 11 23:57:03 2003 Subject: (1) BAD signature and (2) auto SHA1 In-Reply-To: <20030911181720.GF25337@psilocybe.teonanacatl.org> References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> <20030910175732.D26616@lifebook> <20030911163756.GB1254@boston.com> <20030911181720.GF25337@psilocybe.teonanacatl.org> Message-ID: <68028e42b9019e34f3b273122e3403b927b93fc2@tumbleweed.boston.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Todd [2003-09-11 14:21]: > darren chamberlain wrote: > > More recent versions of mutt have this builtin, via the > > command, bound to p by default. This is > > probably what you want. > > Just a minor clarification, but it's P. A lower case p will get you > the previous subthread instead of the pgp check. True, my bad. Stupid over-customized configs... ;) (darren) - -- The Feynman Problem Solving Algorithm: 1) Write down the problem. 2) Think real hard. 3) Write down the answer. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: This message is digitally signed and can be verified for authenticity. iD8DBQE/YO/dzsinjrVhZaoRApuYAKCDATtOCdiRcKwsiNAEW8oQmnJ4BgCfbNLk 4YVpiN2IYMXY0FYOBTRWUzM= =+XTr -----END PGP SIGNATURE----- From rene@clerc.nl Fri Sep 12 03:12:02 2003 From: rene@clerc.nl (=?iso-8859-1?Q?Ren=E9?= Clerc) Date: Fri Sep 12 02:12:02 2003 Subject: (1) BAD signature and (2) auto SHA1 In-Reply-To: <20030910175732.D26616@lifebook> References: <20030802042103.H21368@lifebook> <20030804155050.GA31169@longshot.toehold.com> <20030910175732.D26616@lifebook> Message-ID: <20030912001326.GN28925@clerc.nl> --7lMq7vMTJT4tNk0a Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * DIG [11-09-2003 01:18]: > > In Mutt, the easiest way might be to pipe the message to gpg and witness > > the output. Type this: > >=20 > > |gpg --verify > >=20 > > It'll tell you if the signature is good. In newer versions of Mutt, you > > can do "escape P", and it will check the message for in-line PGP like t= he > > above and treat it accordingly. > >=20 > > Neither of those is automatic, though. >=20 > Thanks for the tip, Kyle.=20 >=20 > Now I use a semiautomatic solution. I just added next two lines: >=20 > macro index \Cv "|gpg --verify\n" 'verify in-line PGP signature' > macro pager \Cv "|gpg --verify\n" 'verify in-line PGP signature' >=20 > ... to my muttrc file. And to verify somebody's in-line signature, I > just press [Ctrl-V].=20 For what it's worth, Derek Martin has written a patch for mutt that makes mutt automatically verifiy inline signed messages.. --=20 Ren=E9 Clerc - (rene@clerc.nl) 171. I will not locate a base in a volcano, cave, or any other location where it would be ridiculously easy to bypass security by rapelling down from above. -"Peter Anspach's list of things to do as an Evil Overlord" --7lMq7vMTJT4tNk0a Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/YQ+lwja9HprOCscRAq00AJ0XZcofFgIvwpdRicHsPNd2ZQ2DlgCgq1rG BMW5cm7Z4STEq4/5Uc9pmxQ= =Mon5 -----END PGP SIGNATURE----- --7lMq7vMTJT4tNk0a-- From g-r-v@interia.pl Fri Sep 12 12:11:02 2003 From: g-r-v@interia.pl (Robert Golovniov) Date: Fri Sep 12 11:11:02 2003 Subject: Compiling 1.9.1 under Cygwin Message-ID: <6119335031.20030911134650@interia.pl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Could anybody give me a detailed instruction on how to compile GnuPG 1.9.1 under Cygwin (including all dependancies and links to them)? Thank you! - -- -=Robert & Beata Golovniov | Lviv, Ukraine=- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mailto:golovniov@interia.pl?subject=PGP%20Key&Body=Embedded%20key mailto:golovniov@interia.pl?subject=GPG%20Key&Body=Attached%20key ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Raise your eyes high up and see. Who has created these things?" (Isaiah 40:26) -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.0.2 iQA/AwUBP2BSk9AOjkW8G0oKEQL6nwCgjq/uNvsapktiFh3LUVIJUA42ACQAoIdN GKt0J61kQ92WfuQ5Sm/SVK1f =Ve8V -----END PGP SIGNATURE----- From wk@gnupg.org Fri Sep 12 13:48:02 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Sep 12 12:48:02 2003 Subject: Compiling 1.9.1 under Cygwin In-Reply-To: <6119335031.20030911134650@interia.pl> (Robert Golovniov's message of "Thu, 11 Sep 2003 13:46:50 +0300") References: <6119335031.20030911134650@interia.pl> Message-ID: <87vfryi8q9.fsf@alberti.g10code.de> On Thu, 11 Sep 2003 13:46:50 +0300, Robert Golovniov said: > Could anybody give me a detailed instruction on how to compile GnuPG > 1.9.1 under Cygwin (including all dependancies and links to them)? I have severe doubts that this will work. gpg 1.9 does currently only work on GNU/Linux and possible *BSD systems. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From taw27@cam.ac.uk Fri Sep 12 17:36:01 2003 From: taw27@cam.ac.uk (Thomas White) Date: Fri Sep 12 16:36:01 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030905025458.GA3369@benfinney.id.au> References: <20030903165137.GJ14663@mimar.dyndns.org> <20030905025458.GA3369@benfinney.id.au> Message-ID: <20030912153718.14139858.taw27@cam.ac.uk> --=.p(Tv1Nz4jbhqoc Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit Ben Finney wrote: > On 03-Sep-2003, Chris Niekel wrote: > > > When I sent an unsigned message, the text gets displayed, but when I > > send a signed message, see sees an empty body, with two attachments. > > The mail is sent as a MIME "multipart/signed" message, which is a > valid MIME message type. The message body is "Content-Type: > text/plain" and the signature is "Content-Type: > application/pgp-signature". > > Every part of this is "Content-Disposition: inline", signalling that > the content, if understood, should be shown inline (not as an > attachment). I notice that Sylpheed does not declare the overall "multipart/signed" component as "inline", only the "text/plain" part. Is this incorrect behaviour? Does this cause any problems that would not have existed had the additional Inline declaration been there? Tom -- Thomas White Downing College Cambridge GPG: D8834197 9749 7C8A 037D F867 9F38 F7C0 2314 8F97 D883 4197 --=.p(Tv1Nz4jbhqoc Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/YdohIxSPl9iDQZcRAvR1AJ9hSLu7BL0Cek5XUuK0vznKaEhOngCeOL4i RGTPbVUnevVtIMXByWMzoiw= =CZgN -----END PGP SIGNATURE----- --=.p(Tv1Nz4jbhqoc-- From eugene@esmiley.net Fri Sep 12 20:09:02 2003 From: eugene@esmiley.net (Eugene Smiley) Date: Fri Sep 12 19:09:02 2003 Subject: Can't decrypt PGP 8 msg In-Reply-To: <3F6073C5.6010401@esmiley.net> References: <40406c23f53863562cd09e53df6bc395@remailer.metacolo.com> <3F6073C5.6010401@esmiley.net> Message-ID: <3F61FDFF.9080507@esmiley.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eugene Smiley wrote: > Ah, well I correspond with some users who use S/MIME and some who > use PGP/GPG. I'm just too lazy to remember to switch back and forth > between the two when I can do both. ;) Then someone goes and posts the message below to pgp-users@cryptorights.org about the CryptoEx plug-ins that manage the signing process under MS Outlook or Lotus Notes. Un/forunately I am done with Outlook and Notes. ;) I just need to get this put in as a feature request for Mozilla... > Glueck & Kanja is very pleased to announce a new technology based > on the OpenPGP and S/MIME standards. To make a long story short: By > converting PGP key material into X.509 and vice versa we are able > to offer E-mail encryption for both standards based on a single > smartcard or keyring within one application. But instead of the > proprietary X.509 usage used by other vendors we offer the complete > compliance to the openpgp standard by using PGP keys for PGP > encryption and X.509 certificates for S/MIME encryption. > > We are posting these news to the PGP Users List because we would > like to start a discussion about this approach and because we are > looking for corporations wanting to take part in an early bird > program. Here are the first few paragraphs of the press release: > > Universal Encryption Technology CryptoEx enables PGP and S/MIME for > Windows 2003 PKI and Smartcards > > Offenbach, September 10th, 2003 - The CryptoEx Software Package for > Microsoft Outlook and Lotus Notes is the number one e-mail > encryption for several hundred thousand clients in enterprise > deployments at AUDI, Siemens and other leading companies worldwide. > The next-generation technology now available with the CryptoEx > Client Platform v3 enables the use of the PGP(tm) and S/MIME > encryption standards without requiring a PGP(tm) key > infrastructure. The revolutionary CryptoEx v3 Kernel is able to > convert X.509 private key material on smartcards or tokens (or even > stored in the Microsoft Windows certificate store) into PGP key > pairs and vice versa. > > A possible deployment could be a standard Microsoft PKI based on > the Windows 2000 or 2003 Certificate Authority, Active Directory > and Windows on the desktop. Simply by installing the CryptoEx > Client the user is able to generate a PGP(tm) keypair from the > X.509 key material and to use both technologies for sending and > receiving PGP(tm) and S/MIME messages. The user interface > encapsulates the complex encryption system in an easy-to-use GUI - > the user does not even need to know anything about PGP(tm) or > S/MIME. > > Based on the local key conversion, the CryptoEx Enterprise > Keyserver offers a trusted PGP(tm) and X.509 certificate to the > communication partners carrying out an advanced key comparison on > the server. This enables the communication with GnuPG, PGP(tm) and > all kinds of S/MIME clients. > > More Information: http://www.cryptoex.com/newsletter and > http://www.cryptoex.com > > ### > > Glueck & Kanja Technology AG, located in Offenbach am Main/Germany, > is manufacturer of applications for encryption and digital > signature. The corporation is a member of the Glueck & Kanja group, > which was founded in 1990. The product range CryptoEx, which has > won several international awards, is widely used by large > enterprises such as Audi and Siemens. > > =================================================================== > glueck & kanja technology ag christian-pless-strasse 11-13, > d-63069 offenbach, germany phone +49 69 800706 0, fax +49 69 800706 > 66 web http://www.cryptoex.com > =================================================================== > use strong cryptography to protect your e-mails! > =================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/Yf376QPtAqft/S8RAvXlAJoCX6of3Mw67ctDrcbQ+YSnqM7JfACeNtin ysT+BU0Am+a9Hygx+CiNgY8= =AGET -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Sat Sep 13 15:40:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Sep 13 14:40:01 2003 Subject: Can't decrypt PGP 8 msg In-Reply-To: <3F61FDFF.9080507@esmiley.net> References: <40406c23f53863562cd09e53df6bc395@remailer.metacolo.com> <3F6073C5.6010401@esmiley.net> <3F61FDFF.9080507@esmiley.net> Message-ID: <20030913124117.GA5269@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Sep 12, 2003 at 01:10:23PM -0400, Eugene Smiley wrote: > Eugene Smiley wrote: > > Ah, well I correspond with some users who use S/MIME and some who > > use PGP/GPG. I'm just too lazy to remember to switch back and forth > > between the two when I can do both. ;) > > Then someone goes and posts the message below to > pgp-users@cryptorights.org about the CryptoEx plug-ins that manage the > signing process under MS Outlook or Lotus Notes. Un/forunately I am > done with Outlook and Notes. ;) CryptoEx, historically, has not followed the OpenPGP spec particularly well. I wonder if they've fixed that yet. No matter what hash algorithm was really used in clearsigning, CryptoEx labels it as "MD5" which breaks verification. It also encrypts to sign-only keys... David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9jEG0qGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJNG8AoOM7fSzJc9yxbrfC652IIuYByPkZAJwP 9QqPzIknI3dNNfq9/e7fZPEvow== =zYGZ -----END PGP SIGNATURE----- From wk@gnupg.org Sun Sep 14 20:18:02 2003 From: wk@gnupg.org (Werner Koch) Date: Sun Sep 14 19:18:02 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030912153718.14139858.taw27@cam.ac.uk> (Thomas White's message of "Fri, 12 Sep 2003 15:37:18 +0100") References: <20030903165137.GJ14663@mimar.dyndns.org> <20030905025458.GA3369@benfinney.id.au> <20030912153718.14139858.taw27@cam.ac.uk> Message-ID: <87fzizffyq.fsf@alberti.g10code.de> On Fri, 12 Sep 2003 15:37:18 +0100, Thomas White said: > I notice that Sylpheed does not declare the overall "multipart/signed" > component as "inline", only the "text/plain" part. Is this incorrect > behaviour? Does this cause any problems that would not have existed had Yes, becuase it can't know whether the next part is actually suitable for inlining: The multipart/signed body MUST consist of exactly two parts. The first part contains the signed data in MIME canonical format, including a set of appropriate content headers describing the data. The first part itself may be an image, audio, multipart/encrypted or even multipart/signed again. Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From Robin Lynn Frank Sun Sep 14 20:32:02 2003 From: Robin Lynn Frank (Robin Lynn Frank) Date: Sun Sep 14 19:32:02 2003 Subject: Slightly OT: what pgp app generates this? Message-ID: <200309141033.05681.rlfrank@paradigm-omega.com> --Boundary-02=_RZKZ/uQ6wX0Z5sg Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline Sorry for the OT post, but I figured this was the place someone would know = the=20 answer. I am configuring my MTA to allow pgp/gpg signed and encrypted mail= =20 through regardless of other restrictions and I thought I covered all the=20 header & mime types, but I spotted this in the logs and wanted to know what= =20 generated it. Content-Type: application/pgp-signature;? name=3D"00000000.mime... TIA =2D-=20 Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Email acceptance policy: http://paradigm-omega.com/email_policy.html Our current s$p%a&m-t*r#a^p: twinky@paradigm-omega.dnsalias.net --Boundary-02=_RZKZ/uQ6wX0Z5sg Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/ZKZRzXwq4t8X1KoRAjZbAJ4t0N5me7aeL5u50FyQyQiNjN5SOwCeLFE+ efWrKa+9xnW0ORu9dbKOSYs= =IKIi -----END PGP SIGNATURE----- --Boundary-02=_RZKZ/uQ6wX0Z5sg-- From taw27@cam.ac.uk Sun Sep 14 21:25:01 2003 From: taw27@cam.ac.uk (Thomas White) Date: Sun Sep 14 20:25:01 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <87fzizffyq.fsf@alberti.g10code.de> References: <20030903165137.GJ14663@mimar.dyndns.org> <20030905025458.GA3369@benfinney.id.au> <20030912153718.14139858.taw27@cam.ac.uk> <87fzizffyq.fsf@alberti.g10code.de> Message-ID: <20030914192625.73ba2cac.taw27@cam.ac.uk> --=.ATrEbyFnTbXseW Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit Werner Koch wrote: > On Fri, 12 Sep 2003 15:37:18 +0100, Thomas White said: > > > I notice that Sylpheed does not declare the overall > > "multipart/signed" component as "inline", only the "text/plain" > > part. Is this incorrect behaviour? Does this cause any problems > > that would not have existed had > > Yes, becuase it can't know whether the next part is actually suitable > for inlining: I've written a (trivial) patch which adds this header for Sylpheed. It's posted to the Sylpheed mailing list and I'll forward it to anyone interested. I also notice that KMail (1.5) doesn't appear to generate the inline header. Should that be fixed too? Is it required that the Content-Disposition header immediately follows the Content-Type header? At least one of my mailing lists seems to be rearranging these headers. Thanks, Tom -- Thomas White Downing College Cambridge GPG: D8834197 9749 7C8A 037D F867 9F38 F7C0 2314 8F97 D883 4197 --=.ATrEbyFnTbXseW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/ZLLeIxSPl9iDQZcRAi+FAKCG2UjKj4nX/ATPXul+0r0v3Im3EQCfSbPx c9Wy22FUh/eWAVrqs8LtNSU= =QFAU -----END PGP SIGNATURE----- --=.ATrEbyFnTbXseW-- From taw27@cam.ac.uk Sun Sep 14 21:44:02 2003 From: taw27@cam.ac.uk (Thomas White) Date: Sun Sep 14 20:44:02 2003 Subject: Slightly OT: what pgp app generates this? In-Reply-To: <200309141033.05681.rlfrank@paradigm-omega.com> References: <200309141033.05681.rlfrank@paradigm-omega.com> Message-ID: <20030914194558.3f568327.taw27@cam.ac.uk> --=.AgWfmoPq67c84_ Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit Robin Lynn Frank wrote: > I spotted this in the logs and wanted to know what generated it. > > Content-Type: application/pgp-signature;? name="00000000.mime... I've seen this kind of output with Sylpheed when I accidentally sign the message twice, by storing an outgoing message for later sending and