From sk at intertivity.com Wed Jun 1 00:00:07 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Wed Jun 1 00:36:33 2005 Subject: Pref Message-ID: <002e01c5662c$1cd8eda0$f500a8c0@HOME> Hi I have same questions! 1. what is the difference between showpef and pref using the option "--with-colons" ? 2. S9 S8 S7 S3 S2 H2 H3 Z2 Z1: S=symmetric, H=hash, Z=compression? H3 means RIPEMD160 because "gpg.exe --version" tells me that the hashing algorithms that are supported are MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512 and RIPEMD160 is the 3rd in that list? 3. Will i get more than that "uid:u::::::::Sascha Kiefer (test4711) ::::1,:" information if i do not have a private key? Regards, --sk From dshaw at jabberwocky.com Wed Jun 1 01:49:19 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jun 1 01:45:32 2005 Subject: Pref In-Reply-To: <002e01c5662c$1cd8eda0$f500a8c0@HOME> References: <002e01c5662c$1cd8eda0$f500a8c0@HOME> Message-ID: <20050531234919.GA2975@jabberwocky.com> On Wed, Jun 01, 2005 at 12:00:07AM +0200, Kiefer, Sascha wrote: > Hi > > I have same questions! > > 1. what is the difference between showpef and pref using the option > "--with-colons" ? No difference. > 2. S9 S8 S7 S3 S2 H2 H3 Z2 Z1: S=symmetric, H=hash, Z=compression? H3 means > RIPEMD160 because "gpg.exe --version" tells me that > the hashing algorithms that are supported are MD5, SHA1, RIPEMD160, SHA256, > SHA384, SHA512 and RIPEMD160 is the 3rd in that list? Yes, Z is compression (think "Zip"). Do "gpg.exe -v --version" to see the algorithm numbers. > 3. Will i get more than that "uid:u::::::::Sascha Kiefer (test4711) > ::::1,:" information if i do not have a private key? I'm not sure what you're asking here. David From sk at intertivity.com Wed Jun 1 10:11:06 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Wed Jun 1 10:07:17 2005 Subject: Pref In-Reply-To: <20050531234919.GA2975@jabberwocky.com> Message-ID: <001201c56681$77a2cee0$f500a8c0@HOME> > > 3. Will i get more than that "uid:u::::::::Sascha Kiefer (test4711) > > ::::1,:" information if i do not have a private > > key? > > I'm not sure what you're asking here. Well, i have an automated system where you are able to define some policies e.g. use just AES256 for encryption. Now, my system has to check whether or not the key i use to encrypt is able to do AES256. Will i see that the public key (i probably will not have the secret key) is able to do AES256? Regards, Sascha From sk at intertivity.com Wed Jun 1 14:29:32 2005 From: sk at intertivity.com (Sascha Kiefer) Date: Wed Jun 1 14:25:18 2005 Subject: Pref In-Reply-To: <001201c56681$77a2cee0$f500a8c0@HOME> References: <001201c56681$77a2cee0$f500a8c0@HOME> Message-ID: <429DAA2C.5070906@intertivity.com> Addionally, what does "mdc,no-ks-modify:1,p:" mean? Regards, Sascha From zix_ccbt1 at yahoo.ca Wed Jun 1 17:04:39 2005 From: zix_ccbt1 at yahoo.ca (ssdfsdlfk sldkfjsdlfksjdlfk) Date: Wed Jun 1 18:00:53 2005 Subject: Error while loading shared libraries: libusb-0.1.so.4: cannot open shared object file: No such file or directory Message-ID: <20050601150439.98356.qmail@web60624.mail.yahoo.com> Help! I have installed the GnuPG binary on a Linux machine. Any idea why I would need the library "libusb-0.1.so.4" to run GnuPG 1.4? The following are a set of commands I ran to troubleshoot: [root@blah]# /usr/bin/gpg --homedir /opt/pgp/certdb/ --gen-key /usr/bin/gpg: error while loading shared libraries: libusb-0.1.so.4: cannot open shared object file: No such file or directory [root@blah]# ls -al /usr/bin/gpg -rwxr-xr-x 1 root root 1682239 Jun 1 10:19 /usr/bin/gpg [root@blah]# ls /usr/lib lib libexec [root@blah]# ls /usr/lib/libusb* ls: /usr/lib/libusb*: No such file or directory [root@blah]# ls /usr/lib/libu* /usr/lib/libuser.so.1 /usr/lib/libuser.so.1.1.1 /usr/lib/libutempter.so /usr/lib/libutempter.so.0 /usr/lib/libutempter.so.0.5.2 /usr/lib/libuser: libuser_files.so libuser_ldap.so libuser_shadow.so __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From dshaw at jabberwocky.com Wed Jun 1 21:45:49 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jun 1 21:42:02 2005 Subject: Pref In-Reply-To: <001201c56681$77a2cee0$f500a8c0@HOME> References: <20050531234919.GA2975@jabberwocky.com> <001201c56681$77a2cee0$f500a8c0@HOME> Message-ID: <20050601194549.GA28584@jabberwocky.com> On Wed, Jun 01, 2005 at 10:11:06AM +0200, Kiefer, Sascha wrote: > > > 3. Will i get more than that "uid:u::::::::Sascha Kiefer (test4711) > > > ::::1,:" information if i do not have a private > > > key? > > > > I'm not sure what you're asking here. > > Well, i have an automated system where you are able to define some policies > e.g. use just AES256 for encryption. > Now, my system has to check whether or not the key i use to encrypt is able > to do AES256. > Will i see that the public key (i probably will not have the secret key) is > able to do AES256? Yes, you will. However, why are you doing this? GnuPG automatically does this for you. David From sk at intertivity.com Wed Jun 1 22:00:45 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Wed Jun 1 21:56:30 2005 Subject: Pref In-Reply-To: <20050601194549.GA28584@jabberwocky.com> Message-ID: <000201c566e4$9b11f870$f500a8c0@HOME> > Yes, you will. > > However, why are you doing this? GnuPG automatically does > this for you. Not really. Only if i change the pref for the key i use. My system is similar to the PGP universal system which runs on a server. Let's think about SHA-1. Right now, it will be the preferred hash alg for most of the keys. But it's broke, so the administrator what's to use RIPEMD instead. Instead of changing all prefs of all keys, he just sets the policy, that RIPEMD is the preferred algorithm (or maybe sets that at least SHA256 must be used and keys that do not support it will Not be used) Get the point? But maybe there is a easier way. There are so many switches, maybe i'm missing something. Regards, Sascha From dshaw at jabberwocky.com Wed Jun 1 22:12:18 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jun 1 22:08:40 2005 Subject: Pref In-Reply-To: <000201c566e4$9b11f870$f500a8c0@HOME> References: <20050601194549.GA28584@jabberwocky.com> <000201c566e4$9b11f870$f500a8c0@HOME> Message-ID: <20050601201218.GB28584@jabberwocky.com> On Wed, Jun 01, 2005 at 10:00:45PM +0200, Kiefer, Sascha wrote: > > Yes, you will. > > > > However, why are you doing this? GnuPG automatically does > > this for you. > > Not really. Only if i change the pref for the key i use. > My system is similar to the PGP universal system which runs on a server. > Let's think about SHA-1. Right now, it will be the preferred hash alg > for most of the keys. But it's broke, so the administrator what's to > use RIPEMD instead. Instead of changing all prefs of all keys, he just > sets the policy, that RIPEMD is the preferred algorithm (or maybe sets > that at least SHA256 must be used and keys that do not support it will > Not be used) > Get the point? Yes, but this is a bad mistake to make. If an algorithm does not appear in someones preferences, then it shouldn't be used. For example, IDEA is an optional algorithm in OpenPGP. If your administrator decides that everyone should use IDEA, that will mean that some users will not be able to read the message. The whole point of preferences is for the users to tell you what algorithms they can handle. Overriding this means that the users are getting something they can't handle. The only safe way to do this is to either do nothing and let the automatic algorithm selection system do its job, or use --personal-xxx-preferences which works within the preference system to pick an algorithm (and won't pick it if it means violating the preferences). David From harob02 at earthlink.net Thu Jun 2 00:01:17 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Wed Jun 1 23:56:20 2005 Subject: Help on Enigmail - Mozilla 1.7.7. with Win XPP Message-ID: <429E302D.2030508@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I'm totally new to GPG (I know the concepts behind PGP) well you can rest easy because gpg is basically a free command line version of pgp, and the two are fully compatible. > I use Win XPP + Mozilla 1.7.7. I've recently downloaded enigmail to > use with Mozilla - as I was advised that Enigmail has most > functions for a startup user good choice. i use enigmail for my email encryption and signing with gpg. > - Lets say I get a signed message - like the ones from this > "gnupg-users" list - I click on the "pen" ICON (displayed by > Mozilla) to check the signature - I get a message "public key not > found" - I proceed to try and download the public key from one of > the 4 servers listed in Enigmail ~ I suppose defaults as of now in > Enigmail - I get either a *socket error* or a *key not found error* > > > - How do I proceed further ? > > - Is there a better way to import public keys into enigmail ? i don't see why importing with enigmail would be a problem, but there are better ways of importing keys than with enigmail. first, you could visit a keyserver like http://pgp.mit.edu/ or http://pgpkeys.pca.dfn.de/, and look up a person or company in there. you could also find a gpg-compatible keyserver and type the following into a dos-box: gpg --keyserver --recv-keys > - where is the public key ring stored by enigmail ? the public keyring used by enigmail is the same one that gpg uses. so find your WinXP user's "Application Data" folder, go to "gnupg" and the public keyring will be "pubring.gpg" (unless you have it configured to be elsewhere, and you would know if you did.) so i hope i helped, and good luck with gpg! dan mundy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCnjArTbbnG4BhqDARAvutAKCTqpOoCWnkGtNG9DQmADrbg7S3hgCfVf/C OfW9zrmib7GUnN7EIsQ6dvo= =nXB3 -----END PGP SIGNATURE----- From harob02 at earthlink.net Thu Jun 2 00:33:43 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Thu Jun 2 00:28:27 2005 Subject: Help installing GnuPG Message-ID: <429E37C7.8060602@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I can't for the life of me figure out how to install GPG for Red Hat Linux 9. I have version 1.2.1, which came with my distro, but I would like to upgrade now. I tried to find and rpm, but they're all for like Fedora Core, SuSE, etc. Also, when I downloaded the source code, I received a ton of .c and .h files, none of which I know how to compile. Can somebody please help me? Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCnjfETbbnG4BhqDARAnmpAJ9H4mOSCAMMo+OXhoWVNUA+PT9cbQCgp0j/ 7zrxpRgAzlFARtFq5JwSOg0= =pVKu -----END PGP SIGNATURE----- From harob02 at earthlink.net Thu Jun 2 00:51:11 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Thu Jun 2 00:46:12 2005 Subject: Help installing GnuPG In-Reply-To: <4CB0DF3A-3F33-46D4-AA1D-F92CB7EF917C@gmail.com> References: <429E37C7.8060602@earthlink.net> <4CB0DF3A-3F33-46D4-AA1D-F92CB7EF917C@gmail.com> Message-ID: <429E3BDF.7030705@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Overdog wrote: > switch to the build directory. do the following > > ./configure make sudo make install (or otherwise do "make install" > as root). > > On 1 Jun 2005, at 16:33, Dan Mundy wrote: > > I can't for the life of me figure out how to install GPG for Red > Hat Linux 9. I have version 1.2.1, which came with my distro, but > I would like to upgrade now. I tried to find and rpm, but they're > all for like Fedora Core, SuSE, etc. Also, when I downloaded the > source code, I received a ton of .c and .h files, none of which I > know how to compile. Can somebody please help me? > > Dan >> >> thanks for your help! gpg 1.4.1 is running smoothly! dan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCnjvcTbbnG4BhqDARAmM+AKDd/EprZVpbDc3ARz5XkknH52daYQCgmApE AIUb2/aBH86tJ9S0E/25hS8= =BIEj -----END PGP SIGNATURE----- From sk at intertivity.com Thu Jun 2 01:17:09 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Thu Jun 2 01:17:48 2005 Subject: Pref In-Reply-To: <20050601201218.GB28584@jabberwocky.com> Message-ID: <000b01c56700$0949f570$f500a8c0@HOME> > Yes, but this is a bad mistake to make. If an algorithm does > not appear in someones preferences, then it shouldn't be > used. For example, IDEA is an optional algorithm in OpenPGP. > If your administrator decides that everyone should use IDEA, > that will mean that some users will not be able to read the message. Of course. What i did is the following. The administrator as the option to rearange the supported algorithms of gnupg. By the default the order may be like 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH But the policy forces him to have the following order TWOFISH, AES256, AES192, AES, -3DES, -CAST5, BLOWFISH (the minus means, that this algorithm should not be used at all). Now, A sends an email to B and the capavilities of B's public key are AES, IDEA, BLOWFISH, AES192, BLOWFISH Now my program will encrypt the mail using AES192 (because it is the highest algorithm forced by the policy which is accepted by B In the cas the public key supports only IDEA, 3DES my program will raise an error because the those algorithms are not permitted by the policy Regards, Sascha From harob02 at earthlink.net Thu Jun 2 01:49:11 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Thu Jun 2 01:45:42 2005 Subject: Keyserver Message-ID: <429E4977.9060006@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> / Which keyserver(s) should I use? I heard that some should not >> be used. Just > />/ want to know what to put in my conf file. / The fastest and most reliable keyserver I have come across is this: website usage - http://pgpkeys.pca.dfn.de/ gpg --keyserver usage - hkp://pgpkeys.pca.dfn.de/ These keyservers synchronize very often (i.e. instantaneously) with other keyservers. The website also looks very cool =P. So these would be my choice. If you want the official keyserver, use http://pgp.mit.edu:11371/. The PGP official server apparently doesn't support gpg keys, or any free key. hope i helped, Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCnkl1TbbnG4BhqDARAi6sAKCEGXvQHgVezLoFj1YPc3Tc0raoTgCgsBU+ VEkNhSmeZuIWIOUrmAjbAHM= =kS96 -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Thu Jun 2 13:07:22 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu Jun 2 13:04:17 2005 Subject: Pref In-Reply-To: <000b01c56700$0949f570$f500a8c0@HOME> Message-ID: <200506021107.j52B7Ml3002414@vulcan.xs4all.nl> Kiefer, Sascha wrote: >In the cas the public key supports only > >IDEA, 3DES > >my program will raise an error because the those algorithms are not >permitted by the policy Such ideas can only come from dumb manager-like control freak system administrators, usually with insufficient knowledge to make a balanced choice in these matters anyway. Why would you want a central person to do something like this at all? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From sk at intertivity.com Thu Jun 2 14:14:32 2005 From: sk at intertivity.com (Sascha Kiefer) Date: Thu Jun 2 14:10:32 2005 Subject: Pref In-Reply-To: <200506021107.j52B7Ml3002414@vulcan.xs4all.nl> References: <200506021107.j52B7Ml3002414@vulcan.xs4all.nl> Message-ID: <429EF828.3060900@intertivity.com> Johan Wevers schrieb: >Kiefer, Sascha wrote: > > > >>In the cas the public key supports only >> >>IDEA, 3DES >> >>my program will raise an error because the those algorithms are not >>permitted by the policy >> >> > >Such ideas can only come from dumb manager-like control freak system >administrators, usually with insufficient knowledge to make a balanced >choice in these matters anyway. Why would you want a central person >to do something like this at all? > > > Well, a bank might send confidential data to there customers. And the country of the bank - like luxembourg - enforces by law that confidential data must be encrypted using at least AES then the banks policy must be setup this way. From sk at intertivity.com Thu Jun 2 15:59:51 2005 From: sk at intertivity.com (Sascha Kiefer) Date: Thu Jun 2 15:55:26 2005 Subject: compress-algo vs (cipher-algo and digest-algo) Message-ID: <429F10D7.4040606@intertivity.com> The GNU Privacy Handbook declares the following cipher-algo name digest-algo name compress-algo n What was to purpose to switch from name to number? Did you want to try something else? ;) / / From johanw at vulcan.xs4all.nl Thu Jun 2 15:47:28 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu Jun 2 16:57:16 2005 Subject: Pref In-Reply-To: <429EF828.3060900@intertivity.com> Message-ID: <200506021347.j52DlS2d003830@vulcan.xs4all.nl> Sascha Kiefer wrote: >Well, a bank might send confidential data to there customers. >And the country of the bank - like luxembourg - enforces by law that >confidential data must be >encrypted using at least AES then the banks policy must be setup this way. "At least". Does the bank has contracted anyone with enough knowledge of cryptography to make educated assumptions about the strength of the different algorithms in GnuPG? Rijndael also has its weaknesses, wether it will remain as strong as the other ciphers with equal key length remains to be seen. BTW, are those laws there really that detailed? Does it mean that if Rijndael gets broken sending it in any weak cipher would suffice? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From sk at intertivity.com Thu Jun 2 20:26:59 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Thu Jun 2 20:22:41 2005 Subject: Pref In-Reply-To: <200506021347.j52DlS2d003830@vulcan.xs4all.nl> Message-ID: <001f01c567a0$ab5cc860$f500a8c0@HOME> > "At least". Does the bank has contracted anyone with enough > knowledge of cryptography to make educated assumptions about > the strength of the different algorithms in GnuPG? Hopefully! :) But i think, it's not the boss of the bank that will change those Settings but the security administrator. They have some decent knowledge. And there will be a handbook where everything will Explained in detail, and the default settings are as strong as Possible and you are able to reset to the default settings. That's all i can do! :) > Rijndael > also has its weaknesses, wether it will remain as strong as > the other ciphers with equal key length remains to be seen. Sure. > BTW, are those laws there really that detailed? Does it mean > that if Rijndael gets broken sending it in any weak cipher > would suffice? I do not make those laws. And I'm not sure about legality at luxembourg. It's just what some bank adminstrator told us. Regards, Sascha From johanw at vulcan.xs4all.nl Thu Jun 2 21:26:47 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu Jun 2 21:21:50 2005 Subject: Pref In-Reply-To: <001f01c567a0$ab5cc860$f500a8c0@HOME> Message-ID: <200506021926.j52JQlcs002055@vulcan.xs4all.nl> Kiefer, Sascha wrote: >But i think, it's not the boss of the bank that will change those >Settings but the security administrator. They have some decent >knowledge. Are they cryptographers? >And there will be a handbook where everything will >Explained in detail, Who writes that book? Some well-known crypto researcher whose judgement is based on knowledge, or some overpaid consultant who obtained his knowledge from a FAQ on internet of which he probably only (hopefully at least) understands the conclusion? >and the default settings are as strong as Possible How can you judge that? I really don't know if Twofish is stronger than AES, or IDEA, or 3DES. As far as I know, all 2 are currently unbreakable. Besides, for a bank, outruling 3DES as in your example because it would be to weak is ridiculous. Even if it would be possible to crack, the costs to do so would be either very low (cipher is really broken), or much higher than the possible profit gained in a fraudulous transaction, so noone would do it. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wlbradshaw at yahoo.com Thu Jun 2 20:35:12 2005 From: wlbradshaw at yahoo.com (William Bradshaw) Date: Thu Jun 2 21:31:21 2005 Subject: Return codes in GnuPG Message-ID: <20050602183512.57027.qmail@web54305.mail.yahoo.com> Does anyone have a listing of error/status codes returned by GnuPG when attempting to decrypt files? Thanks, Bill __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From dshaw at jabberwocky.com Thu Jun 2 22:23:31 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 2 22:19:52 2005 Subject: compress-algo vs (cipher-algo and digest-algo) In-Reply-To: <429F10D7.4040606@intertivity.com> References: <429F10D7.4040606@intertivity.com> Message-ID: <20050602202331.GB6251@jabberwocky.com> On Thu, Jun 02, 2005 at 03:59:51PM +0200, Sascha Kiefer wrote: > The GNU Privacy Handbook declares the following > > cipher-algo name > digest-algo name > compress-algo n > > > What was to purpose to switch from name to number? > Did you want to try something else? ;) You can use names in all of them. Early versions required numbers in compress-algo. David From gpg.20.subu at spamgourmet.com Fri Jun 3 13:43:50 2005 From: gpg.20.subu at spamgourmet.com (gpg.20.subu@spamgourmet.com) Date: Fri Jun 3 13:40:47 2005 Subject: Help on Enigmail - Mozilla 1.7.7. with Win XPP Message-ID: <5313cd0905060304432006fa93@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Dan Thanks for those answers. Thanks to help from this group, PGPNET and PGP-basics on yahoo groups, I've progressed further Should I have other questions, I shall post them here Thanks again Subu Dan Mundy - harob02@earthlink.net wrote: > >I'm totally new to GPG (I know the concepts behind PGP) > > > well you can rest easy because gpg is basically a free command line > version of pgp, and the two are fully compatible. > > >I use Win XPP + Mozilla 1.7.7. I've recently downloaded enigmail to > >use with Mozilla - as I was advised that Enigmail has most > >functions for a startup user > > > good choice. i use enigmail for my email encryption and signing with gpg. > [............] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: key : http://www.geocities.com/mail_to_subu/pubkey.txt Comment: key : http://maniams2.tripod.com/Sign/pubkey.txt Comment: fingerprint 174E F2B0 C7D2 5AED 0FEC EE1D 686C D1C8 0BE4 6FA2 iD8DBQFCoFwWaGzRyAvkb6IRAsRuAJ49O5YQpPoUAOpMC8rlgxB4lDdqKACfWxmc O47YUcIYzsefx3Gdqy+fCAI= =BkuG -----END PGP SIGNATURE----- From gpg.20.subu at spamgourmet.com Fri Jun 3 13:54:13 2005 From: gpg.20.subu at spamgourmet.com (gpg.20.subu@spamgourmet.com) Date: Fri Jun 3 13:50:51 2005 Subject: Keyserver Message-ID: <5313cd0905060304546d3f3698@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two Request ~~~~~~~~~~~~~~ Can some one give me the correct entry I should place in my config file for the best key-server Can I have an option that practically helps me to search thru several key servers .. i.e. search the second (specified keyserver) if the first (specified keyserver) did not have the key, use the third (keyserver ..) if the second did not have the key and so on TIA Subu Dan Mundy - harob02@earthlink.net wrote: > The fastest and most reliable keyserver I have come across is this: > > website usage - http://pgpkeys.pca.dfn.de/ > gpg --keyserver usage - hkp://pgpkeys.pca.dfn.de/ > > These keyservers synchronize very often (i.e. instantaneously) with > other keyservers. The website also looks very cool =P. So these would > be my choice. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: key : http://www.geocities.com/mail_to_subu/pubkey.txt Comment: key : http://maniams2.tripod.com/Sign/pubkey.txt Comment: fingerprint 174E F2B0 C7D2 5AED 0FEC EE1D 686C D1C8 0BE4 6FA2 iD8DBQFCoF6qaGzRyAvkb6IRAqmNAKCMvYL7OSgniZFuijtKcxHtzxwVcACdFjPC vNFgOB6jrlRvziZN3N6YhwY= =Q0Tj -----END PGP SIGNATURE----- From telegraph at gmx.net Fri Jun 3 14:55:02 2005 From: telegraph at gmx.net (Gregor Zattler) Date: Fri Jun 3 14:51:24 2005 Subject: please read the documentation Re: (no subject) In-Reply-To: <4299082F.2020709@earthlink.net> References: <4299082F.2020709@earthlink.net> Message-ID: <20050603125502.GC5284@pit.ID-43118.user.dfncis.de> Hi Dan, * Dan Mundy [28. Mai. 2005]: > hey everyone, just letting you all know i'm new to mailing lists. > > by the way, here's my public key. make sure to sign it! > > Public key for 0x4DB6E71B8061A830 > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: GnuPG v1.4.1 (MingW32) > > mQGiBEJuhSERBADLM03wfD19tlfpwGCFhb3oHgLe/9Z2d9N9rLRNk77ISV3w9SgM You are new to public key cryptography also, aren't you? Please read the documentation, especially: http://www.gnupg.org/gph/en/manual.html#AEN335 Ciao, Gregor From firelan at gmail.com Fri Jun 3 14:43:27 2005 From: firelan at gmail.com (Hernan Costante) Date: Fri Jun 3 15:39:52 2005 Subject: 1er contacto Message-ID: <5ca35d405060305435d00a13d@mail.gmail.com> Buen dia. Ante todo me presento, mi nombre es Hernan soy Analista de seguridad. Primariamente me gustaria saber si hay gente que hable espa?ol. Mas adelante les consultare sobre unos proyectos que tengo en mente. Saludos, Hernan From hawke at hawkesnest.net Fri Jun 3 16:30:22 2005 From: hawke at hawkesnest.net (Alex L. Mauer) Date: Fri Jun 3 16:29:45 2005 Subject: OpenPGP Smartcard Advantages In-Reply-To: <874qec8mhv.fsf__27628.76566635$1113292305$gmane$org@wheatstone.g10code.de> References: <20050411170810.GA4266@charter.net> <874qec8mhv.fsf__27628.76566635$1113292305$gmane$org@wheatstone.g10code.de> Message-ID: Werner Koch wrote: > The only thing a malicious host can do is to lock the card (by sending > several times a wrong PIN) and to trick you into signing or decrypting > data. This just made me think. Wouldn't it thus be trivial [for a malicious host] to destroy a smart card (by sending the wrong admin pin repeatedly)? -Alex Mauer "hawke" -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. gpg/gpg key id: 51192FF2 @ subkeys.pgp.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050603/0bc50dc5/signature.pgp From youssef.aoun at gmail.com Fri Jun 3 17:22:53 2005 From: youssef.aoun at gmail.com (Youssef Aoun) Date: Fri Jun 3 17:19:05 2005 Subject: 1er contacto In-Reply-To: <5ca35d405060305435d00a13d@mail.gmail.com> References: <5ca35d405060305435d00a13d@mail.gmail.com> Message-ID: <42A075CD.80407@gmail.com> Hola, Ma llamo Youssef (Jose en espanol), soy Libanes y hablo espanol. Me encantare comunicar con usted en su idioma. Hastal luego. Cordialmente, Youssef Aoun /* AOUN Youssef - 3eme annee ENST Bretagne */ /* Technopole Brest Iroise - CS83818 */ /* 29238 Brest Cedex 3 - France */ /* Tel: 0033 2 29 00 17 35 - Mobile: 0033 6 60 36 69 71 */ /* youssef.aoun@enst-bretagne.fr ; youssef.aoun@e-aoun.com */ Hernan Costante wrote: > Buen dia. > Ante todo me presento, mi nombre es Hernan soy Analista de seguridad. > Primariamente me gustaria saber si hay gente que hable espa?ol. > > Mas adelante les consultare sobre unos proyectos que tengo en mente. > > Saludos, > Hernan > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From wizard at roborooter.com Fri Jun 3 18:07:04 2005 From: wizard at roborooter.com (Francis Gulotta) Date: Fri Jun 3 18:02:53 2005 Subject: Sign my key - Was (no subject) In-Reply-To: <4299082F.2020709@earthlink.net> References: <4299082F.2020709@earthlink.net> Message-ID: <42A08028.3020300@roborooter.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How do we know it's really yours or that you are really you? I'll accept that this message was signed with it, but by signing you key it means I have no doubt that it really does indeed belong to Dan Mundy. And I've nver met him. I personally don't have any signatures except from my other identities (who have seperate keys instead of subkeys), I will have more, I'm waiting for my local LUG's keysigning party after their next meeting. To miss-quote someone else here. (It's got the same jist) "People travel long and far to get their key's signed." I'd give you some links off hand (if I had any on hand) for how to find any keysigning parties or people in your area who will meet with you to sign your key. You should look yourself, and I'm sure there are plenty of other people here who have those links handy. Good luck. - -Francis Dan Mundy wrote: > hey everyone, just letting you all know i'm new to mailing lists. > > by the way, here's my public key. make sure to sign it! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCoIAoTJEaZCt0gQsRAk0oAJ4vOh/8Vrfw+dysa4UoPDfOhexQdwCfeB4r gZogKpH5OCVXUXyOw0kKtNQ= =W/a9 -----END PGP SIGNATURE----- From jan at gondor.com Fri Jun 3 18:25:38 2005 From: jan at gondor.com (Jan Niehusmann) Date: Fri Jun 3 18:21:27 2005 Subject: OpenPGP Smartcard Advantages In-Reply-To: References: <20050411170810.GA4266@charter.net> <874qec8mhv.fsf__27628.76566635$1113292305$gmane$org@wheatstone.g10code.de> Message-ID: <20050603162538.GA31877@gondor.com> On Fri, Jun 03, 2005 at 09:30:22AM -0500, Alex L. Mauer wrote: > Wouldn't it thus be trivial [for a malicious host] to destroy a smart > card (by sending the wrong admin pin repeatedly)? It is - but a malicious card reader could also fry the card with some high voltage pulses. But at least you know that something bad happend, you know who (or at least which host - it may have been cracked) did it, and you did know the risk when you put the card into the reader. And it's not worse than losing the card. I wondered if the card couldn't just erase itself completly when the wrong Admin-PIN is entered three times. This would at least save the card itself, which is worth some euros. But OTOH, just locking the card is probably easier to implement in a safe way (it's an atomic operation which can't be aborted by just turning of power, for example). Yours, Jan From firelan at gmail.com Fri Jun 3 19:21:47 2005 From: firelan at gmail.com (Hernan Costante) Date: Fri Jun 3 19:17:28 2005 Subject: [Fwd: RE: 1er contacto] In-Reply-To: <42A08FB1.2030201@gmail.com> References: <42A08FB1.2030201@gmail.com> Message-ID: <5ca35d4050603102138557e6b@mail.gmail.com> Gracias! yo soy de Capital Federal, Argentina. Les comento cual es una de mis ideas. Actualmente trabajo con una notebook la cual tengo en una partici?n WinXP y en otra un Debian, adem?s de estas tengo una partici?n m?s grande en la cual tengo los documentos de trabajo. Lo que estoy intentando hacer es que la partici?n en donde se encuentran los documentos se encuentre encriptada y pueda ser accedida por ambos SO. Tambi?n que la encripci?n y desencripci?n sea autom?tica. Se que PGP tiene esta funcionalidad pero la licencia es excesivamente cara. Saludos, Hern?n El 3/06/05, Youssef Aoun escribi?: > Eso es de Juan Neufeld > > -------- Original Message -------- > Subject: RE: 1er contacto > Date: Fri, 3 Jun 2005 14:06:22 -0300 > From: Juan Neufeld > To: Youssef Aoun > > Hola: > Soy Juan Carlos Neufeld de Buenos Aires, Argentina. > Hoy me incorpor? al gnupg-users group. > > Por favor hazle llegar mi email a "Hernan Constante", porque no figuraba > su email". > > Muchas gracias. > > -----Mensaje original----- > De: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] > En nombre de Youssef Aoun > Enviado el: Viernes, 03 de Junio de 2005 12:23 > Para: Hernan Costante > CC: gnupg-users@gnupg.org > Asunto: Re: 1er contacto > > Hola, > Ma llamo Youssef (Jose en espanol), soy Libanes y hablo espanol. > Me encantare comunicar con usted en su idioma. > > Hastal luego. > > Cordialmente, > Youssef Aoun > > /* AOUN Youssef - 3eme annee ENST Bretagne */ > /* Technopole Brest Iroise - CS83818 */ > /* 29238 Brest Cedex 3 - France */ > /* Tel: 0033 2 29 00 17 35 - Mobile: 0033 6 60 36 69 71 */ > /* youssef.aoun@enst-bretagne.fr ; youssef.aoun@e-aoun.com */ > > Hernan Costante wrote: > > Buen dia. > > Ante todo me presento, mi nombre es Hernan soy Analista de seguridad. > > Primariamente me gustaria saber si hay gente que hable espa?ol. > > > > Mas adelante les consultare sobre unos proyectos que tengo en mente. > > > > Saludos, > > Hernan > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users@gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From youssef.aoun at gmail.com Fri Jun 3 19:35:02 2005 From: youssef.aoun at gmail.com (Youssef Aoun) Date: Fri Jun 3 19:31:16 2005 Subject: [Fwd: RE: 1er contacto] In-Reply-To: <5ca35d4050603102138557e6b@mail.gmail.com> References: <42A08FB1.2030201@gmail.com> <5ca35d4050603102138557e6b@mail.gmail.com> Message-ID: <42A094C6.6090602@gmail.com> Bueno, me parece interesente. Nunca utilise el GPG con windows. Pero digame. Cundo un