From wk at gnupg.org Tue Mar 2 00:32:39 2004 From: wk at gnupg.org (wk@gnupg.org) Date: Wed Mar 3 16:44:54 2004 Subject: caroline Message-ID: i'm tall and skiny I'm studying in Pharm. D program in FL. i like music, movie, dancing, sports, SCUBA diving, traveling and make a lot friends. password for archive: 18286 -------------- next part -------------- A non-text attachment was scrubbed... Name: Anna.zip Type: application/octet-stream Size: 23090 bytes Desc: not available Url : /pipermail/attachments/20040302/e01f8924/Anna-0001.obj From jharris at widomaker.com Mon Mar 1 21:18:01 2004 From: jharris at widomaker.com (Jason Harris) Date: Wed Mar 3 16:45:24 2004 Subject: key count, 2004-03-01 Message-ID: <20040302021800.GN10980@pm1.ric-41.lft.widomaker.com> As of Tue Mar 2 01:53:19 2004 UTC, there are 171002 v3 pubkeys, 1803076 v4 pubkeys, 1817007 subkeys, and 1713 duplicate (short) keyids on kjsl.com. (Key 0x9151B0CA came in during the counting process, and was probably counted.) Some v3 keys have been found to have subkeys, and the duplicate key count (now) catches keys like 0xFEDF1BB3, where one is a pubkey and the other is a subkey. 0x01681CF7 are both subkeys. Some subkey mixing has also been found, like 0x59518C3D, which is attached to three different pubkeys. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040301/cf8960f9/attachment.bin From gnupg at ml0402.albert.uni.cc Tue Mar 2 17:14:10 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Wed Mar 3 16:50:15 2004 Subject: gpg --list-sigs (root for other users) Message-ID: <200403021713.49747.gnupg@ml0402.albert.uni.cc> How can root list or export the keys of 1 or better all user(s) on a machine without su? Albert From wk at gnupg.org Tue Mar 2 18:51:27 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Mar 3 16:50:34 2004 Subject: Bus error on Solaris 9 In-Reply-To: <20040225020736.GJ19903@uriel.eclipsed.net> (gabriel rosenkoetter's message of "Tue, 24 Feb 2004 21:07:36 -0500") References: <20040224181641.GB4969@jabberwocky.com> <027a01c3fb13$2f3022a0$0200a8c0@winxpdesktop> <20040224130204.GC19903@uriel.eclipsed.net> <071901c3fafe$0a59a470$0200a8c0@winxpdesktop> <20040224181641.GB4969@jabberwocky.com> <20040225020736.GJ19903@uriel.eclipsed.net> Message-ID: <87k723jfxc.fsf@alberti.g10code.de> On Tue, 24 Feb 2004 21:07:36 -0500, gabriel rosenkoetter said: > There's something in the back of my mind about gcc 3.3 having some > serious assembler problems on sparc64. I think I'm remembering it > from port-sparc64@netbsd.org, and I also think there's a NetBSD- I don't think that this is the problem: I have a similar problems on a sparc64 Debian box. The problem there is that there is something weird going on and not just a plain SIGBUS; my current guess is that the unaligned access is emulated by Linux and something is going wrong. There seems to be no way to disable that emulation (like on Alphas). > It may be worth searching the port-sparc64 and tech-toolchain I will do that. Thanks, Werner From cgardner at adismri.com Mon Mar 1 11:43:40 2004 From: cgardner at adismri.com (Craig Gardner) Date: Wed Mar 3 16:52:12 2004 Subject: GPG encrypting and decrypting files In-Reply-To: <200402281432.24766.linux@codehelp.co.uk> References: <1077926178.1031.26.camel@localhost.localdomain> <200402281432.24766.linux@codehelp.co.uk> Message-ID: <1078170220.1036.90.camel@localhost.localdomain> On Sat, 2004-02-28 at 06:32, Neil Williams wrote: > Linux / windows machines? Both machines are running Linux. The machine encrypting the files is running Red Hat 8 and the decrypting machine is on SuSE 9. > What kind of file and how are you transferring it - ASCII or Binary FTP? I am transferring the files using a binary ftp transfer as the files being encrypted are jpeg images. > You are encrypting to a binary format (by not using -a ASCII armour) so > transferring the file by ASCII FTP could be the source of the problem. > > If it's a text based file, try encrypting using: > > $ gpg -ar [recipient] -e [unencryptedfile] > > Then send by ASCII FTP. (type A). > > To make sure it has transferred correctly, use a detached signature ( -b ) and > send that by FTP. Verify the signature on the other machine before attempting > to decrypt. The detached signature can also be in ASCII by adding -a. Could I get an example of what the detached signature command(s) should look like? I looked in the manpages and that didn't seem to help a whole lot. To generate the signature file, I tried using : "gpg --output det.sig -b [filename]" To encrypt the actual file, I used : gpg --output [encrypted file] -br [recipient] --encrypt [unencrypted file] However, when I try to decrypt the file, it asks for the signature file, which I give the location and it tells me : gpg: Signature made Mon 01 Mar 2004 11:17:01 AM PST using DSA key ID D35D1EC8 gpg: BAD signature from "[recipient]" Is there some other command I should be using for the detached signature? > I don't usually specify an output file, gnupg will use the same filename > without the .gpg or .asc. > > Which filename is being refused - the encrypted file or the specified output > filename? The file being refused was the encrypted file being decrypted. I seem to have gotten beyond this problem, and have come across a new one. When I go to decrypt the file, I get a message saying : gpg: encrypted with ELG-E key, ID 9012F1E4 gpg: decryption failed: secret key not available When I "gpg --list-keys", the keys are identical on both the encrypting and decrypting machines. Is there something that I'm missing somewhere? > (Assuming you've checked the permissions.) Naturally. I actually changed the permissions to 777 immediately following the transfer so I don't come across any permission problems. From linux at codehelp.co.uk Wed Mar 3 16:13:22 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Sat Mar 6 14:26:16 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <200403021713.49747.gnupg@ml0402.albert.uni.cc> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> Message-ID: <200403031613.22988.linux@codehelp.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 02 March 2004 4:14 pm, Albert wrote: > How can root list or export the keys of 1 or better all user(s) on a > machine without su? Why would you want to? GnuPG will justifiably warn you about permissions on the user's folder. However, you can just user --homedir # gnupg --homedir /home/someuser/.gnupg --list-keys A worthy reminder that no-one should keep a secret key on ANY box where the owner of that secret key does not have root permissions on the box. - -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFARgQiiAEJSii8s+MRAmtDAKDzJNj5kRkiuHhZvYUaqcNL3JAFGwCcCV4n SmLSSlzU0on/C004yLm1oOE= =Dsxf -----END PGP SIGNATURE----- From sbutler at fchn.com Wed Mar 3 08:06:34 2004 From: sbutler at fchn.com (Steve Butler) Date: Sat Mar 6 14:26:19 2004 Subject: GPG encrypting and decrypting files Message-ID: <9A86613AB85FF346BB1321840DB42B4B046D41D4@jupiter.fchn.com> Did you copy the keyring or use the appropriate export/import commands? On the recipient machine, do the following: gpg --list-secret-keys See if your secret key is listed there. Do the same on the sending machine. I'm convinced that the two lists will be different. You may need to: 1. Use --export-secret-keys on the one box to 2. Use --import on the other box of the secret keys exported in #1 3. (If older GnuPG) use --allow-secret-key-import when doing #2. -----Original Message----- From: Craig Gardner [mailto:cgardner@adismri.com] Sent: Monday, March 01, 2004 11:44 AM On Sat, 2004-02-28 at 06:32, Neil Williams wrote: > Linux / windows machines? Both machines are running Linux. The machine encrypting the files is running Red Hat 8 and the decrypting machine is on SuSE 9. I seem to have gotten beyond this problem, and have come across a new one. When I go to decrypt the file, I get a message saying : gpg: encrypted with ELG-E key, ID 9012F1E4 gpg: decryption failed: secret key not available When I "gpg --list-keys", the keys are identical on both the encrypting and decrypting machines. Is there something that I'm missing somewhere? CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From sbutler at fchn.com Wed Mar 3 08:12:09 2004 From: sbutler at fchn.com (Steve Butler) Date: Sat Mar 6 14:26:20 2004 Subject: gpg --list-sigs (root for other users) Message-ID: <9A86613AB85FF346BB1321840DB42B4B046D41D5@jupiter.fchn.com> root doesn't need to su since root is already the super user. However, if each person keeps their keys in their own private keyring, then root will have to locate each keyring and list/export the keys from there. That seems like an abuse of power by the super user. As a DBA, I hold the password to the most power database accounts (super user if you please). Which means that I could look at every record in the database. It would be highly unethical for me to search the database for unmarried women living in well-to-do sections of town (presumably wealthy). -----Original Message----- From: Albert [mailto:gnupg@ml0402.albert.uni.cc] Sent: Tuesday, March 02, 2004 8:14 AM To: gnupg-users@gnupg.org Subject: gpg --list-sigs (root for other users) How can root list or export the keys of 1 or better all user(s) on a machine without su? Albert _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From sbutler at fchn.com Wed Mar 3 08:23:10 2004 From: sbutler at fchn.com (Steve Butler) Date: Sat Mar 6 14:26:23 2004 Subject: backup startegy for keyrings Message-ID: <9A86613AB85FF346BB1321840DB42B4B046D41D6@jupiter.fchn.com> But Neil, that answer begs the question of when does the pubring.gpg~ file get generated. And under what circumstances. For example, yesterday I imported a new public key. The "backup" keyring file called pubring.gpg~ was not created. But, I do have such a file from about a month ago when I did some edits on a key. So, not knowing the precise answer (and hoping one of the development team members will jump in), I have to suppose that the file is generated _before_ edits are done to existing keys. But, it is not generated before, during, or after an import operation. That still leaves questions of when during the "edit" phase that the file is copied. 1. Is it the "before" image of the entire file when the first --edit operation was done. 2. Or, if there are several edits done in a row does the "backup" for the last edit overwrite the prior entries? 3. Or, does each edit operation simply backup the key being worked on. Granted, one should not depend on the pubring.gpg~ file for long-term backup. But, since the file is generated, it would be nice to know at what point it could be used to "rollback" a "transaction" (if I might invoke database terminology). -----Original Message----- From: Neil Williams [mailto:linux@codehelp.co.uk] Sent: Sunday, February 29, 2004 12:14 PM On Sunday 29 February 2004 4:08 pm, Hasnain Mujtaba wrote: > How does GPG backup its keyrings? Are the keyrings backed up before a key That's left to you. Your public keys don't really need to be backed up - all you need is the list of keyID's and a keyserver. Maybe stick them in a database or just a simple text file. You should, obviously, have a secure backup of your secret key AND a secure revocation certificate. Beyond that, it's nice to have a backup of your trustdb and gpg.conf to save time. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From m.mansfeld at mansfeld-elektronik.de Wed Mar 3 17:24:33 2004 From: m.mansfeld at mansfeld-elektronik.de (Matthias Mansfeld) Date: Sat Mar 6 14:26:25 2004 Subject: caroline In-Reply-To: Message-ID: On 2 Mar 2004 at 0:32, Something supposed to be wk@gnupg.org wrote: > i'm tall and skiny I'm studying in Pharm. D program in FL. i like music, movie, dancing, sports, SCUBA diving, traveling and make a lot friends. > password for archive: 18286 > Yeah, now also on this list... This beast was Bagle. worm. (not sooo harmful, because especially this one, even if it is hidden by encrypted ZIP from scanners, needs to be unpacked and executed manually to hit really. Just be aware of updated, better, maybe more automatized versions of these beasts... Regards Matthias Mansfeld -- Matthias Mansfeld Elektronik * Leiterplattenlayout, Bestueckung Am Langhoelzl 11, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8 Internet: http://www.mansfeld-elektronik.de GPG http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc From dlc at sevenroot.org Wed Mar 3 11:28:59 2004 From: dlc at sevenroot.org (darren chamberlain) Date: Sat Mar 6 14:26:26 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <200403021713.49747.gnupg@ml0402.albert.uni.cc> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> Message-ID: <264fb6ac-b9c3-4e97-899d-03a1fd5681b1@tumbleweed.boston.com> * Albert [2004/03/02 17:14]: > How can root list or export the keys of 1 or better all user(s) on a > machine without su? If you're already root: # gpg --no-default-keyring \ > --keyring /some/user/.gnupg/public.gpg \ > --export KEYID You'd just need to be able to read the user's keyring file. (This is a good reason to not keep your keyrings on a box you don't control, BTW.) If you're not root, and have no way to become root, then you're probably out of luck, barring permissions problems on the keyrings. (darren) -- Democracy is the art and science of running the circus from the monkey cage. -- H. L. Mencken -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040303/2996b52d/attachment.bin From wk at gnupg.org Wed Mar 3 18:37:31 2004 From: wk at gnupg.org (Werner Koch) Date: Sat Mar 6 14:26:27 2004 Subject: [Announce] GnuPG 1.3.5 released (development) In-Reply-To: (Ivan Boldyrev's message of "Sun, 29 Feb 2004 13:38:29 +0600") References: <20040227011211.GA21303__31448.1711866849$1077846377@jabberwocky.com> Message-ID: <87d67thlwk.fsf@alberti.g10code.de> On Sun, 29 Feb 2004 13:38:29 +0600, Ivan Boldyrev said: >> ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.4-1.3.5.diff.gz (323k) > Why diff is not signed? It is signed - look at it. Werner From wk at gnupg.org Wed Mar 3 18:44:50 2004 From: wk at gnupg.org (Werner Koch) Date: Sat Mar 6 14:26:29 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <200403021713.49747.gnupg@ml0402.albert.uni.cc> (gnupg@ml0402.albert.uni.cc's message of "Tue, 2 Mar 2004 17:14:10 +0100") References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> Message-ID: <878yihhlkd.fsf@alberti.g10code.de> On Tue, 2 Mar 2004 17:14:10 +0100, Albert said: > How can root list or export the keys of 1 or better all user(s) on a > machine without su? What about: for i in `awk -F: '{print $6}' /etc/passwd`; do echo "*** keys in $i ****" gpg --homedir $i/.gnupg --list-keys done or for i in `getent passwd | awk -F: '{print $6}'`; do echo "*** keys in $i ****" gpg --homedir $i/.gnupg --list-keys done hth, Werner From management at gnupg.org Wed Mar 3 13:04:24 2004 From: management at gnupg.org (management@gnupg.org) Date: Sat Mar 6 14:26:49 2004 Subject: Email account utilization warning. Message-ID: Dear user of Gnupg.org gateway e-mail server, Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information. For details see the attach. For security reasons attached file is password protected. The password is "16348". Cheers, The Gnupg.org team http://www.gnupg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: Readme.zip Type: application/octet-stream Size: 12416 bytes Desc: not available Url : /pipermail/attachments/20040303/161433e3/Readme-0001.obj From apavelec at benefit-services.com Wed Mar 3 15:31:27 2004 From: apavelec at benefit-services.com (Adam Pavelec) Date: Sat Mar 6 14:26:52 2004 Subject: Removing AES References: <008001c3efea$6ed2cb80$2027a8c0@PAVELECA><20040210161758.GB921@jabberwocky.com><011901c3eff7$55d50410$2027a8c0@PAVELECA> <20040210172839.GE921@jabberwocky.com> Message-ID: <0db301c4015e$8781f090$2027a8c0@PAVELECA> On Tuesday, February 10, 2004 12:28 PM [GMT-5=EST], David Shaw wrote: > Interesting. I've heard what I thought was every possible > variation on the "this product won't handle files from that > product because of suchandsuch preference" problem, and > it's always turned out to be a misunderstanding of the > problem. This might just be the first time it's real. If it really is, I will definitely need your assistance debugging it all. > That they cannot use GnuPG *or* PGP 8 generated keys is > interesting. PGP 7.0.1 does support AES (it was the first > version to do so). I wonder if there is something else > going on (are they using PGP 7.0.1 straight or via the SDK, > etc). Unfortunately, the other party is not too willing to discuss how their system is configured, so the information I have from them is rather limited. >> Again, I am uncertain to the validity of this claim, but I >> have since created a new key that I have set (and updated) >> the preferences to exclude any AES algorithms. If you are >> interested, I will let you know if this new key is >> interoperable with their current PGP install. > Please do. I'd be very interested to see what happens. Sorry that it's taken this long to post any updates -- they've just recently imported the new key (sans AES). A few test files have been sent, but they always fail to decrypt. Here's the output: Encrypted with 1024-bit ELG-E key, ID 7A55G64B, created 2004-02-10 "Fred Flintstone [sans AES] " decryption failed: bad key About the only thing I have noticed thus far is that it seems the file is being encrypted to Fred Flintstone's Subkey. Could this be the casue of the failure? I've asked the sender to encrypt to Fred's Primary key a few times already, but apparently s/he can't figure out how to do it. -Adam From jharris at widomaker.com Wed Mar 3 13:24:46 2004 From: jharris at widomaker.com (Jason Harris) Date: Sat Mar 6 14:27:02 2004 Subject: [Announce] GnuPG 1.3.5 released (development) In-Reply-To: <20040229204644.GE22426@uriel.eclipsed.net> References: <20040227011211.GA21303@jabberwocky.com> <200402281719.30916.gnupg@ml0402.albert.uni.cc> <20040228181101.GX22426@uriel.eclipsed.net> <200402282001.42652.gnupg@ml0402.albert.uni.cc> <20040228212856.GL10935@jabberwocky.com> <20040227011211.GA21303@jabberwocky.com> <200402281719.30916.gnupg@ml0402.albert.uni.cc> <20040228181101.GX22426@uriel.eclipsed.net> <200402282001.42652.gnupg@ml0402.albert.uni.cc> <20040229204644.GE22426@uriel.eclipsed.net> Message-ID: <20040303182446.GA53626@pm1.ric-36.lft.widomaker.com> On Sun, Feb 29, 2004 at 03:46:44PM -0500, gabriel rosenkoetter wrote: > On Sat, Feb 28, 2004 at 04:28:56PM -0500, David Shaw wrote: > > Yes. subkeys.pgp.net is three machines. Two allow searching for > > subkeys, and one doesn't. > > Which keyserver is that, the fixed PKS one? Among other keyserver facts you're unaware of, I supported subkey searches first. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040303/decf88d4/attachment.bin From gnupg at ml0402.albert.uni.cc Wed Mar 3 22:41:08 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Sat Mar 6 14:27:21 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <878yihhlkd.fsf@alberti.g10code.de> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> <878yihhlkd.fsf@alberti.g10code.de> Message-ID: <200403032240.33812.gnupg@ml0402.albert.uni.cc> Am Mittwoch, 3. M?rz 2004 18:44 schrieb Werner Koch: > On Tue, 2 Mar 2004 17:14:10 +0100, Albert said: > > How can root list or export the keys of 1 or better all user(s) > > on a machine without su? > > What about: > > for i in `awk -F: '{print $6}' /etc/passwd`; do > echo "*** keys in $i ****" > gpg --homedir $i/.gnupg --list-keys > done > > or > > for i in `getent passwd | awk -F: '{print $6}'`; do > echo "*** keys in $i ****" > gpg --homedir $i/.gnupg --list-keys > done Werner thanks, thanks for your thoughts. I have to modify it for my needs to exclude systemusers, a.s.o. If root uses gpg with a user homdir I get "unsafe ownership on homedir". Can this be ignored? Albert From gnupg at ml0402.albert.uni.cc Thu Mar 4 21:12:13 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Sat Mar 6 14:37:54 2004 Subject: --list-keys of asc-files? Message-ID: <200403042112.13143.gnupg@ml0402.albert.uni.cc> Is it possible to list all the keys of an asc-file without importing it? Maybe it is a dumb question, but I didn't find a solution reading the manpage. --list-keys [names] doesn't work with filenames, but maybe there is a solution with a pipe? Albert From list at daniel-luebke.de Thu Mar 4 22:53:49 2004 From: list at daniel-luebke.de (Daniel Luebke) Date: Sat Mar 6 14:39:37 2004 Subject: Keysigning CeBIT 2004 Message-ID: <4047A56D.6000506@daniel-luebke.de> Hi everybody, is anyone aware of keysignings at this year's CeBIT in Hannover? Or is anyone willing to meet somewhere there in order to extend his/her and (my ;-) WoT? I will probably attend on the 18th, 20th, 21st. If you are interested just drop me a mail. cu Daniel From gr at eclipsed.net Thu Mar 4 20:35:15 2004 From: gr at eclipsed.net (gabriel rosenkoetter) Date: Sat Mar 6 14:40:17 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <200403021713.49747.gnupg@ml0402.albert.uni.cc> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> Message-ID: <20040305013515.GS22426@uriel.eclipsed.net> On Tue, Mar 02, 2004 at 05:14:10PM +0100, Albert wrote: > How can root list or export the keys of 1 or better all user(s) on a > machine without su? --keyring file Add file to the list of keyrings. If file begins with a tilde and a slash, these are replaced by the HOME directory. If the filename does not contain a slash, it is assumed to be in the GnuPG home directory ("~/.gnupg" if --home- dir is not used). The filename may be prefixed with a scheme: "gnupg-ring:" is the default one. It might make sense to use it together with --no-default-keyring. find(1) may also be of interest. -- gabriel rosenkoetter gr@eclipsed.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : /pipermail/attachments/20040304/06985a7d/attachment.bin From avbidder at fortytwo.ch Fri Mar 5 13:47:10 2004 From: avbidder at fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Sat Mar 6 14:46:10 2004 Subject: subkeys.pgp.net (and keyserver.bu.edu) In-Reply-To: <20040304120713.GE28559@marvin.sbg.palfrader.org> References: <20040304120713.GE28559@marvin.sbg.palfrader.org> Message-ID: <200403051347.19778@fortytwo.ch> On Thursday 04 March 2004 13.07, Peter Palfrader wrote: > Hi, > > on http://fortytwo.ch/gpg/subkeys/ you say that subkeys.pgp.net cannot > search for subkeys. I think all in the rotation now support subkey > indexing. David Shaw, gnupg-users, 28.2.: | Yes. subkeys.pgp.net is three machines. Two allow searching for | subkeys, and one doesn't. I see subkeys.pgp.net actually is five machines, not three. Anybody changed the DNS as a result of David's message? Verification makes me suspect that your 'I think' is an understatement :-) Thanks for the diff, will apply to the webpage asap. Btw: What's up with keyserver.bu.edu (128.197.128.140)? It seems to be offline very often. AFAICT it's not a TCP ECN issue. cheers -- vbi -- "No M?xico que ? bom. L? a gente recebe semanalmente, de quinze em quinze dias..." --Ferreira (ex-ponta esquerda do Santos) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 331 bytes Desc: signature Url : /pipermail/attachments/20040305/4e9f7ba4/attachment.bin From gnupg-users=gnupg.org at lists.palfrader.org Fri Mar 5 13:58:24 2004 From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader) Date: Sat Mar 6 14:46:35 2004 Subject: subkeys.pgp.net (and keyserver.bu.edu) In-Reply-To: <200403051347.19778@fortytwo.ch> References: <20040304120713.GE28559@marvin.sbg.palfrader.org> <200403051347.19778@fortytwo.ch> Message-ID: <20040305125824.GA13130@marvin.sbg.palfrader.org> On Fri, 05 Mar 2004, Adrian 'Dagurashibanipal' von Bidder wrote: > On Thursday 04 March 2004 13.07, Peter Palfrader wrote: > > Hi, > > > > on http://fortytwo.ch/gpg/subkeys/ you say that subkeys.pgp.net cannot > > search for subkeys. I think all in the rotation now support subkey > > indexing. > > David Shaw, gnupg-users, 28.2.: > | Yes. subkeys.pgp.net is three machines. Two allow searching for > | subkeys, and one doesn't. Roman Pavlik said on Feb 29 on keyserver-folk that he upgraded his keyserver and now all three supported fetching keys by subkeyids. > I see subkeys.pgp.net actually is five machines, not three. Anybody changed > the DNS as a result of David's message? David asked about the criteria for inclusion in subkeys.pgp.net in the message which had started that thread on keyserver-folk. Roman suggested to simply ask the whois contact to add a keyserver to the rotation. Thomas Sj?gren apparently asked for keys.se.linux.org to be included, and I did the same for keyserver.noreply.org. > Verification makes me suspect that your 'I think' is an understatement :-) > Thanks for the diff, will apply to the webpage asap. > > Btw: What's up with keyserver.bu.edu (128.197.128.140)? It seems to be offline > very often. AFAICT it's not a TCP ECN issue. Yaron said in private email yesterday, that keyserver.bu.edu is not under his direct administrative control and that he suspects it got rebooted. He promised to take a look at it. Peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20040305/b87b0030/attachment.bin From torduninja at netcourrier.com Sat Mar 6 05:07:56 2004 From: torduninja at netcourrier.com (Maxine Brandt) Date: Sat Mar 6 17:18:30 2004 Subject: caroline Message-ID: <20040306050756.0220350f.torduninja@netcourrier.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A word or warning for Windows users: this is apparently an example of the latest ploy of the virus writers. The virus comes in an encrypted zip file to avoid detection by AV programs, and apparently from a trustworthy source such as your ISP (or Werner). ===== ORIGINAL MESSAGE ======== Date: Tue, 02 Mar 2004 00:32:39 +0100 From: wk@gnupg.org Subject: caroline To: gnupg-users@gnupg.org Message-ID: Content-Type: text/plain; charset="us-ascii" i'm tall and skiny I'm studying in Pharm. D program in FL. i like music, movie, dancing, sports, SCUBA diving, traveling and make a lot friends. password for archive: 18286-------------- next part -------------- A non-text attachment was scrubbed... Name: Anna.zip Type: application/octet-stream Size: 23090 bytes Desc: not available Url : /pipermail/attachments/20040302/e01f8924/Anna.obj - -- My OpenPGP keys: http://www.torduninja.tk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFASVysKBY/R6nbCcARAs7GAJ9/xlaL3Wn+t5YVB+NZah3xpBzcUwCeJXDi iPiht5LR32JXcgCsa4kjJkU= =t/Cw -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Mar 6 11:03:31 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Mar 6 18:25:34 2004 Subject: --list-keys of asc-files? In-Reply-To: <200403042112.13143.gnupg@ml0402.albert.uni.cc> References: <200403042112.13143.gnupg@ml0402.albert.uni.cc> Message-ID: <20040306160330.GA18595@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Mar 04, 2004 at 09:12:13PM +0100, Albert wrote: > Is it possible to list all the keys of an asc-file without importing > it? Maybe it is a dumb question, but I didn't find a solution > reading the manpage. gpg the_file.asc ;) David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAkBJ9lIqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJbSQAn1LtdvY1XcgtutMX1QRFOchqnkuOAKCd 3Yy+/r56D1wHBYl8dbfvkNdbZg== =14Lm -----END PGP SIGNATURE----- From Freedom_Lover at pobox.com Sat Mar 6 11:05:53 2004 From: Freedom_Lover at pobox.com (Todd) Date: Sat Mar 6 18:25:38 2004 Subject: --list-keys of asc-files? In-Reply-To: <200403042112.13143.gnupg@ml0402.albert.uni.cc> References: <200403042112.13143.gnupg@ml0402.albert.uni.cc> Message-ID: <20040306160553.GA2385@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Albert wrote: > Is it possible to list all the keys of an asc-file without importing > it? Maybe it is a dumb question, but I didn't find a solution > reading the manpage. Try this: gpg /usr/share/doc/gnupg-1.2.4/samplekeys.asc - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== If the triangles were to make a God they would give him three sides. -- Montesquieu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQFASfbhuv+09NZUB1oRAnWuAJ4p4RDeIvtCfgK3wNN5vAHJXPPaEwCg+t9X LOE/SGHSAV6zYY5NHaO+WqE= =epo2 -----END PGP SIGNATURE----- From sagraluz at sagraluzzatto.com.br Sat Mar 6 13:52:32 2004 From: sagraluz at sagraluzzatto.com.br (Rodrigo Padula - Editora Sagra Luzzatto) Date: Sat Mar 6 19:28:01 2004 Subject: Gnupg com PHP Message-ID: <404A01D0.9000205@sagraluzzatto.com.br> Eu estou com problemas para usar a ferramenta Gnupg com PHP. Alguem pode me ajudar? ASS: Rodrigo Padula From ah0k at na.rim.or.jp Sun Mar 7 02:02:04 2004 From: ah0k at na.rim.or.jp (Masashi SAKURADA) Date: Sat Mar 6 19:28:05 2004 Subject: Email account utilization warning. In-Reply-To: References: Message-ID: <20040307.020204.41697642.ah0k@na.rim.or.jp> Hello, From: management@gnupg.org Subject: Email account utilization warning. Date: Wed, 03 Mar 2004 13:04:24 -0600 The attached excutable file is Virus 'W32/Bagle-J'. For Windows users, don't excute the file. ------------------------------------------Masashi SAKURADA/AH0K/JR2GMC Phone 052-773-2638/FAX 052-773-2692/PHS 070-5647-2594 E-mail: ah0k@na.rim.or.jp URL: http://www.ah0k.com/ PGP-fingerprint: 9332 0E9F 78AB E793 0E9F 84C6 FA74 3A11 3235 EC1E PGP-Public-Key: http://www.ah0k.com/personal/c1868.html $B;0E7fF%W%m%8%'%/%H(B(http://www.santensho.net/)$B$X8f6(NO$r$*4j$$$7$^$9!#(B From iam-est-hora-surgere at despammed.com Sat Mar 6 17:59:30 2004 From: iam-est-hora-surgere at despammed.com (Marcus Frings) Date: Sat Mar 6 19:28:09 2004 Subject: Keysigning CeBIT 2004 References: <4047A56D.6000506__36500.8867499002$1078589083@daniel-luebke.de> Message-ID: * Daniel Luebke wrote: > is anyone aware of keysignings at this year's CeBIT in Hannover? Or is Good question. :-) > anyone willing to meet somewhere there in order to extend his/her and > (my ;-) WoT? I will probably attend on the 18th, 20th, 21st. Well, last year there was a keysigning party at the KDE booth on Sunday and a regular meeting for key exchange at the Debian booth every day at 2:00 pm. I haven't heard of any key signings at this year's CeBIT but I guess the Debian booth should be a good place for a start. > If you are interested just drop me a mail. Due to possible public interest I answered to the list. Regards, Marcus -- "Ich, der Engel, t?te vor den Augen der Mutter das erstgeborene Kind. Ich verwandle die St?dte der Menschen in Salz und wenn ich will, breche ich die Seele aus dem K?rper eines Kindes und ich sage euch, das K?nigreich wird mein! Und die einzige Konstante in eurer Existenz ist eure l?cherliche Unwissenheit." From dshaw at jabberwocky.com Sat Mar 6 12:25:36 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Mar 6 19:28:16 2004 Subject: The keyserver follies In-Reply-To: <20040229204644.GE22426@uriel.eclipsed.net> References: <20040227011211.GA21303@jabberwocky.com> <200402281719.30916.gnupg@ml0402.albert.uni.cc> <20040228181101.GX22426@uriel.eclipsed.net> <200402282001.42652.gnupg@ml0402.albert.uni.cc> <20040228212856.GL10935@jabberwocky.com> <20040227011211.GA21303@jabberwocky.com> <200402281719.30916.gnupg@ml0402.albert.uni.cc> <20040228181101.GX22426@uriel.eclipsed.net> <200402282001.42652.gnupg@ml0402.albert.uni.cc> <20040229204644.GE22426@uriel.eclipsed.net> Message-ID: <20040306172536.GB18595@jabberwocky.com> On Sun, Feb 29, 2004 at 03:46:44PM -0500, gabriel rosenkoetter wrote: > On Sat, Feb 28, 2004 at 04:28:56PM -0500, David Shaw wrote: > > Yes. subkeys.pgp.net is three machines. Two allow searching for > > subkeys, and one doesn't. > > Which keyserver is that, the fixed PKS one? No, the fixed PKS one works for subkeys. The problem was one of the other ones, and it has been fixed now. Still, the situation is not ideal. Not all of the servers in subkeys.pgp.net work with photo IDs... the quest for one keyserver that JUST PLAIN WORKS without fussing over photo IDs and special tricks for v3 RSA and hacks for subkeys seems never to end. Maybe it's time for a "it-just-plain-works-damnit.pgp.net". David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 330 bytes Desc: not available Url : /pipermail/attachments/20040306/8a0b866c/attachment.bin From dshaw at jabberwocky.com Sat Mar 6 12:29:03 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Mar 6 20:15:31 2004 Subject: Removing AES In-Reply-To: <0db301c4015e$8781f090$2027a8c0@PAVELECA> References: <20040210172839.GE921@jabberwocky.com> <0db301c4015e$8781f090$2027a8c0@PAVELECA> Message-ID: <20040306172903.GC18595@jabberwocky.com> On Wed, Mar 03, 2004 at 03:31:27PM -0500, Adam Pavelec wrote: > On Tuesday, February 10, 2004 12:28 PM [GMT-5=EST], David Shaw > wrote: > > > Interesting. I've heard what I thought was every possible > > variation on the "this product won't handle files from that > > product because of suchandsuch preference" problem, and > > it's always turned out to be a misunderstanding of the > > problem. This might just be the first time it's real. > > If it really is, I will definitely need your assistance debugging it > all. > > > That they cannot use GnuPG *or* PGP 8 generated keys is > > interesting. PGP 7.0.1 does support AES (it was the first > > version to do so). I wonder if there is something else > > going on (are they using PGP 7.0.1 straight or via the SDK, > > etc). > > Unfortunately, the other party is not too willing to discuss how their > system is configured, so the information I have from them is rather > limited. I'm afraid I can't help then. What this person you are working with is claiming would be a pretty substantial breakdown of the OpenPGP protocol or a bug in any of several different products. Without any evidence or supporting information whatsoever, there is nothing I can do. Extraordinary claims require extraordinary evidence. David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 330 bytes Desc: not available Url : /pipermail/attachments/20040306/b707d3da/attachment.bin From engage at n0sq.net Sat Mar 6 11:55:07 2004 From: engage at n0sq.net (engage) Date: Sat Mar 6 21:09:12 2004 Subject: caroline In-Reply-To: <20040306050756.0220350f.torduninja@netcourrier.com> References: <20040306050756.0220350f.torduninja@netcourrier.com> Message-ID: <200403061155.07272.engage@n0sq.net> Yeah, these things don't fool me anymore. But, the average Windows user hasn't got a clue. On Friday 05 March 2004 22:07, Maxine Brandt wrote: >A word or warning for Windows users: this is apparently an example of the >latest ploy of the virus writers. The virus comes in an encrypted zip file >to avoid detection by AV programs, and apparently from a trustworthy source >such as your ISP (or Werner). > > >===== ORIGINAL MESSAGE ======== > >Date: Tue, 02 Mar 2004 00:32:39 +0100 From: wk@gnupg.org >Subject: caroline >To: gnupg-users@gnupg.org >Message-ID: >Content-Type: text/plain; charset="us-ascii" > >i'm tall and skiny I'm studying in Pharm. D program in FL. i like music, >movie, dancing, sports, SCUBA diving, traveling and make a lot friends. >password for archive: 18286-------------- next part -------------- >A non-text attachment was scrubbed... >Name: Anna.zip >Type: application/octet-stream >Size: 23090 bytes >Desc: not available >Url : /pipermail/attachments/20040302/e01f8924/Anna.obj From jim at jimwhitesell.com Sat Mar 6 13:24:43 2004 From: jim at jimwhitesell.com (Jim Whitesell) Date: Sat Mar 6 22:04:20 2004 Subject: upgrade / install help Message-ID: <6.0.3.0.2.20040306132440.03be9738@mail.proi.net> Hello, I've got version 1.07 installed on a RH Linux 7.3 box, and I'm trying to upgrade to 1.2.4. The current install was complied from source, not an RPM. I've tried installing 1.2.4 but when I try to compile I get these errors: In file included from compress-bz2.c:23: /usr/include/bzlib.h:177: parse error before `FILE' /usr/include/bzlib.h:205: parse error before `FILE' make[2]: *** [compress-bz2.o] Error 1 make[2]: Leaving directory `/hsphere/install/gnupg-1.2.4/g10' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/hsphere/install/gnupg-1.2.4' make: *** [all] Error 2 # How can I resolve these errors and complete the installation? Thanks! From dshaw at jabberwocky.com Sat Mar 6 16:20:48 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Mar 6 23:54:39 2004 Subject: upgrade / install help In-Reply-To: <6.0.3.0.2.20040306132440.03be9738@mail.proi.net> References: <6.0.3.0.2.20040306132440.03be9738@mail.proi.net> Message-ID: <20040306212048.GF18595@jabberwocky.com> On Sat, Mar 06, 2004 at 01:24:43PM -0600, Jim Whitesell wrote: > Hello, > > I've got version 1.07 installed on a RH Linux 7.3 box, and I'm trying to > upgrade to 1.2.4. > The current install was complied from source, not an RPM. > > I've tried installing 1.2.4 but when I try to compile I get these errors: > > In file included from compress-bz2.c:23: > /usr/include/bzlib.h:177: parse error before `FILE' > /usr/include/bzlib.h:205: parse error before `FILE' > make[2]: *** [compress-bz2.o] Error 1 > make[2]: Leaving directory `/hsphere/install/gnupg-1.2.4/g10' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/hsphere/install/gnupg-1.2.4' > make: *** [all] Error 2 > # > > How can I resolve these errors and complete the installation? Your version of the bzip2 libraries is old. You can either upgrade the bzip2 library, or build GnuPG with ./configure --without-bzip2 David From gnupg at ml0402.albert.uni.cc Sun Mar 7 00:29:02 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Sun Mar 7 00:33:57 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <200403031613.22988.linux@codehelp.co.uk> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> <200403031613.22988.linux@codehelp.co.uk> Message-ID: <200403070029.02997.gnupg@ml0402.albert.uni.cc> Am Mittwoch, 3. M?rz 2004 17:13 schrieb Neil Williams: > On Tuesday 02 March 2004 4:14 pm, Albert wrote: > > How can root list or export the keys of 1 or better all user(s) > > on a machine without su? > > Why would you want to? For backups of a few people who don't care about security. It is not a question if they should trust me, they do and they asked me to do this! > A worthy reminder that no-one should keep a secret key on ANY box > where the owner of that secret key does not have root permissions > on the box. ACK. But is there a solution to send a signature from a foreign machine? Let's say you have to use an internet cafe and you have your keys on an usb-stick. IMO it is better to send the email unsigned or unencrypted than to use the secret keys on a foreign machine. Albert From JPClizbe at comcast.net Sat Mar 6 18:07:37 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sun Mar 7 01:13:55 2004 Subject: The keyserver follies In-Reply-To: <20040306172536.GB18595@jabberwocky.com> References: <20040227011211.GA21303@jabberwocky.com> <200402281719.30916.gnupg@ml0402.albert.uni.cc> <20040228181101.GX22426@uriel.eclipsed.net> <200402282001.42652.gnupg@ml0402.albert.uni.cc> <20040228212856.GL10935@jabberwocky.com> <20040227011211.GA21303@jabberwocky.com> <200402281719.30916.gnupg@ml0402.albert.uni.cc> <20040228181101.GX22426@uriel.eclipsed.net> <200402282001.42652.gnupg@ml0402.albert.uni.cc> <20040229204644.GE22426@uriel.eclipsed.net> <20040306172536.GB18595@jabberwocky.com> Message-ID: <404A67C9.2060608@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > > Maybe it's time for a "it-just-plain-works-damnit.pgp.net". Wouldn't that also need to support LDAP searches? 