then re-editing it. If it's any help, I'll send you an example message. Tom -- Thomas White Downing College Cambridge GPG: D8834197 9749 7C8A 037D F867 9F38 F7C0 2314 8F97 D883 4197 --=.AgWfmoPq67c84_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/ZLdpIxSPl9iDQZcRAk3vAJ9DVdHKdv5u850D1alEfWRJWxUuWwCffyu3 elVqlApsT0O2UC0DE8qSwu0= =O8ZW -----END PGP SIGNATURE----- --=.AgWfmoPq67c84_-- From Robin Lynn Frank Sun Sep 14 22:12:02 2003 From: Robin Lynn Frank (Robin Lynn Frank) Date: Sun Sep 14 21:12:02 2003 Subject: Slightly OT: what pgp app generates this? In-Reply-To: <20030914194558.3f568327.taw27@cam.ac.uk> References: <200309141033.05681.rlfrank@paradigm-omega.com> <20030914194558.3f568327.taw27@cam.ac.uk> Message-ID: <200309141212.49452.rlfrank@paradigm-omega.com> --Boundary-02=_x2LZ/AxR0XUpwxc Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Sunday 14 September 2003 11:45 am, Thomas White wrote: > Robin Lynn Frank wrote: > > I spotted this in the logs and wanted to know what generated it. > > > > Content-Type: application/pgp-signature;? name=3D"00000000.mime... > > I've seen this kind of output with Sylpheed when I accidentally sign the > message twice, by storing an outgoing message for later sending and then > re-editing it. If it's any help, I'll send you an example message. > > Tom Thanks. Not necessary. Just wanted to know if it was valid so I could=20 include it in my configuration. =2D-=20 Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Email acceptance policy: http://paradigm-omega.com/email_policy.html Our current s$p%a&m-t*r#a^p: twinky@paradigm-omega.dnsalias.net --Boundary-02=_x2LZ/AxR0XUpwxc Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/ZL2xzXwq4t8X1KoRArvUAJoDOAJKMxwwiop+6QvAWWG1uB8FWgCfcW16 zchMO0DDa4FJpEABvdOa6kg= =XZ2i -----END PGP SIGNATURE----- --Boundary-02=_x2LZ/AxR0XUpwxc-- From maschoch@compuserve.com Mon Sep 15 08:50:02 2003 From: maschoch@compuserve.com (Martin Schoch) Date: Mon Sep 15 07:50:02 2003 Subject: OT: SPAM in this list? Message-ID: <615312148.20030915075132@compuserve.com> Hi, I know it's OT - but how it comes that we get SPAM in this mailing list? -- Regards, Martin maschoch@compuserve.com From wk@gnupg.org Mon Sep 15 11:03:02 2003 From: wk@gnupg.org (Werner Koch) Date: Mon Sep 15 10:03:02 2003 Subject: OT: SPAM in this list? In-Reply-To: <615312148.20030915075132@compuserve.com> (Martin Schoch's message of "Mon, 15 Sep 2003 07:51:32 +0200") References: <615312148.20030915075132@compuserve.com> Message-ID: <87n0d6eatr.fsf@alberti.g10code.de> On Mon, 15 Sep 2003 07:51:32 +0200, Martin Schoch said: > I know it's OT - but how it comes that we get SPAM in this mailing > list? I am not aware of any spam since we switch to a subscriber only posting policy with moderator approval of non-subscriber postings. Possible reasons vor Spam are: * Moderator hits the wrong button (approve instead of discard) A * subscriber or a little undercover gadget is silly enough to send spam * Spam with faked From of a subscriber is send to this list - not _yet_ noticed. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk@gnupg.org Mon Sep 15 11:08:01 2003 From: wk@gnupg.org (Werner Koch) Date: Mon Sep 15 10:08:01 2003 Subject: Outlook express messes up when it receives gpg-signed mail? In-Reply-To: <20030914192625.73ba2cac.taw27@cam.ac.uk> (Thomas White's message of "Sun, 14 Sep 2003 19:26:25 +0100") References: <20030903165137.GJ14663@mimar.dyndns.org> <20030905025458.GA3369@benfinney.id.au> <20030912153718.14139858.taw27@cam.ac.uk> <87fzizffyq.fsf@alberti.g10code.de> <20030914192625.73ba2cac.taw27@cam.ac.uk> Message-ID: <87isnueanl.fsf@alberti.g10code.de> On Sun, 14 Sep 2003 19:26:25 +0100, Thomas White said: > I've written a (trivial) patch which adds this header for Sylpheed. > It's posted to the Sylpheed mailing list and I'll forward it to anyone As said, this is not of any use. > I also notice that KMail (1.5) doesn't appear to generate the inline > header. Should that be fixed too? No. > Is it required that the Content-Disposition header immediately follows > the Content-Type header? At least one of my mailing lists seems to be > rearranging these headers. With the exception of the Received headers, no special ordering of headers is required. Rearranging is allowed but in general not a good practice. Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From debug Mon Sep 15 11:14:01 2003 From: debug (DeBug) Date: Mon Sep 15 10:14:01 2003 Subject: Re[2]: OT: SPAM in this list? In-Reply-To: <87n0d6eatr.fsf@alberti.g10code.de> References: <615312148.20030915075132@compuserve.com> <87n0d6eatr.fsf@alberti.g10code.de> Message-ID: <1896494732.20030915111635@centras.lt> >> I know it's OT - but how it comes that we get SPAM in this mailing >> list? WK> * Spam with faked From of a subscriber is send to this list WK> - not _yet_ noticed. That is most likely reason. I constantly get reply mails from anti-virus software noticing me that in letters i sent to the appropriate recipients there was a virus, meanwhile i never sent those messages i even did not know the recipients existed. As i figured out some of my friends (who have my email in their address book) got infected with sobig.f virus. The autentification of the sender becomes more and more urgent issue. From wk@gnupg.org Mon Sep 15 14:13:02 2003 From: wk@gnupg.org (Werner Koch) Date: Mon Sep 15 13:13:02 2003 Subject: OT: SPAM in this list? In-Reply-To: <1896494732.20030915111635@centras.lt> (debug@centras.lt's message of "Mon, 15 Sep 2003 11:16:35 +0300") References: <615312148.20030915075132@compuserve.com> <87n0d6eatr.fsf@alberti.g10code.de> <1896494732.20030915111635@centras.lt> Message-ID: <87r82icnik.fsf@alberti.g10code.de> On Mon, 15 Sep 2003 11:16:35 +0300, DeBug said: > address book) got infected with sobig.f virus. > The autentification of the sender becomes more and more urgent issue. Which won't help very long because the first trojan so send authenticated message will soon pop up. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From dshaw@jabberwocky.com Mon Sep 15 16:39:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Sep 15 15:39:02 2003 Subject: Can't decrypt PGP 8 msg In-Reply-To: <1ED7BFBAE5FE164B9AF47D5BE458ED3D124867@GUK1D002.glueckkanja.org> References: <1ED7BFBAE5FE164B9AF47D5BE458ED3D124867@GUK1D002.glueckkanja.org> Message-ID: <20030915134002.GA29771@jabberwocky.com> On Sat, Sep 13, 2003 at 04:43:47PM +0200, Christian Kanja wrote: > > hi david, > > "particularly well"... ;-). well, you're somehow right, we made a minor > mistake which was a major problem for gnupg - we did not label the > hash-algorithm and we used IDEA a little bit often. > > both is fixed in the new version of cryptoex. we do label the correct > hash and we do not use IDEA if not especialy preferred. and its worth a > look - i think with the new Outlook integration we made a major step > forward in usability for crypto applications. > > hope that these changes will help us working together with the > gnupg-community - we would really appreciate feedback if there are > issues in compatibility and we will try to fix these issues fast. > > best regards, > christian kanja > > ps: i am not sure if this mail will reach the mailing list because i am > not a member of this list. if not, i would appreciate if you forward my > answer. thanks! That is excellent news, and I am truly glad to hear it. Is there a demo version I could download and check out? I'd be happy to do a quick "smoke test" of CryptoEx <==> GnuPG compatibility. David From martin@stigge.org Mon Sep 15 19:46:02 2003 From: martin@stigge.org (Martin Stigge) Date: Mon Sep 15 18:46:02 2003 Subject: Older self signature not stripped Message-ID: <1063644446.1182.8.camel@monk> --=-HwAybsGsipzpAOYAa2nh Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, it happened that I have multiple self signatures on some of my uids: http://blackhole.pca.dfn.de:11371/pks/lookup?op=3Dvindex&search=3D0xD5CE4FE= 9 I read that gnupg automatically strips older self signatures when importing keys, but with gpg --recv-keys D5CE4FE9 gpg --list-sigs D5CE4FE9 this doesn't seem to apply to my key (gpg 1.2.3). Why? --=20 Martin Stigge martin@stigge.org --=-HwAybsGsipzpAOYAa2nh Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQA/Ze0eerrRlNXOT+kRApRDAJ9qBu65376ifGnKotoIOcNFoD7gZwCcC7vn PafRbryaNsEvNUoNKLcKp50= =Fbzh -----END PGP SIGNATURE----- --=-HwAybsGsipzpAOYAa2nh-- From Kyle Hasselbacher Mon Sep 15 20:02:02 2003 From: Kyle Hasselbacher (Kyle Hasselbacher) Date: Mon Sep 15 19:02:02 2003 Subject: OT: SPAM in this list? In-Reply-To: <87n0d6eatr.fsf@alberti.g10code.de> References: <615312148.20030915075132@compuserve.com> <87n0d6eatr.fsf@alberti.g10code.de> Message-ID: <20030915170307.GA11392@longshot.toehold.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Sep 15, 2003 at 10:05:04AM +0200, Werner Koch wrote: >On Mon, 15 Sep 2003 07:51:32 +0200, Martin Schoch said: > >> I know it's OT - but how it comes that we get SPAM in this mailing >> list? > >I am not aware of any spam since we switch to a subscriber only >posting policy with moderator approval of non-subscriber postings. I've gotten spam sent to the email address that I used to subscribe to the list. Because it was to the list address, procmail put it in with the other list mail. It looked as if it came through the list (by virtue of where I saw it) until I looked closely at the headers. Since this has happened on a couple of lists I'm on, I've updated my procmail filters to be more careful. I figure spammers could have gotten addresses in a few ways: * Subscribe to the list and look at the incoming mail. * Look at the web archive. * Use old newsgroup harvesting software and point it at a mail-to-news gateway. Here's the procmail recipe I'm using now: # GnuPG users mailing list :0 * ^Delivered-To: kyle-list-gpguser@toehold\.com * ^Sender: gnupg-users-admin@gnupg\.org * ^Precedence: bulk * ^Return-Path: $CRYPTOBOX In case the envelope sender ever changes, mail to the list address that doesn't get delivered by the above goes through spamassassin and gets sorted based on the results. When I start seeing list mail take that route, I know I need to update the above filter. Hope this helps. - -- Kyle Hasselbacher kyle@toehold.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/ZfDL10sofiqUxIQRAsldAKDU3860vaTK7ZFgWiumoE1bBeZ5IwCgiH+j 09tQBJyJ+XxVTl6qkX6j+KI= =I3zF -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Mon Sep 15 21:43:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Sep 15 20:43:02 2003 Subject: Older self signature not stripped In-Reply-To: <1063644446.1182.8.camel@monk> References: <1063644446.1182.8.camel@monk> Message-ID: <20030915184451.GC30642@jabberwocky.com> On Mon, Sep 15, 2003 at 06:47:26PM +0200, Martin Stigge wrote: > Hi, > > it happened that I have multiple self signatures on some of my uids: > > http://blackhole.pca.dfn.de:11371/pks/lookup?op=vindex&search=0xD5CE4FE9 > > I read that gnupg automatically strips older self signatures when > importing keys, but with > > gpg --recv-keys D5CE4FE9 > gpg --list-sigs D5CE4FE9 > > this doesn't seem to apply to my key (gpg 1.2.3). Why? GnuPG never actually stripped older self-signatures. What it did do was disard any about-to-be-imported self-signature that was older than an existing self-signature. It did not go back and remove the older one when importing a newer one. As of v1.2.3, GnuPG does not even do this any more. Enough people complained.. ;) David From robert.schiele@t-online.de Mon Sep 15 21:48:01 2003 From: robert.schiele@t-online.de (Robert Schiele) Date: Mon Sep 15 20:48:01 2003 Subject: OT: SPAM in this list? In-Reply-To: <20030915170307.GA11392@longshot.toehold.com> References: <615312148.20030915075132@compuserve.com> <87n0d6eatr.fsf@alberti.g10code.de> <20030915170307.GA11392@longshot.toehold.com> Message-ID: <20030915185003.GA18371@schiele.dyndns.org> --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 15, 2003 at 12:03:07PM -0500, Kyle Hasselbacher wrote: > Here's the procmail recipe I'm using now: >=20 > # GnuPG users mailing list > :0 > * ^Delivered-To: kyle-list-gpguser@toehold\.com > * ^Sender: gnupg-users-admin@gnupg\.org > * ^Precedence: bulk > * ^Return-Path: > $CRYPTOBOX You can match the List-Id tag by * ^List-Id:.* See RFC 2919 for more details. Robert --=20 Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/ZgnbxcDFxyGNGNcRAvBLAKCzQ82fLnEH/L3tpmucoIAHZHHrQwCg5a6r MkPSMHqYIn1gWt/05+BEsGY= =CGMS -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- From martin.bretschneider@gmx.de Mon Sep 15 22:04:01 2003 From: martin.bretschneider@gmx.de (Martin Bretschneider) Date: Mon Sep 15 21:04:01 2003 Subject: notion conventions: OpenPGP, PGP/MIME, ASCII Armor, inline, embedded Message-ID: --=.,UZ9L)vGclZshT Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi, I'm a bit confused about the notions in the GnuPG environment: Up to now I thought that there are two main methods how OpenPGP can be used in muas: The old ASCII Armor method that has the PGP header in the body of the email and the newer one PGP/MIME method that puts the signature in an MIME-attachment (RFC 2015 and RFC 3156). But today Alexander Zangerl, the author of kuvert, a outbound filter that does OpenPGP actions on outgoing mai, told me that ASCII Armor is also used within PGP/MIME. I found in RFC 1991 2.4.1 this description: ASCII Armor is created by concatenating the following data: - An Armor Headerline, appropriate for the type of data - Armor Headers - A blank line - The ASCII-Armored data - An Armor Checksum - The Armor Tail (which depends on the Armor Headerline). Yes, the signature in the MIME attachment is ASCII armored, just as in the method that I thought that named ASCII Armor. So, how to call the "old way". Inline, emebedded? I scanned the RFCs but could not found it. And what's about PGP/MIME. I already read these notions: PGP/MIME, PGP-MIME, OpenPGP/MIME, OpenPGP. I asked this single question some months ago in this ML and you told me that PGP/MIME is the one but a lot of (experienced) people seem not to really know the real notion. I can understand this, since I would prefer OpenPGP/MIME over PGP/MIME since OpenPGP ist the standard, not PGP. What do you think? Kind regards from Germany -- www.bretschneidernet.de OpenPGP_0x4EA52583 JID_breti@jabber.org (o__ (O_ Ernest Hemingway: //\' //\ I like to listen. I have learned a great deal V_/_ V_/_ from listening carefully. Most people never listen. --=.,UZ9L)vGclZshT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iEYEARECAAYFAj9mB2EACgkQGK1ebE6lJYOqTACfTsvN7oKjkpJh+syAjT1KOBn5 SXQAoIlBEFCC29zJHfomf4twuAW4pS+n =su3J -----END PGP SIGNATURE----- --=.,UZ9L)vGclZshT-- From gnupg-users@gnupg.org Tue Sep 16 08:05:01 2003 From: gnupg-users@gnupg.org (Eddie Roosenmaallen) Date: Tue Sep 16 07:05:01 2003 Subject: notion conventions: OpenPGP, PGP/MIME, ASCII Armor, inline, embedded In-Reply-To: References: Message-ID: <3F66934E.9000802@cogeco.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've always understood the old way (the method I use) to be called "inline PGP", and the newer way is PGP/MIME. ASCII armour is an ambiguous term to use, as ASCII armouring can be used for inline PGP, PGP/MIME, ARCFOUR, micellaneous binary transfer, etc. Peace, Eddie Roosenmaallen Martin Bretschneider wrote: > the method that I thought that named ASCII Armor. So, how to call the > "old way". Inline, emebedded? I scanned the RFCs but could not found it. - -- OpenPGP KeyID: 0xCC1aCD05 Get my key from keyserver.kjsl.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ZpNMtGGqbMwazQURAhoXAJ9zfXnNkgpbzLqZniEmnwPlaASWkQCgtt8s p7gkcwAd5eRi100DbSN0wYY= =gGd3 -----END PGP SIGNATURE----- From FHernand@COMPSERVINC.COM Tue Sep 16 18:34:01 2003 From: FHernand@COMPSERVINC.COM (Frank Hernandez) Date: Tue Sep 16 17:34:01 2003 Subject: auto decrypt in unix Message-ID: <7EC9474066910848B7B62E1D668184A008BC3B@csi3.compservinc> This is a multi-part message in MIME format. ------_=_NextPart_001_01C37C68.4185E634 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Hello to all! =20 I'm trying to decrypt files that I ftp from my vendor. The following works for one file, but I having problems creating a auto- decrypt all the files in the directory /usr2/edi =20 Any help would be great! =20 =20 cd /usr2/edi =20 cat ./passphrase | ./gpg -bactch -passphrase-fd 0 -out CS001.txt -decrypt CS002.810 =20 Frank =20 =20 ------_=_NextPart_001_01C37C68.4185E634 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