sistema de fichero se incripte con el GPG, el sistema cambiara? Lo digo otramente: Podemos encriptir el EXT3 y el NTFS o hay un sistema propio al GPG que se sustitue los demas cundo empezaremos a encriptir? Cordialemente, Youssef Aoun Hernan Costante wrote: > Gracias! > yo soy de Capital Federal, Argentina. > > Les comento cual es una de mis ideas. > Actualmente trabajo con una notebook la cual tengo en una partici?n > WinXP y en otra un Debian, adem?s de estas tengo una partici?n m?s > grande en la cual tengo los documentos de trabajo. > Lo que estoy intentando hacer es que la partici?n en donde se > encuentran los documentos se encuentre encriptada y pueda ser accedida > por ambos SO. > Tambi?n que la encripci?n y desencripci?n sea autom?tica. > > Se que PGP tiene esta funcionalidad pero la licencia es excesivamente cara. > > Saludos, > Hern?n > > > El 3/06/05, Youssef Aoun escribi?: > >>Eso es de Juan Neufeld >> >>-------- Original Message -------- >>Subject: RE: 1er contacto >>Date: Fri, 3 Jun 2005 14:06:22 -0300 >>From: Juan Neufeld >>To: Youssef Aoun >> >>Hola: >>Soy Juan Carlos Neufeld de Buenos Aires, Argentina. >>Hoy me incorpor? al gnupg-users group. >> >>Por favor hazle llegar mi email a "Hernan Constante", porque no figuraba >>su email". >> >>Muchas gracias. >> >>-----Mensaje original----- >>De: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] >>En nombre de Youssef Aoun >>Enviado el: Viernes, 03 de Junio de 2005 12:23 >>Para: Hernan Costante >>CC: gnupg-users@gnupg.org >>Asunto: Re: 1er contacto >> >>Hola, >>Ma llamo Youssef (Jose en espanol), soy Libanes y hablo espanol. >>Me encantare comunicar con usted en su idioma. >> >>Hastal luego. >> >>Cordialmente, >>Youssef Aoun >> >>/* AOUN Youssef - 3eme annee ENST Bretagne */ >>/* Technopole Brest Iroise - CS83818 */ >>/* 29238 Brest Cedex 3 - France */ >>/* Tel: 0033 2 29 00 17 35 - Mobile: 0033 6 60 36 69 71 */ >>/* youssef.aoun@enst-bretagne.fr ; youssef.aoun@e-aoun.com */ >> >>Hernan Costante wrote: >> >>>Buen dia. >>>Ante todo me presento, mi nombre es Hernan soy Analista de seguridad. >>>Primariamente me gustaria saber si hay gente que hable espa?ol. >>> >>>Mas adelante les consultare sobre unos proyectos que tengo en mente. >>> >>>Saludos, >>>Hernan >>> >>>_______________________________________________ >>>Gnupg-users mailing list >>>Gnupg-users@gnupg.org >>>http://lists.gnupg.org/mailman/listinfo/gnupg-users >>> >> >>_______________________________________________ >>Gnupg-users mailing list >>Gnupg-users@gnupg.org >>http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From hawke at hawkesnest.net Fri Jun 3 19:40:18 2005 From: hawke at hawkesnest.net (Alex L. Mauer) Date: Fri Jun 3 19:39:03 2005 Subject: OpenPGP Smartcard Advantages In-Reply-To: <20050603162538.GA31877__17753.0745896094$1117816007$gmane$org@gondor.com> References: <20050411170810.GA4266@charter.net> <874qec8mhv.fsf__27628.76566635$1113292305$gmane$org@wheatstone.g10code.de> <20050603162538.GA31877__17753.0745896094$1117816007$gmane$org@gondor.com> Message-ID: Jan Niehusmann wrote: > I wondered if the card couldn't just erase itself completly when the > wrong Admin-PIN is entered three times. This would at least save the > card itself, which is worth some euros. But OTOH, just locking the card > is probably easier to implement in a safe way (it's an atomic operation > which can't be aborted by just turning of power, for example). That's a good idea. I think you could implement it safely, by making the card treat the "locked" status (zeroed pin retry counter?) as a flag that it should erase itself. Then, when it had erased itself and verified the erasure it could reset the pin retry counter (and possibly reset the admin PIN to default) That way, even if you abort it by turning off power, as soon as you apply power again the card either resumes or restarts the erasure process (depending on which is the best combination of speed and security). It seems to me that this is just as good as becoming permanently locked from a security standpoint, and better from a convenience stand point (if you forget/lose/corrupt the admin PIN, all you have to do is enter it wrong three times.) And in the case of a malicious host, you're better off in that you don't have to shell out for another card. -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. gpg/gpg key id: 51192FF2 @ subkeys.pgp.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050603/ecf21972/signature.pgp From hawke at hawkesnest.net Fri Jun 3 20:32:17 2005 From: hawke at hawkesnest.net (Alex L. Mauer) Date: Fri Jun 3 20:31:05 2005 Subject: Sign my key - Was (no subject) In-Reply-To: <42A08028.3020300__14370.9758449861$1117815287$gmane$org@roborooter.com> References: <4299082F.2020709@earthlink.net> <42A08028.3020300__14370.9758449861$1117815287$gmane$org@roborooter.com> Message-ID: Francis Gulotta wrote: > How do we know it's really yours or that you are really you? I'll accept > that this message was signed with it, but by signing you key it means I > have no doubt that it really does indeed belong to Dan Mundy. And I've > nver met him. I know this is rather controversial, but for a lot of people it doesn't matter if the person really is Dan Mundy, since Dan Mundy is just a string, and doesn't really have any inherent meaning attaching it to a physical entity. You can be *somewhat* sure that if you send an encrypted email to some address, and they respond to its contents, that someone who has access to that mailbox also knows the passphrase to the relevant key. Physically meeting someone doesn't prove that the keyholder hasn't shared the passphrase and private key. If there's a picture UID on the key and it matches the person that you physically meet, it doesn't prove that the person you met has the passphrase to the key, or that they have access to the mailbox associated with the key. With a photo ID, it can prove (to the extent that they have proven it to the ID issuer, i.e. not a whole lot) that the name on the key matches the person you've physically met. But if you interact primarily over the net, that doesn't really matter. There's a major missing link between the email address and the physical person at the meeting. For purposes of network addresses, I mostly couldn't care less if the person who uses the email address harob02@earthlink.net *actually* goes by the name, or is known to some government by the name Dan Mundy. What I do care about is that the same keyholder who signed this message, also signed that one, and I have some basis for believing they both came from the same person. And *that* is the important step. I can build up a level of trust based on the contents of messages signed by that key. If he starts spouting crap that is inconsistent with prior messages, I can lower my trust on the determination that his key has been compromised, or he's gone nuts, or he's changed his mind. But what he's actually named by his parents is totally irrelevant to that. If I was entering into some sort of contract with him, validating the government ID might start to matter so I could enlist some governmental aid in enforcing it, if it became necessary. But the more risk I'm taking in some contract, the less likely I am to trust any middle-men to have verified someone's identity. -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. gpg/gpg key id: 51192FF2 @ subkeys.pgp.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050603/51813abd/signature.pgp From pschott at drivefinancial.com Fri Jun 3 20:16:28 2005 From: pschott at drivefinancial.com (Peter Schott) Date: Fri Jun 3 20:59:20 2005 Subject: Corruption of KeyRing (possible WinPT related?) Message-ID: <4E28ECEE2E06784AA8921F82878C889E039CD288@DFSTXEXCH3.dfs.com> Running latest version of GPG on Windows XP. I will sometimes start my PC and when the WinPT program launches, I have a 0-byte pubring or secring. I have backups, but I am a little concerned that I could lose all of my keys due to some corruption or improper closing of the file. Has anyone else encountered this? Any suggestions on things I can do to help prevent this? Thanks. Peter A. Schott drive financial services Database Administrator p: 214.237.3567 c: 214.734.1792 f: 214.237.3495 email: pschott@drivefinancial.com ___________________________________________________________________________________ This e-mail is covered by the Electronic Communications Privacy Act, 18 U.S.C. Sections 2510-2521. The information contained in this e-mail is confidential and intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. This mail and any attachments have been scanned for viruses prior to leaving the Drive Financial Services network. Drive Financial Services will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. ___________________________________________________________________________________ From sjlopezb at hackindex.com Fri Jun 3 20:18:35 2005 From: sjlopezb at hackindex.com (=?ISO-8859-15?Q?Santiago_Jos=E9_L=F3pez_Borraz=E1s?=) Date: Fri Jun 3 21:08:58 2005 Subject: [Fwd: RE: 1er contacto] In-Reply-To: <42A094C6.6090602@gmail.com> References: <42A08FB1.2030201@gmail.com> <5ca35d4050603102138557e6b@mail.gmail.com> <42A094C6.6090602@gmail.com> Message-ID: <42A09EFB.3000903@hackindex.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 El 03/06/05 19:35, Youssef Aoun escribi?: > Bueno, me parece interesente. > Nunca utilise el GPG con windows. Yo lo utilizo desde que utilic? el PGP desde el a?o 1.999..as? que...mira. > Pero digame. Cundo un sistema de fichero se incripte con el GPG, el > sistema cambiara? Lo digo otramente: Podemos encriptir el EXT3 y el NTFS > o hay un sistema propio al GPG que se sustitue los demas cundo > empezaremos a encriptir? En un principio, no. El sistema operativo Linux tiene un sistema de encriptaci?n aparte al GnuPG(no recuerdo cu?l es el modo para la encriptaci?n del mismo, pero posiblemente sea con el GnuPG como t? mismo mencionas). - -- Slds... ICQ #117844560 Santiago Jos? L?pez Borraz?s(Milon) Miembro del Grupo A.H.E. Linux User: #206958 sjlopezb@yahoo.es milon@hackindex.com milon@hackindex.org PGP Key Public: 0xFD913988 0xD522C952 - -- Slds de Santiago Jos? L?pez Borraz?s. Admin de hackindex.com Conocimientos avanzados en seguridad inform?tica. Conocimientos avanzados en redes peque?as y grandes. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2rc1 (GNU/Linux) iQIVAwUBQqCe+7uF9/q6J55WAQrtjQ/9FxHoyLrgwvbowlZA0IUA0TG38lgEVVBl xYwoI/lOWk6yc8pOqzI9fV/aAN98TotkToorkITpiAx2JlDiSm5sHCGdPins2yz7 2B3KX4fQFB1wqHl3hgtB+ItmVoym9yX+zDQk7I/i98XaeOMIIoi0wiThxIgxjR7S lz7uTfFZzjCt5o9PTjuyWtwHZ2upCOTbO1FyaKRprrCdtfcXpbmjifmP+u+UUP4B GAIQVfz2fhGpyqxITRoxQC9ZdC6U/6OYdrCDar1bxlQI/uGu8Gq+6iTLF0Wfn7IO fRJKpRR6tz5o2FNOv0dyAJXp7j0iYFE16Q0RNF42uBRsNzmlovNL6mURCXYXeuFz dClvnj2RqTKGIytTkhVohWOZfVzOl3j8pwwFoZrpyvBmHhloz6uDx4vDjxHhnjjn tB+Y8ThSDqFdohMs9cqRq/n9BzrF80IdQ2sTfOJ1/RLF9ULV9Fm+Z4BUxmYyu9Sr 4SYzZvfpdVeFrgjY+9AeZ+QZStmqAlg9ZRbsD8fJC3dz8FHLCLEPb3FRMT+3PgWy RN7YcvcbS27/N9r2tuI+Y5jTUy61morXY7SgkUUL4rmrjG78iBSxGpCaA9SF4s1P QslYKaE/BAaAqB9a3Iscbx4g8I/mkA/JEpRTLahrLtDRmpbCbvvYbvDkq6Wqks0n wld/XhMdwiQ= =H3DY -----END PGP SIGNATURE----- From sjlopezb at hackindex.com Fri Jun 3 20:16:32 2005 From: sjlopezb at hackindex.com (=?ISO-8859-15?Q?Santiago_Jos=E9_L=F3pez_Borraz=E1s?=) Date: Fri Jun 3 21:09:06 2005 Subject: [Fwd: RE: 1er contacto] In-Reply-To: <5ca35d4050603102138557e6b@mail.gmail.com> References: <42A08FB1.2030201@gmail.com> <5ca35d4050603102138557e6b@mail.gmail.com> Message-ID: <42A09E80.4080205@hackindex.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 El 03/06/05 19:21, Hernan Costante escribi?: Jau: > Gracias! ;-)) > yo soy de Capital Federal, Argentina. Yo soy de Espa?a. Concretamente del Noroeste de Espa?a(Galicia). > Les comento cual es una de mis ideas. A ver... :) > Actualmente trabajo con una notebook la cual tengo en una partici?n > WinXP y en otra un Debian, adem?s de estas tengo una partici?n m?s > grande en la cual tengo los documentos de trabajo. Lo que estoy > intentando hacer es que la partici?n en donde se encuentran los > documentos se encuentre encriptada y pueda ser accedida por ambos SO. > Tambi?n que la encripci?n y desencripci?n sea autom?tica. De todo eso, no hay ning?n problema, todo sistema operativo puede ser posible y susceptible para no tener problemas gen?ricos a la hora de encriptar cualquier documento en una partici?n que se quiera(o incluso, si cabe m?s...pues guardarlo en un CD o DVD). > Se que PGP tiene esta funcionalidad pero la licencia es excesivamente > cara. No creo...GnuPG y PGP(en la versi?n Freeware), se pueden encriptar los ficheros y documentos generales SIN NING?N TIPO de limitaci?n. Yo no veo el problema... - -- Slds de Santiago Jos? L?pez Borraz?s. Admin de hackindex.com Conocimientos avanzados en seguridad inform?tica. Conocimientos avanzados en redes peque?as y grandes. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2rc1 (GNU/Linux) iQIVAwUBQqCef7uF9/q6J55WAQpOUA/9HAgCl1frRjAullpLie/MeRV/DBWlvX8v htsFW6D8dIofacuOwAtPUl2Iac1byTEkHr6NycsTcPNPR1NXGd9CAj6AacZL6DCB xUiOoUYijYjGx4zpYznthhmf3ze7qA8PrQ/fNbQklef72vSrLe4oDs04AdsMZ4yP 6907JEo1xAF4hu9gGG1s9t1ipyVW0rwAyPnqJ8wHghjy+IY9XzVypx3HFttvfmx5 UUf06sFSkTswX4Rj8bJ4pnQz8szkDladS7yRQh9hmreO/ff18o/U6AbKF5c8X5rz bg8VQwzZcj/7lK5jg7gSr96KYHetp4H3it2T+qY3NJzX4QfSRMkCuK8WbaPu4RRZ 815T0YHvAyO+bPsHrFIHWDfX5OPRuCfgmXWlU8QBRLE/z3f4qHHwWgEJut22jFgl xprD6OGkY3N9ATUyXfpGq2BrTis4LaYH3tFNY6aHIH2P0JYMSs02hbqsZI0fD+bX KvIrbqIHMSsHVUIAQnqbQZ2pklyCXwzEvOnyVH1tQqE+yeUIlhgqmjha6c+fYBQV UH+BKya41nFIJsQjNLkVDmZJfVjbpAk9VZQ/KdB2VjDntcMVxBucgLsnEcEVgNaM 116pEGauYs2FUI99/rFr+fMO+5A1p6x8qtzRxJgyh6oDXzyhD/EB9+EWBRmfQOGq H1LhyHsZg8Q= =wyXI -----END PGP SIGNATURE----- From harob02 at earthlink.net Fri Jun 3 22:26:40 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Fri Jun 3 22:22:24 2005 Subject: Sign my key - Was (no subject) Message-ID: <42A0BD00.3020407@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well I'm glad someone out there saw that message... Anyway I see your point about user identity. About those keysigning parties, I see you guys are nerds! Don't worry, so am I... Anyway, you can /choose/ to sign my key, but you don't really have to (obviously). Also, i think i'm finally beginning to understand mailing lists... Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCoLz8TbbnG4BhqDARAm2yAKDLv73GdPCd5P5KF3I7bcHzglBuLgCeIx+9 b0TM1vTn+EStx9t/wBqZvHI= =mEjj -----END PGP SIGNATURE----- From harob02 at earthlink.net Fri Jun 3 21:41:13 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Fri Jun 3 22:25:15 2005 Subject: Sign my key - Was (no subject) Message-ID: <6.0.0.22.2.20050603153016.01ee2138@pop.earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, I'm glad someone out there saw that message... anyway, now I've got the hang of these mailing lists! Alright, I understand that nobody really knows I'm Dan Mundy. But about key signing parties, you guys really are nerds! Oh well, I guess I am one too... Anyway, I've been spreading the word about gnupg, and hopefully some of my friends will get a key. In fact, I think by the end of the weekend, we will have a new guy, so to speak... Hope he joins this mailing list! Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) - GPGshell v3.44 iD8DBQFCoLJLTbbnG4BhqDARAg/DAKCDtq8YrX3zAly9qei5UidrhN7XJQCgmJVY CbAK3PB5GrIkT//iqGIlB4w= =V6WX -----END PGP SIGNATURE----- From harob02 at earthlink.net Fri Jun 3 22:39:07 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Fri Jun 3 22:34:45 2005 Subject: Mailing List Chaos!!! HELP!! Message-ID: <42A0BFEB.50408@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am very confused as to how to reply to a message and make it display as an indented response, for example, responses to the topic "Pref" at the beginning of the month. how do i do what David Shaw did? is it something with the subject line, like "Re:"? HELP!! thanks, Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCoL/nTbbnG4BhqDARAmCsAKCSxGqWxI25nF6Bd+pADqHPiSAoJACfeBd+ LS7F9vFON4QXyNSwAS1aaEY= =p5u/ -----END PGP SIGNATURE----- From erpo41 at hotpop.com Fri Jun 3 22:46:17 2005 From: erpo41 at hotpop.com (Erpo) Date: Fri Jun 3 22:41:42 2005 Subject: 1er contacto In-Reply-To: <5ca35d405060305435d00a13d@mail.gmail.com> References: <5ca35d405060305435d00a13d@mail.gmail.com> Message-ID: <1117831577.5133.14.camel@localhost.localdomain> On Fri, 2005-06-03 at 14:43 +0200, Hernan Costante wrote: > Buen dia. > Ante todo me presento, mi nombre es Hernan soy Analista de seguridad. > Primariamente me gustaria saber si hay gente que hable espa?ol. > > Mas adelante les consultare sobre unos proyectos que tengo en mente. > > Saludos, > Hernan Hola Hernan! Me llamo Eric y he tomado clases de espa?ol pero no tengo mucha experiencia en realidad. Ingl?s es mi primera idioma. Me gustar?a practicar y especialmente aprender mas palabras que tienen que ver con seguridad y computadoras. Entonces, si puedo ayudarle con algo, pregunte! Eric From firelan at gmail.com Fri Jun 3 22:50:39 2005 From: firelan at gmail.com (Hernan Costante) Date: Fri Jun 3 22:46:22 2005 Subject: 1er contacto In-Reply-To: <1117831577.5133.14.camel@localhost.localdomain> References: <5ca35d405060305435d00a13d@mail.gmail.com> <1117831577.5133.14.camel@localhost.localdomain> Message-ID: <5ca35d405060313506b769daf@mail.gmail.com> Muchas gracias, ya envie un mail explicando brevemente una de mis ideas. ** yo soy de Capital Federal, Argentina. Les comento cual es una de mis ideas. Actualmente trabajo con una notebook la cual tengo en una partici?n WinXP y en otra un Debian, adem?s de estas tengo una partici?n m?s grande en la cual tengo los documentos de trabajo. Lo que estoy intentando hacer es que la partici?n en donde se encuentran los documentos se encuentre encriptada y pueda ser accedida por ambos SO. Tambi?n que la encripci?n y desencripci?n sea autom?tica. Se que PGP tiene esta funcionalidad pero la licencia es excesivamente cara. ** Saludos! El 3/06/05, Erpo escribi?: > On Fri, 2005-06-03 at 14:43 +0200, Hernan Costante wrote: > > Buen dia. > > Ante todo me presento, mi nombre es Hernan soy Analista de seguridad. > > Primariamente me gustaria saber si hay gente que hable espa?ol. > > > > Mas adelante les consultare sobre unos proyectos que tengo en mente. > > > > Saludos, > > Hernan > > Hola Hernan! Me llamo Eric y he tomado clases de espa?ol pero no tengo > mucha experiencia en realidad. Ingl?s es mi primera idioma. > > Me gustar?a practicar y especialmente aprender mas palabras que tienen > que ver con seguridad y computadoras. Entonces, si puedo ayudarle con > algo, pregunte! > > Eric > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From mgeisler at mgeisler.net Fri Jun 3 20:29:40 2005 From: mgeisler at mgeisler.net (Martin Geisler) Date: Fri Jun 3 23:10:46 2005 Subject: Sign my key - Was (no subject) References: <4299082F.2020709@earthlink.net> <42A08028.3020300@roborooter.com> Message-ID: <87k6lb47l7.fsf@futtelifut.dyndns.org> Francis Gulotta writes: > I'd give you some links off hand (if I had any on hand) for how to > find any keysigning parties [...] Such as http://www.biglumber.com/ for example. -- Martin Geisler GnuPG Key: 0x7E45DD38 PHP EXIF Library | PHP Weather | PHP Shell http://pel.sf.net/ | http://phpweather.net/ | http://mgeisler.net/ Read/write EXIF data | Show current weather | A shell in a browser -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : /pipermail/attachments/20050603/96822fa6/attachment.pgp From harob02 at earthlink.net Fri Jun 3 23:18:17 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Fri Jun 3 23:14:01 2005 Subject: Help on Enigmail - Mozilla 1.7.7. with Win XPP Message-ID: <42A0C919.703@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Dear Dan > > Thanks for those answers. Thanks to help from this group, PGPNET > and PGP-basics on yahoo groups, I've progressed further > > Should I have other questions, I shall post them here > > Thanks again > > Subu You're very welcome, Subu. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCoMkWTbbnG4BhqDARAmttAKC2x13oOK1n2bEWp1KjWdljFTrJyQCgmwG9 IXzEDpoHLsZ4q/lWleHOLWU= =boBM -----END PGP SIGNATURE----- From erpo41 at hotpop.com Fri Jun 3 23:25:01 2005 From: erpo41 at hotpop.com (Erpo) Date: Fri Jun 3 23:20:26 2005 Subject: [Fwd: RE: 1er contacto] In-Reply-To: <5ca35d4050603102138557e6b@mail.gmail.com> References: <42A08FB1.2030201@gmail.com> <5ca35d4050603102138557e6b@mail.gmail.com> Message-ID: <1117833901.5133.39.camel@localhost.localdomain> On Fri, 2005-06-03 at 19:21 +0200, Hernan Costante wrote: > Gracias! > yo soy de Capital Federal, Argentina. > > Les comento cual es una de mis ideas. > Actualmente trabajo con una notebook la cual tengo en una partici?n > WinXP y en otra un Debian, adem?s de estas tengo una partici?n m?s > grande en la cual tengo los documentos de trabajo. > Lo que estoy intentando hacer es que la partici?n en donde se > encuentran los documentos se encuentre encriptada y pueda ser accedida > por ambos SO. > Tambi?n que la encripci?n y desencripci?n sea autom?tica. > > Se que PGP tiene esta funcionalidad pero la licencia es excesivamente cara. > > Saludos, > Hern?n Si le entiendo, lo que usted quiere no est? f?cil hacer. La problema est? que los documentors pueda ser accedida por ambos SO. Si su notebook tuviera solamente WinXP, pueda usar el sistema de fichero "NTFS". Con NTFS pueda mantener ficheros encriptados. Si su notebook tuviera solamente Linux, pueda usar "DM-Crypt" debajo de su sistema de fichero (por ejemplo EXT3 o ReiserFS). Con eso, todo del sistema est? encriptado incluyendo los nombres y fechas de creaci?n de los archivos. Pero Linux no puede escribir NTFS y WinXP no puede usar EXT3 ni DM-Crypt. Personas quien quieren guardar archivos accedida por ambos SO a menudo usan el sistema FAT32, pero eso no puede hacer encripci?n autom?tica. Entonces no s? como resolver esta problema f?cilmente. :( Si usted desea documentos encriptados, es posible que usted tendr? que cifrar cada uno con GPG cada tiempo desear?a usarlo. Eric From erpo41 at hotpop.com Fri Jun 3 23:31:59 2005 From: erpo41 at hotpop.com (Erpo) Date: Fri Jun 3 23:27:34 2005 Subject: cross-OS transparent encryption Message-ID: <1117834319.5133.46.camel@localhost.localdomain> The spanish thread on the list right now is revolving around the problem of sharing encrypted data between WinXP and Linux. The original poster wants to share a read/write partition between the two OSs on a laptop and have transparent encryption of the files on that partition. I said that NTFS will do this (windows only) as well as dm-crypt (linux only), but I'm stumped as far as cross-platform solutions with compatible on-disk formats. The only suggestion I could offer was to use FAT32 and manually encrypt and decrypt the files before using them (yuck). Any non-spanish-speakers have suggestions? Eric From harob02 at earthlink.net Sat Jun 4 00:42:01 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 00:37:45 2005 Subject: Mailing List Chaos!!! HELP!! In-Reply-To: <42A0C97F.7030506@spamcop.net> References: <42A0BFEB.50408@earthlink.net> <42A0C97F.7030506@spamcop.net> Message-ID: <42A0DCB9.7070708@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sean C. C. wrote: > Dan, When you click on the reply button it should automatically add > the "Re: " to the Subject. > > Dan Mundy said the following on 6/3/2005 4:39 PM: > > I am very confused as to how to reply to a message and make it > display as an indented response, for example, responses to the > topic "Pref" at the beginning of the month. > > how do i do what David Shaw did? is it something with the subject > line, like "Re:"? HELP!! > > thanks, > > Dan >> >> just testing different lines in my email program, please excuse 2 more of these messages!! thanks Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCoNy3TbbnG4BhqDARAgOoAJ9ZWHOUVC8rxqEXM+fJ4ctgJuLGIACgkshE Attk/KoDTKgM0Kusl24cBdg= =SYzb -----END PGP SIGNATURE----- From harob02 at earthlink.net Sat Jun 4 00:45:13 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 00:40:51 2005 Subject: Mailing List Chaos!!! HELP!! Message-ID: <42A0DD79.5040405@earthlink.net> here's just 1 more test of what i can posibly do!! please excuse me! From harob02 at earthlink.net Sat Jun 4 02:30:53 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 02:26:43 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing Message-ID: <42A0F63D.4040008@earthlink.net> hey all, i was wondering what the differences between conventional gpg clearsigning and pgp/mime signing are. which one's better for what? which should i use more often? please help me! thanks all, Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050603/bcc31435/signature.pgp From harob02 at earthlink.net Sat Jun 4 03:28:17 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 03:24:03 2005 Subject: [Fwd: Re: GnuPG Clearsign vs. PGP/MIME Signing] Message-ID: <42A103B1.5000805@earthlink.net> -------------- next part -------------- An embedded message was scrubbed... From: "Kiefer, Sascha" Subject: RE: GnuPG Clearsign vs. PGP/MIME Signing Date: Sat, 4 Jun 2005 03:19:31 +0200 Size: 1745 Url: /pipermail/attachments/20050603/83b0ced4/MIMESigning.mht From pt at radvis.nu Sat Jun 4 04:28:56 2005 From: pt at radvis.nu (Per Tunedal Casual) Date: Sat Jun 4 04:22:05 2005 Subject: Set date for signature to expire Message-ID: <6.2.1.2.2.20050604042533.03897ea0@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I want to sign keys with signatures having a limited life time. Can I set an expiration date when I sign a key? I often get a question if I want my signature to expire when the key expires, so far so good. I want to set a date of my own will. Per Tunedal Keyid: 0xAE053BE0 Fingerprint: D70D 9057 A985 4944 2191 995A 2D74 F09D AE05 3BE0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFCoRIDpPsTvNtsBX8RAlJ3AKCAatzYbH9rtqXzgTDL4wqIqsV1ZgCfT7Tf j5bKKEfwRZE2e1e3PhE5uNo= =jz/n -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Jun 4 04:36:17 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Jun 4 04:32:35 2005 Subject: Set date for signature to expire In-Reply-To: <6.2.1.2.2.20050604042533.03897ea0@localhost> References: <6.2.1.2.2.20050604042533.03897ea0@localhost> Message-ID: <20050604023617.GD5017@jabberwocky.com> On Sat, Jun 04, 2005 at 04:28:56AM +0200, Per Tunedal Casual wrote: > Hi, > I want to sign keys with signatures having a limited life time. Can I set > an expiration date when I sign a key? > > I often get a question if I want my signature to expire when the key > expires, so far so good. I want to set a date of my own will. Set ask-cert-expire in yout gpg.conf or on the command line and you'll be asked when the key signature should expire. David From scc4fun at spamcop.net Sat Jun 4 08:26:01 2005 From: scc4fun at spamcop.net (Sean C. C.) Date: Sat Jun 4 09:09:01 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <42A0F63D.4040008@earthlink.net> References: <42A0F63D.4040008@earthlink.net> Message-ID: <42A14979.9050307@spamcop.net> Clearsigning is good because it allows anyone to verify the signature no matter what their system. Some people like to use the current window function of PGP and front-ends for GPG such as GPGshell. PGP/Mime is good for sending mail to many people some of whom have no idea of what PGP/GPG is. Using PGP/MIME the signature appears as an attachment as 'signature.asc'. For people who aren't interested in PGP they will probably never see the attachment. The down sides to PGP/MIME are that people who use Outlook and OE will not be able to see them correctly. They will see a blank email with two attachments: 1) the signature and 2) the actual message. DISCLAIMER: I'm still learning myself about PGP/GPG, so this may not be exactly how it really is. Dan Mundy said the following on 6/3/2005 8:30 PM: > hey all, > > i was wondering what the differences between conventional gpg > clearsigning and pgp/mime signing are. which one's better for what? > which should i use more often? please help me! > > thanks all, > > Dan > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/921a475b/signature.pgp From boldyrev+nospam at cgitftp.uiggm.nsc.ru Sat Jun 4 09:38:13 2005 From: boldyrev+nospam at cgitftp.uiggm.nsc.ru (Ivan Boldyrev) Date: Sat Jun 4 10:35:10 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing References: <42A0F63D.4040008__38442.869418259$1117845073$gmane$org@earthlink.net> Message-ID: <8c28n2-124.ln1@ibhome.cgitftp.uiggm.nsc.ru> On 9130 day of my life Dan Mundy wrote: > hey all, > > i was wondering what the differences between conventional gpg > clearsigning and pgp/mime signing are. which one's better for what? > which should i use more often? please help me! Clearsigning can be processed by recipient even if his mail client dosn't know anything about GPG/PGP. PGP/MIME needs mail client support. However, clearsigning has problem with attachments and charsets. You can't reconstruct charset of original message -- was it UTF-8, KOI8-R or windows-1251. PGP/MIME handles it gracefully. Clearsinged messages can be corrupted by transitional mail servers; PGP/MIME cannot. I prefer PGP/MIME. -- Ivan Boldyrev Tragedy of programmers is that computer is wonderful toy and programmers have to use it in their work. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available Url : /pipermail/attachments/20050604/7498f744/attachment.pgp From sk at intertivity.com Sat Jun 4 10:42:51 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Sat Jun 4 10:38:26 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <42A14979.9050307@spamcop.net> Message-ID: <006f01c568e1$654aac10$f500a8c0@HOME> Hmm. I just implemented RFC2015 3 days ago. The format of PGP/MIME described in that paper does not match the format you are using. Your mails start with a Content-Type of multipart/mixed and you declare The pgp data as attachments. But this is not true. Maybe I'm missing something, or your messages not pgp/smime encoded? I attached your mails (one signed, one encrypted) to this mail, so you can check to see what i mean. Regards, Sascha > -----Original Message----- > From: gnupg-users-bounces@gnupg.org > [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Sean C. C. > Sent: Samstag, 4. Juni 2005 08:26 > To: Dan Mundy; gnupg-users@gnupg.org > Subject: Re: GnuPG Clearsign vs. PGP/MIME Signing > > > Clearsigning is good because it allows anyone to verify the > signature no matter what their system. Some people like to > use the current window function of PGP and front-ends for GPG > such as GPGshell. PGP/Mime is good for sending mail to many > people some of whom have no idea of what PGP/GPG is. Using > PGP/MIME the signature appears as an attachment as > 'signature.asc'. For people who aren't interested in PGP they > will probably never see the attachment. The down sides to > PGP/MIME are that people who use Outlook and OE will not be > able to see them correctly. They will see a blank email with > two attachments: 1) the signature and > 2) the actual message. > > DISCLAIMER: I'm still learning myself about PGP/GPG, so this > may not be exactly how it really is. > > Dan Mundy said the following on 6/3/2005 8:30 PM: > > hey all, > > > > i was wondering what the differences between conventional gpg > > clearsigning and pgp/mime signing are. which one's better > for what? > > which should i use more often? please help me! > > > > thanks all, > > > > Dan > > > > > > > > > ---------------------------------------------------------------------- > > -- > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users@gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: test.b64 Type: application/octet-stream Size: 10162 bytes Desc: not available Url : /pipermail/attachments/20050604/b4d17d43/test.obj From twoaday at freakmail.de Sat Jun 4 11:28:39 2005 From: twoaday at freakmail.de (Timo Schulz) Date: Sat Jun 4 11:30:57 2005 Subject: Corruption of KeyRing (possible WinPT related?) In-Reply-To: <4E28ECEE2E06784AA8921F82878C889E039CD288@DFSTXEXCH3.dfs.com> References: <4E28ECEE2E06784AA8921F82878C889E039CD288@DFSTXEXCH3.dfs.com> Message-ID: <20050604092839.GA384@daredevil.joesixpack.net> On Fri Jun 03 2005; 13:16, Peter Schott wrote: > I will sometimes start my PC and when the WinPT program launches, I have > a 0-byte pubring