8-}) - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org Comment: Annoy John Asscraft -- Use Strong Encyption iD8DBQFASmfHHQSsSmCNKhARArilAJ0UO4KRNtGIyEef7QUlkHqu5Qi6NACfdgvL y+seBb6YBwBNAmyJYP9QvVE= =P3FT -----END PGP SIGNATURE----- From sagraluz at sagraluzzatto.com.br Sat Mar 6 22:03:07 2004 From: sagraluz at sagraluzzatto.com.br (Rodrigo Padula - Editora Sagra Luzzatto) Date: Sun Mar 7 02:10:10 2004 Subject: Urgent!!!!!!!!!! Message-ID: <404A74CB.5050706@sagraluzzatto.com.br> Hello, I am Brazilian and I am with difficulties in working with Gnupg with php. Would I Like anybody to know I could help myself? ASS: Rodrigo Padula From linux at codehelp.co.uk Sun Mar 7 08:14:54 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Mar 9 09:14:33 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <200403070029.02997.gnupg@ml0402.albert.uni.cc> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> <200403031613.22988.linux@codehelp.co.uk> <200403070029.02997.gnupg@ml0402.albert.uni.cc> Message-ID: <200403070814.59008.linux@codehelp.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 06 March 2004 11:29, Albert wrote: > Am Mittwoch, 3. M?rz 2004 17:13 schrieb Neil Williams: > > On Tuesday 02 March 2004 4:14 pm, Albert wrote: > > > How can root list or export the keys of 1 or better all user(s) > > > on a machine without su? > > > > Why would you want to? > > For backups of a few people who don't care about security. It is not ?? If they don't care about security, why are they using a security product ?? > a question if they should trust me, they do and they asked me to do > this! Anyone using a secret key in this environment deserves never to have their key trusted! Looks like I need to add another question to my keysigning protocol. "Have you ever stored your secret key on any installation or media to which you did not (at all times) have sole access as root?" I'd never sign a key where the owner is so casual about security. How can I trust the signature - it could be you or it could be the user. How can I encrypt to the key if the secret key is accessible to you and the owner? > > A worthy reminder that no-one should keep a secret key on ANY box > > where the owner of that secret key does not have root permissions > > on the box. > > ACK. But is there a solution to send a signature from a foreign > machine? Let's say you have to use an internet cafe and you have > your keys on an usb-stick. IMO it is better to send the email > unsigned or unencrypted than to use the secret keys on a foreign > machine. There are ways, yes. Keep the secring.gpg on a USB stick etc. and when the user wants to sign something, use --homedir to access the secret keyring on the removable media. If you don't keep the public keyring there, you can make the media read-only for better security. If it is read-write, a simple bash script can update the public keyring on the workstation with keyids from the removable media. This one-liner produces a list of keyids in one public keyring: gpg --list-keys --with-colons | grep "pub:-:" | cut -d: -f5 Then pass the output to gpg --recv-keys on the other machine to create a sync. I just needed to do this once, so I used a Perl script to parse the content one-line at a time and give the gpg --recv-keys command. I'm sure someone here can come up with a more efficient method. (Perhaps replace \n with a space and tack the whole construct onto one gpg --recv-keys command?) This way, you can still sign in a public environment without compromising your secret key but ONLY because your secret key never gets stored on the public machine. http://www.gnupg.org/gph/en/manual.html#AEN513 The security of the removable media then becomes imperative. (i.e. do NOT keep the revocation certificate on the same removable media!!) IMHO, any secret keys that are accessible to more than the sole verifiable owner of the key MUST be revoked as hopelessly compromised. Anyone not willing to keep their secret key SECRET (i.e. only available to the sole verifiable owner) should never have their key signed and must be strongly advised to change their ways or risk having their key revoked by force. (With the secring.gpg file in your hands, a simple dictionary attack could undo many passphrases on the assumption that those who care this little for secret key security aren't going to have chosen a decent passphrase either.) - -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAStoCiAEJSii8s+MRAlODAKCESI2eSy3TqcdJxJR9Q6WT0BDNwgCgiThs kjC9TriCce6h58nCmx7DfV4= =HOLs -----END PGP SIGNATURE----- From thomas at northernsecurity.net Sun Mar 7 12:53:21 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Tue Mar 9 09:15:03 2004 Subject: Keysigning CeBIT 2004 In-Reply-To: References: <4047A56D.6000506__36500.8867499002$1078589083@daniel-luebke.de> Message-ID: <20040307115321.GA1945@northernsecurity.net> On Sat, Mar 06, 2004 at 05:59:30PM +0100, Marcus Frings wrote: > > anyone willing to meet somewhere there in order to extend his/her and > > (my ;-) WoT? I will probably attend on the 18th, 20th, 21st. > > Well, last year there was a keysigning party at the KDE booth on Sunday > and a regular meeting for key exchange at the Debian booth every day at > 2:00 pm. Personally i think it would be a nice thing if people started to post information about keysigning parties on Biglumber [1] and/or sendng a mail to the Keysignings mailinglist [2]. [1] http://www.biglumber.com/ [2] http://lists.alt.org/mailman/listinfo/keysignings /Thomas -- == thomas@northernsecurity.net | thomas@se.linux.org == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040307/8475cd10/attachment.bin From jharris at widomaker.com Sun Mar 7 17:23:34 2004 From: jharris at widomaker.com (Jason Harris) Date: Tue Mar 9 09:17:12 2004 Subject: new (2004-03-07) keyanalyze results Message-ID: <20040307222333.GA10980@pm1.ric-41.lft.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2004-03-07/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: e459e5ee00dd08f2d3fd00ca484f5cc7ab79dd8a 13433400 preprocess.keys c12453c9a096a817c7b6a87c58de47939957bd44 10540864 othersets.txt 663dddefb9145e801e17c59f1e27915409e24169 2448884 msd-sorted.txt b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html 6b0e8c8284226085c63b229f815cc49fdd2d652b 2287 keyring_stats 0f63424ca0409a161bafa08bd75e9e328d7d1fb4 970436 msd-sorted.txt.bz2 9b660ccd2b9b63e6b3d17c036f62ada2257897a9 26 other.txt fdde91cef55f19eb828f75fcd5dfcd2538909819 2054627 othersets.txt.bz2 a092c78ae5bf9ee531c279da6aaaa94d21215470 6003866 preprocess.keys.bz2 837e54fa70fc643c3f5866963a74c34a7097676b 12904 status.txt c7be3c6b2b923af37c8cce01b11eedbc49d0da40 212042 top1000table.html ec121ed4dc96db581a9522e1532a2fceae180d08 30649 top1000table.html.gz c4446bb48ddd4615af31aad507e69f7fa9ebf737 11077 top50table.html d71da823412e9b72974926e4e75ee23e981ed01d 2254 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040307/c59c1ded/attachment.bin From Holger.Sesterhenn at smgwtest.aachen.utimaco.de Mon Mar 8 11:52:49 2004 From: Holger.Sesterhenn at smgwtest.aachen.utimaco.de (Holger Sesterhenn) Date: Tue Mar 9 09:21:29 2004 Subject: Keysigning CeBIT 2004 In-Reply-To: References: <4047A56D.6000506__36500.8867499002$1078589083@daniel-luebke.de> Message-ID: <404C5081.7010408@smgwtest.aachen.utimaco.de> Hi, >>is anyone aware of keysignings at this year's CeBIT in Hannover? Or is The "Heise Verlag" does sign pgp keys during the "c't-Kryptokampagne" (Hall 5, Both E38). You need a passport. (c't 6/2004, page 42 ;-) ) -- Best Regards, Holger Sesterhenn --- Internet http://www.utimaco.com From gr at eclipsed.net Mon Mar 8 08:06:34 2004 From: gr at eclipsed.net (gabriel rosenkoetter) Date: Tue Mar 9 09:22:00 2004 Subject: caroline In-Reply-To: <200403061155.07272.engage@n0sq.net> References: <20040306050756.0220350f.torduninja@netcourrier.com> <200403061155.07272.engage@n0sq.net> Message-ID: <20040308130634.GB22426@uriel.eclipsed.net> On Sat, Mar 06, 2004 at 11:55:07AM -0700, engage wrote: > Yeah, these things don't fool me anymore. But, the average Windows user > hasn't got a clue. That's a rather impolite statement on a mailing list to which more than a few Windows users are subscribed and on which they're active participants. Please don't increase the (mental) bandwidth wasted by these spam (they're not commercial, but they are unsolicited) messages that have found a way to sneak into mailing lists by continuing to reply to them. -- gabriel rosenkoetter gr@eclipsed.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : /pipermail/attachments/20040308/e02e0e6b/attachment.bin From sagraluz at sagraluzzatto.com.br Mon Mar 8 11:16:23 2004 From: sagraluz at sagraluzzatto.com.br (Rodrigo Padula - Editora Sagra Luzzatto) Date: Tue Mar 9 09:22:27 2004 Subject: Urgent Message-ID: <404C8037.8030308@sagraluzzatto.com.br> I have problena to use PHP with Gnupg. Helpe-me!!! ASS: Rodrigo Padula From ThomasSpuhler at tusonix.com Mon Mar 8 07:49:48 2004 From: ThomasSpuhler at tusonix.com (Thomas Spuhler) Date: Tue Mar 9 09:22:39 2004 Subject: e-mail delay Message-ID: <1078757388.11471.30.camel@international.tusonix.com> Why are so many of this list's e-mail coming in with a 2-3 days delay? -- Best Regards Thomas J Spuhler All Tusonix outgoing e-mail has been scanned for viruses -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20040308/b31038e5/attachment.bin From rmalayter at bai.org Mon Mar 8 12:00:32 2004 From: rmalayter at bai.org (Ryan Malayter) Date: Tue Mar 9 09:24:00 2004 Subject: Gnupg com PHP (and Portuguese translation) Message-ID: <792DE28E91F6EA42B4663AE761C41C2A01E1A3CE@cliff.bai.org> Se voc? afixar sua pergunta em ingl?s, voc? ter? uma possibilidade muito melhor de come?ar a ajuda neste forum. O ingl?s ? a l?ngua padr?o para este forum. Um ingl?s simples ao tradutor portuguese est? dispon?vel em http://www.systransoft.com ---English translation: If you post your question in English, you will have a much better chance of getting help in this forum. English is the standard language for this forum. A simple English to Portuguese translator is available at http://www.systransoft.com Regards, Ryan From sagraluz at sagraluzzatto.com.br Mon Mar 8 15:09:34 2004 From: sagraluz at sagraluzzatto.com.br (Rodrigo Padula - Editora Sagra Luzzatto) Date: Tue Mar 9 09:24:14 2004 Subject: Gnupg com PHP (and Portuguese translation) In-Reply-To: <792DE28E91F6EA42B4663AE761C41C2A01E1A3CE@cliff.bai.org> References: <792DE28E91F6EA42B4663AE761C41C2A01E1A3CE@cliff.bai.org> Message-ID: <404CB6DE.8010606@sagraluzzatto.com.br> I have possessions to use PHP with Gnupg, because it is returning mistakes Can anybody help myself? ASS: Rodrigo Padula Ryan Malayter wrote: > Se voc? afixar sua pergunta em ingl?s, voc? ter? uma possibilidade > muito melhor de come?ar a ajuda neste forum. O ingl?s ? a l?ngua > padr?o para este forum. > > Um ingl?s simples ao tradutor portuguese est? dispon?vel em > http://www.systransoft.com > > ---English translation: > > If you post your question in English, you will have a much better chance of getting help in this forum. English is the standard language for this forum. > > A simple English to Portuguese translator is available at http://www.systransoft.com > > Regards, > Ryan > > > From ekot at protek.ru Tue Mar 9 09:53:52 2004 From: ekot at protek.ru (Eugene Kotlyarov) Date: Tue Mar 9 09:26:00 2004 Subject: extensions of files when decrypting Message-ID: <404D6A00.9070403@protek.ru> Hello. Sometimes users encrypt files sent to me like 'file.zip' to 'file.pgp' When I decrypt it using PGP, it recovers .zip extension back, but when I decrypt it with GnuPG it makes just 'file'. I don't find any option to fix it. Does it exist? And if not can it be added? From atom-gpg at suspicious.org Tue Mar 9 03:43:12 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Tue Mar 9 09:40:44 2004 Subject: Gnupg com PHP (and Portuguese translation) In-Reply-To: <404CB6DE.8010606@sagraluzzatto.com.br> References: <792DE28E91F6EA42B4663AE761C41C2A01E1A3CE@cliff.bai.org> <404CB6DE.8010606@sagraluzzatto.com.br> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I have possessions to use PHP with Gnupg, because it is returning mistakes ======================= try this - http://business-php.com/opensource/gpg_encrypt/ ...atom _______________________________________________ PGP key - http://smasher.suspicious.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "If Jesus had been killed 20 years ago, Catholic school children would be wearing little electric chairs around their necks instead of crosses" -- Lenny Bruce -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFATYOknCgLvz19QeMRAucgAJ4qms+5npq39zd6vt9iH67tNxALogCcDsEB jwS8tPgWnatGTIg1wHEOsoM= =sjHi -----END PGP SIGNATURE----- From Holger.Sesterhenn at smgwtest.aachen.utimaco.de Tue Mar 9 09:44:23 2004 From: Holger.Sesterhenn at smgwtest.aachen.utimaco.de (Holger Sesterhenn) Date: Tue Mar 9 09:42:34 2004 Subject: extensions of files when decrypting In-Reply-To: <404D6A00.9070403@protek.ru> References: <404D6A00.9070403@protek.ru> Message-ID: <404D83E7.1060200@smgwtest.aachen.utimaco.de> Eugene Kotlyarov wrote: > I don't find any option to fix it. Does it exist? And if not > can it be added? --use-embedded-filename Try to create a file with a name as embedded in the data. This can be a dangerous option as it allows to overwrite files. HTH. -- Best Regards, Holger Sesterhenn --- Internet http://www.utimaco.com From listen at hammernoch.net Tue Mar 9 09:51:22 2004 From: listen at hammernoch.net (=?iso-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Tue Mar 9 09:49:35 2004 Subject: MacOS X 10.3.2 (was Re: gnupg 1.2.4 compile error) In-Reply-To: <4027DFE6.6080400@hammernoch.net> References: <40214248.9050506@hammernoch.net> <20040206153012.GA5815@jabberwocky.com> <4027DFE6.6080400@hammernoch.net> Message-ID: <404D858A.2060808@hammernoch.net> Hi everyone, three weeks ago I experienced strange error messages compiling gpg-1.2.4 on MacOS 10.3.2 and wrote: > Maybe I use the wrong version of gcc... This was it. Using gcc 3.3 from the newest Xcode distribution did the job. Thanks for all assistance! Ludwig From wk at gnupg.org Tue Mar 9 10:02:30 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Mar 9 10:02:18 2004 Subject: e-mail delay In-Reply-To: <1078757388.11471.30.camel@international.tusonix.com> (Thomas Spuhler's message of "Mon, 08 Mar 2004 07:49:48 -0700") References: <1078757388.11471.30.camel@international.tusonix.com> Message-ID: <874qsys89l.fsf@alberti.g10code.de> On Mon, 08 Mar 2004 07:49:48 -0700, Thomas Spuhler said: > Why are so many of this list's e-mail coming in with a 2-3 days delay? Because we decided to let a couple of TLAs proofread all posting :-). In reality this is a bad interaction of high traffic, spam filters, folks polling the CVS and spurious Mailman crashes. Werner From jp at cvmx.de Tue Mar 9 11:35:27 2004 From: jp at cvmx.de (Julius Plenz) Date: Tue Mar 9 11:31:17 2004 Subject: Keysigning CeBIT 2004 In-Reply-To: <404C5081.7010408@smgwtest.aachen.utimaco.de> References: <4047A56D.6000506__36500.8867499002$1078589083@daniel-luebke.de> <404C5081.7010408@smgwtest.aachen.utimaco.de> Message-ID: <20040309103527.GB808@cvmx.de> * Holger Sesterhenn : > >>is anyone aware of keysignings at this year's CeBIT in Hannover? > The "Heise Verlag" does sign pgp keys during the > "c't-Kryptokampagne" (Hall 5, Both E38). You need a passport. (c't > 6/2004, page 42 ;-) ) ...or look at http://www.heise.de/security/dienste/pgp/ for more details. But be aware, its in German... Julius -- Julius Plenz, Surf, Mail, Smile! www.cvmx.de/ <>< http://plenz.com/ Please don't Cc me in your replies, thanks #129455376 3993 FD19 2AF0 E21E 5D74 E963 144C 5EE9 186D CA0D gpg --verbose --keyserver subkeys.pgp.net --recv-key 0x186DCA0D From gnupg at ml0402.albert.uni.cc Tue Mar 9 15:14:59 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Tue Mar 9 15:12:59 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <200403070814.59008.linux@codehelp.co.uk> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> <200403070029.02997.gnupg@ml0402.albert.uni.cc> <200403070814.59008.linux@codehelp.co.uk> Message-ID: <200403091421.26693.gnupg@ml0402.albert.uni.cc> Am Sonntag, 7. M?rz 2004 09:14 schrieb Neil Williams: > > For backups of a few people who don't care about security. It > > is not > > ?? If they don't care about security, why are they using a > security product ?? Good question. But it is not my problem. There is nobody who has access to my secret keys. > I'd never sign a key where the owner is so casual about security. > How can I trust the signature - it could be you or it could be > the user. How can I encrypt to the key if the secret key is > accessible to you and the owner? I think this is a general problem. Whose keys one can sign, is very difficult to decide IMO. Of course people won't tell you, that there is an admin who has access to their secret-keys and I believe there are a lot of people who don't know that the admin has access to the secret keys. What do you think are people doing in networks, where they are users only and not admins? I don't believe that they do not save the secret keys on the harddisk in their personal directory. Since I am the only person who has root-rights on the machine, where my secret keys are stored, I never thought about it, but what can people in companys do to keep their sec-keys secret? I am talking of reality and not what one can do in theory. A lot of people are so lazy and they don't care about passwords. Maybe it is an idea, that they don't sign, but do encryptions only. Yesterday a friend told me, that there will a service be setup to increase the use of e-government, where a telecommunication company stores the secret keys and does the encryption for you, if you enter a 4digit code in a webform, which you receive on your mobile phone by request. This decision was made, because a lot of people have no idea, how to sign or encrypt a message, have card reader, a.s.o. I hope this system will not be accepted. BTW do you know how many persons have registered a key? http://pyxis.cns.ualberta.ca/cgi-bin/sksnet report about 2000000 keys. That seems to be nothing compared to the amount of internet users. > This one-liner produces a list of keyids in one public keyring: > gpg --list-keys --with-colons | grep "pub:-:" | cut -d: -f5 > This way, you can still sign in a public environment without > compromising your secret key but ONLY because your secret key > never gets stored on the public machine. > http://www.gnupg.org/gph/en/manual.html#AEN513 Are you sure? Generally other people are not interested in stealing your secret key, but let's assume again, the owner of an internet cafe is interested in your secret key. Doesn't have the admin/root access to all data used on a machine? Let's say the key is used from a floppy or an usb-stick. In a linux environment you have to mount the floppy / usb-stick and then the keys are readable to root. I think of a simple shell script that checks if the media is mounted and if, the content ist copied. IMO it ends everytime in the question "can I trust them", if it is not my own machine. > secring.gpg file in your hands, a simple dictionary attack could > undo many passphrases on the assumption that those who care this > little for secret key security aren't going to have chosen a > decent passphrase either.) This assumption I hope is wrong. I don't know if they ignored what I told them, but I think they have a valuable password. BTW, I am searching for a linux-programm who tries to decrypt a gpg-file by brute-force attack to show people how important it is to have a good password. I would like to show them, how long it takes to find a password of 1, 2, 3 a.s.o letters or a simple word like rose. Albert From gnupg at ml0402.albert.uni.cc Tue Mar 9 15:31:21 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Tue Mar 9 15:30:10 2004 Subject: Different fingerprints on different servers - general problem? Message-ID: <200403091531.21256.gnupg@ml0402.albert.uni.cc> Sorry, for spam reasons, I am not willing to make the email-adresses public, but I found out, that http://www.keyserver.net reports other fingerprints than sks-servers, if a RSA-key was created first and an El-Gamal-subkey was added. It could be also, that it happens only if the key is larger than 1024. In this case a RSA key of 2048 was created and an El-Gamal-key of 4096. If it makes sense to use such large keys is another question. SKS-servers show the same fingeprint than locally, so IMO keyserver.net is a bad choice for checking fingerprints. Albert From dshaw at jabberwocky.com Tue Mar 9 09:41:20 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Mar 9 15:38:58 2004 Subject: Different fingerprints on different servers - general problem? In-Reply-To: <200403091531.21256.gnupg@ml0402.albert.uni.cc> References: <200403091531.21256.gnupg@ml0402.albert.uni.cc> Message-ID: <20040309144120.GC19357@jabberwocky.com> On Tue, Mar 09, 2004 at 03:31:21PM +0100, Albert wrote: > Sorry, for spam reasons, I am not willing to make the email-adresses > public, but I found out, that http://www.keyserver.net reports > other fingerprints than sks-servers, if a RSA-key was created first > and an El-Gamal-subkey was added. It could be also, that it happens > only if the key is larger than 1024. In this case a RSA key of 2048 > was created and an El-Gamal-key of 4096. If it makes sense to use > such large keys is another question. > > SKS-servers show the same fingeprint than locally, so IMO > keyserver.net is a bad choice for checking fingerprints. keyserver.net is broken in this and many other details. Don't use it. David From b.buerger at penguin.de Tue Mar 9 16:51:42 2004 From: b.buerger at penguin.de (Bjoern Buerger) Date: Tue Mar 9 16:39:57 2004 Subject: Different fingerprints on different servers - general problem? In-Reply-To: <200403091531.21256.gnupg@ml0402.albert.uni.cc> References: <200403091531.21256.gnupg@ml0402.albert.uni.cc> Message-ID: <20040309155142.GY11957@susie.penguin.de> Am Di, 09 M?r 2004 schrieb Albert: > SKS-servers show the same fingeprint than locally, so IMO > keyserver.net is a bad choice for checking fingerprints. keyserver.net is a bad choice for various reasons. e.g. they are not syncing with the rest of the server network, according to http://www.keyserver.net/en/ they are about ~301000 Keys behind. Ciao, Bj?rn -- OpenPGP Keyserver +-----------+ --------------------------------- |\ O---m /| http://pgpkeys.tu-bs.de |/`-------'\| http://sks.keyserver.penguin.de +-----------+ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 253 bytes Desc: not available Url : /pipermail/attachments/20040309/f5f904e9/attachment.bin From sagraluz at sagraluzzatto.com.br Tue Mar 9 13:26:51 2004 From: sagraluz at sagraluzzatto.com.br (Rodrigo Padula - Editora Sagra Luzzatto) Date: Tue Mar 9 17:24:17 2004 Subject: PHP - UNGENT!!! In-Reply-To: <200403091421.26693.gnupg@ml0402.albert.uni.cc> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> <200403070029.02997.gnupg@ml0402.albert.uni.cc> <200403070814.59008.linux@codehelp.co.uk> <200403091421.26693.gnupg@ml0402.albert.uni.cc> Message-ID: <404DF04B.304@sagraluzzatto.com.br> Hello!! I made a form web with PHP that generates a file txt, this he/she calls the gnup (gpg) and cryptograf the file txt and sends it for email. But I have a possession, I get to generate the file txt with PHP however when I call the gpg using the function system () a mistake returns: 2 What does mean that mistake number 2?? How can I solve that??? I need help urgently From mail at mark-kirchner.de Tue Mar 9 18:04:53 2004 From: mail at mark-kirchner.de (Mark Kirchner) Date: Tue Mar 9 18:02:20 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <200403070814.59008.linux@codehelp.co.uk> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> <200403031613.22988.linux@codehelp.co.uk> <200403070029.02997.gnupg@ml0402.albert.uni.cc> <200403070814.59008.linux@codehelp.co.uk> Message-ID: <259584848.20040309180453@mark-kirchner.de> Hi, On Sunday, March 7, 2004, 9:14:54 AM, Neil wrote: > [Keep the secring.gpg on a USB stick etc.] > > This way, you can still sign in a public environment without > compromising your secret key but ONLY because your secret key never > gets stored on the public machine. > > [snip] > > IMHO, any secret keys that are accessible to more than the sole > verifiable owner of the key MUST be revoked as hopelessly > compromised. Hm, so you're acting on the assumption that the admin (or any users with root privileges) can't be trusted and that they will (at least potentially) abuse their power. Well, using an USB stick won't help you then. The evil admin could trivially and automatically copy your secret key exactly in the moment your calling gpg. And no 10-word diceware passphrase will protect it in this scenario, because the admin would log that just as well. I know, I know, it _is_ (somewhat) safer to do it this way. The evil admin has to jump through a few more hoops to get your key. But in the end, it's just security by obscurity and might make you feel a lot safer than it really is. IMHO at least. So, ever done that USB stick thing? In this case, you should consider your key "hopelessly compromised" and it "MUST be revoked". *smile* Regards, Mark Kirchner -- _____________________________________________________________ Key (0x19DC86D3): http://www.mark-kirchner.de/keys/key-mk.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 183 bytes Desc: not available Url : /pipermail/attachments/20040309/0fb5a8de/attachment-0001.bin From linux at codehelp.co.uk Tue Mar 9 19:23:59 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Mar 9 20:21:31 2004 Subject: gpg --list-sigs (root for other users) In-Reply-To: <259584848.20040309180453@mark-kirchner.de> References: <200403021713.49747.gnupg@ml0402.albert.uni.cc> <200403031613.22988.linux@codehelp.co.uk> <200403070029.02997.gnupg@ml0402.albert.uni.cc> <200403070814.59008.linux@codehelp.co.uk> <259584848.20040309180453@mark-kirchner.de> Message-ID: <20040309192359.GA31439@codehelp.co.uk> On Tue, Mar 09, 2004 at 06:04:53PM +0100, Mark Kirchner wrote: > Hi, > > On Sunday, March 7, 2004, 9:14:54 AM, Neil wrote: > > [Keep the secring.gpg on a USB stick etc.] > > > I know, I know, it _is_ (somewhat) safer to do it this way. The evil > admin has to jump through a few more hoops to get your key. But in the > end, it's just security by obscurity and might make you feel a lot > safer than it really is. IMHO at least. A targeted attack is always more of a problem. If someone really is out to get you, there will be a way to compromise the key. > So, ever done that USB stick thing? In this case, you should consider No. :-)) I never would, it was just a possible solution for someone else's problem. I agree it isn't a whole lot better but it was the best I could come up with at the time. As the manual says, it depends on your level of paranoia. > your key "hopelessly compromised" and it "MUST be revoked". *smile* Agreed. Thankfully, I'd never take such a risk with my secret key. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20040309/e0de0823/attachment.bin From linux at codehelp.co.uk Tue Mar 9 19:30:38 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Mar 9 20:28:12 2004 Subject: extensions of files when decrypting In-Reply-To: <404D6A00.9070403@protek.ru> References: <404D6A00.9070403@protek.ru> Message-ID: <20040309193038.GB31439@codehelp.co.uk> On Tue, Mar 09, 2004 at 09:53:52AM +0300, Eugene Kotlyarov wrote: > Hello. > > Sometimes users encrypt files sent to me like 'file.zip' to 'file.pgp' That's the problem - why can't it be file.zip.pgp or file.zip.gpg? If you reverse the process, Linux will convert a file.tar.gz into a file.tar.gz.gpg > When I decrypt it using PGP, it recovers .zip extension back, > but when I decrypt it with GnuPG it makes just 'file'. It doesn't make any odds, Linux doesn't rely on the extension anyway. If it's a zip file, it can be unzipped - no matter what the filename or extension. > I don't find any option to fix it. Does it exist? And if not > can it be added? Use mv if you really want to have the extension: mv file file.zip The idea that files only have one . and the extension being the sole determinant of the content is a DOS artefact. There is no reason to continue with such convensions. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20040309/dac55f06/attachment.bin From dshaw at jabberwocky.com Tue Mar 9 14:57:21 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Mar 9 20:54:45 2004 Subject: backup startegy for keyrings In-Reply-To: <9A86613AB85FF346BB1321840DB42B4B046D41D6@jupiter.fchn.com> References: <9A86613AB85FF346BB1321840DB42B4B046D41D6@jupiter.fchn.com> Message-ID: <20040309195721.GA3563@jabberwocky.com> On Wed, Mar 03, 2004 at 08:23:10AM -0800, Steve Butler wrote: > But Neil, that answer begs the question of when does the pubring.gpg~ file > get generated. And under what circumstances. For example, yesterday I > imported a new public key. The "backup" keyring file called pubring.gpg~ > was not created. > > But, I do have such a file from about a month ago when I did some edits on a > key. > > So, not knowing the precise answer (and hoping one of the development team > members will jump in), I have to suppose that the file is generated _before_ > edits are done to existing keys. But, it is not generated before, during, > or after an import operation. This is not true. It should be generated before an import starts. Thus, after the import completes, the pubring.gpg~ file is your pubring from before the import. David From pt at radvis.nu Tue Mar 9 21:04:19 2004 From: pt at radvis.nu (pt@radvis.nu) Date: Tue Mar 9 21:38:40 2004 Subject: Changing cipher preferences Message-ID: <1078862660.467@ns1.softit.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I cannot make the the subcommand "updpref" to work. (Used when editing a key.) Nothing is changed. eg. updpref s9 s8 s3 s2 The subcommand "setpref" works OK, but only for new userid:s. eg. setpref s9 s8 s3 s2 1) How do I add some of the new algos to my old keys (and existing userid:s)? 2) Is it any way to set cipher preferences from start when generating a new key? Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - WinPT 0.7.96 iD8DBQFATivy2Jp9Z++ji2YRAuysAKCnMlkHZaFEBvScM0i+l6Vf322D5ACfT2+Q nQeLPmz0/RUBhmhxwxokTb0= =jLL1 -----END PGP SIGNATURE----- _________________________________________________ Detta meddelande skickades frċn SoftIT - Webmail http://www.softit.se From dshaw at jabberwocky.com Tue Mar 9 15:54:04 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Mar 9 21:51:28 2004 Subject: Changing cipher preferences In-Reply-To: <1078862660.467@ns1.softit.net> References: <1078862660.467@ns1.softit.net> Message-ID: <20040309205404.GB4268@jabberwocky.com> On Tue, Mar 09, 2004 at 09:04:19PM +0100, pt@radvis.nu wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Hi, > I cannot make the the subcommand "updpref" to work. (Used when editing a key.) > Nothing is changed. > > eg. updpref s9 s8 s3 s2 > > The subcommand "setpref" works OK, but only for new userid:s. > > eg. setpref s9 s8 s3 s2 setpref s9 s8 s3 s2 updpref David From seidls at schneider.com Tue Mar 9 14:56:20 2004 From: seidls at schneider.com (seidls@schneider.com) Date: Tue Mar 9 21:54:13 2004 Subject: Error Messages when decrypting a PGP encrypted document Message-ID: When attempting to decrypt a file encrypted with PGP 7.x (specifically ' McAfee E-Business Server v7.1.1 - Full License' per PGP header) we are receiving error messages and are unable to decrypt the file. The messages we are getting are: [GNUPG:] NODATA 1 [GNUPG:] NODATA 2 gpg: no valid Open PGP data found gpg: processing message failed: eof We are using GPG v1.0.4 on a IBM AIX box. Any ideas as to why we are receiving these messages? The file appears to be in a valid PGP format and does contain data. Thanks Scott Seidl Electronic Communication Services seidls@schneider.com Tel) 920-592-2163 This document, and any attachments therein, contains proprietary and confidential information that may not be disclosed without the prior written permission of Schneider National, Inc. and its subsidiaries. Unauthorized use or misuse of this information and its contents is strictly prohibited. Schneider National, Inc. vigorously protects its rights. From atom-gpg at suspicious.org Tue Mar 9 16:11:07 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Tue Mar 9 22:08:26 2004 Subject: Changing cipher preferences In-Reply-To: <1078862660.467@ns1.softit.net> References: <1078862660.467@ns1.softit.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (CCing you in case this gets lost for a few days) > I cannot make the the subcommand "updpref" to work. (Used when editing a key.) > Nothing is changed. > > eg. updpref s9 s8 s3 s2 > > The subcommand "setpref" works OK, but only for new userid:s. > > eg. setpref s9 s8 s3 s2 use "setpref x y z" then "updpref" then exit with either either "quit" or "save". make sure you include ALL prefs, not just cipher prefs! ############################################# $ gpg --edit-key test gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. pub 1024D/4697BE6F created: 2004-03-09 expires: never trust: u/u sub 1024g/98B94302 created: 2004-03-09 expires: never (1). Just A Test (This key for demonstration only) Command> pref pub 1024D/4697BE6F created: 2004-03-09 expires: never trust: u/u (1). Just A Test (This key for demonstration only) S9 S8 S7 S3 S2 H2 H3 Z2 Z1 [mdc] Command> setpref s9 s8 s3 s2 Command> updpref Current preference list: S9 S8 S3 S2 [mdc] Really update the preferences? y You need a passphrase to unlock the secret key for user: "Just A Test (This key for demonstration only) " 1024-bit DSA key, ID 4697BE6F, created 2004-03-09 gpg: DSA signature from: "4697BE6F Just A Test (This key for demonstration only) " pub 1024D/4697BE6F created: 2004-03-09 expires: never trust: u/u sub 1024g/98B94302 created: 2004-03-09 expires: never (1). Just A Test (This key for demonstration only) Command> pref pub 1024D/4697BE6F created: 2004-03-09 expires: never trust: u/u (1). Just A Test (This key for demonstration only) S9 S8 S3 S2 [mdc] Command> quit Save changes? y ############################################# ...atom _______________________________________________ PGP key - http://smasher.suspicious.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "Glory is fleeting, but obscurity is forever." -- Napoleon Bonaparte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFATjLvnCgLvz19QeMRAkr5AJwOClxl52PjGSzA7+A6//0B7ZgQTgCfUmCz sgJPKYrtqpUQj5h6ArcjpL0= =Sdqn -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Mar 9 16:12:02 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Mar 9 22:09:48 2004 Subject: Error Messages when decrypting a PGP encrypted document In-Reply-To: References: Message-ID: <20040309211202.GA4618@jabberwocky.com> On Tue, Mar 09, 2004 at 02:56:20PM -0600, seidls@schneider.com wrote: > When attempting to decrypt a file encrypted with PGP 7.x (specifically ' > McAfee E-Business Server v7.1.1 - Full License' per PGP header) we are > receiving error messages and are unable to decrypt the file. > > The messages we are getting are: > [GNUPG:] NODATA 1 > [GNUPG:] NODATA 2 > gpg: no valid Open PGP data found > gpg: processing message failed: eof > > We are using GPG v1.0.4 on a IBM AIX box. Any ideas as to why we are > receiving these messages? The file appears to be in a valid PGP format and > does contain data. 1.0.4 is over three years old. The first thing to try is to upgrade GnuPG to 1.2.4 and try reading your file again. David From malte.gell at gmx.de Wed Mar 10 00:51:15 2004 From: malte.gell at gmx.de (Malte Gell) Date: Wed Mar 10 00:51:51 2004 Subject: extensions of files when decrypting In-Reply-To: <404D83E7.1060200@smgwtest.aachen.utimaco.de> References: <404D6A00.9070403@protek.ru> <404D83E7.1060200@smgwtest.aachen.utimaco.de> Message-ID: <200403100051.30111.malte.gell@gmx.de> Am Dienstag, 9. M?rz 2004 09:44 schrieb Holger Sesterhenn: > Eugene Kotlyarov wrote: > > I don't find any option to fix it. Does it exist? And if not > > can it be added? > > --use-embedded-filename Looks like an interesting option. But does it really work? I just played with it a bit. I encrypted a file like this: gpg --use-embedded-filename="GnuPG-Manual.ps" -e -r 0x83171b57 GnuPG-Manual.ps After encrypting I renamed it: "mv GnuPG-Manual.ps.gpg test.gpg". Now, since the file name is embedded "gpg test.gpg" should revover "GnuPG-Manual.ps", right? No it doesn't, the result is "test"! So embedding the file just did nothing, or have I misunderstood the purpose of --use-embedde-filename? Malte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 351 bytes Desc: signature Url : /pipermail/attachments/20040310/28b33029/attachment.bin From Freedom_Lover at pobox.com Tue Mar 9 22:10:09 2004 From: Freedom_Lover at pobox.com (Todd) Date: Wed Mar 10 04:08:20 2004 Subject: extensions of files when decrypting In-Reply-To: <200403100051.30111.malte.gell@gmx.de> References: <404D6A00.9070403@protek.ru> <404D83E7.1060200@smgwtest.aachen.utimaco.de> <200403100051.30111.malte.gell@gmx.de> Message-ID: <20040310031009.GZ2385@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Malte Gell wrote: > Am Dienstag, 9. M?rz 2004 09:44 schrieb Holger Sesterhenn: >> Eugene Kotlyarov wrote: >>> I don't find any option to fix it. Does it exist? And if not can >>> it be added? >> >> --use-embedded-filename > > Looks like an interesting option. But does it really work? I just > played with it a bit. I encrypted a file like this: > > gpg --use-embedded-filename="GnuPG-Manual.ps" -e -r 0x83171b57 > GnuPG-Manual.ps > > After encrypting I renamed it: "mv GnuPG-Manual.ps.gpg test.gpg". > > Now, since the file name is embedded "gpg test.gpg" should revover > "GnuPG-Manual.ps", right? No it doesn't, the result is "test"! So > embedding the file just did nothing, or have I misunderstood the > purpose of --use-embedde-filename? Try using it on the decryption instead of the encryption command. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== The only reason we still have elections in this country is to see if the pollsters were right. -- Ed Rollins -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQFATocQuv+09NZUB1oRAmtTAJ41JkCR/xoVJOWKFeEhrwCWYKxdvQCaApf8 M6XZ13DoTsUDaeAaYhbwkmE= =XJ9O -----END PGP SIGNATURE----- From avbidder at fortytwo.ch Wed Mar 10 08:43:31 2004 From: avbidder at fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Mar 10 08:40:52 2004 Subject: Changing cipher preferences In-Reply-To: <1078862660.467@ns1.softit.net> References: <1078862660.467@ns1.softit.net> Message-ID: <200403100843.33777@fortytwo.ch> On Tuesday 09 March 2004 21.04, pt@radvis.nu wrote: > Message was signed by RADVIS 2003 (casual key) (Key ID: > 0xEFA38B66). Warning: The signature is bad. kmail 1.6.1 on this end. > X-Mailer: Mailmax Webmail So I guess this was a copy/paste problem? Or is this a webmailer with OpenPGP support? cheers -- vbi -- Quien no estima la vida no la merece. -- Vinci. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 331 bytes Desc: signature Url : /pipermail/attachments/20040310/d0b65aaa/attachment.bin From pt at radvis.nu Tue Mar 9 12:52:49 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Wed Mar 10 08:52:10 2004 Subject: Changing cipher preferences Message-ID: <6.0.1.1.2.20040309124531.0263a180@localhost> Hi, I cannot make the the subcommand "updpref" to work. (Used when edition a key.) Nothing is changed. eg. updpref s9 s8 s3 s2 The subcommand "setpref" works OK, but only for new userid:s. eg. setpref s9 s8 s3 s2 1) How do I add some of the new algos to my old keys (and existing userid:s)? 2) Is it any way to set cipher preferences from start when generating a new key? V?nligen Per Tunedal Civ. ing. Civ. ek. S:t Mickelsgatan 148 129 44 H?gersten Telefon: 08-646 34 83 From pt at radvis.nu Thu Mar 11 16:12:38 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Thu Mar 11 20:58:41 2004 Subject: Solved Re: Changing cipher preferences In-Reply-To: References: <1078862660.467@ns1.softit.net> Message-ID: <6.0.1.1.2.20040311160923.01da6060@localhost> Hi Atom, Thank you for your thorough explanation! I happened to get the message sent twice due to a delay in my regular mail. (I sent the message via webmail when it was delayed.) Thus it was sent twice. I'm sorry if it confused any of you. Yours, Per Tunedal At 22:11 2004-03-09, you wrote: >This mail was signed (Inlined PGP-Message). > >,-----GnuPG output follows (current time: Thu, Mar 11 2004 - 16:07:17)-- >| >| Signature made 03/09/04 22:11:11 using DSA key ID 3D7D41E3 >| Good signature from "Atom Smasher " >| aka "Atom Smasher " >| WARNING: This key is not certified with a trusted signature! >| There is no indication that the signature belongs to the owner. >| Primary key fingerprint: 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D >41E3 >| >``-------------------------------------------------------------------------- >--BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >(CCing you in case this gets lost for a few days) > >> I cannot make the the subcommand "updpref" to work. (Used when editing a >key.) >> Nothing is changed. >> >> eg. updpref s9 s8 s3 s2 >> >> The subcommand "setpref" works OK, but only for new userid:s. >> >> eg. setpref s9 s8 s3 s2 > > >use "setpref x y z" then "updpref" then exit with either either "quit" or >"save". make sure you include ALL prefs, not just cipher prefs! > > >############################################# >$ gpg --edit-key test >gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. >This program comes with ABSOLUTELY NO WARRANTY. >This is free software, and you are welcome to redistribute it >under certain conditions. See the file COPYING for details. > >Secret key is available. > >pub 1024D/4697BE6F created: 2004-03-09 expires: never trust: u/u >sub 1024g/98B94302 created: 2004-03-09 expires: never >(1). Just A Test (This key for demonstration only) > >Command> pref >pub 1024D/4697BE6F created: 2004-03-09 expires: never trust: u/u >(1). Just A Test (This key for demonstration only) > S9 S8 S7 S3 S2 H2 H3 Z2 Z1 [mdc] > >Command> setpref s9 s8 s3 s2 > >Command> updpref >Current preference list: S9 S8 S3 S2 [mdc] >Really update the preferences? y > >You need a passphrase to unlock the secret key for >user: "Just A Test (This key for demonstration only) " >1024-bit DSA key, ID 4697BE6F, created 2004-03-09 > >gpg: DSA signature from: "4697BE6F Just A Test (This key for demonstration >only) " > >pub 1024D/4697BE6F created: 2004-03-09 expires: never trust: u/u >sub 1024g/98B94302 created: 2004-03-09 expires: never >(1). Just A Test (This key for demonstration only) > >Command> pref >pub 1024D/4697BE6F created: 2004-03-09 expires: never trust: u/u >(1). Just A Test (This key for demonstration only) > S9 S8 S3 S2 [mdc] > >Command> quit >Save changes? y > >############################################# > > > ...atom > > _______________________________________________ > PGP key - http://smasher.suspicious.org/pgp.txt > 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 > ------------------------------------------------- > > "Glory is fleeting, but obscurity is forever." > -- Napoleon Bonaparte >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.4 (FreeBSD) >Comment: What is this gibberish? - >http://atom.smasher.org/links/#digital_signatures > >iD8DBQFATjLvnCgLvz19QeMRAkr5AJwOClxl52PjGSzA7+A6//0B7ZgQTgCfUmCz >sgJPKYrtqpUQj5h6ArcjpL0= >=Sdqn >-----END PGP SIGNATURE----- > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users From dmoore at medimedia.com Thu Mar 11 22:38:17 2004 From: dmoore at medimedia.com (Doreen Moore) Date: Thu Mar 11 22:37:10 2004 Subject: Decrypting multiple messages within one single file Message-ID: Hello all, First let me say that I am very new to GPG. I am having a bit (understatement) of a problem in decrypting a single file, with multiple messages. The decrypt statement only recognizes the first message and ignores all of the others. Can someone tell me if this is possible to achieve using GPG and if so, what are the commands/options to do it? Thanks Doreen A. R. Moore MediMedia 267.685.2352 - Direct 215.219.9554 - Mobile From vedaal at hush.com Thu Mar 11 23:00:38 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Thu Mar 11 23:02:02 2004 Subject: basic hash signature question Message-ID: <200403112200.i2BM0cIP046715@mailserver3.hushmail.com> when gnupg is used to sign a file with a signing key, two things can be determined from the signature hash: [1] the file can be verified as 'unchanged' from the time of the signing [2] the file can be authenticated as being signed by the person in possession of the signing key basic question ;-) : if someone doesn't have the signer's public key, is it still possible to verify the integrity of the signed file, even though one cannot verify the authenticity tia, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From dshaw at jabberwocky.com Thu Mar 11 23:35:59 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Mar 11 23:33:29 2004 Subject: basic hash signature question In-Reply-To: <200403112200.i2BM0cIP046715@mailserver3.hushmail.com> References: <200403112200.i2BM0cIP046715@mailserver3.hushmail.com> Message-ID: <20040311223558.GA25788@jabberwocky.com> On Thu, Mar 11, 2004 at 02:00:38PM -0800, vedaal@hush.com wrote: > when gnupg is used to sign a file with a signing key, > two things can be determined from the signature hash: > > [1] the file can be verified as 'unchanged' from the time of the signing > > [2] the file can be authenticated as being signed by the person in possession > of the signing key > > > basic question ;-) : > > if someone doesn't have the signer's public key, > is it still possible to verify the integrity of the signed file, > even though one cannot verify the authenticity No. David From rebecca at tardis.ath.cx Thu Mar 11 23:57:41 2004 From: rebecca at tardis.ath.cx (r cannon) Date: Thu Mar 11 23:55:24 2004 Subject: Import help Message-ID: Hey there Newbie question Trying to import someones pubkey. Using mac os x have tried the GPG Keys gui, which said it sucessfully imported the pubkey.txt file (however the file never showed up in the list). Have also tried gpg --import ~/path/pubkey.txt but this comes back with the error 'gpg: NOTE: old default options file `/Users/rebecca/.gnupg/options' ignored gpg: no valid OpenPGP data found. gpg: Total number processed: 0' Checking --list-keys after either method brings only my key.... The .txt file has a proper looking key in it - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.4 (GNU/Linux) (where this is a long string of randomness) -----END PGP PUBLIC KEY BLOCK----- Any advice would be most appreciated. rebecca From gnupg at ml0402.albert.uni.cc Fri Mar 12 00:22:21 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Fri Mar 12 00:20:17 2004 Subject: basic hash signature question In-Reply-To: <20040311223558.GA25788@jabberwocky.com> References: <200403112200.i2BM0cIP046715@mailserver3.hushmail.com> <20040311223558.GA25788@jabberwocky.com> Message-ID: <200403120022.21462.gnupg@ml0402.albert.uni.cc> Am Donnerstag, 11. M?rz 2004 23:35 schrieb David Shaw: > > if someone doesn't have the signer's public key, > > is it still possible to verify the integrity of the signed > > file, even though one cannot verify the authenticity > > No. > > David Is there a possibility to check with a webinterface? url? Albert From dshaw at jabberwocky.com Fri Mar 12 00:53:26 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Mar 12 00:50:47 2004 Subject: basic hash signature question In-Reply-To: <200403120022.21462.gnupg@ml0402.albert.uni.cc> References: <200403112200.i2BM0cIP046715@mailserver3.hushmail.com> <20040311223558.GA25788@jabberwocky.com> <200403120022.21462.gnupg@ml0402.albert.uni.cc> Message-ID: <20040311235326.GB25788@jabberwocky.com> On Fri, Mar 12, 2004 at 12:22:21AM +0100, Albert wrote: > Am Donnerstag, 11. M?rz 2004 23:35 schrieb David Shaw: > > > > if someone doesn't have the signer's public key, > > > is it still possible to verify the integrity of the signed > > > file, even though one cannot verify the authenticity > > > > No. > > > > David > > Is there a possibility to check with a webinterface? url? Without the signer's public key, you can't do anything. The math just doesn't work that way. You could set up a web page to check signatures, sure, but you're assuming that web page is trustworthy and not compromised, etc. David From sk_list at hotmail.com Fri Mar 12 04:51:40 2004 From: sk_list at hotmail.com (S K) Date: Fri Mar 12 04:49:25 2004 Subject: basic hash signature question Message-ID: You could code up something along the lines of OpenPGPComment http://www.srijith.net/codes/openpgpcomment/ > > > if someone doesn't have the signer's public key, > > > is it still possible to verify the integrity of the signed > > > file, even though one cannot verify the authenticity > > > > No. > > > > David > >Is there a possibility to check with a webinterface? url? _________________________________________________________________ Take a break! Find destinations on MSN Travel. http://www.msn.com.sg/travel/ From agreene at pobox.com Fri Mar 12 08:11:22 2004 From: agreene at pobox.com (Anthony E. Greene) Date: Fri Mar 12 08:08:29 2004 Subject: Import help In-Reply-To: References: Message-ID: <20040312071122.GA3896@cp5340.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12-Mar-2004/09:57 +1100, r cannon wrote: >Trying to import someones pubkey. Using mac os x have tried the GPG Keys >gui, which said it sucessfully imported the pubkey.txt file (however the >file never showed up in the list). > >Have also tried gpg --import ~/path/pubkey.txt but this comes back with the >error >'gpg: NOTE: old default options file `/Users/rebecca/.gnupg/options' ignored >gpg: no valid OpenPGP data found. >gpg: Total number processed: 0' Try renaming your options file to gpg.conf. If the key is on a keyserver, try retrieving it like this: gpg --keyserver [ldap://]servername --recv-key 0xNNNNNNNN The default protocol is "hkp://" so if it's an LDAP server you have to specify LDAP on the commandline. Tony - -- Anthony E. Greene AOL/Yahoo Messenger: TonyG05 HomePage: OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D Linux. The choice of a GNU generation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D iD8DBQFAUWJ6pCpg3WyUI50RAndSAKDyPYT7EbzAdpws+CtRtWgzCA3TtwCguJbn m0hs+Gs3p1jRk20IolICoxI= =S9KC -----END PGP SIGNATURE----- From gnupg at ml0402.albert.uni.cc Fri Mar 12 16:38:06 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Fri Mar 12 16:36:21 2004 Subject: basic hash signature question In-Reply-To: <20040311235326.GB25788@jabberwocky.com> References: <200403112200.i2BM0cIP046715@mailserver3.hushmail.com> <200403120022.21462.gnupg@ml0402.albert.uni.cc> <20040311235326.GB25788@jabberwocky.com> Message-ID: <200403121638.06889.gnupg@ml0402.albert.uni.cc> Am Freitag, 12. M?rz 2004 00:53 schrieb David Shaw: > On Fri, Mar 12, 2004 at 12:22:21AM +0100, Albert wrote: > > Am Donnerstag, 11. M?rz 2004 23:35 schrieb David Shaw: > > > > if someone doesn't have the signer's public key, > > > > is it still possible to verify the integrity of the signed > > > > file, even though one cannot verify the authenticity > > > > > > No. > > > > > > David > > > > Is there a possibility to check with a webinterface? url? > > Without the signer's public key, you can't do anything. The math > just doesn't work that way. The public key I can get from a keyserver > You could set up a web page to check signatures, sure, but you're > assuming that web page is trustworthy and not compromised, etc. That's the problem. I am thinking of a situtation, where no gpg is installed on a foreign pc. Albert From hess at tkn.tu-berlin.de Fri Mar 12 19:46:36 2004 From: hess at tkn.tu-berlin.de (Andreas Hess) Date: Fri Mar 12 19:43:50 2004 Subject: Importing keys Message-ID: <4052058C.1040100@tkn.tu-berlin.de> Hi, I have the following problem. I would like to import a public key by gpg --import file.pub and doing so, I receive the following output gpg: ..... no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 Must the public key be signed? Or is there another possibility to import public keys? Any hint is welcome Thanks Andreas From linux at codehelp.co.uk Fri Mar 12 20:50:02 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Fri Mar 12 20:47:21 2004 Subject: Importing keys In-Reply-To: <4052058C.1040100@tkn.tu-berlin.de> References: <4052058C.1040100@tkn.tu-berlin.de> Message-ID: <4052146A.1070103@codehelp.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Hess wrote: | Hi, | | I have the following problem. I would like to import a public key by | gpg --import file.pub | and doing so, I receive the following output | | gpg: ..... no valid user IDs | gpg: this may be caused by a missing self-signature | gpg: Total number processed: 1 | gpg: w/o user IDs: 1 | | Must the public key be signed? Or is there another possibility to import | public keys? Public keys which are not self-signed are trivially easy to forge and are therefore not advisable. (IIRC, recent versions of GnuPG won't create this kind of key by default.) As a separate issue, the public key can't be validated by others without ~ signatures, so signatures (self and others) are the basis of most trust issues in GnuPG. - -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAUhRpiAEJSii8s+MRAoA/AKDbe45lL8lfW8I5V/BleL9jIUDUFwCg34JF /2BkY+797Uruzmkj+aCM2Oo= =P065 -----END PGP SIGNATURE----- From barry at bpuk.net Sat Mar 13 16:36:30 2004 From: barry at bpuk.net (Barry Porter) Date: Sat Mar 13 16:34:30 2004 Subject: GPGAgent Message-ID: <40532A7E.9090506@bpuk.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Has anybody here managed to build a newer version of GPGAgent than v0.1.0 for Windows which is on the Sourceforge WinPT site? If so, How hard was it to build and is there anything I need to know about trying to build it before I start? Many thanks. - -- Regards Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) iD8DBQFAUyp73wKVPLs2unURAoSqAJ4yKFfs8p5NDfwkcFFBJ4+9OZSPSACgg9yG kKJ6mvoONUDr2PFghsNzWSo= =M+R2 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Mar 13 17:25:24 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Mar 13 17:22:45 2004 Subject: basic hash signature question In-Reply-To: <200403121638.06889.gnupg@ml0402.albert.uni.cc> References: <200403112200.i2BM0cIP046715@mailserver3.hushmail.com> <200403120022.21462.gnupg@ml0402.albert.uni.cc> <20040311235326.GB25788@jabberwocky.com> <200403121638.06889.gnupg@ml0402.albert.uni.cc> Message-ID: <20040313162523.GA16112@jabberwocky.com> On Fri, Mar 12, 2004 at 04:38:06PM +0100, Albert wrote: > Am Freitag, 12. M?rz 2004 00:53 schrieb David Shaw: > > On Fri, Mar 12, 2004 at 12:22:21AM +0100, Albert wrote: > > > Am Donnerstag, 11. M?rz 2004 23:35 schrieb David Shaw: > > > > > if someone doesn't have the signer's public key, > > > > > is it still possible to verify the integrity of the signed > > > > > file, even though one cannot verify the authenticity > > > > > > > > No. > > > > > > > > David > > > > > > Is there a possibility to check with a webinterface? url? > > > > Without the signer's public key, you can't do anything. The math > > just doesn't work that way. > > The public key I can get from a keyserver > > > You could set up a web page to check signatures, sure, but you're > > assuming that web page is trustworthy and not compromised, etc. > > That's the problem. I am thinking of a situtation, where no gpg is > installed on a foreign pc. It's certainly doable, but why should the user of this service trust it? It could just be printing out "signature good" without actually checking, or worse, printing out "signature bad" for certain people, but not others, etc. This is a common problem with server-based things - how do you trust the server isn't lying? David From twoaday at freakmail.de Sun Mar 14 13:24:42 2004 From: twoaday at freakmail.de (twoaday@freakmail.de) Date: Sun Mar 14 13:18:11 2004 Subject: GPGAgent In-Reply-To: <40532A7E.9090506@bpuk.net> Message-ID: <3.0.6.32.20040314132442.00829990@pop3.freenet.de> At 15:36 13.03.04 +0000, you wrote: >Has anybody here managed to build a newer version of GPGAgent than >v0.1.0 for Windows which is on the Sourceforge WinPT site? I succeeded to build it but this is no suprise, since I'm the author of it. Do you have any special problems with the code? >If so, How hard was it to build and is there anything I need to know >about trying to build it before I start? Read the README file to make sure you understand how it works and the security suggestions. The code is rather old and I'm not sure if this program is the right solution for most people. WinPT has an internal passphrase caching and other frontends also have this feature. If you need GPG on a server or in an automated environment, the gpg-agent is a good thing otherwise the caching is propably easier to use. Timo From teenieberry at worldnet.att.net Sun Mar 14 17:01:22 2004 From: teenieberry at worldnet.att.net (FRANK HUBENY) Date: Sun Mar 14 16:49:32 2004 Subject: gpgdir ? Message-ID: <000501c409dd$9bf084b0$a6424e0c@frank075dd4bfc> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Group; I stumbled accross a GPG utility called gpgdir. I was wondering if something like it could be incorporated into a future version of GPG. I ask this because I recieved a post about a newer version in the works. I am not a Linux user, but a Windows user who sometimes would like to encrypt more than one file at a time. - - -- <>< <>< <>< Frank D. Hubeny Greetings From: Palm Bay, Florida USA CAcert Assurer GSWoT Notary -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94 iD8DBQFAVIHedXf8zWPj9yMRAr3FAJ40eb6e2dsKi6wKFqgwteHwLBQrMwCgiEgN zlwf/eVDyLOKB9FfVQWl61A= =2uay -----END PGP SIGNATURE----- From kfitzner at excelcia.org Sun Mar 14 17:23:40 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Sun Mar 14 17:26:57 2004 Subject: Looking for Elgamal sign+encrypt key information Message-ID: <000001c409e0$b795f940$0dc8a8c0@frisket> Hello all, I would like some clarification on the status of the Elgamal keys in GnuPG. I don't quite understand the reason for its removal. I have tried searches on the subject, but all I come up with are references to the original announcement, which says it was disabled because of an implementation flaw. However, one small item in this mailing list's archives suggests that the implementation flaw was actually corrected in 1.2.4. When I am using Windows platforms, I tend to use PGP 6.5.8ckt, which does support the use of Elgamal sign+encrypt keys. So if there are problems inherent in this, I would be most appreciative if someone can shed some light on this. Thanks in advance for any information that can be provided. Regards, Kurt Fitzner From wk at gnupg.org Sun Mar 14 19:19:01 2004 From: wk at gnupg.org (Werner Koch) Date: Sun Mar 14 19:17:25 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <000001c409e0$b795f940$0dc8a8c0@frisket> (Kurt Fitzner's message of "Sun, 14 Mar 2004 09:23:40 -0700") References: <000001c409e0$b795f940$0dc8a8c0@frisket> Message-ID: <87y8q3e1gq.fsf@alberti.g10code.de> On Sun, 14 Mar 2004 09:23:40 -0700, Kurt Fitzner said: > the original announcement, which says it was disabled because of an > implementation flaw. However, one small item in this mailing list's > archives suggests that the implementation flaw was actually corrected in > 1.2.4. The ElGamal signature scheme is very very hard to get right and we have seen many attacks on it over the last years. I orginally implemented it in GnuPG because at that time the patent status of DSA was not clear. Although the current problem was "only" an implementation bug, it proved again how hard it is to get this signature scheme right. Instead of fixing it we removed the ability to create Elgamal signature in 1.2.x and entirely dropped support in 1.3.x. For background info see http://www.di.ens.fr/~pnguyen/pub.html#Ng04 > When I am using Windows platforms, I tend to use PGP 6.5.8ckt, which > does support the use of Elgamal sign+encrypt keys. So if there are It has been said a thousand times in the last years: DO NOT USE ELAGAMAL SIGNATURES - they are dangerous, slow and obsolete. There is a far better alternative: DSA - as Phil Zimmermann puts it: "DSA is Elgamal debugged". Werner From kfitzner at excelcia.org Sun Mar 14 20:29:56 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Sun Mar 14 20:30:51 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <87y8q3e1gq.fsf@alberti.g10code.de> Message-ID: <000701c409fa$bc444040$0dc8a8c0@frisket> Personally, I use RSA v4 sign+encrypt keys for my own use. I am not at all fond of DSA, primarily because of its small key size. Many cryptographers are recommending 1024 bit key sizes as a minimum these days. And for me, identity verification and signatures are far more important than encryption. I just don't subscribe to the "change your signature every year or so" school of thought that uses the argument that even if signature key is compromized , that key can still be trusted to accurately represent historically signed documents. I would guess the "200 (Elgamal sign+encrytp) keys per year" that are added to key servers are added by people who have a similar reservations to DSA that I do. I'm not at all familiar with the issues you mention in passing that make the Elgamal signature scheme dangerous. The abstract you reference mentions in detail the implementation flaw, but does not explain what makes the signature scheme dangerous in general. If you could kindly point me to information of this sort, I would be most appreciative. While I honestly don't wish to appear confrontational, it still seems to me that the removal is a little knee-jerk. I can understand the position you were in. Mr. Nguyen, in my opinion, should simply have sent you an email, rather than making a paper with "Flaws of GnuPG" in big bold letters on the top. In light of the "press" this issue received, I can understand wanting to take very decisive action. But I have to ask, if a similar implementation flaw in RSA key generation were found, would RSA sign+encrypt support be removed from GnuPG as well? The statement that Elgamal is obsolete leaves the impression that the thought is that it is DSA which is making it obsolete, and this distinctly troubles me. As a user, I would urge that GnuPG's goal be to provide functionality for as much of OpenPGP as possible. GNU software in general has always, to me, represented choice. I liked the fact that, while Elgamal keys were not encouraged, that the functionality was included. Include the ability, and let the user make the choice. In any case, any more information on what makes Elgamal signature implementation dangerous in general would still be much appreciated. Thank-you kindly for your time and reply. Kurt Fitzner -----Original Message----- From: Werner Koch [mailto:wk@gnupg.org] Sent: March 14, 2004 11:19 AM To: Kurt Fitzner Cc: gnupg-users@gnupg.org Subject: Re: Looking for Elgamal sign+encrypt key information On Sun, 14 Mar 2004 09:23:40 -0700, Kurt Fitzner said: > the original announcement, which says it was disabled because of an > implementation flaw. However, one small item in this mailing list's > archives suggests that the implementation flaw was actually corrected > in 1.2.4. The ElGamal signature scheme is very very hard to get right and we have seen many attacks on it over the last years. I orginally implemented it in GnuPG because at that time the patent status of DSA was not clear. Although the current problem was "only" an implementation bug, it proved again how hard it is to get this signature scheme right. Instead of fixing it we removed the ability to create Elgamal signature in 1.2.x and entirely dropped support in 1.3.x. For background info see http://www.di.ens.fr/~pnguyen/pub.html#Ng04 > When I am using Windows platforms, I tend to use PGP 6.5.8ckt, which > does support the use of Elgamal sign+encrypt keys. So if there are It has been said a thousand times in the last years: DO NOT USE ELAGAMAL SIGNATURES - they are dangerous, slow and obsolete. There is a far better alternative: DSA - as Phil Zimmermann puts it: "DSA is Elgamal debugged". Werner From vedaal at hush.com Sun Mar 14 21:25:18 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Sun Mar 14 21:22:36 2004 Subject: Looking for Elgamal sign+encrypt key information Message-ID: <200403142025.i2EKPIp3090610@mailserver2.hushmail.com> >Message: 8 >Date: Sun, 14 Mar 2004 09:23:40 -0700 >From: Kurt Fitzner >Subject: Looking for Elgamal sign+encrypt key information [...] >When I am using Windows platforms, I tend to use PGP 6.5.8ckt, which >does support the use of Elgamal sign+encrypt keys. So if there >are >problems inherent in this, I would be most appreciative if someone >can >shed some light on this. 6.5.8 ckt 'doesn't' support it. [*try it* ;-) ] it experimented with including it when it was anticipated that it might be widely used by GnuPG, but abandoned fully integrating it, when GnuPG moved to DSA and discouraged ElG signing. vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From atom-gpg at suspicious.org Mon Mar 15 01:11:46 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Mon Mar 15 01:09:19 2004 Subject: signing algorithms - was: RE: Looking for Elgamal sign+encrypt key information Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Personally, I use RSA v4 sign+encrypt keys for my own use. I am not at > all fond of DSA, primarily because of its small key size. ========================= * regarding DSS/DSA: since you bring this up, i'd be curious to ask what's going on with variations of DSS/DSA that allows for larger hashes & larger keys... i guess i'm asking what the progress is being made within the cryptographic community, and when that will bear fruit for "end users" of PGP/GPG. * regarding ElGamal i've also been curious what exactly makes ElGamal signing so tough... based on my very limited understanding of the math involved, and reading through applied cryptography, i guess i need a dumbed-down explanation. * regarding Diffie-Hellman it's my understanding that both ElGamal and DSS are variations of Diffie-Hellman, and one of the advertised advantages of a DH based system rather than an RSA system is that the primes used in a key are publicly accessible for review (to verify that they're "good" primes)... in a practical sense, how would one go about checking to see if whether or not the primes are "good"? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "The limitation of riots, moral questions aside, is that they cannot win and their participants know it. Hence, rioting is not revolutionary but reactionary because it invites defeat. It involves an emotional catharsis, but it must be followed by a sense of futility." -- Martin Luther King, Jr. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAVPTHnCgLvz19QeMRAvqaAJ9E7770pGMaAeeiQtImgElpwx3ujwCggX5n XMo4m9l1Bqv4RpBIvu6uyLc= =bovf -----END PGP SIGNATURE----- From kfitzner at excelcia.org Mon Mar 15 02:47:45 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Mon Mar 15 02:52:25 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: Message-ID: <000001c40a2f$87c71b50$0dc8a8c0@frisket> > There's a lot more to the security of a cryptosystem than simple bitsize. Yes, there is a lot more to security than the bit size. I understand that DH/Elgamal keys offer very slightly more security per bit than RSA. My understanding is, though, that it is slight enough that for all intents and purposes they are generally considered equivalently strong. I hope this isn't taken as argumentative, but it seems that this statement (quoted above) is rather avoiding the issue. If I am mistaken, and the security per bit in DSA signing keys is extrordinarily higher than I am giving it credit for then please, by all means, correct me. For the moment, though, I have grave concerns over a signature mechanism who's current best strength is at the bare minimum that cryptographer's are suggesting. According to some cryptographers[1], 1024 bits isn't even a good minimum today. One point that cryptographers make over and over is that no one should wait until a keysize is provably too weak. As I stated earlier, I don't want to replace my signature key every few years. I don't want people to be making the determination on whether my signing key is mine or not based on whether it was signed by a previously trusted, but now expired old key. > Crypto software should not be about "choice". It should be about > security. Most users aren't qualified to assess the relative merits > of public key cryptosystems. When one such cryptosystem is known to > have serious weaknesses, it is the implementor's duty to remove it, > rather than to assume that the average user has the knowledge to > understand the implications of using that cryptosystem. Of course cryptography software is about choice. It's about people taking an active role to determine what is good for them. The advice given in many tutorials, faqs, and papers[2] suggests that people keep track of the current state of the art in cryptography and make their symmetric, hash, and public key algorithm choices accordingly. Crypto software must be secure, and it must also have the perception that it is secure. Both of these ends can be served by incorporating choice into the software. If the whole purpose of GnuPG is to have a few experts determine what's best for all us civilians, then why is there more than one of any type of algorhithm implemented in it at all? Why are so many algorhythms included in the OpenPGP standard? I suggest that it is for the very reason so that people can make choices about what to use - so that they can choose what best serves their purposes. Thus, with respect, I must say that I believe the statement "Crypto software should not be about 'choice'" to be seriously flawed. I think that choice - informed choice - is vital. And so is having aught to choose from. Regard, Kurt Fitzner [1] Selecting Cryptographic Key Sizes (2001), Dr. Arjen K. Lenstra, Dr. Eric R. Verheul Journal of Cryptology: the journal of the International Association for Cryptologic Research. It is interesting to note that their extrapolation to 2004 of 1108 bits as a minimum kery-size didn't change between 1999, the year the paper was first released, and 2001, the year of the paper's last (to my knowledge) update [2] See http://senderek.de/security/secret-key.protection.html, and http://www.samsimpson.com/cryptography/pgp/pgpfaq.html - both well known FAQs for the beginner learning about PGP/GPG and cryptography. From atom-gpg at suspicious.org Mon Mar 15 04:48:02 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Mon Mar 15 04:45:21 2004 Subject: gpg (GnuPG) 1.3.5 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i just installed gpg (GnuPG) 1.3.5, and the first thing i did was run: gpg --version -v which tells me: gpg (GnuPG) 1.3.5 NOTE: THIS IS A DEVELOPMENT VERSION! It is only intended for test purposes and should NOT be used in a production environment or with production keys! yikes!!! that sounds serious! should i take this more seriously than the standard "ABSOLUTELY NO WARRANTY" notice that comes with all GPL software? should i really not use this version in a production environment with production keys? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAVSd2nCgLvz19QeMRAjsEAKCiBYZhZLHc+LjDNjACVGNvLqYmawCeOptX bL8xfFrPTrSohFrBt24OH54= =qrjR -----END PGP SIGNATURE----- From newton at hammet.net Mon Mar 15 06:06:52 2004 From: newton at hammet.net (Newton Hammet) Date: Mon Mar 15 05:54:59 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <000001c40a2f$87c71b50$0dc8a8c0@frisket> References: <000001c40a2f$87c71b50$0dc8a8c0@frisket> Message-ID: <1079327214.5127.7.camel@localhost.localdomain> Hello All, My public key is an RSA key, with a 4096-bit key for signature and a separate 4096-bit key for encryption. Hopefully this compensates for DSA or Elgamal being "slighty stronger" for a given bit size. The reason I like RSA is because I understand it a little better than DSA or ELG, and also because key size is really tunable to whatever size you want. Regards, Newton On Sun, 2004-03-14 at 19:47, Kurt Fitzner wrote: > > There's a lot more to the security of a cryptosystem than simple > bitsize. > > Yes, there is a lot more to security than the bit size. I understand > that DH/Elgamal keys offer very slightly more security per bit than RSA. > My understanding is, though, that it is slight enough that for all > intents and purposes they are generally considered equivalently strong. > I hope this isn't taken as argumentative, but it seems that this > statement (quoted above) is rather avoiding the issue. If I am > mistaken, and the security per bit in DSA signing keys is extrordinarily > higher than I am giving it credit for then please, by all means, correct > me. For the moment, though, I have grave concerns over a signature > mechanism who's current best strength is at the bare minimum that > cryptographer's are suggesting. According to some cryptographers[1], > 1024 bits isn't even a good minimum today. One point that > cryptographers make over and over is that no one should wait until a > keysize is provably too weak. > > As I stated earlier, I don't want to replace my signature key every few > years. I don't want people to be making the determination on whether my > signing key is mine or not based on whether it was signed by a > previously trusted, but now expired old key. > > > Crypto software should not be about "choice". It should be about > > security. Most users aren't qualified to assess the relative merits > > of public key cryptosystems. When one such cryptosystem is known to > > have serious weaknesses, it is the implementor's duty to remove it, > > rather than to assume that the average user has the knowledge to > > understand the implications of using that cryptosystem. > > Of course cryptography software is about choice. It's about people > taking an active role to determine what is good for them. The advice > given in many tutorials, faqs, and papers[2] suggests that people keep > track of the current state of the art in cryptography and make their > symmetric, hash, and public key algorithm choices accordingly. > > Crypto software must be secure, and it must also have the perception > that it is secure. Both of these ends can be served by incorporating > choice into the software. If the whole purpose of GnuPG is to have a > few experts determine what's best for all us civilians, then why is > there more than one of any type of algorhithm implemented in it at all? > Why are so many algorhythms included in the OpenPGP standard? I suggest > that it is for the very reason so that people can make choices about > what to use - so that they can choose what best serves their purposes. > Thus, with respect, I must say that I believe the statement "Crypto > software should not be about 'choice'" to be seriously flawed. > > I think that choice - informed choice - is vital. And so is having > aught to choose from. > > Regard, > > Kurt Fitzner > > > [1] Selecting Cryptographic Key Sizes (2001), Dr. Arjen K. Lenstra, Dr. > Eric R. Verheul > Journal of Cryptology: the journal of the International Association for > Cryptologic Research. > > It is interesting to note that their extrapolation to 2004 of 1108 bits > as a minimum kery-size didn't change between 1999, the year the paper > was first released, and 2001, the year of the paper's last (to my > knowledge) update > > [2] See http://senderek.de/security/secret-key.protection.html, and > http://www.samsimpson.com/cryptography/pgp/pgpfaq.html - both well known > FAQs for the beginner learning about PGP/GPG and cryptography. > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Public Key: 4096R/136FC036 2004-02-09 Newton Hammet Key fingerprint = 785F DFF3 7029 3FBD 45CE 747C 93CA E808 136F C036 Key servers: subkeys.pgp.net, et al From gr at eclipsed.net Mon Mar 15 17:54:33 2004 From: gr at eclipsed.net (gabriel rosenkoetter) Date: Mon Mar 15 17:51:48 2004 Subject: gpgdir ? In-Reply-To: <000501c409dd$9bf084b0$a6424e0c@frank075dd4bfc> References: <000501c409dd$9bf084b0$a6424e0c@frank075dd4bfc> Message-ID: <20040315165433.GA16582@uriel.eclipsed.net> On Sun, Mar 14, 2004 at 11:01:22AM -0500, FRANK HUBENY wrote: > I am not a Linux user, but a Windows user who sometimes would like to > encrypt more than one file at a time. Without a more detailed description of what this ``gpgdir'' does, it's hard to understand why --batch doesn't satisfy your needs. -- gabriel rosenkoetter gr@eclipsed.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : /pipermail/attachments/20040315/ebae7639/attachment.bin From dshaw at jabberwocky.com Mon Mar 15 18:54:11 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Mar 15 18:51:38 2004 Subject: gpg (GnuPG) 1.3.5 In-Reply-To: References: Message-ID: <20040315175410.GA18172@jabberwocky.com> On Sun, Mar 14, 2004 at 10:48:02PM -0500, Atom 'Smasher' wrote: > i just installed gpg (GnuPG) 1.3.5, and the first thing i did was run: > gpg --version -v > which tells me: > gpg (GnuPG) 1.3.5 > NOTE: THIS IS A DEVELOPMENT VERSION! > It is only intended for test purposes and should NOT be > used in a production environment or with production keys! > > yikes!!! that sounds serious! > > should i take this more seriously than the standard "ABSOLUTELY NO > WARRANTY" notice that comes with all GPL software? should i really not use > this version in a production environment with production keys? 1.3.5, and indeed everything in the 1.3.x branch is the development branch of GnuPG (as compared to the 1.2.x "stable" branch). From the 1.3.5 release notes: As always, note that while this code is stable enough for many uses, it is still the development branch. Mission-critical applications should always use the 1.2.x stable branch. At some point in the hopefully not too distant future, 1.3.x will become 1.4, and be the new "stable". Until that point, it is useful mainly for those who want to play with the new features. David From dshaw at jabberwocky.com Mon Mar 15 19:51:46 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Mar 15 19:49:06 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <000701c409fa$bc444040$0dc8a8c0@frisket> References: <87y8q3e1gq.fsf@alberti.g10code.de> <000701c409fa$bc444040$0dc8a8c0@frisket> Message-ID: <20040315185146.GB18172@jabberwocky.com> On Sun, Mar 14, 2004 at 12:29:56PM -0700, Kurt Fitzner wrote: > The statement that Elgamal is obsolete leaves the impression that > the thought is that it is DSA which is making it obsolete, and this > distinctly troubles me. I wouldn't say that. I think it's more accurate to say that RSA signatures obsoleted Elgamal signatures. At the time that Elgamal signatures were added to the OpenPGP standard (and to GnuPG), RSA was patented and could not be freely used. Now that the RSA patent has expired, there is very little point to Elgamal signatures. > As a user, I would urge that GnuPG's goal be to provide > functionality for as much of OpenPGP as possible. GNU software in > general has always, to me, represented choice. I liked the fact > that, while Elgamal keys were not encouraged, that the functionality > was included. Include the ability, and let the user make the > choice. I think that while lots of choice is a laudable goal, it has to be balanced - especially in security related programs - with some conservatism as to algorithms. Note that the upcoming revision to the OpenPGP standard does not include Elgamal signatures. David From kfitzner at excelcia.org Mon Mar 15 22:51:54 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Mon Mar 15 22:53:56 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <20040315185146.GB18172@jabberwocky.com> Message-ID: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> >I wouldn't say that. I think it's more accurate to say >that RSA signatures obsoleted Elgamal signatures. At the >time that Elgamal signatures were added to the OpenPGP >standard (and to GnuPG), RSA was patented and could not >be freely used. Now that the RSA patent has expired, there >is very little point to Elgamal signatures. I had forgotten the RSA patent issue. Looking at the historical perspective, I can better understand why ElGamal was included, even with it being a crptographically inferior choice. My main concern wasn't so much to keep the ElGamal signatures in, per se. As I mentioned in an earlier post, I myself use RSA sign+encrypt keys. My point, though, is that I don't consider DSA to have sufficient key sizes. Quite a few of the negative arguments against ElGamal (larger signatures than DSA, slower than DSA, etc) also work against RSA. >I think that while lots of choice is a laudable goal, it has >to be balanced - especially in security related programs - >with some conservatism as to algorithms. I agree. I suppose I started to see a trend that confused and troubled me a little. First, the ElGamal and RSA sign+encrypt key generation options are hidden unless you issue the "--expert" switch. Then, when an implementation flaw is discovered in ElGamal key generation, the whole algorithm is disabled. It's a progression that, to me, seemed to be leading to having DSA as the only signing alternative left. I hope (assume) that there are no plans to move away from RSA signing or RSA sign+encrypt keys? >Note that the upcoming revision to the OpenPGP standard does >not include Elgamal signatures. That's a very telling point that I wasn't aware of. I still don't know the nuts and bolts of what makes ElGamal signatures dangerous to implement. I can't see how it would be any different than RSA. Hash the message, encrypt the hash with the sender's private key, ASCII-fy the result. How is ElGamal signing any more dangerous than ElGamal encrypting? Like Atom Smasher, I would love if someone could offer (or point me to) a dumbed down version for the cryptographically challenged. Simply out of curiosity. Thanks for all the replies I have been given. I appreciate the time people have taken. Regards, Kurt Fitzner From atom-gpg at suspicious.org Mon Mar 15 23:28:19 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Mon Mar 15 23:25:38 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> References: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >Note that the upcoming revision to the OpenPGP standard does > >not include Elgamal signatures. ========================== looks like the latest draft doesn't really encourage RSA.... http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-09.txt Implementations MUST implement DSA for signatures, and ElGamal for encryption. Implementations SHOULD implement RSA keys. Implementations MAY implement any other algorithm. so, if one were to make an RSA-only key, that key would not be strictly openPGP compliant? one would have to add an ElGamal subkey, for full compliance? in that case, what would be a good way (or ways) to force the sender to use the RSA encryption key, and only use the ElGamal encryption key if RSA isn't supported on their end? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. This is not a way of life at all in any true sense. Under the clouds of war, it is humanity hanging on a cross of iron." -- Dwight Eisenhower, April 16, 1953 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAVi4InCgLvz19QeMRAqDWAKCgATH/OUPwzGABZG7utAnw2O35fQCfRbnt 89nZvgyLe5+MswVae2ZxQL8= =2K32 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Mar 15 23:44:58 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Mar 15 23:42:18 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> References: <20040315185146.GB18172@jabberwocky.com> <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> Message-ID: <20040315224458.GA20495@jabberwocky.com> On Mon, Mar 15, 2004 at 02:51:54PM -0700, Kurt Fitzner wrote: > >I wouldn't say that. I think it's more accurate to say > >that RSA signatures obsoleted Elgamal signatures. At the > >time that Elgamal signatures were added to the OpenPGP > >standard (and to GnuPG), RSA was patented and could not > >be freely used. Now that the RSA patent has expired, there > >is very little point to Elgamal signatures. > > I had forgotten the RSA patent issue. Looking at the historical > perspective, I can better understand why ElGamal was included, even with > it being a crptographically inferior choice. My main concern wasn't so > much to keep the ElGamal signatures in, per se. As I mentioned in an > earlier post, I myself use RSA sign+encrypt keys. My point, though, is > that I don't consider DSA to have sufficient key sizes. Quite a few of > the negative arguments against ElGamal (larger signatures than DSA, > slower than DSA, etc) also work against RSA. Not completely. DSA isn't always faster than RSA. In fact, RSA is considerably faster verifying signatures compared to DSA. DSA is only faster generating signatures than RSA. Since signatures are usually verified more frequently than they are generated, this is a net win for RSA. Still, most of the time this doesn't matter - they're both fast enough that you'll rarely notice anything in regular use. Elgamal signatures, however, are slow enough that even on a fast computer, you'll see a visible pause as the signature is processed. That's slow. > >I think that while lots of choice is a laudable goal, it has > >to be balanced - especially in security related programs - > >with some conservatism as to algorithms. > > I agree. I suppose I started to see a trend that confused and troubled > me a little. First, the ElGamal and RSA sign+encrypt key generation > options are hidden unless you issue the "--expert" switch. Then, when > an implementation flaw is discovered in ElGamal key generation, the > whole algorithm is disabled. It's a progression that, to me, seemed to > be leading to having DSA as the only signing alternative left. I hope > (assume) that there are no plans to move away from RSA signing or RSA > sign+encrypt keys? No plans. RSA gives us something that Elgamal doesn't. It's just that Elgamal didn't give us something that RSA didn't already give us. (Plus there was the bug, plus there was the terrible speed issue.) Note, though, that there is no rule that says that an OpenPGP program has to support RSA. The only algorithms that are required are DSA for signing, Elgamal for public key encryption, SHA1 for hashing, and 3DES for symmetric encryption. Everything else, including RSA, is optional. > >Note that the upcoming revision to the OpenPGP standard does > >not include Elgamal signatures. > > That's a very telling point that I wasn't aware of. Well, to be honest, the standard dropped it after GnuPG dropped it. Since nobody other than GnuPG supported it in the first place, it was a pretty clear indication that it wasn't going to be used. > I still don't know the nuts and bolts of what makes ElGamal signatures > dangerous to implement. I can't see how it would be any different than > RSA. Hash the message, encrypt the hash with the sender's private key, > ASCII-fy the result. How is ElGamal signing any more dangerous than > ElGamal encrypting? Like Atom Smasher, I would love if someone could > offer (or point me to) a dumbed down version for the cryptographically > challenged. Simply out of curiosity. Take a look at some of the links at the end of http://www.samsimpson.com/cryptography/pgp/pgpfaqnew.html David From dshaw at jabberwocky.com Mon Mar 15 23:56:51 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Mar 15 23:54:11 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: References: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> Message-ID: <20040315225651.GB20495@jabberwocky.com> On Mon, Mar 15, 2004 at 05:28:19PM -0500, Atom 'Smasher' wrote: > > >Note that the upcoming revision to the OpenPGP standard does > > >not include Elgamal signatures. > ========================== > > looks like the latest draft doesn't really encourage RSA.... > > http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-09.txt > > Implementations MUST implement DSA for signatures, and ElGamal for > encryption. Implementations SHOULD implement RSA keys. > Implementations MAY implement any other algorithm. > > so, if one were to make an RSA-only key, that key would not be strictly > openPGP compliant? one would have to add an ElGamal subkey, for full > compliance? No. RSA is compliant, but not required. In other words, go right ahead and use it, but not everyone is required to talk to you. In reality, it is very hard to find an OpenPGP implementation that doesn't do RSA. GnuPG 1.4 can be specially built without RSA, but unless you are building an embdedded system, there is no point. I wouldn't worry about it. If you like RSA, use RSA. > in that case, what would be a good way (or ways) to force the sender to > use the RSA encryption key, and only use the ElGamal encryption key if RSA > isn't supported on their end? This isn't specified in the standard, so it depends on what the various implementations do. GnuPG will try and use the most recent subkey, so if you make the RSA subkey last, it will be used. David From malsyned at cif.rochester.edu Tue Mar 16 03:45:43 2004 From: malsyned at cif.rochester.edu (Dennis Lambe Jr.) Date: Tue Mar 16 03:43:09 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <000001c40a2f$87c71b50$0dc8a8c0@frisket> References: <000001c40a2f$87c71b50$0dc8a8c0@frisket> Message-ID: <1079394205.22325.23.camel@localhost> On Sun, 2004-03-14 at 20:47, Kurt Fitzner wrote: > According to some cryptographers[1], > 1024 bits isn't even a good minimum today. One point that > cryptographers make over and over is that no one should wait until a > keysize is provably too weak. The reason to select a large key size is to make cracking your key too much of a hassle to be practical. The goal is always to make circumventing your cryptographic measures not worth doing. The fact of the matter is that circumventing a secure signature system isn't really worth doing anyway, so key size on signing keys is much less of an issue than on encryption keys. Here's why: There is no known agent currently capable of wholesale, or for that matter even targeted, breaking of 1024-bit RSA or DSA keys. If a malicious agent (the hypothetical Mallory) did have that capability, it is likely that she would not want that information to be known. If it were, the public would upgrade to larger key sizes and all of that expensive technology would become worthless. Mallory can continue intercepting and decrypting 1024-bit-encrypted messages indefinitely without being discovered (unless she is careless with the data she obtains) because exploiting a cracked 1024-bit encryption key is an act that can be carried out with an arbitrary degree of privacy. If Mallory can break a 1024-bit encryption key through brute force (as opposed to an algorithm-specific weakness), we can assume that she can also forge signatures from 1024-bit keys. This is the case that you are worried about. BUT, if she does so even once, she introduces into the public record an example of a forged 1024-bit signature, and when the actual owner of that key is confronted with the fake signature (which would likely happen quickly if the signed document was of any importance), that owner will know that 1024-bit encryption can be broken and would be able to document that fact in public. Once that information is public, 1024-bit encryption will be flagged as breakable, everyone will know about Mallory's ability, and her clandestine snooping activities will have been halted. So if Mallory can break 1024-bit public keys she can use that ability to snoop on information only so long as the world thinks it is safe from her. Breaking a signing key and using it to forge a signature would destroy that ability by making her ability known. The fact is that if 1024-bit signing keys were being broken, we'd probably know it, but we would probably never know whether our encryption keys were, which is why we have to be a lot more paranoid about our encryption key sizes than our signing key sizes. --D DISCLAIMER: This is just a summary of information I've read over time written by other experts. I am no expert myself. If the experts on the list disagree with me, listen to them instead. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 279 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20040315/a7ed2e31/attachment.bin From rabbi at quickie.net Tue Mar 16 03:54:49 2004 From: rabbi at quickie.net (Len Sassaman) Date: Tue Mar 16 03:52:06 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: References: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> Message-ID: On Mon, 15 Mar 2004, Atom 'Smasher' wrote: > looks like the latest draft doesn't really encourage RSA.... > > http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-09.txt > > Implementations MUST implement DSA for signatures, and ElGamal for > encryption. Implementations SHOULD implement RSA keys. > Implementations MAY implement any other algorithm. > > so, if one were to make an RSA-only key, that key would not be strictly > openPGP compliant? one would have to add an ElGamal subkey, for full > compliance? > > in that case, what would be a good way (or ways) to force the sender to > use the RSA encryption key, and only use the ElGamal encryption key if RSA > isn't supported on their end? The RFC applies to implementations, not use models. From atom-gpg at suspicious.org Tue Mar 16 05:55:58 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Tue Mar 16 05:53:29 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <1079394205.22325.23.camel@localhost> References: <000001c40a2f$87c71b50$0dc8a8c0@frisket> <1079394205.22325.23.camel@localhost> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > If Mallory can break a 1024-bit encryption key through brute force (as > opposed to an algorithm-specific weakness), we can assume that she can > also forge signatures from 1024-bit keys. This is the case that you are > worried about. BUT, if she does so even once, she introduces into the > public record an example of a forged 1024-bit signature, and when the > actual owner of that key is confronted with the fake signature (which > would likely happen quickly if the signed document was of any > importance), that owner will know that 1024-bit encryption can be broken > and would be able to document that fact in public. ======================================== if a signature is successfully forged, the owner of the key in question could publicly *assert* that their key was compromised. they would have a very difficult time publicly *proving* that their key has been compromised, and an even harder time proving that the compromise was done through either brute force or a weakness in the algorithm, rather than leaking the signing key through human error, computer virus, etc. in all likelihood, even if one's key was really "cracked", they wouldn't be able to successfully convince anyone of that. > The fact is that if 1024-bit signing keys were being broken, we'd > probably know it, but we would probably never know whether our > encryption keys were, which is why we have to be a lot more paranoid > about our encryption key sizes than our signing key sizes. ======================================= i've heard that logic, but here's one problem with it: let's say i'm currently using a 1024 bit signing key, and that 10-20 years from now it becomes feasible to brute-force a key of that size. what happens if someone comes to me with a perfectly signed document that's then 20 years old, saying that i owe them $1M? i can say the document has been forged, they can say it hasn't been. (this of course assumes that a digital signature is legally binding) playing around with gpg 1.3.5, i just confirmed that i can use a 4096 RSA signing key and an SHA512 hash... i think this gives me a signature as strong as it seems to be, intuitively....? of course, the signature is 13 lines long! when will DSS be adapted to handle a larger keys and hashes?!? > DISCLAIMER: This is just a summary of information I've read over time > written by other experts. I am no expert myself. If the experts on the > list disagree with me, listen to them instead. ==================================== disclaimer: i'm no expert, especially on the math. and i'm not trying to disagree, just clarify some points and share my own observations. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "One may well ask: How can you advocate breaking some laws and obeying others? The answer lies in the fact that there are two types of laws: just and unjust. I would be the first to advocate obeying just laws. One has not only a legal but a moral responsibility to obey just laws. Conversely, one has a moral responsibility to disobey unjust laws." -- Martin Luther King, Jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAVojinCgLvz19QeMRAvI8AJ9hTXHMuUbugDyFNnhRUynCLCFHkACfRcEw blLikCQjCO3sWuJQzC+O9S4= =4kbM -----END PGP SIGNATURE----- From atom-gpg at suspicious.org Tue Mar 16 05:59:17 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Tue Mar 16 05:56:34 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: References: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > in that case, what would be a good way (or ways) to force the sender to > > use the RSA encryption key, and only use the ElGamal encryption key if RSA > > isn't supported on their end? > > The RFC applies to implementations, not use models. ======================== it would be within the scope of an RFC to specify how an application might handle encryption key preferences. it does, after all, specify how to handle cipher preferences. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "There is a theory which states that if ever anyone discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarrely inexplicable. There is another theory which states that this has already happened." -- Douglas Adams -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAVompnCgLvz19QeMRAi5lAKCTNHOnvZ74YwuBkCdRyQZT0ftTtwCdHswy 4pVei9TbyDtPZyygkWa1nGU= =6INn -----END PGP SIGNATURE----- From rabbi at quickie.net Tue Mar 16 06:14:38 2004 From: rabbi at quickie.net (Len Sassaman) Date: Tue Mar 16 06:11:54 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: References: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> Message-ID: On Mon, 15 Mar 2004, Atom 'Smasher' wrote: > it would be within the scope of an RFC to specify how an application might > handle encryption key preferences. it does, after all, specify how to > handle [symmetric] cipher preferences. Yes, because otherwise symmetric cipher choice would be entirely up to the sender, not the recipient. Since the OpenPGP Key-id is based on the public portion of the asymmetric cipher used, there is no such problem here. But what you asked/said was: > so, if one were to make an RSA-only key, that key would not be strictly > openPGP compliant? one would have to add an ElGamal subkey, for full > compliance? Which is not true. From atom-gpg at suspicious.org Tue Mar 16 06:17:58 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Tue Mar 16 06:15:17 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: References: <000c01c40ad7$bce4bc90$0dc8a8c0@frisket> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > But what you asked/said was: > > > so, if one were to make an RSA-only key, that key would not be strictly > > openPGP compliant? one would have to add an ElGamal subkey, for full > > compliance? > > Which is not true. ========================= oops.... brain-fart... i thought you were commenting on the other part of my question, about telling a sender that i prefer them to use a particular encryption sub key. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "Some folks look for answers others look for fights, some folks up in treetops just looking for their kites" -- Grateful Dead -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAVo4LnCgLvz19QeMRAlRkAJ9t8nxRtKIxyLBShWyDwr2zV1lhxwCfXjlv t44GzGV31EOy5R2NR3xJhzI= =3aEv -----END PGP SIGNATURE----- From kfitzner at excelcia.org Tue Mar 16 06:36:53 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Tue Mar 16 06:35:16 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <1079394205.22325.23.camel@localhost> Message-ID: <000101c40b18$b35eed80$0dc8a8c0@frisket> >If Mallory can break a 1024-bit encryption key through brute >force (as opposed to an algorithm-specific weakness), we can >assume that she can also forge signatures from 1024-bit keys. >This is the case that you are worried about. BUT, if she does >so even once, she introduces into the public record an example >of a forged 1024-bit signature, and when the actual owner of >that key is confronted with the fake signature (which would >likely happen quickly if the signed document was of any importance), >that owner will know that 1024-bit encryption can be broken and >would be able to document that fact in public. Yes, I've seen this argument before. However, in my opinion, it makes two errant assumptions: 1) It assumes that the "forgery" will be discovered soon after it is created. The whole point of a paper trail is to leave a documentational record of actions. Many paper trails, however, are not fastidiously checked until and unless there are problems. The other problem (which is more important in my opinion): 2) It assumes that the owner of the key will be believed when he or she announces that it was broken. Forgers aren't going to wear a sign saying "I'm a key forger". They are going to deny forging it, so that the document appears real. The whole point of digital signatures is to add authenticity. Forged documents are not going to be created on a whim, they are going to be created when there is a dispute in order to validate the oposing side's position. In any dispute, there will be people who believe both sides. An example: John is an employee at a cigarette manufacture; middle management in advertising. For a time, he is involved in a scheme perpetuated by upper management to promote cigarettes in advertisements targetted to teens and pre-teens. After a certain length of time, his concience causes him to go to government and civil anti-smoking groups. A huge lawsuit forms from this. Part of the evidence is a 1024-bit-key signed and dated document trail organizing the campaign, and these documents cite upper-management as the source of authority and show that they were CCed to upper management. This, as you might guess, is a potentially multi-billion-dollar type lawsuit. These type of lawsuits are also often many years in the making before they actually go to trial. The cigarette manufacturer has the financial incentive to crack that key. During the ensuing court battle, John produces these documents that are dated back to the time when he was an employee, and uses them to show that upper management knew and directed the campaign. The defending cigarette manufacturer produces a different set of documents - a paper trail that is identical to that shown by John, but that omits any reference to upper-management's authority and omits references to them being CCed to upper management. The defense makes the argument that he did the initiative on his own in order to increase sales and obtain larger personal comissions, and when it was discovered by upper-management, he was fired and then made up the story that the whole affair was ordered by, and done with the knowledge of upper-management. We now have two conflicting sets of documents. Both apparently signed by the same key. Part of a large court battle. Is the world in general going to believe that the cigarette manufacturer cracked John's 1024-bit key? Or is the world going to believe that John is trying to cash in on the anti-cigarette-manufacturer sentiment after having been caught in an ilicit campaign to increase his own fortunes. What I know, is that business and government has a large mass. And a controversy where there is a very plausible explanation just might not have the inertia necessary to cause a global awakening and make people use larger keys. Especially if the public in general is convinced by the cigarette manufacturer's spin doctors. Oh, 1024-bit keys are secure. This was just a guy who got caught with his hands in the cookie jar. No need to panic. The point is, if 1024-bit keys are not strong enough to trust with your important encryption, they are not strong enough for your important signatures. For any signatures. Who knows when and where a false document will pop up, and who knows who will believe it is false. From jam at athene.jamux.com Tue Mar 16 15:34:45 2004 From: jam at athene.jamux.com (John A. Martin) Date: Tue Mar 16 15:37:46 2004 Subject: Looking for Elgamal sign+encrypt key information References: <1079394205.22325.23.camel@localhost> <000101c40b18$b35eed80$0dc8a8c0__922.566807321523$1079415682@frisket> Message-ID: <871xnshncq.fsf@athene.jamux.com> >>>>> "Kurt" == Kurt Fitzner >>>>> "RE: Looking for Elgamal sign+encrypt key information" >>>>> Mon, 15 Mar 2004 22:36:53 -0700 Kurt> We now have two conflicting sets of documents. Both Kurt> apparently signed by the same key. But John might have also have gotten a counter-signature of sorts like perhaps . (See the heading "Trusting Stamper".) jam -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 154 bytes Desc: not available Url : /pipermail/attachments/20040316/2a64af78/attachment.bin From newton at hammet.net Tue Mar 16 16:16:54 2004 From: newton at hammet.net (Newton Hammet) Date: Tue Mar 16 16:14:08 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <000101c40b18$b35eed80$0dc8a8c0@frisket> References: <1079394205.22325.23.camel@localhost> <000101c40b18$b35eed80$0dc8a8c0@frisket> Message-ID: <14053.192.35.232.241.1079450214.squirrel@webmail.io.com> The below argument is why I simply have two 4096-bit RSA keys 1 for signing and 1 for encryption. Don't know how safe 4096 bit keys are but I suspect they are pretty safe for now, even from a TWIRL or TWINKLE machine. I believe in erroring on the side of caution. 4096 bit keys are no longer a hurdle to either create or use for signing or encryption with today's speedy chips. I have also downloaded the source code for gnupg-1.2.4 and made one modification: doubling the arbitrary limit of 4096 bits for RSA to a new arbitrary limit of 8192 bits, which for the moment may be overkill -- Thanks to the developers of gnupg who even thought they claim that keys larger than 4096 bits are not nesc. did not limit the capability of gnupg to produce larger keys. Regards, Newton >>If Mallory can break a 1024-bit encryption key through brute >>force (as opposed to an algorithm-specific weakness), we can >>assume that she can also forge signatures from 1024-bit keys. >>This is the case that you are worried about. BUT, if she does >>so even once, she introduces into the public record an example >>of a forged 1024-bit signature, and when the actual owner of >>that key is confronted with the fake signature (which would >>likely happen quickly if the signed document was of any importance), >>that owner will know that 1024-bit encryption can be broken and >>would be able to document that fact in public. > > Yes, I've seen this argument before. However, in my opinion, it makes > two errant assumptions: 1) It assumes that the "forgery" will be > discovered soon after it is created. The whole point of a paper trail > is to leave a documentational record of actions. Many paper trails, > however, are not fastidiously checked until and unless there are > problems. The other problem (which is more important in my opinion): 2) > It assumes that the owner of the key will be believed when he or she > announces that it was broken. Forgers aren't going to wear a sign > saying "I'm a key forger". They are going to deny forging it, so that > the document appears real. The whole point of digital signatures is to > add authenticity. Forged documents are not going to be created on a > whim, they are going to be created when there is a dispute in order to > validate the oposing side's position. In any dispute, there will be > people who believe both sides. An example: > > John is an employee at a cigarette manufacture; middle management in > advertising. For a time, he is involved in a scheme perpetuated by > upper management to promote cigarettes in advertisements targetted to > teens and pre-teens. After a certain length of time, his concience > causes him to go to government and civil anti-smoking groups. A huge > lawsuit forms from this. Part of the evidence is a 1024-bit-key signed > and dated document trail organizing the campaign, and these documents > cite upper-management as the source of authority and show that they were > CCed to upper management. This, as you might guess, is a potentially > multi-billion-dollar type lawsuit. These type of lawsuits are also > often many years in the making before they actually go to trial. > > The cigarette manufacturer has the financial incentive to crack that > key. During the ensuing court battle, John produces these documents > that are dated back to the time when he was an employee, and uses them > to show that upper management knew and directed the campaign. The > defending cigarette manufacturer produces a different set of documents - > a paper trail that is identical to that shown by John, but that omits > any reference to upper-management's authority and omits references to > them being CCed to upper management. The defense makes the argument > that he did the initiative on his own in order to increase sales and > obtain larger personal comissions, and when it was discovered by > upper-management, he was fired and then made up the story that the whole > affair was ordered by, and done with the knowledge of upper-management. > > We now have two conflicting sets of documents. Both apparently signed > by the same key. Part of a large court battle. Is the world in general > going to believe that the cigarette manufacturer cracked John's 1024-bit > key? Or is the world going to believe that John is trying to cash in on > the anti-cigarette-manufacturer sentiment after having been caught in an > ilicit campaign to increase his own fortunes. > > What I know, is that business and government has a large mass. And a > controversy where there is a very plausible explanation just might not > have the inertia necessary to cause a global awakening and make people > use larger keys. Especially if the public in general is convinced by > the cigarette manufacturer's spin doctors. Oh, 1024-bit keys are > secure. This was just a guy who got caught with his hands in the cookie > jar. No need to panic. > > The point is, if 1024-bit keys are not strong enough to trust with your > important encryption, they are not strong enough for your important > signatures. For any signatures. Who knows when and where a false > document will pop up, and who knows who will believe it is false. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From kfitzner at excelcia.org Tue Mar 16 16:17:24 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Tue Mar 16 16:17:10 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <871xnshncq.fsf@athene.jamux.com> Message-ID: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> John might have also gotten a counter signature. That's exactly my point. MIGHT have. And MAYBE there isn't any point in trying to crack signatures. And POSSIBLY it wouldn't be in their best interest to crack signatures anyways. Are you willing to bet your identity on it, though? The people for who would crack keys for gain want you to make exactly that bet. So why rest your identity on signature exchange methodologies? Why rest your identity on the fact that some people think that there's no point in cracking a signature? The arguments against >1024bit signatures basically boil down to... why bother, ugly signatures, probably isn't any point. Really, then, why do we all use GnuPG/PGP? For 99% of us, it's probably 80% coolness factor, with 20% paranoia/what-if/why not tossed in. The very arguments I tend to hear against >1024-bit signature keys are the very arguments against GnuPG/PGP itself. Why bother. Ugly signatures. Probably doesn't matter anyways. Even if it's mostly coolness-factor causing you to use it, my suggestion: if you're going to use it, then USE it. And lobby, as users, for the algorithms, protocols, and standards that offer real protection. Regards, Kurt Fitzner -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John A. Martin Sent: March 16, 2004 7:35 AM To: gnupg-users@gnupg.org Subject: Re: Looking for Elgamal sign+encrypt key information >>>>> "Kurt" == Kurt Fitzner >>>>> "RE: Looking for Elgamal sign+encrypt key information" Mon, 15 >>>>> Mar 2004 22:36:53 -0700 Kurt> We now have two conflicting sets of documents. Both Kurt> apparently signed by the same key. But John might have also have gotten a counter-signature of sorts like perhaps . (See the heading "Trusting Stamper".) jam From rmalayter at bai.org Tue Mar 16 17:33:58 2004 From: rmalayter at bai.org (Ryan Malayter) Date: Tue Mar 16 17:31:44 2004 Subject: basic hash signature question Message-ID: <792DE28E91F6EA42B4663AE761C41C2A01E1A64D@cliff.bai.org> [David Shaw] >This is a common problem with server-based things - how do you trust >the server isn't lying? In this day and age of worm-installed backdoor trojans - and even compromised Linux source code trees - how do you really know that your personal workstation isn't lying when it verifies GnuPG signatures? It's a matter of degrees of trust. Isn't it reasonable to assume, for instance, that a well-run web server, owned a security-conscious organization, with an appropriate SSL certificate, is at least as trustworthy as the end-user's PC? Regards, Ryan From atom-gpg at suspicious.org Wed Mar 17 01:45:58 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Wed Mar 17 01:43:20 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > The arguments against >1024bit signatures basically boil down to... why > bother, ugly signatures, probably isn't any point. Really, then, why do > we all use GnuPG/PGP? For 99% of us, it's probably 80% coolness factor, > with 20% paranoia/what-if/why not tossed in. The very arguments I tend > to hear against >1024-bit signature keys are the very arguments against > GnuPG/PGP itself. Why bother. Ugly signatures. Probably doesn't > matter anyways. > > Even if it's mostly coolness-factor causing you to use it, my > suggestion: if you're going to use it, then USE it. And lobby, as > users, for the algorithms, protocols, and standards that offer real > protection. ============================ damn good point. now, if DSS/DSA was modified to handle 4K keys and 0.5K hashes, that would give us what, 5-6 lines of signature? i can deal with that.... OTOH, just because it's possible to use 10K+ keys, at ~some~ point even the clinically paranoid user would say "that's too big." DSS/DSA doesn't currently suffer from a "that's too big" problem, since 1K keys are on the low end of what's currently considered to be a prudent key size. since you mention lobbying for the algorithms, protocols, and standards that offer real protection, i'll ask the list, again, what's the current status of DSS/DSA variants that allow larger keys and hashes? when will this become a standard that can be used in "end products" like gpg? should the current openPGP draft be including a "reserved" status for such signatures? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice." -- Bruce Schneier, 15 Sep 1999 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD4DBQFAV5/MnCgLvz19QeMRArfGAJwPtP+vTlE8wzAaASXq+dv8qtrUPACYjTy2 eGKz0T6PpoFvpUuGO4UP0A== =Mfgc -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Mar 17 03:22:59 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Mar 17 03:20:22 2004 Subject: basic hash signature question In-Reply-To: <792DE28E91F6EA42B4663AE761C41C2A01E1A64D@cliff.bai.org> References: <792DE28E91F6EA42B4663AE761C41C2A01E1A64D@cliff.bai.org> Message-ID: <20040317022259.GA1852@jabberwocky.com> On Tue, Mar 16, 2004 at 10:33:58AM -0600, Ryan Malayter wrote: > [David Shaw] > >This is a common problem with server-based things - how do you trust > >the server isn't lying? > > In this day and age of worm-installed backdoor trojans - and even > compromised Linux source code trees - how do you really know that your > personal workstation isn't lying when it verifies GnuPG signatures? > > It's a matter of degrees of trust. Isn't it reasonable to assume, for > instance, that a well-run web server, owned a security-conscious > organization, with an appropriate SSL certificate, is at least as > trustworthy as the end-user's PC? No. You can't really compare the security of a machine that sits under your desk with one in a data center somewhere. Not to even get into the "which is better question" - it's just an apples and oranges comparison. David From teenieberry at worldnet.att.net Wed Mar 17 12:19:37 2004 From: teenieberry at worldnet.att.net (FRANK HUBENY) Date: Wed Mar 17 12:08:08 2004 Subject: gpgdir ? References: <000501c409dd$9bf084b0$a6424e0c@frank075dd4bfc> <20040315165433.GA16582@uriel.eclipsed.net> Message-ID: <001901c40c11$bfc48040$432f4e0c@frank075dd4bfc> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gabriel Rosenkoetter wrote in part; Without a more detailed description of what this ``gpgdir'' does, it's hard to understand why --batch doesn't satisfy your needs. My response: It seems that "gpgdir" will encrypt, or decrypt complete directories with out haveing to list each file in it. The "batch" command requires you to list each file individually. Frank D. Hubeny -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94 iD8DBQFAWDRXdXf8zWPj9yMRAvCLAJwI/xeGz6GPhEzYMlt/mN1m+iwOYACfVCAP piZyVswkhq03dFY6PzM8foo= =mmJL -----END PGP SIGNATURE----- From moshe at splitc.com Wed Mar 17 23:56:33 2004 From: moshe at splitc.com (Moshe Sambol) Date: Wed Mar 17 23:54:08 2004 Subject: CTRL-D not working?! Message-ID: <002c01c40c73$1a1e9240$38fea8c0@workHorse> I downloaded GnuPG today and have started using it. I'm able to work with files alright but if I try to use stdin, CTRL-D is ignored by gpg! I can't terminate the input! I'm running on WinXP Pro, and I've tried this in a command window as well as in a cygwin window, same results. CTRL-D works fine for anything else I try, like cat, etc. ------------------------------------------------------------------------ --- C:\gnupg>gpg --clearsign You need a passphrase to unlock the secret key for user: "Moshe Sambol " 1024-bit DSA key, ID 9B16C593, created 2003-05-19 this is some sample text. message over. ^D ^D^D^D^D go away!^D ^D ^C C:\gnupg>cat > test.txt mary had a little lamb. C:\gnupg>cat test.txt mary had a little lamb. ------------------------------------------------------------------------ -- I feel like something ridiculous is going on here... I've checked the mailing list archives, no one else seems to have had this problem... any suggestions? Thanks. From sbutler at fchn.com Thu Mar 18 00:51:24 2004 From: sbutler at fchn.com (Steve Butler) Date: Thu Mar 18 00:50:31 2004 Subject: CTRL-D not working?! Message-ID: <9A86613AB85FF346BB1321840DB42B4B046D423D@jupiter.fchn.com> I thought CTRL-Z was end-of-file on Bill's O/S (Windows and/or MSDOS). CTRL-D serves that function on Unix type boxes. -----Original Message----- From: Moshe Sambol [mailto:moshe@splitc.com] Sent: Wednesday, March 17, 2004 2:57 PM To: gnupg-users@gnupg.org Subject: CTRL-D not working?! I downloaded GnuPG today and have started using it. I'm able to work with files alright but if I try to use stdin, CTRL-D is ignored by gpg! I can't terminate the input! I'm running on WinXP Pro, and I've tried this in a command window as well as in a cygwin window, same results. CTRL-D works fine for anything else I try, like cat, etc. ------------------------------------------------------------------------ --- C:\gnupg>gpg --clearsign You need a passphrase to unlock the secret key for user: "Moshe Sambol " 1024-bit DSA key, ID 9B16C593, created 2003-05-19 this is some sample text. message over. ^D ^D^D^D^D go away!^D ^D ^C C:\gnupg>cat > test.txt mary had a little lamb. C:\gnupg>cat test.txt mary had a little lamb. ------------------------------------------------------------------------ -- I feel like something ridiculous is going on here... I've checked the mailing list archives, no one else seems to have had this problem... any suggestions? Thanks. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, = is for the sole use of the intended recipient(s) and may contain = confidential and privileged information. Any unauthorized review, use, = disclosure or distribution is prohibited. If you are not the intended = recipient, please contact the sender by reply e-mail and destroy all = copies of the original message. From moshe at splitc.com Thu Mar 18 02:02:18 2004 From: moshe at splitc.com (Moshe Sambol) Date: Thu Mar 18 01:59:37 2004 Subject: CTRL-D not working?! References: <9A86613AB85FF346BB1321840DB42B4B046D423D@jupiter.fchn.com> Message-ID: <000301c40c84$ab1c1fe0$38fea8c0@workHorse> Steve, You are correct, at least as far as gpg! Thanks! (One caveat: it's CTRL-Z followed by enter, as opposed to the behavior of CTRL-D, which interrupts all by itself, without having to be followed by enter.) -Moshe ----- Original Message ----- From: "Steve Butler" To: <> Sent: Thursday, March 18, 2004 1:51 AM Subject: RE: CTRL-D not working?! I thought CTRL-Z was end-of-file on Bill's O/S (Windows and/or MSDOS). CTRL-D serves that function on Unix type boxes. From johanw at vulcan.xs4all.nl Thu Mar 18 00:06:00 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sun Mar 21 21:21:26 2004 Subject: CTRL-D not working?! In-Reply-To: <002c01c40c73$1a1e9240$38fea8c0@workHorse> from Moshe Sambol at "Mar 18, 2004 00:56:33 am" Message-ID: <200403172306.AAA00900@vulcan.xs4all.nl> Moshe Sambol wrote: [Charset windows-1255 unsupported, skipping...] Please train your mailer better. Isn't ^Z the DOS/win EOF marker? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From DenisMcCauley at ifrance.com Fri Mar 19 02:18:15 2004 From: DenisMcCauley at ifrance.com (Denis McCauley) Date: Sun Mar 21 21:21:53 2004 Subject: IDEA Message-ID: <405A4A57.1040402@ifrance.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, I need to add the IDEA algorithm to GPG on my Linux box. Can someone kindly tell me where I can find the file to add to the source distribution. Thanks Denis - -- ============================================================ My OpenPGP keys are at at http://www.djmccauley.tk ============================================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.5 (GNU/Linux) iD8DBQFAWkpV3wn5k0VSiPERAkLoAJ9ti9R20mD02cdzYrKFUHhfgQ3s3wCgkrkv tyKOWPvpzII6WGYQ9NFYe48= =nSJe -----END PGP SIGNATURE----- From kfitzner at excelcia.org Fri Mar 19 15:44:58 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Sun Mar 21 21:26:54 2004 Subject: Bug in 1.2.4 - cannot verify messages with lines that contain dashes Message-ID: <405B076A.9000004@excelcia.org> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 553 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040319/1ce93ea4/signature-0001.bin From torduninja at netcourrier.com Fri Mar 19 20:23:11 2004 From: torduninja at netcourrier.com (Maxine Brandt) Date: Sun Mar 21 21:29:44 2004 Subject: Insecure memory Message-ID: <20040319092311.585ab9c8.torduninja@netcourrier.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I've read that if I SUID the gpg binary nothing will be written to disk and I won't be using insecure memory, but are there any security problems with doing this? Salut Maxine - -- My OpenPGP keys: http://www.torduninja.tk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAW0ifKBY/R6nbCcARAgV1AJ9yTvowm7PKqj2R8Us3X94dnnSVPgCghR04 71Sc25yQ3r5cQRVhkUZcTf0= =Xi1W -----END PGP SIGNATURE----- From kfitzner at excelcia.org Sun Mar 21 17:55:54 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Sun Mar 21 21:40:28 2004 Subject: [Fwd: Bug in 1.2.4 - cannot verify messages with lines that contain dashes] Message-ID: <405DC91A.3080107@excelcia.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, If this is a duplicated, please forgive me. I didn't see it come back to me - I figure that since it had an attachment originally it was rejected... I've tried to subscribe to the devel mailing list, but the web page signup is broken, and I've received no response from gnupg-devel-reguest, so I will post this bug report and patch here. I noticed when trying to verify Atom-Smasher's signatures that GnuPG hung up due to the fact that his signature has a line of dashes in it. Unfortunately, fake_packet() in armor.c assumes that if a string of four dashes is encountered, that it is the end of the signed message. It is a fairly trivial fix. I have attached a small diff patch that will correct the issue. Please accept my apologies if this has already been adressed in another report. Kurt Fitzner - --- armor_old.c Tue Sep 16 20:20:18 2003 +++ armor.c Fri Mar 19 07:20:38 2004 @@ -549,11 +549,11 @@ ~ } ~ else if( n >= 15 && p[1] == '-' && p[2] == '-' && p[3] == '-' ) { ~ int type = is_armor_header( p, n ); ~ if( afx->not_dash_escaped && type != BEGIN_SIGNATURE ) ~ ; /* this is okay */ - - else { + else if (type != -1) { ~ if( type != BEGIN_SIGNATURE ) { ~ log_info(_("unexpected armor:")); ~ print_string( stderr, p, n, 0 ); ~ putc('\n', stderr); ~ } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQF3I9d366Kf2Ie2tAQKAngf+MVCm8PI1Mq/x1VSq6iaQh2ztmjwHZQkr /Rq6TagWPnh/lLE9cS0jlsTddimQGM4GVREtraggtJBdByDQ9ERRiSRm0V+845CB I214xksIYb4kZYXgrwfkwxQScwLboLhvNad2Mae04DU62CHpdZGHFQbWJ5C6nniJ UYLDQXBzeLNeWJFWeT0OltwnCSDzfHy5DgH708EVtlC0eQouUu6dhfOoSUZz66xK ei2MSXvZrhMjm1Kzg6TVIXTpeEb7+4zkCd26O2ZKCCrbLuC36lmAU9KmPQ6NfNbd 0W2qg/73G3kJtWvPpMYGYv+LBSq995+nftK4ZBrMvQERjW8Y3lKacQ== =l2kt -----END PGP SIGNATURE----- From kfitzner at excelcia.org Sun Mar 21 19:35:59 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Sun Mar 21 21:41:07 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> Message-ID: <405DE08F.5010508@excelcia.org> Atom 'Smasher' wrote: > since you mention lobbying for the algorithms, protocols, and standards > that offer real protection, i'll ask the list, again, what's the current > status of DSS/DSA variants that allow larger keys and hashes? when will > this become a standard that can be used in "end products" like gpg? should > the current openPGP draft be including a "reserved" status for such > signatures? Apparantly some of the changes have already made it into DSS. For quite some time, too. As of October 1, 2001, ANSI X9.31 (rDSA) which is an RSA-based signature algorithm that supports >1024-bit keys, was added into the DSS. This is specified in FIPS 186-2, which now supercedes the original DSS FIPS 186-1. Additionally, the new DSS now also supports eliptic curve keys as specified in ANSI X9.62.[1] My research hasn't uncovered whether or not this new DSS is a topic of discussion for inclusion with the updated OpenPGP. Does anyone here know? Kurt Fitzner [1] See http://csrc.nist.gov/cryptval/dss.htm and http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf From JPClizbe at comcast.net Sun Mar 21 22:00:10 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sun Mar 21 22:15:04 2004 Subject: IDEA In-Reply-To: <405A4A57.1040402@ifrance.com> References: <405A4A57.1040402@ifrance.com> Message-ID: <405E025A.8020405@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis McCauley wrote: > Hi everyone, > > I need to add the IDEA algorithm to GPG on my Linux box. Can someone > kindly tell me where I can find the file to add to the source distribution. - From http://www.gnupg.org/(en)/why-not-idea.html ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz.sig - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org Comment: Annoy John Asscraft -- Use Strong Encyption iD8DBQFAXgJaHQSsSmCNKhARAtlBAJ9fqxuarzdY4xYGOfz8yP1RD9qjYwCg9M97 Hg7E+gRc0vsbJylar5Fd+/Y= =GJrb -----END PGP SIGNATURE----- From jharris at widomaker.com Mon Mar 22 00:09:43 2004 From: jharris at widomaker.com (Jason Harris) Date: Mon Mar 22 00:27:40 2004 Subject: new (2004-03-21) keyanalyze results Message-ID: <20040321230943.GG10980@pm1.ric-41.lft.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2004-03-21/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: e72e941ebee994a32c0f8758c1468cd701ea7c6b 13553874 preprocess.keys 5993f1bb184243b0734403a973e8a6c80f03a102 10591343 othersets.txt 1770986623dee16ebb8710f5bcf206f5bed9e66b 2469216 msd-sorted.txt b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html ff7f024d4956a4fbf9d0e8827ffc51818cef4390 2288 keyring_stats 436f8738d57c37326deb37ab66ed9d458472b3c8 978060 msd-sorted.txt.bz2 b4122e5358a97beaa6a29382249a03f90606f498 26 other.txt 9557247fe910f039b11ccfcecfb3c68801fe00ae 2065464 othersets.txt.bz2 75b98c3d0f2294290a888658e115e516fad83b1d 6052255 preprocess.keys.bz2 3a80cbdc84fe74c1a4f21757d955a86c201846ed 13750 status.txt 196d2dc65ea51363436a3df21b6ba3e4eec799a9 212060 top1000table.html 6b3b458e6c3a34cbaafdddafc5bf472cf039566a 30609 top1000table.html.gz 5d6a73b398d0ba3f9d89f966a08a5342b1faf464 11077 top50table.html dac90888c0473ffbfdb9d327188042feea4961b6 2379 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040321/bfa4bc33/attachment.bin From dshaw at jabberwocky.com Mon Mar 22 01:16:40 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Mar 22 01:34:23 2004 Subject: Bug in 1.2.4 - cannot verify messages with lines that contain dashes In-Reply-To: <405B076A.9000004@excelcia.org> References: <405B076A.9000004@excelcia.org> Message-ID: <20040322001640.GA11044@jabberwocky.com> On Fri, Mar 19, 2004 at 07:44:58AM -0700, Kurt Fitzner wrote: > Hello, > > I've tried to subscribe to the devel mailing list, but the web page > signup is broken, and I've received no response from > gnupg-devel-reguest, so I will post this bug report and patch here. > > I noticed when trying to verify Atom-Smasher's signatures that GnuPG > hung up due to the fact that his signature has a line of dashes in it. > Unfortunately, fake_packet() in armor.c assumes that if a string of four > dashes is encountered, that it is the end of the signed message. I'm afraid I don't really understand the problem you're having. Can you post an example of the problem? I have never had a problem verifying a signature from anyone on this list. David From dshaw at jabberwocky.com Mon Mar 22 01:37:03 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Mar 22 01:51:26 2004 Subject: Insecure memory In-Reply-To: <20040319092311.585ab9c8.torduninja@netcourrier.com> References: <20040319092311.585ab9c8.torduninja@netcourrier.com> Message-ID: <20040322003703.GB11044@jabberwocky.com> On Fri, Mar 19, 2004 at 09:23:11AM -1000, Maxine Brandt wrote: > Greetings, > > I've read that if I SUID the gpg binary nothing will be written to disk and > I won't be using insecure memory, but are there any security problems with > doing this? A bug in GnuPG could be worse if the binary was setuid. However, GnuPG intentionally drops setuid very early in the startup phase to avoid this. David From dshaw at jabberwocky.com Mon Mar 22 01:43:04 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Mar 22 02:08:41 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <405DE08F.5010508@excelcia.org> References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> Message-ID: <20040322004304.GC11044@jabberwocky.com> On Sun, Mar 21, 2004 at 11:35:59AM -0700, Kurt Fitzner wrote: > Atom 'Smasher' wrote: > > >since you mention lobbying for the algorithms, protocols, and standards > >that offer real protection, i'll ask the list, again, what's the current > >status of DSS/DSA variants that allow larger keys and hashes? when will > >this become a standard that can be used in "end products" like gpg? should > >the current openPGP draft be including a "reserved" status for such > >signatures? > > Apparantly some of the changes have already made it into DSS. For quite > some time, too. As of October 1, 2001, ANSI X9.31 (rDSA) which is an > RSA-based signature algorithm that supports >1024-bit keys, was added > into the DSS. This is specified in FIPS 186-2, which now supercedes the > original DSS FIPS 186-1. OpenPGP has a RSA-based signature algorithm that supports >1024-bit keys. It's, well, RSA ;) > Additionally, the new DSS now also supports eliptic curve keys as > specified in ANSI X9.62.[1] There is a reserved algorithm number in OpenPGP for ECDSA, but nobody has decided upon and written down the details of the packet formats and other details of how it would work in OpenPGP. > My research hasn't uncovered whether or not this new DSS is a topic of > discussion for inclusion with the updated OpenPGP. Does anyone here know? It hasn't been discussed. What's to add? OpenPGP has DSA already, it doesn't need rDSA, and has a reserved slot for ECDSA for whenever someone wants to add it. The fact that nobody has done this leads me to believe there is not strong interest in it. David From atom-gpg at suspicious.org Mon Mar 22 02:42:54 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Mon Mar 22 02:40:23 2004 Subject: Bug in 1.2.4 - cannot verify messages with lines that contain dashes In-Reply-To: <20040322001640.GA11044@jabberwocky.com> References: <405B076A.9000004@excelcia.org> <20040322001640.GA11044@jabberwocky.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > I noticed when trying to verify Atom-Smasher's signatures that GnuPG > > hung up due to the fact that his signature has a line of dashes in it. > > Unfortunately, fake_packet() in armor.c assumes that if a string of four > > dashes is encountered, that it is the end of the signed message. > > I'm afraid I don't really understand the problem you're having. Can > you post an example of the problem? I have never had a problem > verifying a signature from anyone on this list. ========================== i'm also curious what you're observing.... i've never had any complaints about my pgp signatures.... i'm not aware of any "line of dashes" in my signature, and any dashes in the body (of an in-line signed email) would be dash-escaped. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth." -- Sherlock Holmes (Arthur Conan Doyle) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAXkSjnCgLvz19QeMRAqnlAJ4iwhj8G8e3r+wzMkcV9/UvZhikrgCfQhsH hSkauqTD1uLnm6Y4/DfbbMc= =DBY0 -----END PGP SIGNATURE----- From kfitzner at excelcia.org Mon Mar 22 04:00:43 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Mon Mar 22 03:58:39 2004 Subject: Bug in 1.2.4 - cannot verify messages with lines that contain dashes In-Reply-To: <20040322001640.GA11044@jabberwocky.com> References: <405B076A.9000004@excelcia.org> <20040322001640.GA11044@jabberwocky.com> Message-ID: <405E56DB.9080507@excelcia.org> David Shaw wrote: > I'm afraid I don't really understand the problem you're having. Can > you post an example of the problem? I have never had a problem > verifying a signature from anyone on this list. It appears that I was mistaken. It is a bug in either Mozilla Thunderbird or in Enigmail (or both). It seems that the dash escape is removed from messages before it is passed to GnuPG. However, I would still suggest the submitted patch be incorporated. Without it, gpg assumes that any line that starts with 4 dashes is a armor header. With the patch, it will ignore dashed lines unless they are a known OpenPGP header - at which point, if it is not the header that gpg is looking for, it will still output an "unexpected armor" error message. Attached is a zipped file with an example message where the dash escape has been removed from a non-gpg-armor line. The change in the patch will allow it to be verified, whereas stock 1.2.4 will die with a series of errors. With the patch, improperly escaped messages will still be able to be verified unless they contain nested armor headers where the escaping has also been removed. Additionally, it nullifies the need to dash escape lines that are not actually OpenPGP armor headers - thus preserving the formatting on clearsigned text more faithfully. If this change is rejected, I still suggest that the errors returned when gpg attempts to verify the signature on the sample message should be verbose-mode messages only. I'm not sure that exposing the internal gpg errors that occur when bad armor is found is a good thing. At least, not unless verbose output is selected. I would suggest that "good signature", "bad signature" or "no signature" be the only normal output when verifying a message. -------------- next part -------------- A non-text attachment was scrubbed... Name: ClearsignedDashes.zip Type: application/x-zip-compressed Size: 655 bytes Desc: not available Url : /pipermail/attachments/20040321/13ff161f/ClearsignedDashes.bin From rabbi at quickie.net Mon Mar 22 04:29:17 2004 From: rabbi at quickie.net (Len Sassaman) Date: Mon Mar 22 04:26:32 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <20040322004304.GC11044@jabberwocky.com> References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> Message-ID: On Sun, 21 Mar 2004, David Shaw wrote: > OpenPGP has a RSA-based signature algorithm that supports >1024-bit > keys. It's, well, RSA ;) Precisely. What is the problem with RSA? > > Additionally, the new DSS now also supports eliptic curve keys as > > specified in ANSI X9.62.[1] > > There is a reserved algorithm number in OpenPGP for ECDSA, but nobody > has decided upon and written down the details of the packet formats > and other details of how it would work in OpenPGP. It was actually implemented in PGP 7.5, probably per the direction of the marketing department, because "elliptic curve cryptography" sounds sexy. > > My research hasn't uncovered whether or not this new DSS is a topic of > > discussion for inclusion with the updated OpenPGP. Does anyone here know? > > It hasn't been discussed. What's to add? OpenPGP has DSA already, it > doesn't need rDSA, and has a reserved slot for ECDSA for whenever > someone wants to add it. The fact that nobody has done this leads me > to believe there is not strong interest in it. There are strong reasons *not* to add more algorithms to OpenPGP. OpenPGP already suffers greatly by having so many possible algorithms on which attacks against the system can be made. From kfitzner at excelcia.org Mon Mar 22 05:01:17 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Mon Mar 22 05:01:07 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> Message-ID: <405E650D.8010105@excelcia.org> Len Sassaman wrote: >>OpenPGP has a RSA-based signature algorithm that supports >1024-bit >>keys. It's, well, RSA ;) > > Precisely. What is the problem with RSA? I think that was hit point. :) > It was actually implemented in PGP 7.5, probably per the direction of the > marketing department, because "elliptic curve cryptography" sounds sexy. Unfortunate reason to incorporate something, I agree. > There are strong reasons *not* to add more algorithms to OpenPGP. OpenPGP > already suffers greatly by having so many possible algorithms on which > attacks against the system can be made. Perhaps. I wouldn't go adding ECDSA just for coolness factor. But, one of the given reasons for the incorporation of DSA was that it was a signature standard. One of the given reasons for incorporation of rDSA and ECDSA into the new DSS is the key length restriction of DSA. If DSA falls into disuse, then without rDSA or ECDSA, there will be no signature standard in OpenPGP at all. I really don't know how much of an issue this would be. Is the incorporation of DSS important to GnuPG and OpenPGP? How much of the reasoning for incorporating DSA was that it was a standard, and how much of it was because of RSA's patent? These are questions I don't know the answer to. Any takers? From pt at radvis.nu Mon Mar 22 08:32:17 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Mon Mar 22 08:29:30 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: <405E650D.8010105@excelcia.org> References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> Message-ID: <6.0.1.1.2.20040322081934.026914a8@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 05:01 2004-03-22, you wrote: >Len Sassaman wrote: > >> It was actually implemented in PGP 7.5, probably per the direction of the >> marketing department, because "elliptic curve cryptography" sounds sexy. > >Unfortunate reason to incorporate something, I agree. > >> There are strong reasons *not* to add more algorithms to OpenPGP. OpenPGP >> already suffers greatly by having so many possible algorithms on which >> attacks against the system can be made. > >Perhaps. I wouldn't go adding ECDSA just for coolness factor. I thought "elliptic curve cryptography" wasn't established yet and thus couldn't be considered to be safe. I do wonder why it's included in DSS - I thought the standard was somewhat conservative. Have I missed something? > But, one >of the given reasons for the incorporation of DSA was that it was a >signature standard. One of the given reasons for incorporation of rDSA >and ECDSA into the new DSS is the key length restriction of DSA. If DSA >falls into disuse, then without rDSA or ECDSA, there will be no >signature standard in OpenPGP at all. > >I really don't know how much of an issue this would be. Is the >incorporation of DSS important to GnuPG and OpenPGP? How much of the >reasoning for incorporating DSA was that it was a standard, and how much >of it was because of RSA's patent? These are questions I don't know the >answer to. Any takers? > I strongly agree that we need longer signatures. And I believe it's important to continue with support of the DSS. I thought the only reason not to have longer signatures was to comply with the DSS ... I am glad to hear that the DSS finally has changed and naturally OpenPGP will have to follow. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94 iD8DBQFAXpaRITLMlZFNlMoRAnwhAJ41o1funv6KW72DLk2wGBH1txjjQgCghTqj ovH3gNH3lRG/CW7uSoI4ZcQ= =RaGM -----END PGP SIGNATURE----- From pt at radvis.nu Mon Mar 22 08:57:25 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Mon Mar 22 08:54:38 2004 Subject: Looking for Elgamal sign+encrypt key information In-Reply-To: References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> Message-ID: <6.0.1.1.2.20040322085612.02673988@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 04:29 2004-03-22, you wrote: >There are strong reasons *not* to add more algorithms to OpenPGP. OpenPGP >already suffers greatly by having so many possible algorithms on which >attacks against the system can be made. > I did some googeling and found a link casting some doubt upon rDSA: On the Security of RDSA http://www.springerlink.com/app/home/contribution.asp?wasp=9a0qb3uwqgdrwmjtxxww&referrer=parent&backto=issue,29,39;journal,319,1501;linkingpublicationresults,id:105633,1 Does anyone have any information? Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94 iD8DBQFAXpx1ITLMlZFNlMoRAn1sAJ9RaQ0PdKpJnZPy4LmrYNPESEkNhgCdHgqs lBb9VriZiG0HCnaVi+HyUow= =UAmd -----END PGP SIGNATURE----- From wk at gnupg.org Tue Mar 23 09:34:58 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Mar 23 09:32:40 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) In-Reply-To: <405E650D.8010105@excelcia.org> (Kurt Fitzner's message of "Sun, 21 Mar 2004 21:01:17 -0700") References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> Message-ID: <87ad280xn1.fsf_-_@alberti.g10code.de> On Sun, 21 Mar 2004 21:01:17 -0700, Kurt Fitzner said: > Perhaps. I wouldn't go adding ECDSA just for coolness factor. But, There is one reason I can see for adding ECDSA: Smartcards implementing ECC are far cheaper than usable cards with RSA (something like 4 compared to 12 Euro). ECC can be implemented on cards without a NPU required for fast RSA operations. We discussed ECC in the WG some time ago and the consensus was that there is no need for ECC in OpenPGP because ECC does not give an advantage on todays general purpose computers. As it happens, an experimental patch to GnuPG to provide ECDH and ECDSA as experimental algorithms has just been posted to gnupg-devel; see http://alumnes.eup.udl.es/~d4372211/index.en.html . > I really don't know how much of an issue this would be. Is the > incorporation of DSS important to GnuPG and OpenPGP? How much of the Yes, it is a MUST algorithm (DSA+SHA1). > reasoning for incorporating DSA was that it was a standard, and how > much of it was because of RSA's patent? These are questions I don't The reason to use DSA was due to the RSA patent of course. DSA has also the advantage of yielding a small signature. Werner From pt at radvis.nu Tue Mar 23 14:28:52 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Tue Mar 23 14:26:07 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) In-Reply-To: <405E650D.8010105@excelcia.org> References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> Message-ID: <6.0.1.1.2.20040323124535.026895b8@localhost> At 05:01 2004-03-22, you wrote: >Len Sassaman wrote: > >One of the given reasons for incorporation of rDSA >and ECDSA into the new DSS is the key length restriction of DSA. If DSA >falls into disuse, then without rDSA or ECDSA, there will be no >signature standard in OpenPGP at all. > The current DSA will in a few years time be depreciated because of too short signing keys. What's the reason not to include rDSA i OpenPGP? I think it's important to have a modern signature standard in OpenPGP. Products bases on OpenPGP cannot be marketed to e.g. US government if standard algos are missing. I don't know the reasons why the new DSS doesn't include the "old" RSA signature algo (used in OpenPGP), but rather the new rDSA. The difference seems to be that the new rDSA is using an other hash, MDC-2 (patented). What's the advantage? If MDC-2 is applied with DES as block cipher the hash is only 2x64=128 bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a longer hash would be needed to make any use of longer signing keys. With the "old" RSA signature algo a much longer hash can be used e.g. the forthcoming SHA-256. Per Tunedal From atom-gpg at suspicious.org Tue Mar 23 23:04:00 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Tue Mar 23 23:01:13 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > If MDC-2 is applied with DES as block cipher the hash is only 2x64=128 > bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a > longer hash would be needed to make any use of longer signing keys. With > the "old" RSA signature algo a much longer hash can be used e.g. the > forthcoming SHA-256. ============================ "forthcoming SHA-256"??? gpg 1.2.4 can handle SHA256, but only to verify, not to sign. 1.3.5 handles SHA256 (H8), SHA384 (H9) and SHA512 (H10). Secure Hash Standard (SHS) (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 algorithms) http://csrc.nist.gov/cryptval/shs.htm btw, why does gpg list the SHA-x family of hashes without a dash? the official spec ~does~ include a dash ;) ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "Everything that can be invented has been invented." -- Charles H. Duell, Commissioner, U.S. Office of Patents, 1899 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAYKTDnCgLvz19QeMRAh0cAJ9eQlwJhxbYq7d2G80WQ5GA/AMkiQCfZsc/ Pm9+ObjEii7mARZtzSCSqZw= =1hAh -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Mar 24 02:01:41 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Mar 24 01:59:08 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) In-Reply-To: <6.0.1.1.2.20040323124535.026895b8@localhost> References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> <6.0.1.1.2.20040323124535.026895b8@localhost> Message-ID: <20040324010140.GA8382@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Mar 23, 2004 at 02:28:52PM +0100, Per Tunedal Casual wrote: > At 05:01 2004-03-22, you wrote: > >Len Sassaman wrote: > > > >One of the given reasons for incorporation of rDSA > >and ECDSA into the new DSS is the key length restriction of DSA. If DSA > >falls into disuse, then without rDSA or ECDSA, there will be no > >signature standard in OpenPGP at all. > > > The current DSA will in a few years time be depreciated because of too > short signing keys. What's the reason not to include rDSA i OpenPGP? I > think it's important to have a modern signature standard in OpenPGP. > Products bases on OpenPGP cannot be marketed to e.g. US government if > standard algos are missing. > > I don't know the reasons why the new DSS doesn't include the "old" RSA > signature algo (used in OpenPGP), but rather the new rDSA. The difference > seems to be that the new rDSA is using an other hash, MDC-2 (patented). > What's the advantage? > > If MDC-2 is applied with DES as block cipher the hash is only 2x64=128 > bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a > longer hash would be needed to make any use of longer signing keys. With > the "old" RSA signature algo a much longer hash can be used e.g. the > forthcoming SHA-256. What do you mean forthcoming? ;) Seriously, though, there is no reason why rDSA can't someday be added to OpenPGP. OpenPGP is very extensible and we're not even close to running out of algorithm numbers. That said, there is no particular reason I've seen to add it *now*. We should never add algorithms just because they are available. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iQFHBAEBCAAxBQJAYN3mKhhodHRwOi8vd3d3LmphYmJlcndvY2t5LmNvbS9kYXZp ZC9rZXlzLmFzYwAKCRCHHMKrPLO0FSQVB/9/HDYiV+Vx8KOMAcyvkCLqsiM9rSP5 b81FoQxSwP0cHSvzNS0EkKiuPkaJWF4U475UkWN22p8AZaqog4vIkjViiiiFjNzT X+df6+PhQxdcmpTStV17cZ00+IlWMR88UBPyVoJFytDMnGEWG17s8VVsD/DbCaDo p7E8pHom066YwxenrMkdW9A8oGeaJwN9AKUkeBr+uvOM0g0WmzxXo/L2LT//OH4c NoPszAU4Weahw6prT3LVGS2zLrgfRpgipTOGu4L4v8JEV1AAbPv1tXGYIMT87eQb gmMEtHHvOw4s7Mkp1i3tH5qQa8JehXK/EDVCHB3XXwlappmOPd3yBf86 =N+41 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Mar 24 02:09:06 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Mar 24 02:06:28 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) In-Reply-To: References: Message-ID: <20040324010906.GB8382@jabberwocky.com> On Tue, Mar 23, 2004 at 05:04:00PM -0500, Atom 'Smasher' wrote: > > If MDC-2 is applied with DES as block cipher the hash is only 2x64=128 > > bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a > > longer hash would be needed to make any use of longer signing keys. With > > the "old" RSA signature algo a much longer hash can be used e.g. the > > forthcoming SHA-256. > ============================ > > "forthcoming SHA-256"??? > > gpg 1.2.4 can handle SHA256, but only to verify, not to sign. > > 1.3.5 handles SHA256 (H8), SHA384 (H9) and SHA512 (H10). > > Secure Hash Standard (SHS) > (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 algorithms) > http://csrc.nist.gov/cryptval/shs.htm > > btw, why does gpg list the SHA-x family of hashes without a dash? the > official spec ~does~ include a dash ;) The OpenPGP spec doesn't use a dash. No idea why. David From atom-gpg at suspicious.org Wed Mar 24 02:36:12 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Wed Mar 24 02:33:35 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) In-Reply-To: <20040324010140.GA8382@jabberwocky.com> References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> <6.0.1.1.2.20040323124535.026895b8@localhost> <20040324010140.GA8382@jabberwocky.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Seriously, though, there is no reason why rDSA can't someday be added > to OpenPGP. OpenPGP is very extensible and we're not even close to > running out of algorithm numbers. That said, there is no particular > reason I've seen to add it *now*. We should never add algorithms just > because they are available. ================================ out of curiousity, what are the reasons that new algorithms get added to the spec? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "Sure, it's going to kill a lot of people, but they may be dying of something else anyway." -- Othal Brand, member of a Texas pesticide review board, comments on Chlordane -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAYOYRnCgLvz19QeMRAkfbAJwM3ukompMPl4cCWzEggODWd1UqvACfXDgG 6p5oBnjj+UN+TkWelpdm984= =Ac7z -----END PGP SIGNATURE----- From wk at gnupg.org Wed Mar 24 10:05:58 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Mar 24 10:07:40 2004 Subject: DSA and ECC In-Reply-To: (atom-gpg@suspicious.org's message of "Tue, 23 Mar 2004 20:36:12 -0500 (EST)") References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> <6.0.1.1.2.20040323124535.026895b8@localhost> <20040324010140.GA8382@jabberwocky.com> Message-ID: <87d672y5qh.fsf@alberti.g10code.de> On Tue, 23 Mar 2004 20:36:12 -0500 (EST), Atom 'Smasher' said: > out of curiousity, what are the reasons that new algorithms get added to > the spec? Twofish was added as the first freely available 128 bit block cipher and partly due to personal communication between Phil Zimmermann and Bruce Schneier. AES has been added because it is the new standard block cipher and algorithm numbers have been reserved for it right with the first OpenPGP drafts. SHA256 et al. have been added because they are required for for certain applications and they match properties of the new block ciphers. Other algorithms or reserved algorithm numbers are even dropped from the latest drafts. We don't need to add a >1024 bit DSA because it is just a matter of the keysize and OpenPGP does not give limits on that. We have not yet added support for >1024 bit DSA because we actually use DSS (basically DSA + SHA1) and like to wait for the official specifications of >1024 bit DSA , although they details are pretty obvious. Werner From gnupg at ml0402.albert.uni.cc Wed Mar 24 17:12:23 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Wed Mar 24 17:11:37 2004 Subject: gpg --search-keys Message-ID: <200403241712.23971.gnupg@ml0402.albert.uni.cc> Can you tell me why gpg --keyserver hkp://pgp.mit.edu --search-keys Tamara works and gpg --keyserver hkp://pgp.mit.edu --search-keys Albert not? Albert From lukas at web-xs.de Wed Mar 24 17:30:52 2004 From: lukas at web-xs.de (lukas) Date: Wed Mar 24 17:28:28 2004 Subject: gpg --search-keys In-Reply-To: <200403241712.23971.gnupg@ml0402.albert.uni.cc> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> Message-ID: <200403241730.54327.lukas@web-xs.de> On Wednesday 24 March 2004 17:12, Albert wrote: > Can you tell me why > gpg --keyserver hkp://pgp.mit.edu --search-keys Tamara > works and > gpg --keyserver hkp://pgp.mit.edu --search-keys Albert > not? Because there's no key matching this pattern. cu lukas -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040324/cb65184e/attachment.bin From dshaw at jabberwocky.com Wed Mar 24 17:51:43 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Mar 24 17:49:01 2004 Subject: gpg --search-keys In-Reply-To: <200403241712.23971.gnupg@ml0402.albert.uni.cc> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> Message-ID: <20040324165142.GA15568@jabberwocky.com> On Wed, Mar 24, 2004 at 05:12:23PM +0100, Albert wrote: > Can you tell me why > gpg --keyserver hkp://pgp.mit.edu --search-keys Tamara > works and > gpg --keyserver hkp://pgp.mit.edu --search-keys Albert > not? There are so many Alberts, the server refused to answer. David From lukas at web-xs.de Wed Mar 24 18:04:50 2004 From: lukas at web-xs.de (lukas) Date: Wed Mar 24 18:02:35 2004 Subject: gpg --search-keys In-Reply-To: <20040324165142.GA15568@jabberwocky.com> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <20040324165142.GA15568@jabberwocky.com> Message-ID: <200403241804.56939.lukas@web-xs.de> On Wednesday 24 March 2004 17:51, David Shaw wrote: > On Wed, Mar 24, 2004 at 05:12:23PM +0100, Albert wrote: > > Can you tell me why > > gpg --keyserver hkp://pgp.mit.edu --search-keys Tamara > > works and > > gpg --keyserver hkp://pgp.mit.edu --search-keys Albert > > not? > > There are so many Alberts, the server refused to answer. You're right. Sorry for my silly answer. ;) - Public Key Server -- Error - - Number of keys in reply (1834) exceeded maximum allowed (1000) - Try a more specific query. cu lukas -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040324/1aec4283/attachment.bin From gnupg at ml0402.albert.uni.cc Wed Mar 24 19:47:35 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Wed Mar 24 19:45:36 2004 Subject: gpg --search-keys In-Reply-To: <200403241804.56939.lukas@web-xs.de> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <20040324165142.GA15568@jabberwocky.com> <200403241804.56939.lukas@web-xs.de> Message-ID: <200403241947.35113.gnupg@ml0402.albert.uni.cc> Am Mittwoch, 24. M?rz 2004 18:04 schrieb lukas: > On Wednesday 24 March 2004 17:51, David Shaw wrote: > > On Wed, Mar 24, 2004 at 05:12:23PM +0100, Albert wrote: > > > Can you tell me why > > > gpg --keyserver hkp://pgp.mit.edu --search-keys Tamara > > > works and > > > gpg --keyserver hkp://pgp.mit.edu --search-keys Albert > > > not? > > > > There are so many Alberts, the server refused to answer. > > You're right. Sorry for my silly answer. ;) > > - Public Key Server -- Error > - > - Number of keys in reply (1834) exceeded maximum allowed (1000) > - Try a more specific query. I thought that there is a limitatition, but how to you get this error message? Albert From hmujtaba at forumsys.com Wed Mar 24 20:09:39 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Wed Mar 24 20:07:29 2004 Subject: Trailing white space Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D01572C@bstn-exch1.forumsys.com> Hi, How does GPG handles trailing white spaces when preparing cleartext signatures? Also, what is PGP8's default behavior? If anyone can shed light on this I would appreciate it. If the whitespaces are removed before calculating the signature, then are they removed from the document as well before it is sent out, or does the receiving side have to do it's own trimming of trailing whitespaces before calculating the signature? Thanks Hasnain. ---- The information contained in this electronic mail and any attached document is the confidential and proprietary business information of Forum Systems, Inc. It is intended solely for the addressed recipient listed above. It may not be distributed in any manner without the express written consent of Forum Systems, Inc. From Jason_Mantor at hesc.com Wed Mar 24 20:29:53 2004 From: Jason_Mantor at hesc.com (Jason_Mantor@hesc.com) Date: Wed Mar 24 20:27:08 2004 Subject: TEST Message-ID: Just a test to see if I'm being blocked From lukas at web-xs.de Wed Mar 24 20:36:40 2004 From: lukas at web-xs.de (lukas) Date: Wed Mar 24 20:34:19 2004 Subject: gpg --search-keys In-Reply-To: <200403241947.35113.gnupg@ml0402.albert.uni.cc> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <200403241804.56939.lukas@web-xs.de> <200403241947.35113.gnupg@ml0402.albert.uni.cc> Message-ID: <200403242036.41701.lukas@web-xs.de> On Wednesday 24 March 2004 19:47, Albert wrote: > > - Public Key Server -- Error > > - > > - Number of keys in reply (1834) exceeded maximum allowed (1000) > > - Try a more specific query. > > I thought that there is a limitatition, but how to you get this > error message? I've searched for "albert" on http://pgp.mit.edu :) cu lukas -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040324/7a6f5a3e/attachment.bin From nigel.dunn at jyanet.com Wed Mar 24 21:08:05 2004 From: nigel.dunn at jyanet.com (nigel.dunn@jyanet.com) Date: Wed Mar 24 21:05:19 2004 Subject: Can I be removed from the list please. Message-ID: <1080158885.4061eaa566fc7@webmail.jyanet.com> I've tried the web interface again and again to remove myself as I've been travelling a lot recently but to no avail. Can someone please remove me from the list. Thanks, Nigel. ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From alan at batie.org Wed Mar 24 21:51:17 2004 From: alan at batie.org (Alan Batie) Date: Wed Mar 24 21:48:35 2004 Subject: key dumper? Message-ID: <20040324205117.GA13284@agora.rdrop.com> Is there a pgp equivalent to "openssl x509 -text"? I'd like to see just what's in my key... -- Alan Batie ______ alan.batie.org Me alan at batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ spamassassin.taint.org NO SPAM! To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -Theodore Roosevelt, 26th US President (1858-1919) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 305 bytes Desc: not available Url : /pipermail/attachments/20040324/935c9d71/attachment.bin From thomas at northernsecurity.net Wed Mar 24 18:00:08 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Wed Mar 24 21:59:03 2004 Subject: gpg --search-keys In-Reply-To: <200403241712.23971.gnupg@ml0402.albert.uni.cc> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> Message-ID: <20040324170008.GB18698@northernsecurity.net> On Wed, Mar 24, 2004 at 05:12:23PM +0100, Albert wrote: > Can you tell me why > gpg --keyserver hkp://pgp.mit.edu --search-keys Tamara > works and > gpg --keyserver hkp://pgp.mit.edu --search-keys Albert > not? > Albert is a pretty common name so it generates too many responses. Try searching using the keyid or the complete name. /Thomas -- == thomas@northernsecurity.net | thomas@se.linux.org == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040324/d6b645e6/attachment.bin From dshaw at jabberwocky.com Wed Mar 24 22:13:10 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Mar 24 22:10:35 2004 Subject: key dumper? In-Reply-To: <20040324205117.GA13284@agora.rdrop.com> References: <20040324205117.GA13284@agora.rdrop.com> Message-ID: <20040324211310.GA17886@jabberwocky.com> On Wed, Mar 24, 2004 at 12:51:17PM -0800, Alan Batie wrote: > Is there a pgp equivalent to "openssl x509 -text"? I'd like to see just > what's in my key... gpg --export (yourkeyid) | gpg --list-packets David From lukas at web-xs.de Wed Mar 24 22:43:26 2004 From: lukas at web-xs.de (lukas) Date: Wed Mar 24 22:41:12 2004 Subject: Can I be removed from the list please. In-Reply-To: <1080158885.4061eaa566fc7@webmail.jyanet.com> References: <1080158885.4061eaa566fc7@webmail.jyanet.com> Message-ID: <200403242243.29551.lukas@web-xs.de> Just click the line below. mailto:gnupg-users-request@gnupg.org?subject=unsubscribe From pt at radvis.nu Wed Mar 24 22:59:02 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Wed Mar 24 23:09:13 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) In-Reply-To: References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> <6.0.1.1.2.20040323124535.026895b8@localhost> Message-ID: <6.0.1.1.2.20040324224747.02677490@localhost> At 21:57 2004-03-23, you wrote: >> longer hash would be needed to make any use of longer signing keys. With >> the "old" RSA signature algo a much longer hash can be used e.g. the >> forthcoming SHA-256. >============================ > >"forthcoming SHA-256"??? > >gpg 1.2.4 can handle SHA256, but only to verify, not to sign. > >1.3.5 handles SHA256 (H8), SHA384 (H9) and SHA512 (H10). > Exactly, the production version of GnuPG (1.2.4) doesn't use SHA-256 for signing, but only for verifying. David Shaw explained some time ago that this is a way of making way for a wider use in future versions. Thus: forthcoming ... Per Tunedal From pt at radvis.nu Wed Mar 24 23:12:55 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Wed Mar 24 23:10:11 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) Message-ID: <6.0.1.1.2.20040324231249.0267de68@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 02:01 2004-03-24, you wrote: > >On Tue, Mar 23, 2004 at 02:28:52PM +0100, Per Tunedal Casual wrote: >> At 05:01 2004-03-22, you wrote: > >> I don't know the reasons why the new DSS doesn't include the "old" RSA >> signature algo (used in OpenPGP), but rather the new rDSA. The difference >> seems to be that the new rDSA is using an other hash, MDC-2 (patented). >> What's the advantage? >> >> If MDC-2 is applied with DES as block cipher the hash is only 2x64=128 >> bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a >> longer hash would be needed to make any use of longer signing keys. With >> the "old" RSA signature algo a much longer hash can be used e.g. the >> forthcoming SHA-256. > - -- snipp -- >Seriously, though, there is no reason why rDSA can't someday be added >to OpenPGP. OpenPGP is very extensible and we're not even close to >running out of algorithm numbers. That said, there is no particular >reason I've seen to add it *now*. We should never add algorithms just >because they are available. > >David I wanted to hear if anyone new why the new rDSA was developed. What's the advantage over the "old" RSA algorithm? Especially the "new" hash algoritm MDC-2 puzzles me. (I haven't read ANSI X-9.31 and neither have I found any documents about the design process of the standard.) Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94 iD8DBQFAYgf3ITLMlZFNlMoRAiJiAKCFN1p54viabtjY8Ux7wxKPKrui5QCeLcPj ZeH7eIrTM5LkwfKm0eFIyMY= =ZpmW -----END PGP SIGNATURE----- From gnupg at ml0402.albert.uni.cc Wed Mar 24 23:22:04 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Wed Mar 24 23:21:50 2004 Subject: Mailfilter for unknown signatures (Re: gpg --search-keys) In-Reply-To: <20040324170008.GB18698@northernsecurity.net> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <20040324170008.GB18698@northernsecurity.net> Message-ID: <200403242313.58156.gnupg@ml0402.albert.uni.cc> Am Mittwoch, 24. M?rz 2004 18:00 schrieb Thomas Sj?gren: > On Wed, Mar 24, 2004 at 05:12:23PM +0100, Albert wrote: > > Can you tell me why > > gpg --keyserver hkp://pgp.mit.edu --search-keys Tamara > > works and > > gpg --keyserver hkp://pgp.mit.edu --search-keys Albert > > not? > > Albert is a pretty common name so it generates too many > responses. Try searching using the keyid or the complete name. Thanks, I tried to search my own key with different search strategies :-) I uploaded 1 new email-address with my key and after a few days I got a W32/Mydoom.G to this address. A 2nd address which was uploaded to the keyserver too at the same time, got this Mydoom too, while a 3rd and 4th address (daughter, friend) didn't. It was very strange. With 99.99% I can exclude, that the malware came from the only person who knew the new email-address. We both use linux systems. I never heard of a linux system which spreads a win-worm automatically and passes the firewall. So the only source are the keyservers. Since a mail with my from-address bounced from a user with the same lastname than mine, it could be that she checked her keys and had my address cached or whatever, although she is a employee of a big company, which sent me an email with "550 Unacceptable content", so I wonder how she could spread the virus/worm. Maybe the reason was because my firstname starts with "A". It looks like, that it is unlikely that someone fetched all Albert-keys or is there another way to do it? I think the only way to protect email-addresses registered at key-servers from spam is to accept mails with signatures only and make an autoresponder for the non-signed. As a 2nd step I would like to check for encrypted mails, which are signed but not known locally. Any ideas how I can do this with a linux-mailserver? Albert From thomas at northernsecurity.net Thu Mar 25 00:05:09 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Thu Mar 25 00:02:51 2004 Subject: Mailfilter for unknown signatures (Re: gpg --search-keys) In-Reply-To: <200403242313.58156.gnupg@ml0402.albert.uni.cc> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <20040324170008.GB18698@northernsecurity.net> <200403242313.58156.gnupg@ml0402.albert.uni.cc> Message-ID: <20040324230508.GJ18698@northernsecurity.net> On Wed, Mar 24, 2004 at 11:22:04PM +0100, Albert wrote: > I tried to search my own key with different search strategies :-) Did it work? > I uploaded 1 new email-address with my key and after a few days I > got a W32/Mydoom.G to this address. A 2nd address which was > uploaded to the keyserver too at the same time, got this Mydoom > too, while a 3rd and 4th address (daughter, friend) didn't. It was > very strange. I got limited knowledge about worm/malware but it seems unlikely that MyDoom actually scans keyservers to gather email addresses. If i'm not mistaken no worm has done this (yet). > With 99.99% I can exclude, that the malware came from > the only person who knew the new email-address. We both use linux > systems. I never heard of a linux system which spreads a win-worm > automatically and passes the firewall. I have to trust you about the number of people knowing the address in question. However, as long as you can send emails, you can spread malware. > I think the only way to protect email-addresses registered at > key-servers from spam is to accept mails with signatures only and > make an autoresponder for the non-signed. This behavior would, sad to say, kill 99% of all mails sent. > As a 2nd step I would like to check for encrypted mails, which are > signed but not known locally. Any ideas how I can do this with a > linux-mailserver? Set a procmail filter, for example, to look for the PGP MESSAGE string and the parse the message to a shell script. btw, dont use pgp.mit.edu, it's broken. use subkeys.pgp.net instead. /Thomas -- == thomas@northernsecurity.net | thomas@se.linux.org == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040325/3c366e7d/attachment-0001.bin From skquinn at xevious.kicks-ass.net Thu Mar 25 01:44:38 2004 From: skquinn at xevious.kicks-ass.net (Shawn K. Quinn) Date: Thu Mar 25 01:33:22 2004 Subject: key dumper? In-Reply-To: <20040324205117.GA13284@agora.rdrop.com> References: <20040324205117.GA13284@agora.rdrop.com> Message-ID: <200403241844.49818.skquinn@xevious.kicks-ass.net> On Wednesday 2004 March 24 14:51, Alan Batie wrote: > Is there a pgp equivalent to "openssl x509 -text"? I'd like to see > just what's in my key... In addition to 'gpg --list-packets' mentioned by Mr. Shaw, there is also a program called pgpdump which may be more of what you are looking for, showing the actual numbers where they are available (this may be possible with 'gpg --list-packets' as well). -- Shawn K. Quinn -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: signature Url : /pipermail/attachments/20040324/141f17fe/attachment.bin From gnupg at ml0402.albert.uni.cc Thu Mar 25 01:54:41 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Thu Mar 25 01:52:37 2004 Subject: Mailfilter for unknown signatures (Re: gpg --search-keys) In-Reply-To: <20040324230508.GJ18698@northernsecurity.net> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <200403242313.58156.gnupg@ml0402.albert.uni.cc> <20040324230508.GJ18698@northernsecurity.net> Message-ID: <200403250143.54598.gnupg@ml0402.albert.uni.cc> Am Donnerstag, 25. M?rz 2004 00:05 schrieb Thomas Sj?gren: > On Wed, Mar 24, 2004 at 11:22:04PM +0100, Albert wrote: > > I tried to search my own key with different search strategies > > :-) > > Did it work? With everything including my lastname I found my key, but not with Albert. > > I uploaded 1 new email-address with my key and after a few days > > I got a W32/Mydoom.G to this address. A 2nd address which was > > uploaded to the keyserver too at the same time, got this Mydoom > > too, while a 3rd and 4th address (daughter, friend) didn't. It > > was very strange. > > I got limited knowledge about worm/malware but it seems unlikely > that MyDoom actually scans keyservers to gather email addresses. > If i'm not mistaken no worm has done this (yet). I don't think the malware itselfs scans the keyservers, but probably spammers and also people with viruses. Nowadays spammers use viruses to create open relays and to spread their mails later. > > With 99.99% I can exclude, that the malware came from > > the only person who knew the new email-address. We both use > > linux systems. I never heard of a linux system which spreads a > > win-worm automatically and passes the firewall. > > I have to trust you about the number of people knowing the > address in question. However, as long as you can send emails, you > can spread malware. I think it is very unlikely to spread win-viruses with linux machines. > > I think the only way to protect email-addresses registered at > > key-servers from spam is to accept mails with signatures only > > and make an autoresponder for the non-signed. > > This behavior would, sad to say, kill 99% of all mails sent. It depends on your email-strategies and on your _personal_ needs. Why shouldn't one use an email-address for signed/encrypted mails _only_? There are only a few people (below 10) who send me signed emails and all of them I know personally very well. Because I am very sure, that nobody else than a few people and spammers would send emails to this address, I can be very strict. I think of a filter with an autoresponder, which mentions a webpage were a standard-email-address is included as a picture, which is unreadable for a scanner, but a human has a chance to contact me. Also I am sure nobody would ever contact me via this way. > > As a 2nd step I would like to check for encrypted mails, which > > are signed but not known locally. Any ideas how I can do this > > with a linux-mailserver? > > Set a procmail filter, for example, to look for the PGP MESSAGE > string and the parse the message to a shell script. I think the first filter I can setup at a freemailer like gmx, where I check for "application/pgp-signature" in the header, so unsigned emails are deleted there without downloading. Maybe I belong to the people who have no real security needs, but think where everything is monitored and manipulated, using gpg shouldn't be wrong. The next step after the redirection to a freemailer are the local filters. I am not very familiar with procmail, any help would be appreciated. Different users on a small mailserver use fetchmail to get the mails. Then postfix and .forward is used to check for viruses with amavis and spamassassin cat .forward "|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #localuser" cat .procmailrc :0fw: spamc.lock * < 256000 | spamc :0 * ^^rom[ ] { LOG="*** Dropped F off From_ header! Fixing up. " :0 fhw | sed -e '1s/^/F/' } qpopper is also setup. So the users clients get their mails via a local POP3-server, using KMail and mails are stored there in maildir-format. At the end a valid email has to be forwared to the default mailbox in /var/spool/mail and maybe the user should get a note that an encrypted email from X was deleted. I don't know _where_ I can include the shell script. But I think I could write this script with all features I would like to have. Also I am unsure how I should check for known signatures. The mail doesn't contain a key-ID, so I have to check if the email-address can be found in my local keys, or am I wrong? Using grep I should be able to get the from-address and with gpg --list-keys I can check the public keys, the program mail could be used to inform of a deleted email. > btw, dont use pgp.mit.edu, it's broken. use subkeys.pgp.net > instead. I don't use it, but why are they broken? I know that www.keyserver.net shows a wrong fingerprint with my key, but with pgp.mit.edu it is ok. Albert From nigel.dunn at jyanet.com Thu Mar 25 02:19:06 2004 From: nigel.dunn at jyanet.com (nigel.dunn@jyanet.com) Date: Thu Mar 25 02:16:21 2004 Subject: Can I be removed from the list please. Message-ID: <1080177546.4062338a66c0e@webmail.jyanet.com> I followed the link a couple of hours ago and still haven't received a message from the server asking for confirmation and I am still receiving GnuPG messages. Shouldn't subscriptions be added and removed almost immediately? Regards, Nigel. Quoting lukas : > Just click the line below. > > mailto:gnupg-users-request@gnupg.org?subject=unsubscribe > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From alan at batie.org Thu Mar 25 04:52:55 2004 From: alan at batie.org (Alan Batie) Date: Thu Mar 25 04:50:13 2004 Subject: key dumper? In-Reply-To: <200403241844.49818.skquinn@xevious.kicks-ass.net> References: <20040324205117.GA13284@agora.rdrop.com> <200403241844.49818.skquinn@xevious.kicks-ass.net> Message-ID: <20040325035255.GC14948@agora.rdrop.com> -----BEGIN PGP SIGNED MESSAGE----- On Wed, Mar 24, 2004 at 06:44:38PM -0600, Shawn K. Quinn wrote: > In addition to 'gpg --list-packets' mentioned by Mr. Shaw, there is also > a program called pgpdump which may be more of what you are looking for, Thanks! Those are exactly what I was looking for... - -- Alan Batie ______ alan.batie.org Me alan at batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ spamassassin.taint.org NO SPAM! To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. - -Theodore Roosevelt, 26th US President (1858-1919) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iQCVAwUBQGJXl4v4wNua7QglAQFY7AP9Gw3cD2NZHnbRA4ly5UvVTc0zmKvF/5R0 9LgxtlVUpGNhmLS/JvwELP4qgY14+zdBlzG6shkMrQL/y6S9fxitdXjT88L2/Elc UyFPozP9j+iHr16DYoh+1ryNuvW1wx6uRxKgXrx3Qx664/fj8pZfJ6RO8FFW1fB4 wlElj6N81JM= =5pif -----END PGP SIGNATURE----- From atom-gpg at suspicious.org Thu Mar 25 04:58:17 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Thu Mar 25 04:55:49 2004 Subject: DSA and ECC In-Reply-To: <87d672y5qh.fsf@alberti.g10code.de> References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> <6.0.1.1.2.20040323124535.026895b8@localhost> <20040324010140.GA8382@jabberwocky.com> <87d672y5qh.fsf@alberti.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Twofish was added as the first freely available 128 bit block cipher > and partly due to personal communication between Phil Zimmermann and > Bruce Schneier. ========================== was twofish originally implemented in openPGP as a 128 bit cipher? the current implementation is 256 bit... or did you mean to say that blowfish was the first freely available 128 bit block cipher? > We don't need to add a >1024 bit DSA because it is just a matter of > the keysize and OpenPGP does not give limits on that. We have not yet > added support for >1024 bit DSA because we actually use DSS (basically > DSA + SHA1) and like to wait for the official specifications of >1024 > bit DSA , although they details are pretty obvious. ========================== i can't figure out why NIST/NSA/ANSI etc are taking so long to formalize the larger versions of DSS/DSA. i guess in the meantime, one can use RSA-3072 with SHA-256 (if they're using a bleeding-edge version of gpg). ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "If Jesus had been killed 20 years ago, Catholic school children would be wearing little electric chairs around their necks instead of crosses" -- Lenny Bruce -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAYljdnCgLvz19QeMRAumqAKCWhoYr1HvU15VSdck7Cq5jwsC0AgCdHwnZ yuacSQk58BnoiNk1dG1lr5k= =ppon -----END PGP SIGNATURE----- From atom-gpg at suspicious.org Thu Mar 25 05:20:08 2004 From: atom-gpg at suspicious.org (Atom 'Smasher') Date: Thu Mar 25 05:17:27 2004 Subject: Trailing white space In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D01572C@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D01572C@bstn-exch1.forumsys.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > How does GPG handles trailing white spaces when preparing cleartext > signatures? Also, what is PGP8's default behavior? If anyone can shed > light on this I would appreciate it. > > If the whitespaces are removed before calculating the signature, then > are they removed from the document as well before it is sent out, or > does the receiving side have to do it's own trimming of trailing > whitespaces before calculating the signature? ======================== RFC 2440 - http://www.faqs.org/rfcs/rfc2440.html 5.2.1. Signature Types (0x01) 7.1. Dash-Escaped Text the trailing whitespace is left intact in the document, and the signature verification performs the same tricks "when the cleartext signature is calculated" on the receiving end. at least, that's the way that GnuPG seems to handle it, and i don't see anything in the RFC that specifies removing the trailing whitespace from a document when signing it. since that's the openPGP standard, i would hope that PGP8 does it that way by default ;) hhmm... this might cause problems if someone wants to sign a program written in the 'whitespace' programming language ;) http://compsoc.dur.ac.uk/whitespace/ ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "What you are seeing is not just a consolidation of seed companies, it is really a consolidation of the entire food chain. Since water is as central to food production as seed is, and without water life is not possible, Monsanto is now trying to establish its control over water." -- Robert Farley, Monsanto -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAYl39nCgLvz19QeMRAnZ3AJwM0yODZeapL1SvNt9q2djH7DmzlQCeLMYG F3d4G870LUNLdBMK9IADS6A= =/8/Y -----END PGP SIGNATURE----- From wk at gnupg.org Thu Mar 25 10:54:08 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Mar 25 10:52:44 2004 Subject: DSA and ECC In-Reply-To: (atom-gpg@suspicious.org's message of "Wed, 24 Mar 2004 22:58:17 -0500 (EST)") References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> <6.0.1.1.2.20040323124535.026895b8@localhost> <20040324010140.GA8382@jabberwocky.com> <87d672y5qh.fsf@alberti.g10code.de> Message-ID: <87brmlfe0v.fsf@alberti.g10code.de> On Wed, 24 Mar 2004 22:58:17 -0500 (EST), Atom 'Smasher' said: > was twofish originally implemented in openPGP as a 128 bit cipher? the > current implementation is 256 bit... or did you mean to say that blowfish > was the first freely available 128 bit block cipher? Yes, I was talking about the block size and not the key size. From pt at radvis.nu Thu Mar 25 12:44:22 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Thu Mar 25 12:41:35 2004 Subject: DSA and ECC In-Reply-To: References: <000e01c40b69$d0d1ab90$0dc8a8c0@frisket> <405DE08F.5010508@excelcia.org> <20040322004304.GC11044@jabberwocky.com> <405E650D.8010105@excelcia.org> <6.0.1.1.2.20040323124535.026895b8@localhost> <20040324010140.GA8382@jabberwocky.com> <87d672y5qh.fsf@alberti.g10code.de> Message-ID: <6.0.1.1.2.20040325124211.026be060@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 04:58 2004-03-25, you wrote: >> Twofish was added as the first freely available 128 bit block >> cipher >> and partly due to personal communication between Phil Zimmermann >> and >> Bruce Schneier. >========================== > >was twofish originally implemented in openPGP as a 128 bit cipher? >the >current implementation is 256 bit... or did you mean to say that >blowfish >was the first freely available 128 bit block cipher? > Twofish and AES are 128 bit block ciphers. The Twofish implementation in GnuPG is limited to the keysize 256 bits. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFAYsYNaDDfzFT+2PIRAsXdAJ4w+ejeGbmOTxRO+Pf6w2Bwc8aJbwCfaO5i 7jzlyUPDcyclNBqRDWP2pKc= =RQlc -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Thu Mar 25 00:22:02 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu Mar 25 20:45:59 2004 Subject: DSA and ECC (was: Looking for Elgamal sign+encrypt key information) In-Reply-To: <6.0.1.1.2.20040324224747.02677490@localhost> from Per Tunedal Casual at "Mar 24, 2004 10:59:02 pm" Message-ID: <200403242322.AAA01672@vulcan.xs4all.nl> Per Tunedal Casual wrote: >Exactly, the production version of GnuPG (1.2.4) doesn't use SHA-256 for >signing, but only for verifying. 1.2.4 already supports it in the code, but there is an extra check that returns out of the signing procedure. The source change to make it support it for signing is very small (commenting out some lines in cipher/md.c, any beginning C programmer can see immediately which lines). The file has already comment in it for people who want to change the source. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From kfitzner at excelcia.org Fri Mar 26 21:08:01 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Fri Mar 26 21:06:58 2004 Subject: Error when using gpg in a cron job Message-ID: <40648DA1.9080204@excelcia.org> I have set up an internal machine on my network as a tripwire system that checks over my firewall server once each morning and emails me the results. Since my firewall server is also my mail server, I wanted the machine sending the mail to sign the email reports - forcing an attacker to breach both systems in order to defeat the check. My problem is when cron runs this command: cat /root/.gnupg/pass | $GPG --passphrase-fd 0 --quiet \ --output $SIGNED --clearsign $REPORT I get this error: gpg: cannot open `/dev/tty': No such device or address For some reason, gpg is trying to open up a tty directly - for what reason, I don't know. This is running on an HP/UX 11.0 system. If anyone has any ideas, I'd appreciate it. Kurt Fitzner From sbutler at fchn.com Fri Mar 26 21:49:09 2004 From: sbutler at fchn.com (Steve Butler) Date: Fri Mar 26 21:48:44 2004 Subject: Error when using gpg in a cron job Message-ID: <9A86613AB85FF346BB1321840DB42B4B046D42BE@jupiter.fchn.com> Use --batch and --no-tty -----Original Message----- From: Kurt Fitzner [mailto:kfitzner@excelcia.org] Sent: Friday, March 26, 2004 12:08 PM To: gnupg-users@gnupg.org Subject: Error when using gpg in a cron job I have set up an internal machine on my network as a tripwire system that checks over my firewall server once each morning and emails me the results. Since my firewall server is also my mail server, I wanted the machine sending the mail to sign the email reports - forcing an attacker to breach both systems in order to defeat the check. My problem is when cron runs this command: cat /root/.gnupg/pass | $GPG --passphrase-fd 0 --quiet \ --output $SIGNED --clearsign $REPORT I get this error: gpg: cannot open `/dev/tty': No such device or address For some reason, gpg is trying to open up a tty directly - for what reason, I don't know. This is running on an HP/UX 11.0 system. If anyone has any ideas, I'd appreciate it. Kurt Fitzner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From jp at cvmx.de Fri Mar 26 22:02:32 2004 From: jp at cvmx.de (Julius Plenz) Date: Fri Mar 26 21:57:40 2004 Subject: Error when using gpg in a cron job In-Reply-To: <40648DA1.9080204@excelcia.org> References: <40648DA1.9080204@excelcia.org> Message-ID: <20040326210232.GB720@cvmx.de> * Kurt Fitzner [2004-03-26 21:54]: > My problem is when cron runs this command: > cat /root/.gnupg/pass | $GPG --passphrase-fd 0 --quiet \ > --output $SIGNED --clearsign $REPORT > > I get this error: > gpg: cannot open `/dev/tty': No such device or address home/julius,0$ man gpg | grep -A 2 no-tty Formatiere gpg(1) neu, bitte warten... --no-tty Make sure that the TTY (terminal) is never used for any out- put. This option is needed in some cases because GnuPG some- times prints warnings to the TTY if --batch is used. Julius -- Julius Plenz, Surf, Mail, Smile! www.cvmx.de/ <>< http://plenz.com/ Please don't Cc me in your replies, thanks #129455376 3993 FD19 2AF0 E21E 5D74 E963 144C 5EE9 186D CA0D gpg --verbose --keyserver subkeys.pgp.net --recv-key 0x186DCA0D From kfitzner at excelcia.org Fri Mar 26 22:17:57 2004 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Fri Mar 26 22:21:26 2004 Subject: Error when using gpg in a cron job In-Reply-To: References: Message-ID: <40649E05.1070800@excelcia.org> Doreen Moore wrote: > I was getting the same problem and I included --batch in my commands and it > worked for me. > > cat /root/.gnupg/pass | $GPG --batch --passphrase-fd 0 --quiet \ > --output $SIGNED --clearsign $REPORT Thank-you!!! Next time I'll read the man page mpre carefully. :) From gnupg at ml0402.albert.uni.cc Fri Mar 26 23:13:35 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Fri Mar 26 23:11:36 2004 Subject: Error when using gpg in a cron job In-Reply-To: <40649E05.1070800@excelcia.org> References: <40649E05.1070800@excelcia.org> Message-ID: <200403262312.13299.gnupg@ml0402.albert.uni.cc> Am Freitag, 26. M?rz 2004 22:17 schrieb Kurt Fitzner: > Doreen Moore wrote: > > I was getting the same problem and I included --batch in my > > commands and it worked for me. > > > > cat /root/.gnupg/pass | $GPG --batch --passphrase-fd 0 > > --quiet \ --output $SIGNED --clearsign $REPORT I have another problem with a cronjob too. If I run the bash script manually, everything is ok, if it is executed as cron-job I get a message that the signature is invalid. (KMail shows the message in red) I found out that you are not allowed to use LC_ALL="de_DE" and after I removed it, it worked, but with a 2nd script, which contained LC_ALL too, I have still problems after I removed it. Any ideas? Since the script works fine without the cronjob I believe it is an "external" problem, maybe a charset problem. Albert From gnupg at kubieziel.de Sat Mar 27 00:17:48 2004 From: gnupg at kubieziel.de (Jens Kubieziel) Date: Sat Mar 27 00:15:04 2004 Subject: Error when using gpg in a cron job In-Reply-To: <40648DA1.9080204@excelcia.org> References: <40648DA1.9080204@excelcia.org> Message-ID: <20040326231748.GC7030@kubieziel.de> * Kurt Fitzner schrieb am 2004-03-26 13:08:01: > cat /root/.gnupg/pass | $GPG --passphrase-fd 0 --quiet \ > --output $SIGNED --clearsign $REPORT > gpg: cannot open `/dev/tty': No such device or address > For some reason, gpg is trying to open up a tty directly - for what > reason, I don't know. --no-tty Make sure that the TTY (terminal) is never used for any out- put. This option is needed in some cases because GnuPG some- times prints warnings to the TTY if --batch is used. -- Jens Kubieziel http://www.kubieziel.de I'm meditating on the FORMALDEHYDE and the ASBESTOS leaking into my PERSONAL SPACE!! From cwsiv at keepandbeararms.com Sat Mar 27 00:28:59 2004 From: cwsiv at keepandbeararms.com (Carl William Spitzer IV) Date: Sat Mar 27 00:20:39 2004 Subject: Importing old keys In-Reply-To: <20040324230508.GJ18698@northernsecurity.net> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <20040324170008.GB18698@northernsecurity.net> <200403242313.58156.gnupg@ml0402.albert.uni.cc> <20040324230508.GJ18698@northernsecurity.net> Message-ID: <1080337961.4259.1.camel@linux.local> I have some old keys from 262 mine and some friends. How do I import them my attempts produce errors? Do I need to install idea? CWSIV From shavital at mac.com Sat Mar 27 09:30:27 2004 From: shavital at mac.com (Charly Avital) Date: Sun Mar 28 18:05:19 2004 Subject: Importing old keys In-Reply-To: <1080337961.4259.1.camel@linux.local> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <20040324170008.GB18698@northernsecurity.net> <200403242313.58156.gnupg@ml0402.albert.uni.cc> <20040324230508.GJ18698@northernsecurity.net> <1080337961.4259.1.camel@linux.local> Message-ID: At 3:28 PM -0800 3/26/04, Carl William Spitzer IV wrote: >I have some old keys from 262 mine and some friends. > >How do I import them my attempts produce errors? > >Do I need to install idea? > >CWSIV I still have some 262 keys. I had to install idea. MacGPG 1.3.5 (GnuPG for Mac OS X). Charly From linux at codehelp.co.uk Sat Mar 27 15:59:00 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Sun Mar 28 18:06:12 2004 Subject: Importing old keys In-Reply-To: <1080337961.4259.1.camel@linux.local> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <20040324230508.GJ18698@northernsecurity.net> <1080337961.4259.1.camel@linux.local> Message-ID: <200403271459.00288.linux@codehelp.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 26 March 2004 11:28, Carl William Spitzer IV wrote: > I have some old keys from 262 mine and some friends. Old keys are probably out of date now and you may be better off updating from keyservers if you have a list of keyid's. > How do I import them my attempts produce errors? Can't help unless you specify the error messages! > Do I need to install idea? Only if your keys use IDEA - otherwise (IIRC) GnuPG doesn't need to look at the key preferences until the imported key is used in some way (to verify, to encrypt to or edited). One easy method (If you have KDE 3.2.1): Import the keys you can then use KGpg (latest version from KDE3.2.1) to 'import missing signatories from keyserver'. If the keys are tightly bound, this will bring in most of the other keys. - -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAZZa0iAEJSii8s+MRAiTZAJwIt7he0ywDMEFnpmNHhqGtCP7u8wCfWfSg qyp36S/u538Og4ZfbF9oTHY= =3ZMZ -----END PGP SIGNATURE----- From thomas at northernsecurity.net Sun Mar 28 21:56:03 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Mon Mar 29 09:28:19 2004 Subject: Mailfilter for unknown signatures (Re: gpg --search-keys) In-Reply-To: <200403250143.54598.gnupg@ml0402.albert.uni.cc> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <200403242313.58156.gnupg@ml0402.albert.uni.cc> <20040324230508.GJ18698@northernsecurity.net> <200403250143.54598.gnupg@ml0402.albert.uni.cc> Message-ID: <20040328195603.GA1480@northernsecurity.net> On Thu, Mar 25, 2004 at 01:54:41AM +0100, Albert wrote: > I think it is very unlikely to spread win-viruses with linux > machines. Well, yes, win-viruses/worms doesnt work on linux machines but i was talking more generally. since linux has become more and more of a desktop-os, malware will start to hit the end-users sooner or later. we've already seen a couple of worms attacking and gaining root on servers. See http://www.cert.org/advisories/CA-2002-27.html for more info. > It depends on your email-strategies and on your _personal_ needs. > Why shouldn't one use an email-address for signed/encrypted mails > _only_? Personally, i dont like to fiddle around with more email-addresses than necessary. If people like a setup with two addresses, one for signed/encrypted mails and one for "normal" mails, it's of course up to them. > I think the first filter I can setup at a freemailer like gmx, where > I check for "application/pgp-signature" in the header, so unsigned > emails are deleted there without downloading. Maybe I belong to the > people who have no real security needs, but think where everything > is monitored and manipulated, using gpg shouldn't be wrong. > > The next step after the redirection to a freemailer are the local > filters. If we're talking about a scenario wheres "everything is monitored", sending mail thru various freemailers might not be such a good idea. The more servers a mail is sent thru the more is the risk of someone actually monitoring it. sure, this does not include the risk of the message getting picked up by a signals intelligence system like Echelon. > qpopper is also setup. So the users clients get their mails via a > local POP3-server, using KMail and mails are stored there in > maildir-format. At the end a valid email has to be forwared to the > default mailbox in /var/spool/mail and maybe the user should get a > note that an encrypted email from X was deleted. i would put the encrypted mail in quarantine instead, maybe the system got some flaws in it? > The mail doesn't contain a key-ID, so I have to check if the > email-address can be found in my local keys, or am I wrong? > Using grep I should be able to get the from-address and with > gpg --list-keys I can check the public keys, the > program mail could be used to inform of a deleted email. Yes, that would work. > I don't use it, but why are they broken? I know that > www.keyserver.net shows a wrong fingerprint with my key, but with > pgp.mit.edu it is ok. wrong fingerprint? thats pretty serious imo. the reason i told you is that they dont support subkeys. /Thomas -- == thomas@northernsecurity.net | thomas@se.linux.org == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040328/170e381b/attachment-0001.bin From gnupg at ml0402.albert.uni.cc Sun Mar 28 22:59:49 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Mon Mar 29 09:28:35 2004 Subject: Mailfilter for unknown signatures (Re: gpg --search-keys) In-Reply-To: <20040328195603.GA1480@northernsecurity.net> References: <200403241712.23971.gnupg@ml0402.albert.uni.cc> <200403250143.54598.gnupg@ml0402.albert.uni.cc> <20040328195603.GA1480@northernsecurity.net> Message-ID: <200403282258.08716.gnupg@ml0402.albert.uni.cc> Am Sonntag, 28. M?rz 2004 21:56 schrieb Thomas Sj?gren: > wrong fingerprint? thats pretty serious imo. > the reason i told you is that they dont support subkeys. If you are interested in details, you can contact me by private mail. I mentioned this already in a post here. Albert From rhowell at bsc.edu Mon Mar 29 23:46:30 2004 From: rhowell at bsc.edu (Rusty Howell) Date: Mon Mar 29 23:45:00 2004 Subject: GnuPG & PGP Compatibility Message-ID: <000d01c415d7$4b73d1d0$7810dc89@HPV120> Good Evening, I'm still a newbie at this, so please forgive me if this has already been answered many times in the past. I have just started using GnuPG (for Windows, version 1.2.1 -- also using version 1.2.2 for AIX 4.3.3), and I have a basic question: Windows Version: I am using WinPT for an end-user in order to simplify things and was wondering if we encrypt a file using GnuPG and it stores it with a .gpg extension, will our recepient be able to decrypt it using PGP version 5+? I'm not sure what version they're using since they're an outside entity, but I am hoping that WinPT will do the trick. At first, I investigated using GnuPG from the command-line, but for an end-user that option didn't seem to be very user-friendly. Sincerely, Rusty From dshaw at jabberwocky.com Tue Mar 30 06:01:35 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Mar 30 06:38:09 2004 Subject: [Announce] GnuPG 1.2.5 first release candidate Message-ID: <20040330040135.GB26384@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are pleased to announce the availability of the first release candidate for GnuPG 1.2.5: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz (3404k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz.sig or as a patch against 1.2.4: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.4-1.2.5rc1.diff.gz (676k) Mirrors are listed at http://www.gnupg.org/download/mirrors.html MD5 sums are: bfdabd51ae6f19441c580506f2a51b4a gnupg-1.2.4-1.2.5rc1.diff.gz b907b73fc139b213bcad089545c94dfb gnupg-1.2.5rc1.tar.gz 6a3f543732867149aaae27f0b780e08e gnupg-1.2.5rc1.tar.gz.sig As this is the stable branch, this release contains mostly bug and portability fixes. Please test this release and report any problems. Noteworthy changes since 1.2.4: * New --ask-cert-level/--no-ask-cert-level option to turn on and off the prompt for signature level when signing a key. Defaults to on. * New --min-cert-level option to disregard key signatures that are under a specified level. Defaults to 1 (i.e. don't disregard anything). * New --max-output option to limit the amount of plaintext output generated by GnuPG. This option can be used by programs which call GnuPG to process messages that may result in plaintext larger than the calling program is prepared to handle. This is sometimes called a "Decompression Bomb". * New --list-config command for frontends and other programs that call GnuPG. See doc/DETAILS for the specifics of this. * New --gpgconf-list command for internal use by the gpgconf utility from gnupg 1.9.x. * Some performance improvements with large keyrings. See --enable-key-cache=SIZE in the README file for details. * Some portability fixes for the OpenBSD/i386, HPPA, and AIX platforms. Happy hacking, The GnuPG Team (David, Stefan, Timo, Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAkBo8R8qGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJW+0AoIFtD6YfSBjNY1OnzZVYpPT/6i1DAKCX Tv7qLF+YA6fIFLl+b+AhNS6rOw== =Us5+ -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From shavital at mac.com Tue Mar 30 09:41:56 2004 From: shavital at mac.com (Charly Avital) Date: Tue Mar 30 09:39:26 2004 Subject: [Announce] GnuPG 1.2.5 first release candidate In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mar 30, 2004, at 9:51 AM, David Shaw wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We are pleased to announce the availability of the first release > candidate for GnuPG 1.2.5: > > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz (3404k) > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz.sig > [...] Built from source under Mac OS X 10.3.3, including idea.c in cipher. To report: After make check -1, all 25 tests PASS. But: - -------------------------- make[1]: *** [install-data-yes] Error 127 make: *** [install-recursive] Error 1 - -------------------------- Till now, I have't found any problems in 1.2.5rc1's performance. Thanks for your work. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5rc1 (Darwin) iD8DBQFAaSTT8SG5rMkbCF4RAjQMAJ9+ER7mV9FDAKXmqSdHSYv/+AmBSQCgjIPM SpZdNR/VEFls27wGHYwvVGA= =LFDr -----END PGP SIGNATURE----- From linux at codehelp.co.uk Tue Mar 30 10:17:58 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Mar 30 10:14:34 2004 Subject: GnuPG & PGP Compatibility In-Reply-To: <000d01c415d7$4b73d1d0$7810dc89@HPV120> References: <000d01c415d7$4b73d1d0$7810dc89@HPV120> Message-ID: <200403300917.58507.linux@codehelp.co.uk> =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 29 March 2004 10:46, Rusty Howell wrote: > I'm still a newbie at this, so please forgive me if this has already been > answered many times in the past. I have just started using GnuPG (for It's OK to ask but read the docs first? > things and was wondering if we encrypt a file using GnuPG and it stores it > with a .gpg extension, will our recepient be able to decrypt it using PGP > version 5+? It's all on the FAQ already: http://www.gnupg.org/(en)/documentation/faqs.html#q1.2 http://www.gnupg.org/(en)/documentation/faqs.html#q5.1 > I'm not sure what version they're using since they're an outside entity, > but I am hoping that WinPT will do the trick. At first, I investigated > using GnuPG from the command-line, but for an end-user that option didn't > seem to be very user-friendly. The command line is the only way to have full control of GnuPG when you nee= d=20 it but everyday use is usually via another client (e.g. mail user agent)=20 anyway. You'll need the plugin if you want to use GnuPG in your insecure OE= =20 client. (It's easier with Enigmail and Mozilla). =2D --=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAaS02iAEJSii8s+MRAjMyAJ94BU8g8UdqMK/jdMTLMpgmF33DnwCfSoQN IjkjxXLjgTJ0a60zyJK7D3A=3D =3DzyvR =2D----END PGP SIGNATURE----- From nobrain at nowhere.org Mon Mar 29 15:29:39 2004 From: nobrain at nowhere.org (nobrain) Date: Tue Mar 30 10:50:16 2004 Subject: Encrypting Backups Message-ID: An HTML attachment was scrubbed... URL: /pipermail/attachments/20040329/c420b9fd/attachment.html From postmaster Fri Mar 26 11:50:39 2004 From: postmaster (postmaster) Date: Tue Mar 30 10:51:16 2004 Subject: InterScan NT Alert Message-ID: Sender, InterScan has detected virus(es) in your e-mail attachment. Date: Fri, 26 Mar 2004 11:50:39 +0100 Method: Mail From: To: info@baytechventure.com File: details_info.txt.scr Action: clean failed - deleted Virus: WORM_NETSKY.P From droundy at abridgegame.org Sat Mar 27 19:51:16 2004 From: droundy at abridgegame.org (David Roundy) Date: Tue Mar 30 11:01:58 2004 Subject: how to recover a clearsigned file? Message-ID: <20040327185116.GA7592@jdj5.mit.edu> Hello everyone, [Please c.c. me, as I'm not on the list.] I'm wondering whether there is a correct way to recover the contents of a clearsigned text file? The --decrypt command seems to almost do this, except that it corrupts lines that contain only a space (it removes the space). Why is it that --decrypt does this? Is it a bug? Right now, what I'm now doing is looking for the "-----BEGIN PGP SIGNED MESSAGE-----" line, and then removing the "- " from all lines beginning with "- -" after that. I'm not very comfortable doing this, since I tend to fear that there might be an attack where someone could put multiple "-----BEGIN PGP SIGNED MESSAGE-----" lines in a file, and trick me into using the wrong signed contents. Also, I'm not sure if gnupg does anything other than escaping lines beginning with '-'. In general, it seems like gpg ought to have *some* provision of extracting the contents of a clearsigned file... -- David Roundy http://www.abridgegame.org/darcs From avbidder at fortytwo.ch Tue Mar 30 11:33:27 2004 From: avbidder at fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Mar 30 11:30:45 2004 Subject: how to recover a clearsigned file? In-Reply-To: <20040327185116.GA7592@jdj5.mit.edu> References: <20040327185116.GA7592@jdj5.mit.edu> Message-ID: <200403301133.30588@fortytwo.ch> On Saturday 27 March 2004 19.51, David Roundy wrote: > I'm wondering whether there is a correct way to recover the contents > of a clearsigned text file? The --decrypt command seems to almost do > this, except that it corrupts lines that contain only a space (it > removes the space). Why is it that --decrypt does this? Is it a bug? Hi, You may want to read what RFC2440 says about clearsigning. Note that there is a draft of the successor for rfc2440, and the isse of end of line space is slightly changed, IIRC. Google for rfc2440bis-11 (or was it -10?). In short: clearsigning is supposed to remove spaces at the end of a line, because that is one area where mail programs and editors often have such behaviour, so if such space where calculated in, clearsigned files would easily be unintentionally broken. cheers -- vbi -- Today is Prickle-Prickle, the 16th day of Discord in the YOLD 3170 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 331 bytes Desc: signature Url : /pipermail/attachments/20040330/bcbebec0/attachment.bin From chris.1.sunderland at britishairways.com Tue Mar 30 13:06:18 2004 From: chris.1.sunderland at britishairways.com (chris.1.sunderland@britishairways.com) Date: Tue Mar 30 13:04:05 2004 Subject: Does trailing white space have to be deleted in textmode? Message-ID: Hi, my users have a requirement to send 80 column fixed length records, encrypted using GPG, therefore the trailing white space should be kept on each line. However since they are sending files to various host system types, we also wish to use textmode, which seems to force the trailing white space to be