Hello to all!

 

I’m trying to decrypt files that I ftp from my vendor.  The following works for one file, but I having problems = creating a auto- decrypt all the files in the directory /usr2/edi

 

Any help would be great!

 

     

cd /usr2/edi     =

cat ./passphrase | ./gpg –bactch = –passphrase-fd 0 –out CS001.txt –decrypt CS002.810

 

Frank

 

 

=00 ------_=_NextPart_001_01C37C68.4185E634-- From sbutler@fchn.com Tue Sep 16 19:39:01 2003 From: sbutler@fchn.com (Steve Butler) Date: Tue Sep 16 18:39:01 2003 Subject: auto decrypt in unix Message-ID: <9A86613AB85FF346BB1321840DB42B4B01EC031D@jupiter.fchn.com> This is a multi-part message in MIME format. ------=_NextPart_000_17D71_01C37C37.024DBB40 x-gfisavedcharset: iso-8859-1 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 for x in * do cat ./passphrase | ./gpg --batch --passphrase-fd 0 --no-tty --out ${x#.*}.txt --decrypt $x done Isn't the Korn shell nice! - --Steve Butler Oracle Administrator First Choice Health Network sbutler@fchn.com 206-268-2309 - -----Original Message----- From: Frank Hernandez [mailto:FHernand@COMPSERVINC.COM] Sent: Tuesday, September 16, 2003 8:36 AM To: gnupg-users@gnupg.org Subject: auto decrypt in unix Hello to all! I'm trying to decrypt files that I ftp from my vendor. The following works for one file, but I having problems creating a auto- decrypt all the files in the directory /usr2/edi Any help would be great! cd /usr2/edi cat ./passphrase | ./gpg -bactch -passphrase-fd 0 -out CS001.txt -decrypt CS002.810 Frank -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96 iD8DBQE/ZzxkVxXIgBsy1UsRAntIAKCGqLoVkLI10kI/gtK69EXRPEdWugCffysL QXDiaHy5wjimYitsR+8sbCw= =Qycv -----END PGP SIGNATURE----- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ------=_NextPart_000_17D71_01C37C37.024DBB40 x-gfisavedcharset: iso-8859-1 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
for x in *
do
   cat ./passphrase | ./gpg --batch --passphrase-fd 0 --no-tty --out
${x#.*}.txt --decrypt $x
done
 

Isn't the Korn shell nice!
 
- --Steve Butler
Oracle Administrator
First Choice Health Network
sbutler@fchn.com
206-268-2309
 

- -----Original Message-----
From: Frank Hernandez [mailto:FHernand@COMPSERVINC.COM]
Sent: Tuesday, September 16, 2003 8:36 AM
To: gnupg-users@gnupg.org
Subject: auto decrypt in unix
 

Hello to all!
 
 
 
I'm trying to decrypt files that I ftp from my vendor.  The following
works for one file, but I having problems creating a auto- decrypt all
the files in the directory /usr2/edi
 
 
 
Any help would be great!
 
 
 
     
 
cd /usr2/edi    
 
cat ./passphrase | ./gpg -bactch -passphrase-fd 0 -out CS001.txt
-decrypt CS002.810
 
 
 
Frank
 
 
 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96
 
iD8DBQE/ZzxkVxXIgBsy1UsRAntIAKCGqLoVkLI10kI/gtK69EXRPEdWugCffysL
QXDiaHy5wjimYitsR+8sbCw=
=Qycv
-----END PGP SIGNATURE-----

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
 ------=_NextPart_000_17D71_01C37C37.024DBB40-- From vedaal@hush.com Tue Sep 16 19:55:02 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Tue Sep 16 18:55:02 2003 Subject: OT: SPAM in this list? Message-ID: <200309161656.h8GGuPAc056304@mailserver2.hushmail.com> >Message: 5 >To: debug >Cc: gnupg-users@gnupg.org >Subject: Re: OT: SPAM in this list? >From: Werner Koch >Date: Mon, 15 Sep 2003 13:13:55 +0200 > >On Mon, 15 Sep 2003 11:16:35 +0300, DeBug said: > >> address book) got infected with sobig.f virus. >> The autentification of the sender becomes more and more urgent >issue. > >Which won't help very long because the first trojan so send >authenticated message will soon pop up. an interesting potential solution, which would also increase the web of trust, might be to reject e-mails signed with 'unknown' keys. a subscriber could submit a key when joining, (and have the key 'banned' by the list if it turned out that the subscriber was spamming), (but then we'd all have to sign ... ;-) vedaal (unsigned because of hushmail alterations and verification difficulty) Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From dystopia@xs4all.nl Wed Sep 17 00:50:03 2003 From: dystopia@xs4all.nl (Jeroen) Date: Tue Sep 16 23:50:03 2003 Subject: GnuPG instead of CryptoAPI Message-ID: <20030916215209.GA42276@xs4all.nl> Hello gnupg-users, i'm stuck on a theory. I know GnuPG can be used to sign a file. Fine. I also know one can mount an image containing multiple files as loopback device. This image can be encrypted using CryptoAPI (http://www.kerneli.org). Is it possible to use GnuPG instead of CryptoAPI *and* encrypting the files on the fly? If so, this is a opensource alternative for PGPdisk. I've searched on both Google, CryptoAPI mailinglist and this mailinglist, but couldn't find an answer to my question. Kind regards / met vriendelijke groet, Jeroen -- 100% Microsoft free. You could be too! From JPClizbe@comcast.net Wed Sep 17 01:11:02 2003 From: JPClizbe@comcast.net (John Clizbe) Date: Wed Sep 17 00:11:02 2003 Subject: [Enigmail] encrypt or sign only In-Reply-To: References: Message-ID: <3F676596.3000909@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 torn wrote: > Is there any "clean" way to encypt or sign only a message with enigmail, > without sending it immediately? > This feature is necessary when using anonymous remailers, and I'm > suggesting to implement it in enigmail. > > paride In the Compose window, if I pull down the Enigmail menu I have the option to Send Immediately or Send Later. Does this not do what you want? - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/Z2WOHQSsSmCNKhARAkhNAJ4ia/2vgYNmFeOacmmje2Q4BKkApQCg3yQC RAjEDCdN7Cu+vsYce15g/4U= =g/F9 -----END PGP SIGNATURE----- From Todd Wed Sep 17 10:59:02 2003 From: Todd (Todd) Date: Wed Sep 17 09:59:02 2003 Subject: broken ascii armor (was Re: auto decrypt in unix) In-Reply-To: <9A86613AB85FF346BB1321840DB42B4B01EC031D@jupiter.fchn.com> References: <9A86613AB85FF346BB1321840DB42B4B01EC031D@jupiter.fchn.com> Message-ID: <20030917080020.GB23040@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Butler wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > for x in * > do > cat ./passphrase | ./gpg --batch --passphrase-fd 0 --no-tty --out > ${x#.*}.txt --decrypt $x > done > > > Isn't the Korn shell nice! Steve, Your message tripped up a small issue in mutt. The first paragraph of your message disappeared after the signature was checked (which still fails even after I downloaded your key). I tracked this down and found that the ascii armoring on your message has had a few errant spaces added, one of which causes mutt to think the first paragraph is part of the armor header. In your message, the line after Hash: SHA1 contains a single space. According to the OpenPGP RFC: 7. Cleartext signature framework [...] The cleartext signed message consists of: - The cleartext header '-----BEGIN PGP SIGNED MESSAGE-----' on a single line, - One or more "Hash" Armor Headers, - Exactly one empty line not included into the message digest, ^^^^^^^^^^^^^^^^^^^^^^ - The dash-escaped cleartext that is included into the message digest, - The ASCII armored signature(s) including the '-----BEGIN PGP SIGNATURE-----' Armor Header and Armor Tail Lines. I'm guessing that some MTA along the way added the space. Since it took me a while to figure out why mutt was losing the first paragraph of your message (making the line about the korn shell seem out of place :), I figured I'd post this here, in case any other mutt users found the same thing. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ============================================================================ That which seems the height of absurdity in one generation often becomes the height of wisdom in the next. -- John Stuart Mill (1806-1873) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE/aBSUuv+09NZUB1oRAgIjAJ4/H0qlkpk3GDKn8nD+Bx34TgAcSgCffKM8 V34wB6DzN52IDJ0bH8bWajE= =cofw -----END PGP SIGNATURE----- From wk@gnupg.org Wed Sep 17 12:18:03 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Sep 17 11:18:03 2003 Subject: GnuPG instead of CryptoAPI In-Reply-To: <20030916215209.GA42276@xs4all.nl> (dystopia@xs4all.nl's message of "Tue, 16 Sep 2003 23:52:09 +0200") References: <20030916215209.GA42276@xs4all.nl> Message-ID: <87ad937p2o.fsf@alberti.g10code.de> On Tue, 16 Sep 2003 23:52:09 +0200, Jeroen said: > Is it possible to use GnuPG instead of CryptoAPI *and* encrypting the > files on the fly? If so, this is a opensource alternative for PGPdisk. No this is not possible. For disk encryptioj you want to have random access to the data and not merely sequentiell processing as OpenPGP provides. Thus the protocol is not suitable. OTOH, if you want to add a public key layer on top of the already existing symmetric disk encryption, you can hack something together with GnuPG using --show-session-key and --override-session-key. I don't know wether this makes any sense becuase you need to store the secret key somewhere - well you can do it with an external token - but then any random symmetric key would do. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From sbutler@fchn.com Wed Sep 17 17:27:02 2003 From: sbutler@fchn.com (Steve Butler) Date: Wed Sep 17 16:27:02 2003 Subject: broken ascii armor (was Re: auto decrypt in unix) Message-ID: <9A86613AB85FF346BB1321840DB42B4B01EC0322@jupiter.fchn.com> Thanks Todd. That was the first message I'd signed in a long time here. Since the company has standardized on the software from a local (Redmond, WA) software company for the desktop, I'm somewhat at the mercy of MS Outlook (not the express version). And, I haven't checked that the PK on the Windows box is exactly the same as the PK on the Unix boxes. It's the Unix boxes that do all the work with the encrypted files. Bottom line, I'll refrain from signing emails. Thanks, --Steve PS. Looks like something wrapped my prior message at a most in-opportune place! -----Original Message----- From: Todd [mailto:Freedom_Lover@pobox.com] Sent: Wednesday, September 17, 2003 1:00 AM To: gnupg-users@gnupg.org Subject: broken ascii armor (was Re: auto decrypt in unix) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Butler wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > for x in * > do > cat ./passphrase | ./gpg --batch --passphrase-fd 0 --no-tty --out > ${x#.*}.txt --decrypt $x > done > > > Isn't the Korn shell nice! Steve, Your message tripped up a small issue in mutt. The first paragraph of your message disappeared after the signature was checked (which still fails even after I downloaded your key). I tracked this down and found that the ascii armoring on your message has had a few errant spaces added, one of which causes mutt to think the first paragraph is part of the armor header. In your message, the line after Hash: SHA1 contains a single space. According to the OpenPGP RFC: 7. Cleartext signature framework [...] The cleartext signed message consists of: - The cleartext header '-----BEGIN PGP SIGNED MESSAGE-----' on a single line, - One or more "Hash" Armor Headers, - Exactly one empty line not included into the message digest, ^^^^^^^^^^^^^^^^^^^^^^ - The dash-escaped cleartext that is included into the message digest, - The ASCII armored signature(s) including the '-----BEGIN PGP SIGNATURE-----' Armor Header and Armor Tail Lines. I'm guessing that some MTA along the way added the space. Since it took me a while to figure out why mutt was losing the first paragraph of your message (making the line about the korn shell seem out of place :), I figured I'd post this here, in case any other mutt users found the same thing. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ============================================================================ That which seems the height of absurdity in one generation often becomes the height of wisdom in the next. -- John Stuart Mill (1806-1873) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE/aBSUuv+09NZUB1oRAgIjAJ4/H0qlkpk3GDKn8nD+Bx34TgAcSgCffKM8 V34wB6DzN52IDJ0bH8bWajE= =cofw -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From odin@dm.net.lb Wed Sep 17 22:51:02 2003 From: odin@dm.net.lb (Paul Jahshan) Date: Wed Sep 17 21:51:02 2003 Subject: Using GPG for encrypting directories Message-ID: <3F68BB2A.9070301@dm.net.lb> Hi all, I'm rather new to GPG (and to Linux as well) and would appreciate your comments/suggestions. I want to use GPG for local encryption only, and after reading the man file, I'm doing the following in order to encrypt a whole directory: I zip the directory with a password "zip -r -e foo foo", then I encrypt it with "gpg -c foo.zip" using a passphrase. Is this an elegant and secure way of encrypting directories? Am I using GPG's full cryptographic power? Are there better alternatives? Thanks, Odin From linux@codehelp.co.uk Thu Sep 18 00:52:02 2003 From: linux@codehelp.co.uk (Neil Williams) Date: Wed Sep 17 23:52:02 2003 Subject: Using GPG for encrypting directories In-Reply-To: <3F68BB2A.9070301@dm.net.lb> References: <3F68BB2A.9070301@dm.net.lb> Message-ID: <200309172255.12520.linux@codehelp.co.uk> --Boundary-02=_AhNa/Xg6BMYvuev Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 17 Sep 2003 8:51 pm, Paul Jahshan wrote: > Hi all, > > I want to use GPG for local encryption only, and after reading the man > file, I'm doing the following in order to encrypt a whole directory: > I zip the directory with a password "zip -r -e foo foo", then I encrypt > it with "gpg -c foo.zip" using a passphrase. > Is this an elegant and secure way of encrypting directories? Am I using > GPG's full cryptographic power? Are there better alternatives? As with all decisions like this in GnuPG, it depends on just how paranoid y= ou=20 want to be. A few pointers: 1. If, as it sounds, the data exists on the hard disc unencrypted at any ti= me,=20 then the easiest way to crack it is to ignore the archive and concentrate o= n=20 recovering the erased data directly from the filesystem. This can be made=20 more difficult if you use the 'shred' command instead of 'rm' but if the=20 attacker is willing to simply throw more and more computing power/time/mone= y=20 at it, the chances are that at least some of the raw data can be recovered.= =20 (Some would say that the only truly secure way of erasing data from a=20 harddrive involves a blowtorch and a sledgehammer.) 2. If the data only exists in memory before encryption, you still need to=20 consider swap space if you are being truly paranoid. This would be possible= =20 to secure fully for encryption of data entered at the gpg command line, but= =20 not for your purposes. 3. If the archive itself is to be attacked, you could use a longer key, tak= e=20 extreme care with the passphrase and the secret key itself. Overall, you need to consider just how likely an attack really is and how=20 determined an attacker is likely to be. The weakest parts of any encryption= =20 are the areas outside the encryption itself - preparing/collating the data = to=20 be encrypted, storing the decryption tools and social engineering. You say this is for local encryption only - in that case, from whence would= =20 the attack be made? You seem to be anticipating an attacker to already have= =20 login access to your home directory - that would be the first route to be=20 made secure. Secondly, anyone with physical access to your machine can eras= e=20 the BIOS password, use a bootable device to override your OS and then use=20 data recovery tools on the original data - ignoring the archive completely.= =20 Only once these easier methods are secured does the method of encryption=20 become relevant. An attacker will only attempt to force the encryption if all other methods= =20 have been fully secured - something that is fairly unlikely in most routine= =20 situations. =2D-=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk http://www.dclug.org.uk http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 --Boundary-02=_AhNa/Xg6BMYvuev Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/aNhAiAEJSii8s+MRAgDLAJ9Yn+XNA4evHT0Dihi87BNtpqyjywCgz/wn vMBOCYy2VElsCOW9kWTJzLM= =c3Dp -----END PGP SIGNATURE----- --Boundary-02=_AhNa/Xg6BMYvuev-- From nigel.dunn@jyanet.com Thu Sep 18 04:01:01 2003 From: nigel.dunn@jyanet.com (Nigel Dunn) Date: Thu Sep 18 03:01:01 2003 Subject: gpg: keyblock resource issue Message-ID: <000101c37d80$a9141f60$c700a8c0@loki> This is a multi-part message in MIME format. ------=_NextPart_000_0002_01C37DE5.3E48FF60 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi there, I've been thru the last few months worth of emails and haven't found a solution to my problem. I created a user called gpguser then did gpg -gen-key as gpguser. When I change user and try to do gpg -homedir /home/gpguser/.gnupg/ --list-keys these are the errors I got: gpg --homedir /home/gpguser/.gnupg/ --list-keys gpg: Warning: using insecure memory! gpg: keyblock resource `/home/gpguser/.gnupg/': file open error gpg: keyblock resource `/home/gpguser/.gnupg/': file open error I've tried making the .gnupg chmod 777 and its files and that doesn't fix the problem either. Can someone enlighten me as I'm very confused. I'm running GnuPG v1.0.6 on redhat 7.3 if that helps at all Regards, Nigel Dunn ------=_NextPart_000_0002_01C37DE5.3E48FF60 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi there,

 

I’ve been thru the last few months worth of emails and haven’t found a solution to my problem. I = created a user called gpguser then did gpggen-key as gpguser. When I change user and try to do gpg = –homedir /home/gpguser/.gnupg/ --list-keys these are the errors I got:

 

gpg --homedir /home/gpguser/.gnupg/ --list-keys

gpg: Warning: using insecure memory!

gpg: keyblock resource `/home/gpguser/.gnupg/': file open error

gpg: keyblock resource `/home/gpguser/.gnupg/': file open error

 

I’ve tried making the .gnupg chmod 777 and its files and that = doesn’t fix the problem either. Can someone enlighten me as I’m very confused.