stripped. Can this be prevented using GPG? We currently have installed GPG 1.2.2. I have read through various entries on the archive for this group, and I know as far as my testing goes, it can't be done. However, I am an amateur with GPG so I can't really be 100% percent sure of the answer. I have tried using the simple test mentioned in some entries thus: $ echo 'test ' | gpg -ear 78FD286F | gpg | tr ' ' 'x' gpg: encrypted with 2048-bit ELG-E key, ID 0FB754BF, created 2003-06-17 "Chris Sunderland " testxxxx $ echo 'test ' | gpg -tear 78FD286F | gpg | tr ' ' 'x' gpg: encrypted with 2048-bit ELG-E key, ID 0FB754BF, created 2003-06-17 "Chris Sunderland " test which shows the problem. Does anyone know if there is a solution? I have run the same tests using PGP, and it works as I would like it to - which one is correct? Thanks, Chris Sunderland ------------------------------------------------------------------------------------------------- Get the best from British Airways at ba.com http://www.ba.com From gnupg at ml0402.albert.uni.cc Tue Mar 30 13:09:20 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Tue Mar 30 13:07:35 2004 Subject: Encrypting Backups In-Reply-To: References: Message-ID: <200403301307.32220.gnupg@ml0402.albert.uni.cc> Am Montag, 29. M?rz 2004 15:29 schrieb nobrain: > I routinely generate backups as follows: > > tar -c F | gpg --symmetric > E I use this: tar -cvf "$backup" "$backupdir" echo "$mantra" | gpg --quiet --no-tty --pgp8 --batch --passphrase-fd 0 --charset iso-8859-15 --force-mdc --no-secmem-warning --symmetric --output "$backup".gpg "backup" I am not sure, if it is a good idea to do everything in 1 pipe. Maybe the compression, which is important for encrypting, works better, if you do it than I do. > Should I be encrypting only the files that need > to be kept secret rather than the whole of F? I think so. I give every folder a special "sign" at the end, to decide, if it should be encrpyted. > Should I be using a different passphrase > for each backup? You can create a dynamic password, which you know only. Of course I can't tell you what I do, but you can do some calculations with the time of a file, or use the md5sum of a certain line of a plain text file, a.s.o. Be careful with md5sum/sha1sum, if you like to decrypt on a different os. > Should I be using assymmetric encryption > instead? It depends on your needs. IMO it is a question of worst case. If you loose everything it is easier to access with a passphrase. Albert From dshaw at jabberwocky.com Tue Mar 30 15:04:43 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Mar 30 15:01:59 2004 Subject: Does trailing white space have to be deleted in textmode? In-Reply-To: References: Message-ID: <20040330130442.GC26384@jabberwocky.com> On Tue, Mar 30, 2004 at 12:06:18PM +0100, chris.1.sunderland@britishairways.com wrote: > > Hi, > > my users have a requirement to send 80 column fixed length records, > encrypted using GPG, therefore the trailing white space should be kept on > each line. However since they are sending files to various host system > types, we also wish to use textmode, which seems to force the trailing > white space to be stripped. Can this be prevented using GPG? We currently > have installed GPG 1.2.2. > > I have read through various entries on the archive for this group, and I > know as far as my testing goes, it can't be done. However, I am an amateur > with GPG so I can't really be 100% percent sure of the answer. I have tried > using the simple test mentioned in some entries thus: > > $ echo 'test ' | gpg -ear 78FD286F | gpg | tr ' ' 'x' > gpg: encrypted with 2048-bit ELG-E key, ID 0FB754BF, created 2003-06-17 > "Chris Sunderland " > testxxxx > > $ echo 'test ' | gpg -tear 78FD286F | gpg | tr ' ' 'x' > gpg: encrypted with 2048-bit ELG-E key, ID 0FB754BF, created 2003-06-17 > "Chris Sunderland " > test > > which shows the problem. > > Does anyone know if there is a solution? I have run the same tests using > PGP, and it works as I would like it to - which one is correct? GnuPG is correct in that it does what the standard requires, and removes whitespace. PGP does what was historically correct, and does not remove whitespace. There is good a bit of history behind the whitespace trimming question, and in fact, it is being re-examined for the upcoming update to the OpenPGP standard. Once the update is published, both GnuPG and PGP should do this the same way, whichever way this turns out to be. In the meantime, unfortunately, there is no trivial way to get GnuPG to trim as PGP does. You'll have to patch it, so I've attached a patch. I suppose I could just build this functionality into '--pgp8' or the like, but the current schedule for the updated standard says it will be ready in a few months, after which the whitespace trimming rule will be clear. David -------------- next part -------------- Index: util/strgutil.c =================================================================== RCS file: /cvs/gnupg/gnupg/util/strgutil.c,v retrieving revision 1.37.2.2 diff -u -r1.37.2.2 strgutil.c --- util/strgutil.c 30 Jul 2003 16:04:46 -0000 1.37.2.2 +++ util/strgutil.c 30 Mar 2004 12:44:18 -0000 @@ -316,7 +316,7 @@ unsigned trim_trailing_ws( byte *line, unsigned len ) { - return trim_trailing_chars( line, len, " \t\r\n" ); + return trim_trailing_chars( line, len, "\r\n" ); } unsigned int From dshaw at jabberwocky.com Tue Mar 30 15:05:27 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Mar 30 15:02:48 2004 Subject: [Announce] GnuPG 1.2.5 first release candidate In-Reply-To: References: Message-ID: <20040330130527.GD26384@jabberwocky.com> On Tue, Mar 30, 2004 at 09:41:56AM +0200, Charly Avital wrote: > On Mar 30, 2004, at 9:51 AM, David Shaw wrote: > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >We are pleased to announce the availability of the first release > >candidate for GnuPG 1.2.5: > > > > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz (3404k) > > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz.sig > >[...] > > Built from source under Mac OS X 10.3.3, including idea.c in cipher. > > To report: > After make check -1, all 25 tests PASS. > But: > - -------------------------- > make[1]: *** [install-data-yes] Error 127 > make: *** [install-recursive] Error 1 > - -------------------------- Context, please :) I need to know where the error happened during the make install. David From dlc at sevenroot.org Tue Mar 30 15:23:53 2004 From: dlc at sevenroot.org (darren chamberlain) Date: Tue Mar 30 15:23:05 2004 Subject: Does trailing white space have to be deleted in textmode? In-Reply-To: References: Message-ID: <20040330132353.GC9767@sevenroot.org> * [2004/03/30 12:06]: > my users have a requirement to send 80 column fixed length records, > encrypted using GPG, therefore the trailing white space should be kept > on each line. > [...] > Does anyone know if there is a solution? I have run the same tests > using PGP, and it works as I would like it to - which one is correct? Is preprocessing the text an option? You could base64 encode the text before you encrypt it, and the decode it after the decryption. (darren) -- Man is condemned to be free; because once thrown into the world, he is for everything he does. -- Jean-Paul Sartre -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040330/0dacbfa0/attachment.bin From chris.1.sunderland at britishairways.com Tue Mar 30 15:37:02 2004 From: chris.1.sunderland at britishairways.com (chris.1.sunderland@britishairways.com) Date: Tue Mar 30 15:34:46 2004 Subject: Does trailing white space have to be deleted in textmode? Message-ID: > Is preprocessing the text an option? You could base64 encode the text > before you encrypt it, and the decode it after the decryption. Unfortunately that's not an option we could use. The ideal solution would not involve any post-processing after decryption. Thanks for the suggestion though! Chris ------------------------------------------------------------------------------------------------- Get the best from British Airways at ba.com http://www.ba.com From linux at codehelp.co.uk Tue Mar 30 15:54:03 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Mar 30 15:50:43 2004 Subject: GnuPG & PGP Compatibility In-Reply-To: <004801c4165a$031545d0$7810dc89@HPV120> References: <000d01c415d7$4b73d1d0$7810dc89@HPV120> <200403300917.58507.linux@codehelp.co.uk> <004801c4165a$031545d0$7810dc89@HPV120> Message-ID: <200403301454.03354.linux@codehelp.co.uk> =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 30 March 2004 2:22, Rusty Howell wrote: > Actually sir, I did read the FAQ's that you mentioned. Then please say so in your message and explain why you think the FAQ doesn'= t=20 answer your query. Ta. > They did not answer my question regarding WinPT and whether or not its WinPT is just a frontend - it doesn't do anything that the command line can= not=20 do. So by having command-line answers, you have WinPT answers. You need to= =20 make the changes, as declared in the FAQ, to the gpg.conf file to allow the= =20 exchange as you request. WinPT only does some of what GnuPG can do and to=20 make subtle changes like this, you need to edit the config file. > internal version of PGP 5+ would be able to decrypt the file stored in .g= pg > format. If GnuPG can do it, so can WinPT. WinPT has no functionality of it's own, i= t's=20 just a facade. (Stop talking to the monkey and talk to the organ grinder!) BTW the .gpg is a red herring. Any extension can be used, it's only Windows= =20 that puts sole trust in three characters and a dot. Linux and MacOS look at= =20 the content. To make things easier to understand, use the -a option to outp= ut=20 the signature or encrypted block as ASCII armour - it'll be easy to see tha= t=20 the content is compatible. > An end-user isn't going to be comfortable with the command-line for every > day use. Also, I'm not talking about simple e-mails, but rather encrypti= ng Rubbish. Anyway, the configuration change is a once-only thing. I'm sure yo= u=20 can manage to edit one text file. ;-) > files. Same thing, encrypting a file is still done using a client of some kind if = you=20 prefer. Again, it's just a pretty box that asks GnuPG to do the work. For=20 this to work, GnuPG must be correctly configured and the pretty box knows=20 nothing about such details. > You have me thinking that perhaps PGP is the way to go after all to ensure > full compatibility. 1. Post to the list, not to me. 2. It is clearly explained in the FAQ that GnuPG can be configured for full= =20 compatibility with PGP 5+ without affecting normal GnuPG performance. 3. You appear confused - there is no reason from what you've described to n= ot=20 use GnuPG / WinPT. It's only a simple change to a single text file. 4. There were presumably good reasons for choosing GnuPG over PGP in the fi= rst=20 place and those haven't changed. 5. Is editing a single config file too much to ask? =2D --=20 Neil Williams =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3 =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAaXv7iAEJSii8s+MRAp77AJ42yeEnHv9T8ypE4A1mdbJsXcUm+gCeLged GppkenCCQXKKdiGFW64X5gE=3D =3DQKMx =2D----END PGP SIGNATURE----- From chris.1.sunderland at britishairways.com Tue Mar 30 16:11:49 2004 From: chris.1.sunderland at britishairways.com (chris.1.sunderland@britishairways.com) Date: Tue Mar 30 16:09:35 2004 Subject: Does trailing white space have to be deleted in textmode? Message-ID: > In the meantime, unfortunately, there is no trivial way to get GnuPG > to trim as PGP does. You'll have to patch it, so I've attached a > patch. Many thanks David, for both the information and the patch! ------------------------------------------------------------------------------------------------- Get the best from British Airways at ba.com http://www.ba.com From antalsia at free.fr Tue Mar 30 21:35:53 2004 From: antalsia at free.fr (antalsia@free.fr) Date: Tue Mar 30 21:33:06 2004 Subject: Wipe function details Message-ID: <1080675353.4069cc19c19dd@imp2-q.free.fr> Hi, I'd like to know how the wipe function is implemented on GnuPG 1.2.4 : how many passes are performed, which patterns are used and what is the order...Has someone performed advanced tests, what is the best known method to erase data ? It's quite difficult to find detailed information about it on the net. Hope someone here has information. Many thanks, bye. From mail at mark-kirchner.de Tue Mar 30 22:04:25 2004 From: mail at mark-kirchner.de (Mark Kirchner) Date: Tue Mar 30 22:03:32 2004 Subject: Wipe function details In-Reply-To: <1080675353.4069cc19c19dd@imp2-q.free.fr> References: <1080675353.4069cc19c19dd@imp2-q.free.fr> Message-ID: <1526702393.20040330220425@mark-kirchner.de> Hi, On Tuesday, March 30, 2004, 9:35:53 PM, antalsia wrote: > I'd like to know how the wipe function is implemented on GnuPG 1.2.4 : Well, that's an easy one: It isn't. :-) There is no wipe function in GnuPG. Secure file-wiping is quite platform-dependant (or so I'm told) so it would be difficult to implement it in a cross-platform-tool like GnuPG. And then there also the UNIX-philosophy: Do only one thing (cryptography in this case), but do that one right. Regards, Mark Kirchner -- _____________________________________________________________ Key (0x19DC86D3): http://www.mark-kirchner.de/keys/key-mk.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 183 bytes Desc: not available Url : /pipermail/attachments/20040330/e73c9ca6/attachment-0001.bin From kyle-list-gpguser at toehold.com Tue Mar 30 23:00:04 2004 From: kyle-list-gpguser at toehold.com (Kyle Hasselbacher) Date: Tue Mar 30 22:57:55 2004 Subject: Wipe function details In-Reply-To: <1080675353.4069cc19c19dd@imp2-q.free.fr> References: <1080675353.4069cc19c19dd@imp2-q.free.fr> Message-ID: <20040330210004.GI22577@longshot.toehold.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Mar 30, 2004 at 09:35:53PM +0200, antalsia@free.fr wrote: >[...] Has someone performed advanced tests, what is the best known method >to erase data ? Simson Garfinkel wrote a while back that writing over data once is enough. Here's a link to the article: http://www.simson.net/clips/2003.CSO.04.Hard_disk_risk.htm Here's the relevant part: In fact, there is no unclassified evidence that data on a modern hard drive can be recovered after it has been overwritten with just a single pass of random information. Some have made such claims, but no such recovery has ever been demonstrated in public. Today's hard drives are specifically designed not to work that way. When you save a new version of a Microsoft Word file on your hard drive, for instance, you want to get the new not the old version. - -- Kyle Hasselbacher That's not food! kyle@toehold.com That's what food eats! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAad/U10sofiqUxIQRApLfAKCSzmJbzfCGN3D++9gFVoHLctXCUACgu4ta cTel+G1e5oWB/TQKfWyUlSA= =EQuD -----END PGP SIGNATURE----- From gnupg at ml0402.albert.uni.cc Tue Mar 30 23:34:00 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Tue Mar 30 23:31:49 2004 Subject: keyserver-recommendation South America Message-ID: <200403302333.30402.gnupg@ml0402.albert.uni.cc> Which sks-keyserver would you recommend for users in South America? Albert From erpo41 at hotpop.com Wed Mar 31 06:18:50 2004 From: erpo41 at hotpop.com (Erpo) Date: Wed Mar 31 06:15:33 2004 Subject: Wipe function details In-Reply-To: <20040330210004.GI22577@longshot.toehold.com> References: <1080675353.4069cc19c19dd@imp2-q.free.fr> <20040330210004.GI22577@longshot.toehold.com> Message-ID: <1080706730.653.61.camel@andry> On Tue, 2004-03-30 at 13:00, Kyle Hasselbacher wrote: > On Tue, Mar 30, 2004 at 09:35:53PM +0200, antalsia@free.fr wrote: > >[...] Has someone performed advanced tests, what is the best known method > >to erase data ? > > Simson Garfinkel wrote a while back that writing over data once is enough. > Here's a link to the article: > > http://www.simson.net/clips/2003.CSO.04.Hard_disk_risk.htm > > Here's the relevant part: > > In fact, there is no unclassified evidence that data on a modern hard > drive can be recovered after it has been overwritten with just a single > pass of random information. Some have made such claims, but no such > recovery has ever been demonstrated in public. Today's hard drives are > specifically designed not to work that way. When you save a new version > of a Microsoft Word file on your hard drive, for instance, you want to > get the new not the old version. I have a different interpretation of Garfinkel's article, and I think it's dependent on how paranoid you are (or alternately, how much security you need). If you don't care about anyone seeing your data, don't do anything*. If you want to protect yourself against very casual snooping, do an fdisk and/or reformat. If you want to protect yourself against deliberate attempts to recover your sensitive data, it's more complicated. Garfinkel sums up part of the problem very well in his last sentences. "Today's hard drives are specifically designed not to work that way. When you save a new version of a Microsoft Word file on your hard drive, for instance, you want to get the new not the old version." In other words, once you've overwritten with random data the sectors that contained your sensitive information, subsequent attempts to read data by conventional means from those sectors will yield the random data. The remaining concern is that somehow, a snoop might be able to take a drive that has been overwritten a single time with random data and recover the original private data not by attaching the drive to a computer and issuing read commands, but by physically taking it apart and using equipment that somehow examines the data storage medium more carefully. Garfinkel claims that if such equipment exists, it has never been demonstrated publically. This is not evidence that such equipment does not exist -- only that he does not know about it (or alternately, if you're really into conspiracy theories, that he doesn't want us to know about it ;) ). If that possibility troubles you, you have a number of options: -Use multiple-pass wipes and hope that defeats the unknown data recovery technology. -Encrypt your sensitive information.** -Grind your hard drives into sand when you're done with them. -Other things I haven't thought of. Hope that helps, Eric *Assuming, of course, that all you care about is your own security and safety. You hear people say all the time that when encryption is uncommon, sending an encrypted message could be interpreted by an observer as shouting, "I'M DOING SOMETHING I DON'T WANT ANYONE TO KNOW ABOUT!!" The more people who encrypt their data, the less dangerous it becomes to be "caught" using cryptography. You might argue that the more people who properly wipe their drives, the less drive wiping seems a strange or suspicious activity. **Encrypting your sensitive information is _NOT ENOUGH_. You also have to understand the process well enough not to make mistakes that blow your security (like using a simple passphrase, or running gpg across an insecure channel, or decrypting your data to a temporary file and not taking that into account, or letting the vmm swap it out to an unencrypted storage medium, or any number of things people unknowingly do to compromise their security). Also, note that exposing encrypted copies of your information to the world, even when employing best practices, is not necessarily safe. If computing power continues to increase the way it has historically and the human race does not die out, it will eventually become practical for someone to decrypt your information using well-understood brute force methods. It may take 10 or 50 or 100 years for sufficiently powerful computers to be developed, but it will eventually happen. And that's totally ignoring possible flaws in whichever algorithm (or implementation ;) ) you're using, or significant advances in cryptanalysis. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20040330/da4a0b0f/attachment.bin From andreas.bergen at in-jesus.de Tue Mar 30 19:11:58 2004 From: andreas.bergen at in-jesus.de (Andreas Bergen) Date: Wed Mar 31 09:16:16 2004 Subject: hierarchical keys? Message-ID: <200403301911.58942.andreas.bergen@in-jesus.de> Hi, I've got a question regarding pgp / gnupg / gpgsm, etc. What I'd like to know is, if there's a way to use these (or other?) encryption systems to do the following: I'd like to have a master keypair (M). Using this I can create one or more dependant keypairs (D1 through Dn) (which by themselves can, if M allows, to be masters for keys E1 through Em). When I encrypt a file using the keys Di, the encrypted file can be decrypted using only Di (and not Dj with i != j) or M. M can be configured to allow or disallow certain Di to sign in M's name without giving away the secret part of M. That is, if someone gets a message, signed by Di the signature can be verified using the public part of M (or Di). Using M I can create revocation certificates for all Di. This can be used for example for signing publicly available software, where the signing-process can be delegated without giving away the master signing key. Or it can be used for people / organizations to have a backup master key to be able to decrypt files with where the decryption-key / passphrase has been lost. Any comments welcome. Please reply be email as I'm not subscribed to this mailinglist. Yours Andreas Bergen -- Andreas Bergen PGP/GnuPG-encrypted / -signed Email welcome. PGP-key-ID: 8CDEC18F Gott ist Liebe, und wer in der Liebe bleibt, bleibt in Gott und Gott in ihm. From ml at tbulka.org Wed Mar 31 14:14:21 2004 From: ml at tbulka.org (Thomas Bulka) Date: Wed Mar 31 14:11:35 2004 Subject: Newbie Question Message-ID: <200403311414.21729.ml@tbulka.org> Hi, as a GnuPG-Newbie I want to ask a very basic general understanding question. If I generate a key, is it supposed to work only with the email-Address I entered during the generation process? I mean, can I sign mails sent from another adress with this key or am I supposed to create another key for every address I use? Sorry for my English and thank you very much in advance. Thomas From gr at eclipsed.net Wed Mar 31 14:28:57 2004 From: gr at eclipsed.net (gabriel rosenkoetter) Date: Wed Mar 31 14:26:08 2004 Subject: basic hash signature question In-Reply-To: <20040317022259.GA1852@jabberwocky.com> References: <792DE28E91F6EA42B4663AE761C41C2A01E1A64D@cliff.bai.org> <20040317022259.GA1852@jabberwocky.com> Message-ID: <20040331122857.GT22426@uriel.eclipsed.net> On Tue, Mar 16, 2004 at 09:22:59PM -0500, David Shaw wrote: > No. You can't really compare the security of a machine that sits > under your desk with one in a data center somewhere. Not to even get > into the "which is better question" - it's just an apples and oranges > comparison. You're right. It's way easier to break into my home than into my data center at work. :^> -- gabriel rosenkoetter gr@eclipsed.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : /pipermail/attachments/20040331/b153fa83/attachment.bin From malsyned at cif.rochester.edu Wed Mar 31 16:07:06 2004 From: malsyned at cif.rochester.edu (Dennis Lambe Jr.) Date: Wed Mar 31 16:04:40 2004 Subject: Newbie Question In-Reply-To: <200403311414.21729.ml@tbulka.org> References: <200403311414.21729.ml@tbulka.org> Message-ID: <1080742026.14923.11.camel@localhost> On Wed, 2004-03-31 at 07:14, Thomas Bulka wrote: > Hi, > as a GnuPG-Newbie I want to ask a very basic general > understanding question. > If I generate a key, is it supposed to work only > with the email-Address I entered during the generation > process? > I mean, can I sign mails sent from another adress with this > key or am I supposed to create another key for every address I use? You could sign mail from other addresses, but it wouldn't be quite right. You don't have to generate a completely new key for each email address, though. You can add additional "User IDs" to your key, as you can see I've done with mine. Just run gpg --edit-key your_key_id and then at the key editing prompt, enter "adduid" and follow the prompts. --D -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 279 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20040331/01cbd5d4/attachment.bin From ml at tbulka.org Wed Mar 31 17:37:00 2004 From: ml at tbulka.org (Thomas Bulka) Date: Wed Mar 31 17:33:27 2004 Subject: Newbie Question In-Reply-To: <1080742026.14923.11.camel@localhost> References: <200403311414.21729.ml@tbulka.org> <1080742026.14923.11.camel@localhost> Message-ID: <200403311737.00903.ml@tbulka.org> Am Mittwoch, 31. M?rz 2004 16:07 schrieb Dennis Lambe Jr.: > On Wed, 2004-03-31 at 07:14, Thomas Bulka wrote: > > Hi, > > as a GnuPG-Newbie I want to ask a very basic general > > understanding question. > > If I generate a key, is it supposed to work only > > with the email-Address I entered during the generation > > process? > > I mean, can I sign mails sent from another adress with this > > key or am I supposed to create another key for every address I > > use? > > You could sign mail from other addresses, but it wouldn't be > quite right. You don't have to generate a completely new key for > each email address, though. You can add additional "User IDs" to > your key, as you can see I've done with mine. Just run gpg > --edit-key your_key_id and then at the key editing prompt, enter > "adduid" and follow the prompts. > > --D Ah, that works just fine for me. Thank you very much for your help ! Thomas From andreas.bergen at in-jesus.de Wed Mar 31 21:53:15 2004 From: andreas.bergen at in-jesus.de (Andreas Bergen) Date: Wed Mar 31 21:51:51 2004 Subject: hierarchical keys? In-Reply-To: <200403311641.26453.malte_gell@t-online.de> References: <200403301911.58942.andreas.bergen@in-jesus.de> <200403311641.26453.malte_gell@t-online.de> Message-ID: <200403312153.15154.andreas.bergen@in-jesus.de> Hi, > "Masterkeys" sollen die vollkommene Kontrolle ?ber Slave Keys haben? > Sowas gibt es generell nicht. There ist such a thing in real life. It's sort of a "Schlie?anlage" (don't know the English word), which everybody knows from big buildings. There's a master key to lock every door but often there's many differen sub-keys which open only selected doors. And it's the owner (master) of the building who distributes the keys to those he trusts. > Bei einigen (kommerziellen?) PGP > Versionen gibt es einen optionalen "ADK". D.h. ein "Masterschl?ssel" > kann Nachrichten dechiffrieren, die mit einem Schl?ssel verschl?sselt > wurden, der einen ADK enth?lt ("addtional irgendwas key"). > > When I encrypt a file using the keys Di, the encrypted > > file can be decrypted using only Di (and not Dj with i != j) or M. > > Das ist das Standartverhalten unter PGP und GnuPG. With the exception of decryption by M. > > > M can be configured to allow or disallow certain Di to sign in M's > > name without giving away the secret part of M. > > Das ist technisch gar nicht m?glich. Wenn in M's Namen signiert werden > soll, dann muss daf?r auch M's privater Schl?ssel daf?r benutzt werden. But that's exactly what I don't want. All those keys belong to M, that is M is the real owner of these keys. They're just delegated keys (therefore "D"). M gives out these keys to certain people to do things (sign / encrypt) in M's name. But still they remain M's keys. And M should retain the full control over these D-keys. In German law there's something similar which is called "Prokura" (http:// de.wikipedia.org/wiki/Prokura), which allows to the so called "Prokurist" to sign and act in the name of the owner of the company. He doesn't do it by forged signatures of the owner (which in a way would be similar to signing with M's key). In fact the only thing that happens is that his signature gets officially registered as a Prokura-signature. (ppa) Everybody can see using the signature that it's the Prokurist signing and not the owner himself but everybody can verify that he's authorized to do so. What is important: A Prokura can be revoked at any time! (This can't be done if M gives away his private key(phrase)). > > That is, if someone > > gets a message, signed by Di the signature can be verified using the > > public part of M (or Di). > > Hm, daf?r k?nnte man einen Workaround machen. Frag mal Adrian von Bidder > in der Liste, der kennt sich mit der Subkeythematik aus. Ich stelle mir > das so vor: Di enth?lt einen Unterschl?ssel zum Signieren. Dieser > Unterschl?ssel wird exportiert und in M eingesetzt. Wenn Di dann mit > dem Unterschl?ssel "Di,u" signiert, kann M verifizieren, dann in M's > Schl?ssel "Di,u" aufgenommen wurde. But not only M should be able to verify this, but everyone having the public key of M. Di should be in a way "prokura-signed", which means that not only M certifies the identity of Di but is by the "Prokura-signature" bound to the signatures of Di. Additionally M can always decrypt everything the person using the Di keys encrypts (that is encrypts in the name of M). Another advantage would be that everyone signing in the name of M can be identified which is impossible if the secret key of M is distributed to several people. > > > Using M I can create revocation certificates for all Di. > > Ohne Einverst?ndnis von Di kann niemand dessen Schl?ssel widerrufen. Das > w?rde ja das PGP-Schema komplett aushebeln! Not if it's clear that Di basically is M's key which is given to a person to do things in M's name. This warrant (Vollmacht) must always be revokable. > Wie sollte ich einem > Schl?ssel vertrauen, der jederzeit von einem Dritten widerrufen werden > kann? Darum erstellt man direkt nach dem Erzeugen von Di ein > Widerrufszertifikat und sichert es an einem sicheren Ort, muss Di > wiederrufen werden, benutzt man dieses Widerrufszertifikat. M kann aber > tats?chlich im Namen von Di den Schl?ssel Di widerrufen ("designated > revoker"), das geht aber nur mit Di's Einverst?ndnis! D.h. ohne > Passphrase kann Di's Schl?ssel niemals widerrufen werden, von > niemandem. As said before: Di firstly belongs to M and it expresses only that the owner of Di is authorized to do things in M's name. > > > This can be used for example for signing publicly available software, > > where the signing-process can be delegated without giving away the > > master signing key. > > Das mit dem Masterkey ist imho eine unn?tige Verkomplizierung. F?r die > Zertifizierung machst du einfach einen separaten Key, denn alle > bekommen, die Software zertifizieren m?ssen. Entweder du vertraust > ihnen und gibst ihnen diesen Schl?ssel, oder eben nicht, daran ?ndert > auch kein Masterkey etwas. As probably everyone has already experienced, trust can change. What once was a loyal worker in the company can through certain circumstances become a bitter enemy. In order to retain the control over his signatures it's not so good to give away the master-private key as this can't be got back. And this enables this person to continue signing in the name of the owner as long as this owner's key isn't revoked. And both revocation of this key as well as illegitimate signing can be very harmfull to the owner. > Du kannst es aber so machen: einen > Hauptsignaturschl?ssel, ?ber den nur du verfpgst. Dieser Key "s0" > signiert dann den Softwaresignaturschl?ssel softsig0 den deine > Angestellten bekommen und mit softsig0 signieren sie dann Software. > Theoretisch k?nnten sie einen neuen Softwaresignaturschl?ssel erzeugen, > oder softsig0 sogar widerrufen - sie haben ja die Passphrase zum > Signieren mit diesem Schl?ssel! - aber sie haben eben nicht den > Hauptsignaturschl?ssel s0 mit dem softsig0 signiert ist. In the above mentioned case this won't help. If the user of the softsig0-key wants to misuse this key the owner of the master key has no way to stop him exept from revoking the whole softsig0-key which is not very desireable. > > > Or it can be used for people / organizations to > > have a backup master key to be able to decrypt files with where the > > decryption-key / passphrase has been lost. > > Wie gesagt, Stichwort "ADK", mit GnuPG wird es aber niemals einen ADK > geben. Du kannst dir aber anders helfen: du kannst in GnuPG sehr wohl > einstellen, dass immer zus?tzlich an einen weiteren dritten Schl?ssel > chiffriert wird, dann kannst du die Nachricht auch mit diesem > entschl?sseln. Aber: dieses zus?tzliche Verschl?sseln wird in der > Konfigurationsdatei festgelegt und kann jederzeit vom Benutzer wieder > entfernt werden, kann also nicht gegen den Willen des Benutzers > erzwungen werden. > > Gru? > Malte Hope this clarifies my intention. Thanks for any comment. Yours Andreas Bergen -- Andreas Bergen PGP/GnuPG-encrypted / -signed Email welcome. PGP-key-ID: 8CDEC18F Gott ist Liebe, und wer in der Liebe bleibt, bleibt in Gott und Gott in ihm. From samuel at Update.UU.SE Wed Mar 31 23:49:59 2004 From: samuel at Update.UU.SE (Samuel ]slund) Date: Wed Mar 31 23:47:57 2004 Subject: hierarchical keys? In-Reply-To: <200403312153.15154.andreas.bergen@in-jesus.de> References: <200403301911.58942.andreas.bergen@in-jesus.de> <200403311641.26453.malte_gell@t-online.de> <200403312153.15154.andreas.bergen@in-jesus.de> Message-ID: <20040331214959.GB15185@Update.UU.SE> On Wed, Mar 31, 2004 at 09:53:15PM +0200, Andreas Bergen wrote: > > There is such a thing in real life. It's sort of a "Schlie?anlage" (don't > know the English word), which everybody knows from big buildings. There's a > master key to lock every door but often there's many differen sub-keys which > open only selected doors. And it's the owner (master) of the building who > distributes the keys to those he trusts. > <<<<<<<<<<<< Snip, long description of delegating authority. >>>>>>>>>>> This could possibly be accomplished by using subkeys. I do not think they are intended to be used that way but it might be possible. People have talked about having a master (key-)signing key on a secure machine and exporting subkeys from that key to use on less secure machines. That way the private key that collects signatures is safe and it is still possible to sign with a well known key on less secure or potentially uncontrolled machines (like at work) without risking the real key. By using the primary key of an OpenPGP key as master and generating subkeys for the delegated keys you should get the first level of delegation, i do not know how to get a second level of delegation this way. HTH //Samuel From reichenb at pdkue.bwl.de Wed Mar 31 14:28:02 2004 From: reichenb at pdkue.bwl.de (Stephan Reichenbach) Date: Thu Apr 1 08:52:11 2004 Subject: keyserver, which to use? Message-ID: <406AD572.10097.1B4EC3B@localhost> An HTML attachment was scrubbed... URL: /pipermail/attachments/20040331/1c73d318/attachment.html From erdemeguven at yahoo.com Wed Mar 31 18:02:58 2004 From: erdemeguven at yahoo.com (Erdem Güven) Date: Thu Apr 1 08:52:17 2004 Subject: RSA Message-ID: <20040331160258.9857.qmail@web20026.mail.yahoo.com> Hi, I need to generate RSA keys and looking for a trusted key generator. So the question: Is it a good option to use gnupg to get keys. __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html