 

I’m running GnuPG = v1.0.6 on redhat 7.3 if that helps at = all

 

Regards,

 

Nigel Dunn

------=_NextPart_000_0002_01C37DE5.3E48FF60-- From Todd Thu Sep 18 04:23:01 2003 From: Todd (Todd) Date: Thu Sep 18 03:23:01 2003 Subject: gpg: keyblock resource issue In-Reply-To: <000101c37d80$a9141f60$c700a8c0@loki> References: <000101c37d80$a9141f60$c700a8c0@loki> Message-ID: <20030918012323.GJ23040@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Dunn wrote: > I've been thru the last few months worth of emails and haven't found a > solution to my problem. I created a user called gpguser then did gpg > -gen-key as gpguser. When I change user and try to do gpg -homedir > /home/gpguser/.gnupg/ --list-keys these are the errors I got: > > gpg --homedir /home/gpguser/.gnupg/ --list-keys > gpg: Warning: using insecure memory! > gpg: keyblock resource `/home/gpguser/.gnupg/': file open error > gpg: keyblock resource `/home/gpguser/.gnupg/': file open error > > I've tried making the .gnupg chmod 777 and its files and that doesn't > fix the problem either. Can someone enlighten me as I'm very confused. Does the user you are trying to access /home/gpguser/.gnupg/ have permission to that directory *and all of it's parent directories*? Most times a user's home dir has perms of 700, so you could either copy/move the gnupg files somewhere that this second user has permission to or you could set the permissions on /home/gpguser/.gnupg/ (and parents) to allow the second user access. If you go the latter route, gpg will complain about the insecure permissions (for good reason). If you know you have a good reason to do this, you can tell gpg to keep quiet with the no-permission-warning option. You should at least be sure that you need to share the .gnupg dirs first. Why do you think you need to do that instead of using separate dirs for each user? - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ============================================================================ You will never find time for anything. If you want time you must make it. -- Charles Buxton -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE/aQkHuv+09NZUB1oRAnxXAKCMLR/WuqRiMVF2qaCYh7lrsvXDmQCfc3Ug ycdaRXNjl/edPv3xirZRgjw= =3vcK -----END PGP SIGNATURE----- From nigel.dunn@jyanet.com Thu Sep 18 04:49:02 2003 From: nigel.dunn@jyanet.com (Nigel Dunn) Date: Thu Sep 18 03:49:02 2003 Subject: gpg: keyblock resource issue In-Reply-To: <20030918012323.GJ23040@psilocybe.teonanacatl.org> Message-ID: <001701c37d87$55317f30$c700a8c0@loki> "You should at least be sure that you need to share the .gnupg dirs first. Why do you think you need to do that instead of using separate dirs for each user?" I'm trying to get GPG and PHP to play ball together. I've downloaded about 20 scripts and modified them all and tested them one by one and they all return exactly the same data...nothing. I decided to back up a step and play with gpg by itself to make sure gpg was actually working and that was when I discovered my problem. I need to make PHP encrypt CC details and send them via email to a particular person who has the secret key to unlock the email and manually process the CC. To simulate the problem I created a user called gpguser and then --gen-key. I know that the web server wont be running as gpguser so I need to use the gpguser keyring hence the --homedir directive. I also created a key for myself on my box at home and exported it. I then imported my public key on to the server so that I can test encryption be emailing myself from the server. I know that my problem is entirely a matter of permissions and users. Any advice on tackling this would be great. From nigel.dunn@jyanet.com Thu Sep 18 05:17:02 2003 From: nigel.dunn@jyanet.com (Nigel Dunn) Date: Thu Sep 18 04:17:02 2003 Subject: gpg: keyblock resource issue In-Reply-To: <001701c37d87$55317f30$c700a8c0@loki> Message-ID: <001801c37d8b$43ebd140$c700a8c0@loki> I've solved the problem. Total time taken: about 8 hours. *cries* I'm going to write a How-To on how to get a web server to do GPG encryption. Anyone who wants to critique it once its done and offer more "secure" methods is welcome to. I'm sure there must be 101 other webdevs that have this same issue. Thanks for the help Todd :) Regards, Nigel Dunn From Todd Thu Sep 18 05:23:03 2003 From: Todd (Todd) Date: Thu Sep 18 04:23:03 2003 Subject: gpg: keyblock resource issue In-Reply-To: <001701c37d87$55317f30$c700a8c0@loki> References: <20030918012323.GJ23040@psilocybe.teonanacatl.org> <001701c37d87$55317f30$c700a8c0@loki> Message-ID: <20030918022348.GK23040@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Dunn wrote: > I'm trying to get GPG and PHP to play ball together. Ahh, OK. That's a common enough thing. > I decided to back up a step and play with gpg by itself to make sure gpg > was actually working and that was when I discovered my problem. Methodical testing? I didn't think anyone did that. :) > I know that my problem is entirely a matter of permissions and users. > Any advice on tackling this would be great. There's always a few ways to do anything, but I would suggest copying the .gnupg directory from your test user to someplace that the webserver can access it. Then chown it to the user that the web server will run your PHP scripts as. Since you likely won't need to use the secret key from PHP, you also ought to delete the secring.gpg. You don't want your secret key getting out and defeating all your work to secure the CC numbers. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ============================================================================ Only government can take perfectly good paper, cover it with perfectly good ink and make the combination worthless. -- Milton Friedman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE/aRc0uv+09NZUB1oRAt8MAJ9i13nDLJsl3pwAJGtt+9uUCas3mACg6O7t imsmRH8y5rw73l4RzDMRIic= =NFeV -----END PGP SIGNATURE----- From agreene@pobox.com Thu Sep 18 06:11:01 2003 From: agreene@pobox.com (Anthony E. Greene) Date: Thu Sep 18 05:11:01 2003 Subject: Using GPG for encrypting directories In-Reply-To: <3F68BB2A.9070301@dm.net.lb> References: <3F68BB2A.9070301@dm.net.lb> Message-ID: <20030918031331.GD2896@cp5340.localdomain> On 17-Sep-2003/22:51 +0300, Paul Jahshan wrote: > >I want to use GPG for local encryption only, and after reading the man >file, I'm doing the following in order to encrypt a whole directory: > >I zip the directory with a password "zip -r -e foo foo", then I encrypt >it with "gpg -c foo.zip" using a passphrase. > >Is this an elegant and secure way of encrypting directories? Am I using >GPG's full cryptographic power? Are there better alternatives? I think a more elegant way is: tar -cf - /path/to/source/dir | gpg -c -o encrpyted_archive.gpg GnuPG compresses during the encryption process, so zip is not necessary. I use the tar utility rather than zip on *nix systems because the file permissions are preserved. Tony -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Messenger: TonyG05 HomePage: Linux. The choice of a GNU generation From kdjixd32001@sneakemail.com Fri Sep 19 08:02:02 2003 From: kdjixd32001@sneakemail.com (Aditya) Date: Fri Sep 19 07:02:02 2003 Subject: gpg: keyblock resource issue In-Reply-To: <001801c37d8b$43ebd140$c700a8c0@loki> Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_001D_01C37E99.432D3C80 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable be sure to mail this list about your experiences and post a url to your = story if possible ------=20 Aditya Lalit Deshmukh, _____ =20 Chief Security Officer & System and Network Administrator, Electronic Security Division, Enterprise Security Solutions, Inc=20 -----Original Message----- From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]On Behalf Of Nigel Dunn Sent: Thursday, September 18, 2003 7:49 AM To: gnupg-users@gnupg.org Subject: RE: gpg: keyblock resource issue I've solved the problem. Total time taken: about 8 hours. *cries* I'm going to write a How-To on how to get a web server to do GPG encryption. Anyone who wants to critique it once its done and offer more "secure" methods is welcome to. I'm sure there must be 101 other webdevs that have this same issue. Thanks for the help Todd :) Regards, Nigel Dunn _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ------=_NextPart_000_001D_01C37E99.432D3C80 Content-Type: text/x-vcard; name="Aditya Lalit Deshmukh.vcf" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="Aditya Lalit Deshmukh.vcf" BEGIN:VCARD VERSION:2.1 N:Deshmukh;Aditya;Lalit FN:Aditya Lalit Deshmukh NICKNAME:Aditya ORG:Enterprise Security Solutions;Electronic Security TITLE:Chief Security Officer, System and Network Administrator NOTE;ENCODING=3DQUOTED-PRINTABLE:Contact for Enterprise Security = Solutions for :-=3D0D=3D0ASecuring Servers and C=3D lients for Airtight Security, Penetration Testing of Internet and = Intranet s=3D ervers, Securing existing Networks, Commissioning New Networks, Virtual = Priv=3D ate Networks (VPN), Public Key Infrastructures (PKI), Managed Security = Solut=3D ions for Firewalls (FW) and Intrusion Detection Systems (IDS), Bandwidth = Pla=3D nning, Management and Utilization, Firewall testing & configuration, = Venerab=3D ility scanning & resolution, Web Applications Testing, Source code audit = for=3D Vulnerabilities, Computer Security Policy formulation, Tracking = security Po=3D licy in-compliances, Digital investigations and forensics, Computer = Security=3D Audits, Biometric security system implementations, Setting up network = manag=3D ement system (NMS), Monitoring of Security Incidences, Proper Incidences = and=3D Vulnerabilities reporting and resolution.=3D0D=3D0AThis is my photo in = PGP Key.=3D ... =20 TEL;WORK;VOICE:+91 (721) 2530 475 TEL;HOME;VOICE:+91 (721) 3153 428 TEL;CELL;VOICE:+91 (982) 2222 355 TEL;PAGER;VOICE:919822222355@attcell.net TEL;WORK;FAX:+91 (721) 2530 539 TEL;HOME;FAX:+91 (721) 2530539 ADR;WORK;ENCODING=3DQUOTED-PRINTABLE:;Systems Security & = Administation;22, Saurabh Colony,=3D0D=3D0AV.M.V Road,;Amrav=3D ati, Maharashtra;;444604;India LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:Systems Security & = Administation=3D0D=3D0A22, Saurabh Colony,=3D0D=3D0AV.M.V Road,=3D =3D0D=3D0AAmravati, Maharashtra 444604=3D0D=3D0AIndia ADR;HOME;ENCODING=3DQUOTED-PRINTABLE:;;22, Saurabh = Colony,=3D0D=3D0AV.M.V Road;Amravati;Maharashtra;444604;India LABEL;HOME;ENCODING=3DQUOTED-PRINTABLE:22, Saurabh = Colony,=3D0D=3D0AV.M.V Road=3D0D=3D0AAmravati, Maharashtra = 444604=3D0D=3D0AI=3D ndia X-WAB-GENDER:2 URL;WORK:http://earth.prohosting.com/ess2001 ROLE:Computer Security Consultant BDAY:19791006 KEY;X509;ENCODING=3DBASE64: = MIIFgTCCBGmgAwIBAgIRAKxYY2ACQ55LsM0S4nt/sf4wDQYJKoZIhvcNAQEFBQAwgdwxCzAJ = BgNVBAYTAkdCMRcwFQYDVQQKEw5Db21vZG8gTGltaXRlZDEdMBsGA1UECxMUQ29tb2RvIFRy = dXN0IE5ldHdvcmsxRjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25zIG9mIHVzZTogaHR0 = cDovL3d3dy5jb21vZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNVBAsTFihjKTIwMDIgQ29tb2Rv = IExpbWl0ZWQxLDAqBgNVBAMTI0NvbW9kbyBDbGFzcyAzIFNlY3VyaXR5IFNlcnZpY2VzIENB = MB4XDTAzMDcxNzAwMDAwMFoXDTA0MDcxNjIzNTk1OVowgeMxNTAzBgNVBAsTLENvbW9kbyBU = cnVzdCBOZXR3b3JrIC0gUEVSU09OQSBOT1QgVkFMSURBVEVEMUYwRAYDVQQLEz1UZXJtcyBh = bmQgQ29uZGl0aW9ucyBvZiB1c2U6IGh0dHA6Ly93d3cuY29tb2RvLm5ldC9yZXBvc2l0b3J5 = MR8wHQYDVQQLExYoYykyMDAzIENvbW9kbyBMaW1pdGVkMRgwFgYDVQQDEw9BZGl0eWEgRGVz = aG11a2gxJzAlBgkqhkiG9w0BCQEWGGFkaXR5YUBvbmxpbmUubmFpbGVkLm9yZzCBnzANBgkq = hkiG9w0BAQEFAAOBjQAwgYkCgYEA2FvhmGMv9ty3z4i6TH4IiRrHHINEhiun86XQLfgmmgxp = oGvop+PWl0+/rV2Zfo5Vjos0kWs1Nhujuf8/00sJoxy99ui2Nu/BoY+hUXKUQZT+/lajcA3e = Mmq6VYnUdsfQrZhmA6ROJinkolS0No7IBU4KseYMBJXNgUR2FBVB7ZkCAwEAAaOCAbcwggGz = MB8GA1UdIwQYMBaAFPZSIhcVEwgDWb8YlZ9ItLnp/vhmMB0GA1UdDgQWBBT/ujqsIUZ1gf0g = +Cb6IWv508Ep6TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggr = BgEFBQcDBAYLKwYBBAGyMQEDBQIwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggr = BgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwgbAGA1UdHwSBqDCBpTA4 = oDagNIYyaHR0cDovL2NybC5jb21vZG8ubmV0L0NsYXNzM1NlY3VyaXR5U2VydmljZXNfMi5j = cmwwOqA4oDaGNGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NsYXNzM1NlY3VyaXR5U2Vydmlj = ZXNfMi5jcmwwLaAroCmBJ0NsYXNzM1NlY3VyaXR5U2VydmljZXNfMkBjcmwuY29tb2RvLm5l = dDARBglghkgBhvhCAQEEBAMCBSAwIwYDVR0RBBwwGoEYYWRpdHlhQG9ubGluZS5uYWlsZWQu = b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBhVcUi720VWqAJbrb0a1yMkM/iiyUaOylyDB1E/fCX = XKJspuSJfgCS1DHcWOO8jnGYhUUGI5YLBvIN/OJMePe845RF4RFkZ2L1ObBy+9ib/z9uBOYy = 7hsTXqQegEwVu/hJ3NZvC1F+Ow4Lz0ju06cvPthEjmHQyHyIThh7Wv7abAwUftyzCgdK1fJB = Ce3UeoUJU9RRK3bWtvWPqffECQv0eNGvbe10PSDvCpxERqp0ivNxZBT25c42KyQDXoUYQxMG = J7YukkpKN2QTRPQqt9JpNaOSyrO3XNpsoLDsIf1qKFYufxgH/PLNQ/x93Q9GX9PUdMsYhdLY QUVunAYYCZlT EMAIL;PREF;INTERNET:aditya@online.nailed.org EMAIL;INTERNET:aditya@online.gr8domain.biz EMAIL;INTERNET:hq1eo10ly001@sneakemail.com REV:20030915T190705Z END:VCARD ------=_NextPart_000_001D_01C37E99.432D3C80-- From FaAx04@gmx.de Sun Sep 21 00:18:02 2003 From: FaAx04@gmx.de (FaAx04@gmx.de) Date: Sat Sep 20 23:18:02 2003 Subject: Lost my key Message-ID: <0C4BCCC6-EBB0-11D7-8721-003065C896FA@gmx.de> Hi, my hard disk got damaged and now I can't access my gpg data. Is there a way to create a revocation certificate without the data? I'd like to "remove" my key from the keyservers and submit a new one. Is there any way? Thanks in advance Peter From robert.schiele@t-online.de Sun Sep 21 01:25:01 2003 From: robert.schiele@t-online.de (Robert Schiele) Date: Sun Sep 21 00:25:01 2003 Subject: Lost my key In-Reply-To: <0C4BCCC6-EBB0-11D7-8721-003065C896FA@gmx.de> References: <0C4BCCC6-EBB0-11D7-8721-003065C896FA@gmx.de> Message-ID: <20030920222706.GA8142@schiele.dyndns.org> --PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 20, 2003 at 11:18:58PM +0200, FaAx04@gmx.de wrote: > Hi, >=20 > my hard disk got damaged and now I can't access my gpg data. > Is there a way to create a revocation certificate without the data? > I'd like to "remove" my key from the keyservers and submit a new one. > Is there any way? No. Think about it: If this were possible, everybody could revoke your key at a= ny time. If you want to prevent such situations in the future, you might create a revocation certificate for your new key and store it in a secure place so t= hat you can revoke your key later even when the secure key is lost by just send= ing the stored certificate to the servers. Robert --=20 Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/bNQ6xcDFxyGNGNcRArg9AJwKEDDPA+X0VkhhKTnytzyyidcWPgCgiSNq aEO0pPGhw6V3cwQd4TI+HU4= =X5hJ -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr-- From alan@batie.org Sun Sep 21 02:08:02 2003 From: alan@batie.org (Alan Batie) Date: Sun Sep 21 01:08:02 2003 Subject: primary? Message-ID: <20030920231001.GB67047@agora.rdrop.com> --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'm having a problem trying to fiddle with my keys and do some updating: I want to change my primary from batie@rdrop.com to alan@batie.org, but it won't seem to do it: Command> uid 3 =20 pub 1024R/9AED0825 created: 1996-02-06 expires: never trust: u/u (1). batie@rdrop.com (2) Alan Batie (3)* alan@batie.org (4) alan@rdrop.com Command> primary gpg: skipping v3 self-signature on user id "batie@rdrop.com" gpg: skipping v3 self-signature on user id "Alan Batie " gpg: skipping v3 self-signature on user id "alan@batie.org" gpg: skipping v3 self-signature on user id "alan@rdrop.com" Command> save Key not changed so no update needed. --=20 Alan Batie ______ alan.batie.org Me alan at batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ spamassassin.taint.org NO SPAM! To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -Theodore Roosevelt, 26th US President (1858-1919) --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iQCVAwUBP2zeSYv4wNua7QglAQHJ0AQAwc4QmYqlraAXlYGIEy2d5hSoUU+Gw3nd 6FdWMNPu3PdlonpMpkxK9AH92ttYHOjI0uCCY1HXyCcMf6ziGQtmIRB2zDkfAe0s ui1dyiBmewBix+qxbvsbsv77cnTntfQp8HzEpA0JWArjKu+GU98p1+uHA23vII7C j9766jsPbKc= =wUkk -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- From dshaw@jabberwocky.com Sun Sep 21 02:17:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Sep 21 01:17:03 2003 Subject: primary? In-Reply-To: <20030920231001.GB67047@agora.rdrop.com> References: <20030920231001.GB67047@agora.rdrop.com> Message-ID: <20030920231814.GB10510@jabberwocky.com> --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 20, 2003 at 04:10:01PM -0700, Alan Batie wrote: > I'm having a problem trying to fiddle with my keys and do some updating: >=20 > I want to change my primary from batie@rdrop.com to alan@batie.org, but > it won't seem to do it: >=20 > Command> uid 3 > =20 > pub 1024R/9AED0825 created: 1996-02-06 expires: never trust: u= /u > (1). batie@rdrop.com > (2) Alan Batie > (3)* alan@batie.org > (4) alan@rdrop.com >=20 > Command> primary > gpg: skipping v3 self-signature on user id "batie@rdrop.com" > gpg: skipping v3 self-signature on user id "Alan Batie " > gpg: skipping v3 self-signature on user id "alan@batie.org" > gpg: skipping v3 self-signature on user id "alan@rdrop.com" >=20 > Command> save > Key not changed so no update needed. You have PGP 2.x-style user IDs. The "primary" command only works with OpenPGP user IDs. You can upgrade your key if you like. Do "gpg --expert --edit-key", and enter "sign". GnuPG will ask you if you want to upgrade. Say yes. Note that by upgrading, your key will no longer be importable into PGP 2.x. David --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9s4DUqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJq7UAn3emTnpdfKpNap7vrbvhkM/8uU3cAJ9+ xM2sIsSJ9sBFp6U7bRJQidKbUQ== =NjZL -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- From alan@batie.org Sun Sep 21 04:50:01 2003 From: alan@batie.org (Alan Batie) Date: Sun Sep 21 03:50:01 2003 Subject: primary? In-Reply-To: <20030920231814.GB10510@jabberwocky.com> References: <20030920231001.GB67047@agora.rdrop.com> <20030920231814.GB10510@jabberwocky.com> Message-ID: <20030921015215.GA97347@agora.rdrop.com> --ew6BAiZeqk4r7MaW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 20, 2003 at 07:18:14PM -0400, David Shaw wrote: > Note that by upgrading, your key will no longer be importable into PGP > 2.x. I don't think too many people are still using that anyhow, are they? Thanks! --=20 Alan Batie ______ alan.batie.org Me alan at batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ spamassassin.taint.org NO SPAM! To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -Theodore Roosevelt, 26th US President (1858-1919) --ew6BAiZeqk4r7MaW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iQCVAwUBP20ETov4wNua7QglAQGv6AP/QTUGOjltAiQrJEx9LGqQX7NQyNQYTiA5 4PexsqulSLIC5uY+Y2vHVrCtdl8U4pH5W0e3YNKPuVDD4QPE+HcK2APCut2MReh4 45C8aaaX14snGrZRRfkjx9YgR4vr70PGO1Txi0wD6nELPSJJo1dKhubHMfl2DZ4d ZODAxVVfxts= =do5G -----END PGP SIGNATURE----- --ew6BAiZeqk4r7MaW-- From alan@batie.org Sun Sep 21 04:56:01 2003 From: alan@batie.org (Alan Batie) Date: Sun Sep 21 03:56:01 2003 Subject: primary? In-Reply-To: <20030920231814.GB10510@jabberwocky.com> References: <20030920231001.GB67047@agora.rdrop.com> <20030920231814.GB10510@jabberwocky.com> Message-ID: <20030921015803.GC97347@agora.rdrop.com> --rQ2U398070+RC21q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 20, 2003 at 07:18:14PM -0400, David Shaw wrote: > You can upgrade your key if you like. Do "gpg --expert --edit-key", > and enter "sign". GnuPG will ask you if you want to upgrade. Say > yes. OK, I did that, and figured, cool, with a new style key, I'll add a photo: Command> addphoto WARNING: This is a PGP2-style key. Adding a photo ID may cause some versio= ns of PGP to reject this key. Are you sure you still want to add it? (y/N)=20 It did let me change the primary, but still seems to think it's a PGP2 key... --=20 Alan Batie ______ alan.batie.org Me alan at batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ spamassassin.taint.org NO SPAM! To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -Theodore Roosevelt, 26th US President (1858-1919) --rQ2U398070+RC21q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iQCVAwUBP20Fq4v4wNua7QglAQHqFQQAj15ohatuTT6G1HrN3/b0R0C0p6lGft82 CmssPcIbc0oAQgGYTU9TQIQWN5YdwNLBIbi5IkXZjzTqFTgxie4VwBsXiFKgsdOt Bpa1gxxrfyy5NlxUBVb7YidYq941l2eUbcuSsIuOlnCFXot64u+521Vx20/m82qC Bn4lYpf4DUk= =oVLk -----END PGP SIGNATURE----- --rQ2U398070+RC21q-- From dshaw@jabberwocky.com Sun Sep 21 05:37:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Sep 21 04:37:02 2003 Subject: primary? In-Reply-To: <20030921015215.GA97347@agora.rdrop.com> References: <20030920231001.GB67047@agora.rdrop.com> <20030920231814.GB10510@jabberwocky.com> <20030921015215.GA97347@agora.rdrop.com> Message-ID: <20030921023801.GA12968@jabberwocky.com> --mP3DRpeJDSE+ciuQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 20, 2003 at 06:52:15PM -0700, Alan Batie wrote: > On Sat, Sep 20, 2003 at 07:18:14PM -0400, David Shaw wrote: > > Note that by upgrading, your key will no longer be importable into PGP > > 2.x. >=20 > I don't think too many people are still using that anyhow, are they? Depends on who you ask. I've found that while the number of PGP 2 users is shrinking (judging on the number of PGP 2 keys on the keyservers), the ones that are left are very, very devoted to PGP 2 ;) David --mP3DRpeJDSE+ciuQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9tDwkqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJ1BkAoNmt/9Azmlaqzna2TTmVremuQ6hwAKCF 8Ay8JUodCYXEZotg9bq4U05v8g== =dgXy -----END PGP SIGNATURE----- --mP3DRpeJDSE+ciuQ-- From dshaw@jabberwocky.com Sun Sep 21 05:40:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Sep 21 04:40:01 2003 Subject: primary? In-Reply-To: <20030921015803.GC97347@agora.rdrop.com> References: <20030920231001.GB67047@agora.rdrop.com> <20030920231814.GB10510@jabberwocky.com> <20030921015803.GC97347@agora.rdrop.com> Message-ID: <20030921024111.GB12968@jabberwocky.com> --cvVnyQ+4j833TQvp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 20, 2003 at 06:58:03PM -0700, Alan Batie wrote: > On Sat, Sep 20, 2003 at 07:18:14PM -0400, David Shaw wrote: > > You can upgrade your key if you like. Do "gpg --expert --edit-key", > > and enter "sign". GnuPG will ask you if you want to upgrade. Say > > yes. >=20 > OK, I did that, and figured, cool, with a new style key, I'll add a > photo: >=20 > Command> addphoto > WARNING: This is a PGP2-style key. Adding a photo ID may cause some vers= ions > of PGP to reject this key. > Are you sure you still want to add it? (y/N)=20 >=20 > It did let me change the primary, but still seems to think it's a PGP2 > key... It still is a PGP 2 key. Updating only updates the user IDs (actually updating the self-signatures on the user IDs). The key itself remains PGP 2, and cannot be updated. If you aren't concerned about PGP 2 compatibility (since you updated your user IDs, I assume you aren't), you can safely answer "yes" to that question. Perhaps I should change the code to not ask the photo ID question if there are any OpenPGP self-signatures on the key... the user of such a key has already made a decision about PGP 2 compatibility. David --cvVnyQ+4j833TQvp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9tD8cqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJ2lYAnjr82/VNaxpKHg3r7tXHo356HVN3AKDC +7i67AjGo0F5NqOkmiqEPTootg== =9mol -----END PGP SIGNATURE----- --cvVnyQ+4j833TQvp-- From alan@batie.org Sun Sep 21 05:56:01 2003 From: alan@batie.org (Alan Batie) Date: Sun Sep 21 04:56:01 2003 Subject: primary? In-Reply-To: <20030921024111.GB12968@jabberwocky.com> References: <20030920231001.GB67047@agora.rdrop.com> <20030920231814.GB10510@jabberwocky.com> <20030921015803.GC97347@agora.rdrop.com> <20030921024111.GB12968@jabberwocky.com> Message-ID: <20030921025820.GA8312@agora.rdrop.com> --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 20, 2003 at 10:41:11PM -0400, David Shaw wrote: > If you aren't concerned about PGP 2 compatibility (since you updated > your user IDs, I assume you aren't), you can safely answer "yes" to > that question. I figure these days, you have to be able to handle OpenPGP keys for recent PGP users anyhow, so there's not much point in retaining 2 compat. --=20 Alan Batie ______ alan.batie.org Me alan at batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ spamassassin.taint.org NO SPAM! To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -Theodore Roosevelt, 26th US President (1858-1919) --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iQCVAwUBP20TzIv4wNua7QglAQGZywP/eYc9v21KjGo+fZObzSGjYQo2benalvRC D6Nl/NSysytHwtXkvfikfk62D88BEfQX6HPYZ7Iy4j/hkWsHT9oP3DQmgyGCvCwq JTdYoHHfx3lmAiHJueoPAscAmlJ4UAj7LdPy3C/WNDMgUSWzXnpUuL70wH2CmNQa Qeu9WzTFzgs= =gzpO -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY-- From alan@batie.org Sun Sep 21 06:04:02 2003 From: alan@batie.org (Alan Batie) Date: Sun Sep 21 05:04:02 2003 Subject: primary? In-Reply-To: <20030921024111.GB12968@jabberwocky.com> References: <20030920231001.GB67047@agora.rdrop.com> <20030920231814.GB10510@jabberwocky.com> <20030921015803.GC97347@agora.rdrop.com> <20030921024111.GB12968@jabberwocky.com> Message-ID: <20030921030548.GA9143@agora.rdrop.com> --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I went ahead and told it to do the picture thing, and it recommends a 240x288 picture size. So I tell it to load the 100x127 head shot I saved with photoshop's picture quality 3 (fairly low, out of 10) that is 9k and it complained how huge that was and was I sure I wanted to do that. What is a typical file size for photo id's? I'd think you'd want them to be a decent resolution or they won't be much good for ID purposes... --=20 Alan Batie ______ alan.batie.org Me alan at batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ spamassassin.taint.org NO SPAM! To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -Theodore Roosevelt, 26th US President (1858-1919) --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iQCVAwUBP20VjIv4wNua7QglAQGO3gQArzAVGGqp99HPm9+jXG/Al46nlGuHmN7X 8+ZG64rM1WyQygoRlx57kVT0OyFnv9qS6Il//J5Bm0yxRriIGOwQwySRx8qrVV4N nBVJglBpdkPEIuKrMEiM/VEcXIERWjilHb8NXRlmt758pIIJnZuoyLrA/4rZnxxI m+DPG0PTqXE= =XRjd -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv-- From FaAx04@gmx.de Sun Sep 21 10:00:02 2003 From: FaAx04@gmx.de (FaAx04@gmx.de) Date: Sun Sep 21 09:00:02 2003 Subject: Lost my key In-Reply-To: <20030920222706.GA8142@schiele.dyndns.org> Message-ID: <708EE770-EC01-11D7-9EE3-003065C896FA@gmx.de> > Think about it: If this were possible, everybody could revoke your key > at any > time. I still have my passphrase, that's why I hoped to be able to revoke it. -Falko From avbidder@fortytwo.ch Sun Sep 21 13:42:01 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Sun Sep 21 12:42:01 2003 Subject: Should gpg always generate a revocation cert? Message-ID: <200309211243.37485@fortytwo.ch> --Boundary-02=_ZDYb/aYK+Dj/dBK Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline Yo! Since there is a 'Lost my key' thread every few weeks: perhaps gpg should b= y=20 default * generate a revocation cert when it generates a new key (put it in a=20 .rev file or so) * print lengthy explanations about 'the key can not, under no circumstance= s,=20 be deleted from the keyservers. Really. We mean it. You can ask in the=20 mailing lists, we will tell you this again.' Of course these features could be disabled by use of the=20 =2D-i-am-no-newbie-thank-you-very-much flag. (Yes, this is really a feature that should be offered by the user friendly = GUI=20 keymangaer app that users should use - but I guess the majority of new user= s=20 today starts out by using gpg from the commandline.) cheers =2D- vbi =2D-=20 No good deed goes unpunished. --Boundary-02=_ZDYb/aYK+Dj/dBK Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iKcEABECAGcFAj9tgNlgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJEIukMYvlp/fWtcgAnipBKFCMEC0Dm/xa3jd6BpaI /DufAKDhFLGaQJoeY2aVuNiQEpR2SxjL8w== =R6Vr -----END PGP SIGNATURE----- --Boundary-02=_ZDYb/aYK+Dj/dBK-- From linux@codehelp.co.uk Sun Sep 21 16:15:01 2003 From: linux@codehelp.co.uk (Neil Williams) Date: Sun Sep 21 15:15:01 2003 Subject: Lost my key In-Reply-To: <708EE770-EC01-11D7-9EE3-003065C896FA@gmx.de> References: <708EE770-EC01-11D7-9EE3-003065C896FA@gmx.de> Message-ID: <200309211202.55789.linux@codehelp.co.uk> --Boundary-02=_fVYb/8dyFprZvaq Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Sunday 21 Sep 2003 8:01 am, FaAx04@gmx.de wrote: > > Think about it: If this were possible, everybody could revoke your key > > at any > > time. > > I still have my passphrase, that's why I hoped to be able to revoke it. Unless you also have a backup of your secret key somewhere, the passphrase= =20 isn't enough. It's the secret key that allows you to generate the revocatio= n=20 certificate and the passphrase that allows access to the secret key. If you do have a backup, import your public key from a keyserver, generate = the=20 revocation, import it back onto your public key and send the now revoked=20 public key back to a keyserver. Command details at: http://www.dclug.org.uk/linux_adm/gnupg.html =2D-=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk http://www.dclug.org.uk http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 --Boundary-02=_fVYb/8dyFprZvaq Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/bYVfiAEJSii8s+MRAulPAKD2bzqXXM8cuGB4SAc2LS9ft4PR+QCg8afA u4g/S/4nUCmMOaNIGMVYA1I= =O9eF -----END PGP SIGNATURE----- --Boundary-02=_fVYb/8dyFprZvaq-- From linux@codehelp.co.uk Sun Sep 21 16:16:32 2003 From: linux@codehelp.co.uk (Neil Williams) Date: Sun Sep 21 15:16:32 2003 Subject: Should gpg always generate a revocation cert? In-Reply-To: <200309211243.37485@fortytwo.ch> References: <200309211243.37485@fortytwo.ch> Message-ID: <200309211326.22350.linux@codehelp.co.uk> --Boundary-02=_ujZb/blnWUhHCJr Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Sunday 21 Sep 2003 11:43 am, Adrian 'Dagurashibanipal' von Bidder wrote: > Yo! > > Since there is a 'Lost my key' thread every few weeks: perhaps gpg should > by default > * generate a revocation cert when it generates a new key (put it in a > .rev file or so) Perhaps just a default YES question in the --gen-key sequence? This still=20 leaves a potentially crucial file sitting around until the user does=20 something about it though. Could be a problem when users don't secure the=20 =2Egnupg/ directory properly. I don't know if a default file wouldn't actually make things worse - if it = is=20 put somewhere obvious so that it gets backed up at some point, then the=20 backup becomes a liability later on. If it's not backed up, there's little= =20 point in generating it - most of these 'lost keys' come about after a=20 re-install or change of distro / HD corruption. The .rev file will be lost = at=20 the same time as secring.gpg. The .rev file cannot be protected by GnuPG itself, so overall it may be bet= ter=20 left off the filesystem.=20 The only thing that comes to mind is a question : "It is strongly recommended to print out a revocation certificate in case t= his=20 key becomes lost or compromised or your filesystem becomes corrupted. Pleas= e=20 turn on your printer before answering Y." > * print lengthy explanations about 'the key can not, under no > circumstances, be deleted from the keyservers. Really. We mean it. You can > ask in the mailing lists, we will tell you this again.' Definitely. > Of course these features could be disabled by use of the > --i-am-no-newbie-thank-you-very-much flag. > > (Yes, this is really a feature that should be offered by the user friendly > GUI keymangaer app that users should use - but I guess the majority of new > users today starts out by using gpg from the commandline.) Let GnuPG take the lead, frontend programs will have to follow if it's the= =20 default operation of GnuPG itself. =2D-=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk http://www.dclug.org.uk http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 --Boundary-02=_ujZb/blnWUhHCJr Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/bZjuiAEJSii8s+MRApjcAKCKKoLPAf+uS47LS+7CYwlzfY0yAACfZgqp DonYcxzUXl5BvCWK0U9nuHI= =4kp7 -----END PGP SIGNATURE----- --Boundary-02=_ujZb/blnWUhHCJr-- From nachtigall@web.de Sun Sep 21 18:55:02 2003 From: nachtigall@web.de (Jens Nachtigall) Date: Sun Sep 21 17:55:02 2003 Subject: Flexibility when using photos Message-ID: <200309211704.26475.nachtigall@web.de> Dear all, I just created my first own key pair and thought about adding a photo. If I add a photo, will it later still be possible to change this photo while keeping this key pair (in case I get this green colour one day ;-) ? Has adding a photo any negative sideeffects, i.e. compatibility problems with older versions or with pgp? Couldn't find anything in the docs about this, Jens From gnupg@dossen.dk Sun Sep 21 19:38:02 2003 From: gnupg@dossen.dk (Mads Laursen) Date: Sun Sep 21 18:38:02 2003 Subject: primary? In-Reply-To: <20030921030548.GA9143@agora.rdrop.com> References: <20030920231001.GB67047@agora.rdrop.com> <20030920231814.GB10510@jabberwocky.com> <20030921015803.GC97347@agora.rdrop.com> <20030921024111.GB12968@jabberwocky.com> <20030921030548.GA9143@agora.rdrop.com> Message-ID: <20030921164000.GB26712@leela.webspeed.dk> --vGgW1X5XWziG23Ko Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 20/09/03 20.05, Alan Batie wrote: > I went ahead and told it to do the picture thing, and it recommends a > 240x288 picture size. So I tell it to load the 100x127 head shot I saved > with photoshop's picture quality 3 (fairly low, out of 10) that is 9k > and it complained how huge that was and was I sure I wanted to do that. > What is a typical file size for photo id's? I'd think you'd want them to > be a decent resolution or they won't be much good for ID purposes... Speaking for myself, I think the picture on my key is quite usable for ID purposes (although there is some blocking), and it packs the full 240x288 pixels of truecolor jpeg into 2385 bytes. The main trick to getting the picture this small was replacing the background with a single color. From that point on I just cranked the compression up untill I had a small enough file. Looking at my keyring (contains mainly keys of people who post to the various mailinglists I read), I see keys from 2KB to almost 14KB (which I think is a bit over the top), with 3-5KB being the "normal" size.=20 HTH & HAND /dossen --=20 "Nuclear war can ruin your whole compile." -- Karl Lehenbauer --vGgW1X5XWziG23Ko Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/bdRg411kMaBbTb0RAv/RAKCx1KXEha+smccVwM4X7giOJ2dpdwCdH9vq XgRV1QE9fjaeXPdRU3+HKE4= =7Mp9 -----END PGP SIGNATURE----- --vGgW1X5XWziG23Ko-- From linux@codehelp.co.uk Sun Sep 21 19:58:01 2003 From: linux@codehelp.co.uk (Neil Williams) Date: Sun Sep 21 18:58:01 2003 Subject: Flexibility when using photos In-Reply-To: <200309211704.26475.nachtigall@web.de> References: <200309211704.26475.nachtigall@web.de> Message-ID: <200309211802.05204.linux@codehelp.co.uk> --Boundary-02=_Nmdb/piXPebEihv Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Sunday 21 Sep 2003 4:04 pm, Jens Nachtigall wrote: > Dear all, > > I just created my first own key pair and thought about adding a photo. If= I > add a photo, will it later still be possible to change this photo while > keeping this key pair (in case I get this green colour one day ;-) ? The photo gets incorporated into the public key itself (so keep the photo=20 small) and like any other UID, it would need to be revoked if it's going to= =20 change. Changing the photo regularly is going to make your public key=20 enormous! > > Has adding a photo any negative sideeffects, i.e. compatibility problems > with older versions or with pgp? Not sure about older versions of pgp, but some keyservers have problems wit= h=20 photo UID's - you may find that people cannot find your new key but if you= =20 put some kind of comment in your emails along the lines of: this is my=20 homepage where you'll find my public key: it should be OK. > Couldn't find anything in the docs about this, > Jens > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users =2D-=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk http://www.dclug.org.uk http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 --Boundary-02=_Nmdb/piXPebEihv Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/bdmNiAEJSii8s+MRAkoVAJ9yqMnav6kxxQnqrCJjeD1o8n9U2QCePxmh /P735wGbzloQNofCS3undAM= =U1zt -----END PGP SIGNATURE----- --Boundary-02=_Nmdb/piXPebEihv-- From wk@gnupg.org Mon Sep 22 08:33:01 2003 From: wk@gnupg.org (Werner Koch) Date: Mon Sep 22 07:33:01 2003 Subject: Should gpg always generate a revocation cert? In-Reply-To: <200309211326.22350.linux@codehelp.co.uk> (Neil Williams's message of "Sun, 21 Sep 2003 13:26:18 +0100") References: <200309211243.37485@fortytwo.ch> <200309211326.22350.linux@codehelp.co.uk> Message-ID: <87u175wfqs.fsf@alberti.g10code.de> On Sun, 21 Sep 2003 13:26:18 +0100, Neil Williams said: > Perhaps just a default YES question in the --gen-key sequence? This still > leaves a potentially crucial file sitting around until the user does > something about it though. Could be a problem when users don't secure the > .gnupg/ directory properly. It is not a good idea to change the default behaviour of GnupG. Creating an additional file which then must be deleted, will probably break a couple of applications which don't expect this. Imagine an application creating keys on demand through expect(1). > "It is strongly recommended to print out a revocation certificate in case this > key becomes lost or compromised or your filesystem becomes corrupted. Please > turn on your printer before answering Y." We can't do that becuase there might be no printer on the system or printing works in an unusal way (I for example simply pipe documents for printing through ssh printer-host lpr) -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From vedaal@hush.com Mon Sep 22 15:50:02 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Mon Sep 22 14:50:02 2003 Subject: Should gpg always generate a revocation cert? Message-ID: <200309221252.h8MCqGOR016820@mailserver2.hushmail.com> >Message: 4 >From: Neil Williams >Organization: www.codehelp.co.uk + www.dclug.org.uk >To: "GnuPG Users" >Subject: Re: Should gpg always generate a revocation cert? >Date: Sun, 21 Sep 2003 13:26:18 +0100 [...] > perhaps gpg should by default >> generate a revocation cert when it generates a new key (put >it in a >> .rev file or so) > >Perhaps just a default YES question in the --gen-key sequence? This >still=20 >leaves a potentially crucial file sitting around until the user >does=20 >something about it though. Could be a problem when users don't secure >the=20 >=2Egnupg/ directory properly. > >I don't know if a default file wouldn't actually make things worse >- if it = >is=20 >put somewhere obvious so that it gets backed up at some point, then >the=20 >backup becomes a liability later on. If it's not backed up, there's >little= >=20 >point in generating it - most of these 'lost keys' come about after >a=20 >re-install or change of distro / HD corruption. [...] a possible solution might be to have the default setting be to generate the revocation certificate as the key is created, and have the revocation certificate encrypted symmetrically to the same passphrase as the key, then prompt for it (and possibly a backup of the key too) to be stored on a removable disk (floppy, usb, cdrw, etc.) and to have an over-ride choice (y,n) at each step, as Adrian suggested with Respect, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From wk@gnupg.org Mon Sep 22 17:48:01 2003 From: wk@gnupg.org (Werner Koch) Date: Mon Sep 22 16:48:01 2003 Subject: Should gpg always generate a revocation cert? In-Reply-To: <200309221252.h8MCqGOR016820@mailserver2.hushmail.com> (vedaal@hush.com's message of "Mon, 22 Sep 2003 05:52:16 -0700") References: <200309221252.h8MCqGOR016820@mailserver2.hushmail.com> Message-ID: <87y8wgubhb.fsf@alberti.g10code.de> On Mon, 22 Sep 2003 05:52:16 -0700, said: > a possible solution might be to have the default setting be to generate > the revocation certificate as the key is created, > and have the revocation certificate encrypted symmetrically to the same > passphrase as the key, A very common rwason to issue a recovation is a forgotten passphrase. Hmmm. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From pgpgp@pollinger.org.uk Mon Sep 22 20:48:02 2003 From: pgpgp@pollinger.org.uk (Ben Pollinger) Date: Mon Sep 22 19:48:02 2003 Subject: CA Cert (cacert.org) - a new, non-profit CA Message-ID: <00da01c38131$d58eec00$1ae3193e@linear> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear list folk, [apologies for cross-posting] Just wanted to mention a new, free CA at www.cacert.org It's based on Thawte's CA model, issuing signed X.509 certificates for email and servers. Some interesting differences though: - server certificates are free (or very cheap) - any charges are small, and one-off (cf. Verisign, Thawte etc.) - they sign PGP keys (as Thawte used to) * - it's a non-profit organisation - they're piloting a time-stamping service (* - some problems with RSA v4 keys recently, which should be resolved soon-ish) The root CA is not included in browsers, but they're working on it. One route is via a request for enhancement at Mozilla - see http://bugzilla.mozilla.org/show_bug.cgi?id=215243 (257 votes as of today) For more info, please visit www.cacert.org , and maybe sign up to the mailman list at http://lists.cacert.org/mailman/listinfo/cacert I have no connection with CA Cert, other than being signed up as an assurer (much like Thawte's notary system). Just thought some folk would be interested in it. Regards, Ben - -- Ben Pollinger www.pollinger.org.uk www.psyclick.org.uk PGP'd email welcome -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 Comment: ...or GnuPG 1.2.3. <> Keys from www.pollinger.org.uk iQA/AwUBP281e2B6yoUweI/vEQJoFACfXlWMlXXuCRIbCu96nD0NoMj1uvIAn0bO q20u0yAKimWe5j2Vnqnrfcyz =sRTK -----END PGP SIGNATURE----- From johanw@vulcan.xs4all.nl Mon Sep 22 23:25:02 2003 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Mon Sep 22 22:25:02 2003 Subject: primary? In-Reply-To: <20030921015215.GA97347@agora.rdrop.com> from Alan Batie at "Sep 20, 2003 06:52:15 pm" Message-ID: <200309222021.WAA00731@vulcan.xs4all.nl> Alan Batie wrote: >> Note that by upgrading, your key will no longer be importable into PGP >> 2.x. >I don't think too many people are still using that anyhow, are they? You're wrong, pgp 2.6 is still much used in existing systems. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dshaw@jabberwocky.com Mon Sep 22 23:54:05 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Sep 22 22:54:05 2003 Subject: primary? In-Reply-To: <20030921164000.GB26712@leela.webspeed.dk> References: <20030920231001.GB67047@agora.rdrop.com> <20030920231814.GB10510@jabberwocky.com> <20030921015803.GC97347@agora.rdrop.com> <20030921024111.GB12968@jabberwocky.com> <20030921030548.GA9143@agora.rdrop.com> <20030921164000.GB26712@leela.webspeed.dk> Message-ID: <20030922205552.GA5113@jabberwocky.com> On Sun, Sep 21, 2003 at 06:40:00PM +0200, Mads Laursen wrote: > On 20/09/03 20.05, Alan Batie wrote: > > I went ahead and told it to do the picture thing, and it recommends a > > 240x288 picture size. So I tell it to load the 100x127 head shot I saved > > with photoshop's picture quality 3 (fairly low, out of 10) that is 9k > > and it complained how huge that was and was I sure I wanted to do that. > > What is a typical file size for photo id's? I'd think you'd want them to > > be a decent resolution or they won't be much good for ID purposes... > > Speaking for myself, I think the picture on my key is quite usable for > ID purposes (although there is some blocking), and it packs the full > 240x288 pixels of truecolor jpeg into 2385 bytes. The main trick to > getting the picture this small was replacing the background with a > single color. From that point on I just cranked the compression up > untill I had a small enough file. > > Looking at my keyring (contains mainly keys of people who post to the > various mailinglists I read), I see keys from 2KB to almost 14KB > (which I think is a bit over the top), with 3-5KB being the "normal" > size. FWIW, the picture size warning comes up if the picture is over 6KB. There is nothing magical about that number - when I wrote the code, I looked at a good number of jpegs from PGP keys, noticed the same thing that Mads Laursen noticed, and just bumped it up to 6KB to be safe. David From orv@no-comply.com Tue Sep 23 20:58:01 2003 From: orv@no-comply.com (orv) Date: Tue Sep 23 19:58:01 2003 Subject: FW: Outlook 2003 problem Message-ID: -----Original Message----- From: Jon Barlow [mailto:orv@skatingholmes.com] Sent: 23 September 2003 18:55 To: 'gnupg-users@gnupg.org' Subject: Outlook 2003 problem Hi, I am a new user to GnuPG plugin for Outlook and I have a small problem. Whenever I send a PGP encrypted email, it arrives completely empty and the sent item is also empty. Does anyone have any suggestions? I followed the setup instructions here: http://helppages.obsidian.com.au/PGPKeys My current software is: Windows XP SP1 Outlook 2003 GnuPG Plugin v0.91 WinPT v0.7.96rc1 GnuPG v1.2.1 Thanks. Jon. From barry@bpuk.net Tue Sep 23 22:35:01 2003 From: barry@bpuk.net (Barry Porter) Date: Tue Sep 23 21:35:01 2003 Subject: Outlook 2003 problem In-Reply-To: Message-ID: <31E58427A96@bpuk.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I had a similar problem using the G-Data plugin for Outlook with Outlook 2003 Beta. In my case it went through the motions of signing but never signed the message. If I open the message in the outbox and re-sign it there it would work fine. Gave up with the plugin and just use GPGShell to sign current window. You can do the same thing with WinPT and at least you know it is done before you hit send. Regards Barry - -- "Bother!" said Pooh and turned the launch key. - -----Original Message----- From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org] On Behalf Of orv Sent: 23 September 2003 19:00 To: gnupg-users@gnupg.org Subject: FW: Outlook 2003 problem - -----Original Message----- From: Jon Barlow [mailto:orv@skatingholmes.com] Sent: 23 September 2003 18:55 To: 'gnupg-users@gnupg.org' Subject: Outlook 2003 problem Hi, I am a new user to GnuPG plugin for Outlook and I have a small problem. Whenever I send a PGP encrypted email, it arrives completely empty and the sent item is also empty. Does anyone have any suggestions? I followed the setup instructions here: http://helppages.obsidian.com.au/PGPKeys My current software is: Windows XP SP1 Outlook 2003 GnuPG Plugin v0.91 WinPT v0.7.96rc1 GnuPG v1.2.1 Thanks. Jon. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v2.93 iD8DBQE/cKBybZLB/ZZghWkRAjARAKCkuI3H1QElA+/WOX3O1HDE5TA38wCgjr1O Or8xDiiC+iNrJrLc+bQot4A= =nreD -----END PGP SIGNATURE----- From orv@no-comply.com Wed Sep 24 10:35:01 2003 From: orv@no-comply.com (orv) Date: Wed Sep 24 09:35:01 2003 Subject: Outlook 2003 problem In-Reply-To: <31E58427A96@bpuk.net> Message-ID: I don't want to sound ungrateful for your suggestion, but I kinda thought the purpose of this mailing list would be to resolve problems, not work around them :) -----Original Message----- From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org] On Behalf Of Barry Porter Sent: 23 September 2003 20:36 To: gnupg-users@gnupg.org Subject: RE: Outlook 2003 problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I had a similar problem using the G-Data plugin for Outlook with Outlook 2003 Beta. In my case it went through the motions of signing but never signed the message. If I open the message in the outbox and re-sign it there it would work fine. Gave up with the plugin and just use GPGShell to sign current window. You can do the same thing with WinPT and at least you know it is done before you hit send. Regards Barry - -- "Bother!" said Pooh and turned the launch key. - -----Original Message----- From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org] On Behalf Of orv Sent: 23 September 2003 19:00 To: gnupg-users@gnupg.org Subject: FW: Outlook 2003 problem - -----Original Message----- From: Jon Barlow [mailto:orv@skatingholmes.com] Sent: 23 September 2003 18:55 To: 'gnupg-users@gnupg.org' Subject: Outlook 2003 problem Hi, I am a new user to GnuPG plugin for Outlook and I have a small problem. Whenever I send a PGP encrypted email, it arrives completely empty and the sent item is also empty. Does anyone have any suggestions? I followed the setup instructions here: http://helppages.obsidian.com.au/PGPKeys My current software is: Windows XP SP1 Outlook 2003 GnuPG Plugin v0.91 WinPT v0.7.96rc1 GnuPG v1.2.1 Thanks. Jon. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v2.93 iD8DBQE/cKBybZLB/ZZghWkRAjARAKCkuI3H1QElA+/WOX3O1HDE5TA38wCgjr1O Or8xDiiC+iNrJrLc+bQot4A= =nreD -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From johanw@vulcan.xs4all.nl Wed Sep 24 21:05:02 2003 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Wed Sep 24 20:05:02 2003 Subject: primary? In-Reply-To: <20030921023801.GA12968@jabberwocky.com> from David Shaw at "Sep 20, 2003 10:38:01 pm" Message-ID: <200309222031.WAA00859@vulcan.xs4all.nl> David Shaw wrote: >Depends on who you ask. I've found that while the number of PGP 2 >users is shrinking (judging on the number of PGP 2 keys on the >keyservers), the ones that are left are very, very devoted to PGP 2 ;) Which is not a big surprise: it is only since 1.0.7 that GnuPG is a usefull replacement for 2.6 if you want to encrypt multiplatform. And the pgp versions after 2.6 are either only available on windows, and very buggy and difficult to compile on Unix systems. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From bogus@does.not.exist.com Thu Sep 25 01:18:02 2003 From: bogus@does.not.exist.com (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu Sep 25 00:18:02 2003 Subject: Outlook 2003 problem In-Reply-To: References: Message-ID: <200309250018.00389@erwin.ingo-kloecker.de> On Wednesday 24 September 2003 09:36, orv wrote: > I don't want to sound ungrateful for your suggestion, but I kinda > thought the purpose of this mailing list would be to resolve > problems, not work around them :) I don't want to sound , but the purpose of this mailing list is to resolve problems with the free software product GnuPG but not with all GnuPG related software and especially not with proprietary, closed source plugins from third parties. Regards, Ingo From orv@no-comply.com Thu Sep 25 02:25:02 2003 From: orv@no-comply.com (orv) Date: Thu Sep 25 01:25:02 2003 Subject: FW: Outlook 2003 problem Message-ID: Fair enough, the only reason I asked here was because of this mail from = G DATA. > Dear Customer, >=20 > thank you for your service request. >=20 > GnuPG, as well as the G DATA-plugin for this tool are open = source/freeware and are not supported through our > > company.=20 > Please visit the appropriate channels/pages (p. e. > http://de.groups.yahoo.com/group/gnupg-forum/ or http://www.gnupg.org/(en)/index.html ) for information about > > these = tools and solutions to problems. >=20 > ** please include all previous mails into your further service = requests ** >=20 > With kind regards >=20 > G DATA Software AG=20 (*) << insert what ever fits best -----Original Message----- From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org] = On Behalf Of Ingo Kl=F6cker Sent: 24 September 2003 23:18 To: gnupg-users@gnupg.org Subject: Re: Outlook 2003 problem On Wednesday 24 September 2003 09:36, orv wrote: > I don't want to sound ungrateful for your suggestion, but I kinda=20 > thought the purpose of this mailing list would be to resolve problems, = > not work around them :) I don't want to sound , but the purpose = of this mailing list is to resolve problems with the free software product GnuPG but not with all GnuPG related software and especially not with proprietary, closed source plugins from third parties. Regards, Ingo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From ingo.kloecker@epost.de Thu Sep 25 03:00:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu Sep 25 02:00:02 2003 Subject: FW: Outlook 2003 problem In-Reply-To: References: Message-ID: <200309250200.28748@erwin.ingo-kloecker.de> --Boundary-02=_cAjc/AQuaB9Aqg+ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 25 September 2003 01:26, orv wrote: > Fair enough, the only reason I asked here was because of this mail > from G DATA. Sorry, I didn't knew that G DATA cares that less for its potential=20 customers. I mean, who would buy anything from them after receiving=20 such a negative reply? > > Dear Customer, > > > > thank you for your service request. > > > > GnuPG, as well as the G DATA-plugin for this tool are open > > source/freeware and are not supported through our company. Do they really not understand the difference between Free Software and=20 =46reeware? Apparently the plugin is indeed Free Software. But if nobody=20 maintains it then it's pretty much irrelevant whether it's free or not. Regards, Ingo --Boundary-02=_cAjc/AQuaB9Aqg+ Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQA/cjAcGnR+RTDgudgRAjaXAKDLUzLX8V4RD+eJyqjqYqQO3vbNPACgyzKO sk06i3vltRIEdvnqXve+nAQ= =JSRd -----END PGP SIGNATURE----- --Boundary-02=_cAjc/AQuaB9Aqg+-- From ben@benfinney.id.au Thu Sep 25 08:19:02 2003 From: ben@benfinney.id.au (Ben Finney) Date: Thu Sep 25 07:19:02 2003 Subject: Free software pays off In-Reply-To: <200309250200.28748@erwin.ingo-kloecker.de> References: <200309250200.28748@erwin.ingo-kloecker.de> Message-ID: <20030925052119.GA26662@benfinney.id.au> --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 25-Sep-2003, Ingo Klcker wrote: > Apparently the plugin is indeed Free Software. But if nobody maintains > it then it's pretty much irrelevant whether it's free or not. On the contrary, that's one of the *primary* differences. Unmaintained free software need not languish so long as someone cares enough to improve it, or motivate someone else to do so. With free software, you can take the source code and improve it, or pay someone else to do so, and share the resulting, improved product. With non-free software, even if you can get the source, the copyright license probably doesn't allow you to improve and share it, so it's dead. --=20 \ "Injustice is relatively easy to bear; what stings is justice." | `\ -- Henry L. Mencken | _o__) | Ben Finney --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj9ye04ACgkQt6wuUb1BcUuYtgCeNC89rlxQ05gH7Qq+0cz8mSIo 5cYAoLsr+XGLjNGXVFfSCtvPs8/o24uc =Ag0O -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- From JPClizbe@comcast.net Thu Sep 25 08:38:02 2003 From: JPClizbe@comcast.net (John Clizbe) Date: Thu Sep 25 07:38:02 2003 Subject: Outlook 2003 problem In-Reply-To: <200309250018.00389@erwin.ingo-kloecker.de> References: <200309250018.00389@erwin.ingo-kloecker.de> Message-ID: <3F727F69.3050402@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ingo Klöcker wrote: > On Wednesday 24 September 2003 09:36, orv (Jon Barlow) wrote: >> I don't want to sound ungrateful for your suggestion, but I kinda >> thought the purpose of this mailing list would be to resolve >> problems, not work around them :) > > I don't want to sound , but the purpose > of this mailing list is to resolve problems with the free software > product GnuPG but not with all GnuPG related software and especially > not with proprietary, closed source plugins from third parties. > - From sifting through the last couple week's postings on a few lists it would appear no one's product or plugin currently is supporting LookOut! 2003. Not even PGP. Maybe that's due to Microsoft's ever shifting and partially documented APIs? DKDC. To echo Ingo and further respond, "the purpose of this mailing list" is to resolve problems with GnuPG and tangentially with some of the OSS/FW products that interoperate with it. To the extent that those are issues *with* gpg, the developers usually try to get a fix into the CVS tree and the next release asap. Until that can be accomplished, work-arounds are suggested. The GnuPG Outlook plugin you mention would seem to be for Outlook 2000, poosibly updated to Outlook 2002, and issues with it should be directed to it's author(s), gdata.de. If my Jeep engine is misfiring, I take the issue to the Jeep mechanic, not the AC/Delco spark-plug folks. FWIW, you may wish to try Mozilla/Thunderbird/Netscape + Enigmail. A solid, flexible, configurable, extensible MUA without LookOut's more notorious "features". 8-}) <\work-around> See http://openpgp.vie-privee.org/courrier_en.html and http://www.bretschneidernet.de/tips/secmua.html for a more complete list of OpenPGP and S/MIME enabled mail clients. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/cn9nHQSsSmCNKhARAti7AJ4oOBQSM0p65aWtmD1kY7IASw3C6ACfQctb COQ3abewuu1SO+F7t3M7EHE= =YGB0 -----END PGP SIGNATURE----- From om@skillsearch.co.uk Thu Sep 25 13:00:02 2003 From: om@skillsearch.co.uk (Oliver Marshall) Date: Thu Sep 25 12:00:02 2003 Subject: using pgp v8 keys in gpg Message-ID: This is a multi-part message in MIME format. ------_=_NextPart_001_01C3834B.F68FBA8A Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi, We used to use PGP v8 and Outlook to send signed automated emails to a = remote service. Outlook is having problems with line wrapping and is = ballsing up the automated message, so I thought I would try gpg with = Mozilla Thunderbird. I have installed the latest version of gpg for windows and Thunderbird = 0.2. Im ready to get sending, but when i sign the message it tells me i = need to setup some certicates (clearly). Now, in PGP v8 I have the certs that we use to sign the emails for this = service. The process of recreating new certs is more painful that pullng = teeth so I would like to keep the ones that I have in PGP but use them = in GPG. I have exported from PGP and imported to GPG but that doesnt = seem to have made any differemce. Can some possibly tell me how to import the PGP keys into GPG so that I = can sign this email and get it sent ? Thanks Olly ------_=_NextPart_001_01C3834B.F68FBA8A Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable using pgp v8 keys in gpg

Hi,

We used to use PGP v8 and Outlook to send signed automated emails to a = remote service. Outlook is having problems with line wrapping and is = ballsing up the automated message, so I thought I would try gpg with = Mozilla Thunderbird.

I have installed the latest version of gpg for windows and Thunderbird = 0.2. Im ready to get sending, but when i sign the message it tells me i = need to setup some certicates (clearly).

Now, in PGP v8 I have the certs that we use to sign the emails for this = service. The process of recreating new certs is more painful that pullng = teeth so I would like to keep the ones that I have in PGP but use them = in GPG. I have exported from PGP and imported to GPG but that doesnt = seem to have made any differemce.


Can some possibly tell me how to import the PGP keys into GPG so that I = can sign this email and get it sent ?

Thanks

Olly

------_=_NextPart_001_01C3834B.F68FBA8A-- From eugene@esmiley.net Thu Sep 25 19:10:02 2003 From: eugene@esmiley.net (Eugene Smiley) Date: Thu Sep 25 18:10:02 2003 Subject: using pgp v8 keys in gpg In-Reply-To: References: Message-ID: <3F7313C3.8090707@esmiley.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oliver Marshall wrote: > Now, in PGP v8 I have the certs that we use to sign the emails for > this service. The process of recreating new certs is more painful > that pullng teeth so I would like to keep the ones that I have in > PGP but use them in GPG. I have exported from PGP and imported to > GPG but that doesnt seem to have made any differemce. > > Can some possibly tell me how to import the PGP keys into GPG so > that I can sign this email and get it sent ? When you exported from PGP did you export it with the secret key. It's the secret key that it needs. There is a checkbox in the export dialog that accomplishes this. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/cxO/6QPtAqft/S8RAudPAJ9CCXD+SK+L8GBqKESZek2vyth4LwCeNczH Ybe+Hm50ZGj9CdEANedlUDU= =dDnz -----END PGP SIGNATURE----- From JPClizbe@comcast.net Thu Sep 25 23:40:01 2003 From: JPClizbe@comcast.net (John Clizbe) Date: Thu Sep 25 22:40:01 2003 Subject: using pgp v8 keys in gpg In-Reply-To: References: Message-ID: <3F7352F7.6060806@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oliver Marshall wrote: > Hi, > > We used to use PGP v8 and Outlook to send signed automated emails to a > remote service. Outlook is having problems with line wrapping and is > ballsing up the automated message, so I thought I would try gpg with > Mozilla Thunderbird. > > I have installed the latest version of gpg for windows and Thunderbird > 0.2. Im ready to get sending, but when i sign the message it tells me i > need to setup some certicates (clearly). > > Now, in PGP v8 I have the certs that we use to sign the emails for this > service. The process of recreating new certs is more painful that pullng > teeth so I would like to keep the ones that I have in PGP but use them > in GPG. I have exported from PGP and imported to GPG but that doesnt > seem to have made any differemce. > > > Can some possibly tell me how to import the PGP keys into GPG so that I > can sign this email and get it sent ? > > Thanks > > Olly > 1) Fire up PGPKeys. Select the key(s) you want to move. On the menubar: Keys then Export (or ctrl-E). Click to Include Private Key(s) -- you'll need them also. It's safe to leave the 6.0 extensions selected. Pick a directory, filename, and Save. 2) Open a command window. CD to the directory you stored your keys in. And enter the command: gpg --import .asc - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." "*Hundreds* of customers like and use $CO's Unix products." - Darl McBride, CEO Caldera/$CO Group (This .sig block was sponsored by IBM. All hail IBM.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/c1LzHQSsSmCNKhARAvOJAKCEEJUY0TMH97eKcoTHwqpm7iQszACfWVG1 n8moLPsL8eyvpRdOT9JAYOk= =vvkj -----END PGP SIGNATURE----- From douglist@anize.org Fri Sep 26 07:02:01 2003 From: douglist@anize.org (Douglas F. Calvert) Date: Fri Sep 26 06:02:01 2003 Subject: CA Cert (cacert.org) - a new, non-profit CA In-Reply-To: <00da01c38131$d58eec00$1ae3193e@linear> References: <00da01c38131$d58eec00$1ae3193e@linear> Message-ID: <1064549048.18050.2.camel@liberate.imissjerry.org> On Mon, 2003-09-22 at 13:49, Ben Pollinger wrote: > For more info, please visit www.cacert.org , and maybe sign up to the > mailman list at http://lists.cacert.org/mailman/listinfo/cacert You have to give them a national ID number? And they use it as your personal identifier? I could go register every combination of NYS drivers licenses right now and no one from NY would be able to register for this. This would probably be a plus for NYS but this site is a little nuts... -- Douglas F. Calvert From patrick.marquetecken@pandora.be Fri Sep 26 16:13:02 2003 From: patrick.marquetecken@pandora.be (Patrick Marquetecken) Date: Fri Sep 26 15:13:02 2003 Subject: Size of pubring Message-ID: <1064582099.15201.14.camel@rivendell> --=-rjGTgGvJsSN4ZB60y1tm Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, Does anyone knows if there is a max size for the pubring file ? Its the second time that i had to restore my backup because if could not see all all keys in it, after 3 keys i have errors. Patrick --=20 Insufficient facts always invite danger. -- Spock, "Space Seed", stardate 3141.9 PGP Key: http://users.pandora.be/rivendell/marquetp.gpg Fingerprint =3D 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B ICQ# 316932703=20 Registered Linux User #44550 http://counter.li.org --=-rjGTgGvJsSN4ZB60y1tm Content-Type: application/pgp-signature; name=signature.asc Content-Description: Dit berichtdeel is digitaal ondertekend -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/dDvT06MbDBBZJzsRAkGCAKC1ktOizKtutBKcTS+8ec1QE6zm9gCgoR53 wzM2jlAoSUuHUbTWAeQp6cw= =uHMe -----END PGP SIGNATURE----- --=-rjGTgGvJsSN4ZB60y1tm-- From robert.schiele@t-online.de Fri Sep 26 18:30:01 2003 From: robert.schiele@t-online.de (Robert Schiele) Date: Fri Sep 26 17:30:01 2003 Subject: Size of pubring In-Reply-To: <1064582099.15201.14.camel@rivendell> References: <1064582099.15201.14.camel@rivendell> Message-ID: <20030926153217.GB7133@schiele.dyndns.org> --oLBj+sq0vYjzfsbl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 26, 2003 at 03:14:59PM +0200, Patrick Marquetecken wrote: > Hi, >=20 > Does anyone knows if there is a max size for the pubring file ? > Its the second time that i had to restore my backup because if could not > see all all keys in it, after 3 keys i have errors. I don't know an exact limit, but I also ran into similar problems when the size reached about 22MB. But for me not the pubring file itself got scambl= ed, but the trustdb. Unfortunately I never managed to make the problem deterministically reproducable. Robert --=20 Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de --oLBj+sq0vYjzfsbl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/dFwBxcDFxyGNGNcRAtzjAJwNnKg4YgC253QCnhhqo9M9sIOOAQCeMquQ ACOBRJgfvjXnEyUSvsd/jgo= =FX9c -----END PGP SIGNATURE----- --oLBj+sq0vYjzfsbl-- From maillist@tgice.com Fri Sep 26 19:27:01 2003 From: maillist@tgice.com (john lawler) Date: Fri Sep 26 18:27:01 2003 Subject: gnupg associated Windows VPN client? Message-ID: <3F74694B.8050103@tgice.com> Hi, Not sure if this is the appropriate forum in which to post this question, but anyway: Does anyone know of a GnuPG-based VPN client for Windows? I suppose even if it isn't GnuPG based I'd be interested in it. I'm trying to setup a commercial VPN connection to a VPN router w/o purchasing a VPN client such as SSH Sentinel, etc. Does such a project exist? Thanks, John Lawler From frank.calfo@csgpro.com Sat Sep 27 00:16:02 2003 From: frank.calfo@csgpro.com (Frank Calfo) Date: Fri Sep 26 23:16:02 2003 Subject: passphrase-fd works on linux but not windows Message-ID: <5.2.1.1.0.20030926141333.00ac7ec0@mail.csgpro.com> Hi All, I'm using gpg 1.2.1 on Linux and Windows for key-based encryption using a keystore that is passphrase protected I'm passing in the keystore passphrase via the passphrase-fd 0 strategy This command successfully encrypts a file when running on Linux: echo $1 | gpg --homedir $2 --batch --yes --passphrase-fd 0 --always-trust --encrypt --sign --recipient $3 $4 but the mirror of this does not work when running on Windows 2000 - it keeps returning error: bad passphrase (even though passphrase passed in is correct) echo %1 | gpg --homedir %2 --batch --yes --passphrase-fd 0 --always-trust --encrypt --sign --recipient %3 %4 Is there something about using the passphrase-fd 0 option to send in the KEYSTORE (not encryption) passphrase that it works under Linux but not Windows ? Thanks! From Todd Sat Sep 27 00:31:01 2003 From: Todd (Todd) Date: Fri Sep 26 23:31:01 2003 Subject: passphrase-fd works on linux but not windows In-Reply-To: <5.2.1.1.0.20030926141333.00ac7ec0@mail.csgpro.com> References: <5.2.1.1.0.20030926141333.00ac7ec0@mail.csgpro.com> Message-ID: <20030926213227.GG17131@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frank Calfo wrote: > but the mirror of this does not work when running on Windows 2000 - it > keeps returning error: bad passphrase (even though passphrase passed in is > correct) > echo %1 | gpg --homedir %2 --batch --yes --passphrase-fd 0 > --always-trust --encrypt --sign --recipient %3 %4 I recall reading sometime back on this list that on windows you need to put the | directly after the passphrase. Windows apparently sends the trailing space along to gnupg, which will make it a bad passphrase. So try something like this: echo %1| gpg --homedir %2 --batch --yes --passphrase-fd 0 \ --always-trust --encrypt --sign --recipient %3 %4 - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ============================================================================ Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs. -- P.J. O'Rourke -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE/dLBruv+09NZUB1oRAhQQAKC2tI2z85ChyzpC7BACGkZkexp8rACfdoi5 JnaOfSjDA95sQ/WJTwQCPkM= =hDRI -----END PGP SIGNATURE----- From frank.calfo@csgpro.com Sat Sep 27 01:00:02 2003 From: frank.calfo@csgpro.com (Frank Calfo) Date: Sat Sep 27 00:00:02 2003 Subject: passphrase-fd works on linux but not windows In-Reply-To: <20030926213227.GG17131@psilocybe.teonanacatl.org> References: <5.2.1.1.0.20030926141333.00ac7ec0@mail.csgpro.com> <5.2.1.1.0.20030926141333.00ac7ec0@mail.csgpro.com> Message-ID: <5.2.1.1.0.20030926150114.00b07600@mail.csgpro.com> That did it! Thanks for the quick response! At 05:32 PM 9/26/2003 -0400, Todd wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Frank Calfo wrote: > > but the mirror of this does not work when running on Windows 2000 - it > > keeps returning error: bad passphrase (even though passphrase passed in is > > correct) > > echo %1 | gpg --homedir %2 --batch --yes --passphrase-fd 0 > > --always-trust --encrypt --sign --recipient %3 %4 > >I recall reading sometime back on this list that on windows you need to put >the | directly after the passphrase. Windows apparently sends the trailing >space along to gnupg, which will make it a bad passphrase. So try something >like this: > > echo %1| gpg --homedir %2 --batch --yes --passphrase-fd 0 \ > --always-trust --encrypt --sign --recipient %3 %4 >- -- >Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp >============================================================================ >Politicians are interested in people. Not that this is always a virtue. >Fleas are interested in dogs. > -- P.J. O'Rourke > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.3 (GNU/Linux) >Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. > >iD8DBQE/dLBruv+09NZUB1oRAhQQAKC2tI2z85ChyzpC7BACGkZkexp8rACfdoi5 >JnaOfSjDA95sQ/WJTwQCPkM= >=hDRI >-----END PGP SIGNATURE----- > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users From johan30@easynet.be Sat Sep 27 17:16:02 2003 From: johan30@easynet.be (johanb) Date: Sat Sep 27 16:16:02 2003 Subject: questions Message-ID: <200309271617.36342.johan30@easynet.be> Hi, I have some questions: I want to do encrypted communication between three places : one with linux and opengpg (under kmail) , one with microsoft outlook and pgp or gnuplugin and one with pgp version 8, how can I make kmail get working to read the encrypted mails coming from pretty good privacy version 8. Queston nr. 2 : the person with ms outlook, apparently there is a bug in it, since I can not save or export the public key. Is this normal with gnuplugin Greetz, Johan Boeckx From ingo.kloecker@epost.de Sat Sep 27 17:51:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sat Sep 27 16:51:02 2003 Subject: questions In-Reply-To: <200309271617.36342.johan30@easynet.be> References: <200309271617.36342.johan30@easynet.be> Message-ID: <200309271651.28242@erwin.ingo-kloecker.de> --Boundary-02=_wPad/C2SpA2t7ne Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 27 September 2003 16:17, johanb wrote: > I have some questions: I want to do encrypted communication between > three places : one with linux and opengpg (under kmail) , one with > microsoft outlook and pgp or gnuplugin and one with pgp version 8, > how can I make kmail get working to read the encrypted mails coming > from pretty good privacy version 8. Without information about the format of the encrypted messages we can't=20 answer this question. But I guess that the format is "inline=20 encryption". KMail shouldn't have any problems with such messages. Regards, Ingo --Boundary-02=_wPad/C2SpA2t7ne Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQA/daPwGnR+RTDgudgRAmzfAKDBrbSDI4Y4k2YSBEL/hV7/r4kc0wCg0YqS JbxVx9POJuWMDPG7ZhQK1ys= =rLNJ -----END PGP SIGNATURE----- --Boundary-02=_wPad/C2SpA2t7ne-- From johan30@easynet.be Sat Sep 27 18:36:01 2003 From: johan30@easynet.be (johanb) Date: Sat Sep 27 17:36:01 2003 Subject: questions In-Reply-To: <200309271651.28242@erwin.ingo-kloecker.de> References: <200309271617.36342.johan30@easynet.be> <200309271651.28242@erwin.ingo-kloecker.de> Message-ID: <200309271737.43184.johan30@easynet.be> On Saturday 27 September 2003 16:51, Ingo Klöcker wrote: > On Saturday 27 September 2003 16:17, johanb wrote: > > I have some questions: I want to do encrypted communication between > > three places : one with linux and opengpg (under kmail) , one with > > microsoft outlook and pgp or gnuplugin and one with pgp version 8, > > how can I make kmail get working to read the encrypted mails coming > > from pretty good privacy version 8. > > Without information about the format of the encrypted messages we can't > answer this question. But I guess that the format is "inline > encryption". KMail shouldn't have any problems with such messages. > > Regards, > Ingo Ingo, It is not inline, but /usr/local/lib/cryptplug/gpgme-openpgp.so. My question is more on the level, that opegpg corresponds with pgp (all versions) and if I have to implement somthing special ? Greetz, Johan From ml@proficuous.com Sat Sep 27 22:35:02 2003 From: ml@proficuous.com (Aaron P. Martinez) Date: Sat Sep 27 21:35:02 2003 Subject: gnupg associated Windows VPN client? In-Reply-To: <3F74694B.8050103@tgice.com> References: <3F74694B.8050103@tgice.com> Message-ID: <1064691333.2666.24.camel@aaron-rh9-ws.proficuous.com> On Fri, 2003-09-26 at 11:28, john lawler wrote: > Hi, > > Not sure if this is the appropriate forum in which to post this > question, but anyway: > > Does anyone know of a GnuPG-based VPN client for Windows? I suppose > even if it isn't GnuPG based I'd be interested in it. I'm trying to > setup a commercial VPN connection to a VPN router w/o purchasing a VPN > client such as SSH Sentinel, etc. Does such a project exist? > > Thanks, > > John Lawler > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Not sure what you mean by GnuPG based, but the two vpn products that i use are FreeSWAN and openvpn. To connect from a windows manchine, you'd need to use FreeSWAN. It has an X509 plugin that will allow WinXP and Win2K clients to connect using the built in vpn software. There is also another product, PoPTOP, i think is the name, that claims to support windows pptpd the way it is. Aaron P. Martinez Proficuous. www.proficuous.com Aaron.Martinez@proficuous.com From ingo.kloecker@epost.de Sun Sep 28 14:31:01 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Sep 28 13:31:01 2003 Subject: questions In-Reply-To: <200309271737.43184.johan30@easynet.be> References: <200309271617.36342.johan30@easynet.be> <200309271651.28242@erwin.ingo-kloecker.de> <200309271737.43184.johan30@easynet.be> Message-ID: <200309281331.19027@erwin.ingo-kloecker.de> --Boundary-02=_Fasd/WPWuzDYLt/ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 27 September 2003 17:37, johanb wrote: > On Saturday 27 September 2003 16:51, Ingo Kl=F6cker wrote: > > On Saturday 27 September 2003 16:17, johanb wrote: > > > I have some questions: I want to do encrypted communication > > > between three places : one with linux and opengpg (under kmail) , > > > one with microsoft outlook and pgp or gnuplugin and one with pgp > > > version 8, how can I make kmail get working to read the encrypted > > > mails coming from pretty good privacy version 8. > > > > Without information about the format of the encrypted messages we > > can't answer this question. But I guess that the format is "inline > > encryption". KMail shouldn't have any problems with such messages. > > It is not inline, but /usr/local/lib/cryptplug/gpgme-openpgp.so. My > question is more on the level, that opegpg corresponds with pgp (all > versions) and if I have to implement somthing special ? AFAIK Outlook can't handle messages in PGP/MIME format (as those=20 generated with the OpenPGP crypto plugin in KMail). If you want to=20 communicate with Outlook users then your only option is the usage of=20 the built-in OpenPGP support which uses inline encryption and=20 clearsigning. =46or compatibility with some older PGP versions you have to re-configure=20 GnuPG. There are several compatibility switches. Regards, Ingo --Boundary-02=_Fasd/WPWuzDYLt/ Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQA/dsaFGnR+RTDgudgRAuqZAKCScGoHmr8V8BmJ24FN3zZ1TNY9CgCbBUXI iT/amconteOm3bsu840eZU4= =DbNh -----END PGP SIGNATURE----- --Boundary-02=_Fasd/WPWuzDYLt/-- From johan30@easynet.be Sun Sep 28 15:04:01 2003 From: johan30@easynet.be (johanb) Date: Sun Sep 28 14:04:01 2003 Subject: questions In-Reply-To: <200309271651.28242@erwin.ingo-kloecker.de> References: <200309271617.36342.johan30@easynet.be> <200309271651.28242@erwin.ingo-kloecker.de> Message-ID: <200309281405.23202.johan30@easynet.be> On Saturday 27 September 2003 16:51, Ingo Klöcker wrote: > On Saturday 27 September 2003 16:17, johanb wrote: > > I have some questions: I want to do encrypted communication between > > three places : one with linux and opengpg (under kmail) , one with > > microsoft outlook and pgp or gnuplugin and one with pgp version 8, > > how can I make kmail get working to read the encrypted mails coming > > from pretty good privacy version 8. > > Without information about the format of the encrypted messages we can't > answer this question. But I guess that the format is "inline > encryption". KMail shouldn't have any problems with such messages. > > Regards, > Ingo Hi, It concerns communication between gnupg (openpgp) and pgp v6.02. From myself (gnupg) to pgp6.02 the messages are readable and decryptable, but from pgp6.02 to gnupg, I have the following problem : I receive these error, when I try to decrypt : MSWordDocWord.Document.8ô9²qgpg: Signature made Sun Sep 28 11:26:27 2003 CEST using DSA key ID D7733AE6 gpg: Good signature from "xxxxxx" gpg: binary signature, digest algorithm SHA1 gpg: WARNING: message was not integrity protected Do you know how to resolve this ? Greetz, Johan From johan30@easynet.be Sun Sep 28 15:54:02 2003 From: johan30@easynet.be (johanb) Date: Sun Sep 28 14:54:02 2003 Subject: questions In-Reply-To: <200309281331.19027@erwin.ingo-kloecker.de> References: <200309271617.36342.johan30@easynet.be> <200309271737.43184.johan30@easynet.be> <200309281331.19027@erwin.ingo-kloecker.de> Message-ID: <200309281455.13824.johan30@easynet.be> Hi, That is a bit strange, because this hasn't been done with kmail, but just with the commandline. gpg. When I use for example kgpg, I receive the error "no user id found". What happens when a person sends an encrypted mail from another emailaddress than the one in the key ? For example somone changes from email address ? Is it possible to add another id to an imported public key ? (For example a second emailaddres as trusted) ? Greetz, Johan On Sunday 28 September 2003 13:31, Ingo Klöcker wrote: > On Saturday 27 September 2003 17:37, johanb wrote: > > On Saturday 27 September 2003 16:51, Ingo Klöcker wrote: > > > On Saturday 27 September 2003 16:17, johanb wrote: > > > > I have some questions: I want to do encrypted communication > > > > between three places : one with linux and opengpg (under kmail) , > > > > one with microsoft outlook and pgp or gnuplugin and one with pgp > > > > version 8, how can I make kmail get working to read the encrypted > > > > mails coming from pretty good privacy version 8. > > > > > > Without information about the format of the encrypted messages we > > > can't answer this question. But I guess that the format is "inline > > > encryption". KMail shouldn't have any problems with such messages. > > > > It is not inline, but /usr/local/lib/cryptplug/gpgme-openpgp.so. My > > question is more on the level, that opegpg corresponds with pgp (all > > versions) and if I have to implement somthing special ? > > AFAIK Outlook can't handle messages in PGP/MIME format (as those > generated with the OpenPGP crypto plugin in KMail). If you want to > communicate with Outlook users then your only option is the usage of > the built-in OpenPGP support which uses inline encryption and > clearsigning. > > For compatibility with some older PGP versions you have to re-configure > GnuPG. There are several compatibility switches. > > Regards, > Ingo From dshaw@jabberwocky.com Sun Sep 28 16:42:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Sep 28 15:42:02 2003 Subject: questions In-Reply-To: <200309281405.23202.johan30@easynet.be> References: <200309271617.36342.johan30@easynet.be> <200309271651.28242@erwin.ingo-kloecker.de> <200309281405.23202.johan30@easynet.be> Message-ID: <20030928134111.GA15278@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Sep 28, 2003 at 02:05:20PM +0200, johanb wrote: > It concerns communication between gnupg (openpgp) and pgp v6.02. From m= yself=20 > (gnupg) to pgp6.02 the messages are readable and decryptable, but from=20 > pgp6.02 to gnupg, I have the following problem : I receive these error,= when=20 > I try to decrypt : MSWordDocWord.Document.8=C3=B49=C2=B2qgpg: Signatur= e made Sun Sep=20 > 28 11:26:27 2003 CEST using DSA key ID D7733AE6 > gpg: Good signature from "xxxxxx" > gpg: binary signature, digest algorithm SHA1 > gpg: WARNING: message was not integrity protected >=20 > Do you know how to resolve this ? That's not an error. That is a warning that the message does not have internal integrity protection. Integrity protection was not added to the OpenPGP standard until fairly recently, so GnuPG is just warning you that this message does not have it. It does not mean that the message was not decrypted successfully. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj925PcqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJI1kAnRwbF+Oif689SXJbbkjEtEx7u1JLAKC1 bPMoKfQIu3Z3O4/zQolpbsCOww=3D=3D =3DLacy -----END PGP SIGNATURE----- From ingo.kloecker@epost.de Sun Sep 28 23:26:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Sep 28 22:26:02 2003 Subject: questions In-Reply-To: <200309281455.13824.johan30@easynet.be> References: <200309271617.36342.johan30@easynet.be> <200309281331.19027@erwin.ingo-kloecker.de> <200309281455.13824.johan30@easynet.be> Message-ID: <200309282226.52033@erwin.ingo-kloecker.de> --Boundary-02=_LQ0d/RimKWV3L4F Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 28 September 2003 14:55, johanb wrote: > That is a bit strange, because this hasn't been done with kmail, but > just with the commandline. gpg. When I use for example kgpg, I > receive the error "no user id found". What happens when a person > sends an encrypted mail from another emailaddress than the one in the > key ? Nothing special. It's irrelevant which email address appears in the=20 =46rom: header. > For example somone changes from email address ? Is it possible=20 > to add another id to an imported public key ? (For example a second > emailaddres as trusted) ? No. Only the key owner can add additional valid user ids. Regards, Ingo --Boundary-02=_LQ0d/RimKWV3L4F Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQA/d0QLGnR+RTDgudgRAvZMAJ9ZznNCofXNPeVtETN6GqC8OC+sNACcDueH KAjcbxaQ4mxoW3knq09I3Ps= =QmCr -----END PGP SIGNATURE----- --Boundary-02=_LQ0d/RimKWV3L4F-- From wk@gnupg.org Mon Sep 29 00:23:01 2003 From: wk@gnupg.org (Werner Koch) Date: Sun Sep 28 23:23:01 2003 Subject: questions In-Reply-To: <200309282226.52033@erwin.ingo-kloecker.de> ( =?iso-8859-1?q?Ingo_Kl=F6cker's_message_of?= "Sun, 28 Sep 2003 22:26:45 +0200") References: <200309271617.36342.johan30@easynet.be> <200309281331.19027@erwin.ingo-kloecker.de> <200309281455.13824.johan30@easynet.be> <200309282226.52033@erwin.ingo-kloecker.de> Message-ID: <87eky0ham2.fsf@alberti.g10code.de> On Sun, 28 Sep 2003 22:26:45 +0200, Ingo Klöcker said: >> sends an encrypted mail from another emailaddress than the one in the >> key ? > Nothing special. It's irrelevant which email address appears in the > From: header. However the MUA should warn when the From/Reply-To address does not match the address of the signer in a signed+encrypted message. The problem here is that one usually replies to a mail, quoting large amounts and sending that back encrypted to the reply address. If by means of an MITM attack the From header was changed to an address which happens to be also trusted, the attacker will easily get a lot of plaintext. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jacob@cachevalley.com Mon Sep 29 02:02:02 2003 From: jacob@cachevalley.com (Jacob Anawalt) Date: Mon Sep 29 01:02:02 2003 Subject: Using GPG to create virtual email addresses Message-ID: <3F7768AA.30903@cachevalley.com> Greetings, I am interested in using GPG to create virtual email addresses such that: * The address is unique for every sender/reciever pair. * The address will change if the sender or reciever changes keys. * The admin doesn't have to do anything for a new valid virtual address to work. * The reciever can have different processing rules based on the trust the reciever has in the sender. * The origional encoded data is not sensitive or directly used. * The system should be easy to use (transparent if possible) in the MUA software. * The system should enable the MTA to make SMTP time decisions decisions to accept or reject delivery. * The virtual address should be hard for a 3rd party to create. Example: Sender jacob@my_other_mailserver.com sends to jacob+gpgonly@cachevalley.com, but the address is changed to jacob+JPO/F?WE/ASDIOD@cachevalley.com before it is sent from the MUA to the sending MTA. The destination SMTP server (cachevalley.com) does a lookup after the MAIL FROM and RCPT TO commands verifying that jacob+JPO/F?WE/ASDIOD is a valid address for jacob-gpgonly@cachevalley.com and it was sent from and encoded by jacob@my_other_mailserver.com. Direct mails to jacob-gpgonly@cachevalley.com may or may not be accepted based on other policies. The receiving mail server doesn't need to have it's recipient's private key. It is enough for it to decode using the sender's public key and then verify that the result was encoded by the recipient's public key. In many aspects GPG seemes like a good fit. GPG plugins are available to many MUA platforms. The security is enhanced by a trust metric. Users of GPG are able to revoke old public keys and submit new ones at any time, the other party just needs to have their software fetch the latest public key before processing the data. The first obstacle to me seems to be the size of the encoded data. RFC2821, section 4.5.3.1 says that the maximum lenght of local-part is 64 characters. The local-part after encryption needs to be RFC email envelope compliant. My question to this group is this: Is there a method of encoding available to GPG such that it could make the local-part restrictions target and still have enough data to validate that encoding was created using a combination of the sender's private key and the receiver's public key (possibly by having been encoded twice, in that order). Perhaps I don't even need the jacob+ part of the local-part. If that was not necessary then all 64 characters would be available to GPG. If the identity is necessary, maybe it should be + for better length control. As I mentioned in the requirements section, the encrypted 'data' isn't realy used, except as a target of the encryption. Maybe there is some 'light signature' option that would work better. I think it would be best if either party could change their current public key and have that change reflected in all future virtual addresses until the next change, and yet have the new address recognized shortly after the change is made. If GPG cannot and will not accommodate this, is there some encoding scheme out there that does? MUA - Mail User Agent (Mutt, Pine, Outlook) MTA - Mail Transport Agent (Sendmail, Postfix, Exim) -- Jacob From peter.smilde@smilde-becker.net Mon Sep 29 10:39:01 2003 From: peter.smilde@smilde-becker.net (Peter L. Smilde) Date: Mon Sep 29 09:39:01 2003 Subject: Request for passphrase? In-Reply-To: <20030929042724.7962.6938.Mailman@trithemius.gnupg.org> References: <20030929042724.7962.6938.Mailman@trithemius.gnupg.org> Message-ID: <3F77E226.3040509@smilde-becker.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Can anybody explain me, why Mozilla/Enigmail (W2000) requests for my passphrase, when I open the daily digest of this gnupg-users mailinglist? When I don't supply the passphrase, I get the message "Error: no passphrase supplied", but everything is readable (as expected, since no encoded parts are in the plain message source). Kmail (Linux) doesn't trigger a passphrase request on the same digest. Regards. - -- Peter L. Smilde -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/d+G0FCtQzrDkv5kRAq+wAKC3kraLLefQbq56RNSaK8JNmGM08gCgl4Cy J4kXEP3p0C/mrCXKMNeJO/E= =cvyt -----END PGP SIGNATURE----- From ingo.kloecker@epost.de Mon Sep 29 21:15:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Mon Sep 29 20:15:02 2003 Subject: Request for passphrase? In-Reply-To: <3F77E226.3040509@smilde-becker.net> References: <20030929042724.7962.6938.Mailman@trithemius.gnupg.org> <3F77E226.3040509@smilde-becker.net> Message-ID: <200309292016.04101@erwin.ingo-kloecker.de> --Boundary-02=_jbHe/LSLCEAVsq0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 29 September 2003 09:41, Peter L. Smilde wrote: > Can anybody explain me, why Mozilla/Enigmail (W2000) requests for my > passphrase, when I open the daily digest of this gnupg-users > mailinglist? Mozilla probably confuses detached signatures with encrypted data. You=20 should file a bug report. Regards, Ingo --Boundary-02=_jbHe/LSLCEAVsq0 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQA/eHbjGnR+RTDgudgRAk4iAKDLWxSzDuqZpVmvYzPLvptF9ugneQCdHukn 7pZYGb1UmgtM6q8djOQESMg= =nzwy -----END PGP SIGNATURE----- --Boundary-02=_jbHe/LSLCEAVsq0-- From steven.mullins at dmme.virginia.gov Thu Sep 25 15:00:55 2003 From: steven.mullins at dmme.virginia.gov (Mullins, Steven B.) Date: Thu Oct 9 11:18:59 2003 Subject: win32 random source Message-ID: <01A3BBA5B52FD311A4F200902745920B0334394E@EXCHBSG1.dmmenet.mme.state.va.us> Can anyone tell me what the win32 compiled binary uses as a entropy source? Thanks, Steven B. Mullins Environmental Engineer Virginia Division of Mined Land Reclamation Drawer 900, Big Stone Gap, VA 24219 Tel. 276.523.8192 From Kimberly.Kordet at nationalcity.com Tue Sep 30 15:04:11 2003 From: Kimberly.Kordet at nationalcity.com (Kordet, Kimberly) Date: Thu Oct 9 11:19:11 2003 Subject: Problems Installing GnuPG Message-ID: <20030930180421.97CBD502F@smtpprx1.nationalcity.com> Hello, I have downloaded the gnupg-w32cli-1.2.3.zip file, and extracted the files. I have created a c:\gnupg folder, and tried running "gpg" at the command line, but I am getting an error that "gpg is not recognized as a command". Did I miss a step? I thought I followed the README file correctly, but maybe not. Please let me know if you can help! Thanks, Kim 216-257-0032