or secring. I have backups, but I am a little I heard about this problem one or two times, but fact is that WinPT never writes to the keyring directly. The backup is also a one-way process which means: the pubring.gpg is copied to pubring-bak.gpg but not vice versa. > concerned that I could lose all of my keys due to some corruption or > improper closing of the file. What GPG version you use (1.4.1)? Timo From johanw at vulcan.xs4all.nl Sat Jun 4 11:36:30 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sat Jun 4 11:32:04 2005 Subject: How to delete superceded self signatures? Message-ID: <200506040936.j549aUMS003970@vulcan.xs4all.nl> Hallo, When I check my own key, I see this: vulcan:~> gpg --edit-key 9E8C5DDF Command> check uid Johan Wevers sig!3 9E8C5DDF 2005-06-03 [self-signature] sig! 434ABDAD 2000-08-11 Zenon Panoussis sig! FB64FCB3 2000-08-20 sig! D96CE99D 2000-08-20 Eric Veldhuyzen sig! 05C6DB7B 2001-02-22 Karin Spaink sig! 0D751CE3 2002-10-15 Lachlan Mann sig! 4699CDCE 2002-10-29 Lachlan R Mann sig!3 9E8C5DDF 2000-08-11 [self-signature] sig!3 9E8C5DDF 2000-08-11 [self-signature] sig!3 9E8C5DDF 2000-08-11 [self-signature] sig!3 9E8C5DDF 2000-08-11 [self-signature] uid Johan Wevers sig!3 9E8C5DDF 2005-06-03 [self-signature] sig! FB64FCB3 2000-08-20 sig! D96CE99D 2000-08-20 Eric Veldhuyzen sig!3 9E8C5DDF 2000-08-11 [self-signature] sig!3 9E8C5DDF 2000-08-11 [self-signature] sig!3 9E8C5DDF 2000-08-11 [self-signature] sig!3 9E8C5DDF 2000-08-11 [self-signature] 1 signature not checked due to a missing key I want to delete some of these self signatures. (probably 3 of the 4 on the creation date are useless anyway). I see 4 signatures dated on the creation date of the key. I'm not sure how I got them; do you get a new one if you change your preferences list (yesterday I added bzip2 as supported compression algo, the upper selfsig shows that date)? I want to export the key clean, but keep the signatures of the other people who signed it. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From erpo41 at hotpop.com Sat Jun 4 12:31:13 2005 From: erpo41 at hotpop.com (Erpo) Date: Sat Jun 4 12:26:37 2005 Subject: [Fwd: RE: 1er contacto] In-Reply-To: <5ca35d4050603102138557e6b@mail.gmail.com> References: <42A08FB1.2030201@gmail.com> <5ca35d4050603102138557e6b@mail.gmail.com> Message-ID: <1117881073.4873.7.camel@localhost.localdomain> On Fri, 2005-06-03 at 19:21 +0200, Hernan Costante wrote: > Gracias! > yo soy de Capital Federal, Argentina. > > Les comento cual es una de mis ideas. > Actualmente trabajo con una notebook la cual tengo en una partici?n > WinXP y en otra un Debian, adem?s de estas tengo una partici?n m?s > grande en la cual tengo los documentos de trabajo. > Lo que estoy intentando hacer es que la partici?n en donde se > encuentran los documentos se encuentre encriptada y pueda ser accedida > por ambos SO. > Tambi?n que la encripci?n y desencripci?n sea autom?tica. > > Se que PGP tiene esta funcionalidad pero la licencia es excesivamente cara. Pregunt? en Ingl?s y Zeljko Vrba sugiri? "BestCrypt". No est? software libre y no est? grat?z, pero me parece que puede hacer que usted quiere. http://www.jetico.com/ Eric From harob02 at earthlink.net Sat Jun 4 14:21:18 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 14:17:19 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <006f01c568e1$654aac10$f500a8c0@HOME> References: <006f01c568e1$654aac10$f500a8c0@HOME> Message-ID: <42A19CBE.90407@earthlink.net> Kiefer, Sascha wrote: >Hmm. >I just implemented RFC2015 3 days ago. >The format of PGP/MIME described in that paper does not match the format >you are using. >Your mails start with a Content-Type of multipart/mixed and you declare >The pgp data as attachments. But this is not true. >Maybe I'm missing something, or your messages not pgp/smime encoded? >I attached your mails (one signed, one encrypted) to this mail, >so you can check to see what i mean. > >Regards, >Sascha > > yeah, i noticed that sean didn't have any attachments, even though enigmail recognized his signature alright. that's kind of strange. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/6420b520/signature.pgp From harob02 at earthlink.net Sat Jun 4 14:28:49 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 14:24:40 2005 Subject: Mailing List Chaos!!! HELP!! In-Reply-To: <87fyvy1hxt.fsf@futtelifut.dyndns.org> References: <42A0DD79.5040405@earthlink.net> <87fyvy1hxt.fsf@futtelifut.dyndns.org> Message-ID: <42A19E81.6090402@earthlink.net> Martin Geisler wrote: >Dan Mundy writes: > > > >>here's just 1 more test of what i can posibly do!! please excuse me! >> >> > >Please stop using a public mailinglist for your tests! You will fill >the archives with nonsense, and bother other people. > >I believe you had a problem with getting your replies to nest properly >in the right thread. This is achived automatically by your mail >program when it inserts a References header. > >You shouldn't have to do anything to make it work, the 'Re: ' part of >the subject line doesn't make any difference, it's just a convention. > >Also, if you're having trouble understanding how the mailinglist >works, then try using the news interface instead. This can be found at > > http://dir.gmane.org/gmane.comp.gnu.gnupg.users > > > sorry about this, martin, my tests are finished. you and everyone else will not be bothered by my tests anymore. i am terribly sorry for the cluttering of everyone's inboxes! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/4acc3ae0/signature.pgp From harob02 at earthlink.net Sat Jun 4 14:58:58 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 14:54:54 2005 Subject: cross-OS transparent encryption In-Reply-To: <1117834319.5133.46.camel@localhost.localdomain> References: <1117834319.5133.46.camel@localhost.localdomain> Message-ID: <42A1A592.7020900@earthlink.net> Erpo wrote: >The spanish thread on the list right now is revolving around the problem >of sharing encrypted data between WinXP and Linux. The original poster >wants to share a read/write partition between the two OSs on a laptop >and have transparent encryption of the files on that partition. > >I said that NTFS will do this (windows only) as well as dm-crypt (linux >only), but I'm stumped as far as cross-platform solutions with >compatible on-disk formats. The only suggestion I could offer was to use >FAT32 and manually encrypt and decrypt the files before using them >(yuck). Any non-spanish-speakers have suggestions? > > >Eric > > what is the device name of his windows partition? i have found a way to mount windows partitions in linux at startup. as root, gedit /etc/fstab. add a line like this just before the swap line: /dev/hda1 /win auto auto,user,exec,rw,async 0 0 create a folder named /win, and reboot. on the gnome desktop there should be a drive with the title 'win'. next, configure whatever you need to run off /win. This is how i manage windows files in linux. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/6e7817da/signature.pgp From harob02 at earthlink.net Sat Jun 4 15:20:07 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 15:20:18 2005 Subject: How to delete superceded self signatures? In-Reply-To: <200506040936.j549aUMS003970@vulcan.xs4all.nl> References: <200506040936.j549aUMS003970@vulcan.xs4all.nl> Message-ID: <42A1AA87.9010304@earthlink.net> i was wondering this too, as here is my verbose key: pub 1024D/8061A830 2005-04-26 uid Dan Mundy sig sig 8061A830 2005-04-26 __________ __________ [selfsig] sig sig3 8061A830 2005-05-28 __________ __________ [selfsig] sig sig3 8061A830 2005-05-28 __________ __________ [selfsig] sig sig3 8061A830 2005-05-29 __________ __________ [selfsig] sig revok 8061A830 2005-06-04 __________ __________ [selfsig] uid Dan Mundy (***OFFICIAL KEY***) sig sig3 8061A830 2005-05-28 __________ __________ [selfsig] sig sig3 8061A830 2005-05-29 __________ __________ [selfsig] uid Dan Mundy (*USE THIS KEY FOR ENCRYPTION*) sig sig3 8061A830 2005-05-28 __________ __________ [selfsig] sig revok 8061A830 2005-06-04 __________ __________ [selfsig] sub 1024g/1FB12F1F 2005-04-26 sig sbind 8061A830 2005-04-26 __________ __________ [] even though i revoked, removed, and otherwise annihilated my other uids, then uploaded the key to the Keyserver, the revoked ones still appear. why don't they just go away?! Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/0a8625cd/signature.pgp From sk at intertivity.com Sat Jun 4 15:35:47 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Sat Jun 4 15:31:18 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <42A19CBE.90407@earthlink.net> Message-ID: <009f01c5690a$5170e5f0$f500a8c0@HOME> Hmmm... No, i think sean is also false. The last mail form ivan boldyrev is encoded right! > -----Original Message----- > From: Dan Mundy [mailto:harob02@earthlink.net] > Sent: Samstag, 4. Juni 2005 14:21 > To: sk@intertivity.com > Cc: gnupg-users@gnupg.org > Subject: Re: GnuPG Clearsign vs. PGP/MIME Signing > > > Kiefer, Sascha wrote: > > >Hmm. > >I just implemented RFC2015 3 days ago. > >The format of PGP/MIME described in that paper does not match the > >format you are using. Your mails start with a Content-Type of > >multipart/mixed and you declare The pgp data as attachments. > But this > >is not true. Maybe I'm missing something, or your messages not > >pgp/smime encoded? I attached your mails (one signed, one > encrypted) to > >this mail, so you can check to see what i mean. > > > >Regards, > >Sascha > > > > > yeah, i noticed that sean didn't have any attachments, even > though enigmail recognized his signature alright. that's > kind of strange. > From dshaw at jabberwocky.com Sat Jun 4 15:44:50 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Jun 4 15:41:01 2005 Subject: How to delete superceded self signatures? In-Reply-To: <200506040936.j549aUMS003970@vulcan.xs4all.nl> References: <200506040936.j549aUMS003970@vulcan.xs4all.nl> Message-ID: <20050604134450.GA19397@jabberwocky.com> On Sat, Jun 04, 2005 at 11:36:30AM +0200, Johan Wevers wrote: > Hallo, > > When I check my own key, I see this: > > vulcan:~> gpg --edit-key 9E8C5DDF > Command> check > uid Johan Wevers > sig!3 9E8C5DDF 2005-06-03 [self-signature] > sig! 434ABDAD 2000-08-11 Zenon Panoussis > sig! FB64FCB3 2000-08-20 > sig! D96CE99D 2000-08-20 Eric Veldhuyzen > sig! 05C6DB7B 2001-02-22 Karin Spaink > sig! 0D751CE3 2002-10-15 Lachlan Mann > sig! 4699CDCE 2002-10-29 Lachlan R Mann > sig!3 9E8C5DDF 2000-08-11 [self-signature] > sig!3 9E8C5DDF 2000-08-11 [self-signature] > sig!3 9E8C5DDF 2000-08-11 [self-signature] > sig!3 9E8C5DDF 2000-08-11 [self-signature] > uid Johan Wevers > sig!3 9E8C5DDF 2005-06-03 [self-signature] > sig! FB64FCB3 2000-08-20 > sig! D96CE99D 2000-08-20 Eric Veldhuyzen > sig!3 9E8C5DDF 2000-08-11 [self-signature] > sig!3 9E8C5DDF 2000-08-11 [self-signature] > sig!3 9E8C5DDF 2000-08-11 [self-signature] > sig!3 9E8C5DDF 2000-08-11 [self-signature] > 1 signature not checked due to a missing key > > I want to delete some of these self signatures. (probably 3 of the 4 on the > creation date are useless anyway). I see 4 signatures dated on the creation > date of the key. I'm not sure how I got them; do you get a new one if you > change your preferences list (yesterday I added bzip2 as supported > compression algo, the upper selfsig shows that date)? I want to export the > key clean, but keep the signatures of the other people who signed it. Funny you should mention that.... Install the 1.4.2 release candidate, do --edit-key and then "clean sigs". This is a new feature in 1.4.2, and I'm still playing around with ways to tie it into export and import (optionally). Anyway, if you do "clean sigs", it'll strip any superceded sigs. David From harob02 at earthlink.net Sat Jun 4 16:19:39 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 16:16:34 2005 Subject: How to install your GPG keys to a USB dongle for Windows In-Reply-To: <4299BA77.6010308@earthlink.net> References: <4299BA77.6010308@earthlink.net> Message-ID: <42A1B87B.2090605@earthlink.net> > i had just the opposite problem. i can't find any kind of a linux > driver for my USB drive. I have since figured out how to mount my USB drive in linux, and have edited linux's gpg.conf to accommodate for that. Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/577fd625/signature.pgp From harob02 at earthlink.net Sat Jun 4 16:42:59 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sat Jun 4 16:39:55 2005 Subject: How to delete superceded self signatures? In-Reply-To: <20050604134450.GA19397@jabberwocky.com> References: <200506040936.j549aUMS003970@vulcan.xs4all.nl> <20050604134450.GA19397@jabberwocky.com> Message-ID: <42A1BDF3.2000806@earthlink.net> David Shaw wrote: > Funny you should mention that.... Install the 1.4.2 release > candidate, do --edit-key and then "clean sigs". This is a new feature > in 1.4.2, and I'm still playing around with ways to tie it into export > and import (optionally). > > Anyway, if you do "clean sigs", it'll strip any superceded sigs. > > David after reading this message, i compiled gpg 1.4.2rc1 and it cleaned out my extra sigs just like you said, but it didn't get rid of them on the keyserver. promptly after cleaning my sigs, i uploaded my key to the server, then downloaded it from the same server. the unwanted sigs still came in. gpg or pgp or somebody should figure out a way for people to delete keys or certain parts of them from all the keyservers! Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/09e333ba/signature-0001.pgp From dshaw at jabberwocky.com Sat Jun 4 16:48:05 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Jun 4 16:44:14 2005 Subject: How to delete superceded self signatures? In-Reply-To: <42A1AA87.9010304@earthlink.net> References: <200506040936.j549aUMS003970@vulcan.xs4all.nl> <42A1AA87.9010304@earthlink.net> Message-ID: <20050604144805.GB19397@jabberwocky.com> On Sat, Jun 04, 2005 at 09:20:07AM -0400, Dan Mundy wrote: > even though i revoked, removed, and otherwise annihilated my other uids, > then uploaded the key to the Keyserver, the revoked ones still appear. > why don't they just go away?! Keyservers do not have the ability to verify signatures (no crypto at all, in fact), and thus cannot do anything other than store all packets. This is why they never go away on keyservers. David From mnman at pd.jaring.my Sat Jun 4 17:04:16 2005 From: mnman at pd.jaring.my (omn) Date: Sat Jun 4 17:03:35 2005 Subject: subpacket of type 20 has critical bit set Message-ID: <04281018.20050604230416@pd.jaring.my> Hi, Just installed GnuPG 1.4.2 rc1 to my Win ME. When I update trust db, I receive following message: gpg: subpacket of type 20 has critical bit set. What does this means ? TIA. -- Best regards, omn From mgeisler at mgeisler.net Sat Jun 4 16:18:18 2005 From: mgeisler at mgeisler.net (Martin Geisler) Date: Sat Jun 4 17:05:34 2005 Subject: How to delete superceded self signatures? References: <200506040936.j549aUMS003970@vulcan.xs4all.nl> <42A1AA87.9010304@earthlink.net> Message-ID: <87k6lanr2t.fsf@futtelifut.dyndns.org> Dan Mundy writes: > even though i revoked, removed, and otherwise annihilated my other > uids, then uploaded the key to the Keyserver, the revoked ones still > appear. why don't they just go away?! I think you've just discovered a feature of the keyservers: they don't delete stuff, they will only append new signatures and in your case new revocation certificates. So you cannot delete a key from the keyservers, you can only mark it as revoked by uploading it with a revocation certificate. Similarly I believe you cannot delete a user id, you can just make it unusable by revoking the self signature on it. (This how I think things work --- please correct me if I'm wrong.) -- Martin Geisler GnuPG Key: 0x7E45DD38 PHP EXIF Library | PHP Weather | PHP Shell http://pel.sf.net/ | http://phpweather.net/ | http://mgeisler.net/ Read/write EXIF data | Show current weather | A shell in a browser -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : /pipermail/attachments/20050604/21f5952d/attachment.pgp From erpo41 at hotpop.com Sat Jun 4 19:03:57 2005 From: erpo41 at hotpop.com (Erpo) Date: Sat Jun 4 18:59:16 2005 Subject: cross-OS transparent encryption In-Reply-To: <42A1A592.7020900@earthlink.net> References: <1117834319.5133.46.camel@localhost.localdomain> <42A1A592.7020900@earthlink.net> Message-ID: <1117904637.4910.5.camel@localhost.localdomain> On Sat, 2005-06-04 at 08:58 -0400, Dan Mundy wrote: > i have found a way to > mount windows partitions in linux at startup. He's already doing this. Now he wants his system to automatically encrypt every file before it's written to that partition, and decrypt every file every time an application tries to read it in either OS. DM-Crypt does this for Linux, and NTFS has this capability in windows, but AFAIK there's no cross-platform solution. Linux doesn't have NTFS write support (let alone NTFS encryption support) and Windows certainly won't touch a DM-Crypt'd partition. Someone else suggested Bestcrypt and I passed that on, but it's neither Free software nor freeware. Eric From dshaw at jabberwocky.com Sun Jun 5 00:57:51 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Jun 5 00:54:05 2005 Subject: subpacket of type 20 has critical bit set In-Reply-To: <04281018.20050604230416@pd.jaring.my> References: <04281018.20050604230416@pd.jaring.my> Message-ID: <20050604225751.GC19397@jabberwocky.com> On Sat, Jun 04, 2005 at 11:04:16PM +0800, omn wrote: > Hi, > > Just installed GnuPG 1.4.2 rc1 to my Win ME. > When I update trust db, I receive following message: > gpg: subpacket of type 20 has critical bit set. > > What does this means ? TIA. Subpacket 20 is a signature notation. What that error means is that someone put in a signature notation that GnuPG doesn't understand (it only understands one notation - the PGP/MIME vs partitioned one that the pgp.com folks use). Since the notation was marked as critical, this means that GnuPG will reject the signature. David From dshaw at jabberwocky.com Sun Jun 5 01:00:12 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Jun 5 00:56:21 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <42A0F63D.4040008@earthlink.net> References: <42A0F63D.4040008@earthlink.net> Message-ID: <20050604230012.GD19397@jabberwocky.com> On Fri, Jun 03, 2005 at 08:30:53PM -0400, Dan Mundy wrote: > hey all, > > i was wondering what the differences between conventional gpg > clearsigning and pgp/mime signing are. which one's better for what? > which should i use more often? please help me! When at all possible, use PGP/MIME. It's automatically handles all of the little fussy things that cause signatures to become invalid after being mailed. Plus, it handles attachments. Plus, it handles character sets that aren't US-ASCII. Plus, plus, plus. David From dshaw at jabberwocky.com Sun Jun 5 01:01:27 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Jun 5 00:57:37 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <006f01c568e1$654aac10$f500a8c0@HOME> References: <42A14979.9050307@spamcop.net> <006f01c568e1$654aac10$f500a8c0@HOME> Message-ID: <20050604230127.GE19397@jabberwocky.com> On Sat, Jun 04, 2005 at 10:42:51AM +0200, Kiefer, Sascha wrote: > Hmm. > I just implemented RFC2015 3 days ago. > The format of PGP/MIME described in that paper does not match the format > you are using. > Your mails start with a Content-Type of multipart/mixed and you declare > The pgp data as attachments. But this is not true. > Maybe I'm missing something, or your messages not pgp/smime encoded? > I attached your mails (one signed, one encrypted) to this mail, > so you can check to see what i mean. Possibly the confusion is that RFC-2015 was updated by RFC-3156. You should do things the 3156 way. David From harob02 at earthlink.net Sun Jun 5 01:03:24 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sun Jun 5 00:59:45 2005 Subject: cross-OS transparent encryption In-Reply-To: <1117904637.4910.5.camel@localhost.localdomain> References: <1117834319.5133.46.camel@localhost.localdomain> <42A1A592.7020900@earthlink.net> <1117904637.4910.5.camel@localhost.localdomain> Message-ID: <42A2333C.6090909@earthlink.net> Erpo wrote: > He's already doing this. Now he wants his system to automatically > encrypt every file before it's written to that partition, and decrypt > every file every time an application tries to read it in either OS. > DM-Crypt does this for Linux, and NTFS has this capability in windows, > but AFAIK there's no cross-platform solution. Linux doesn't have NTFS > write support (let alone NTFS encryption support) and Windows certainly > won't touch a DM-Crypt'd partition. > > Someone else suggested Bestcrypt and I passed that on, but it's neither > Free software nor freeware. > > > Eric i wonder if it's possible to format all your partitions with 2 filesystems. it would be cool to have an fs that's fat32 and ext3 at the same time, and it would solve hernan's difficulty. Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/cda9bb4b/signature.pgp From sk at intertivity.com Sun Jun 5 01:11:17 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Sun Jun 5 01:06:50 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <20050604230127.GE19397@jabberwocky.com> Message-ID: <000201c5695a$b75cc2d0$f500a8c0@HOME> Okay; That's this missing part. Thanks! Regards, Sascha > -----Original Message----- > From: gnupg-users-bounces@gnupg.org > [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of David Shaw > Sent: Sonntag, 5. Juni 2005 01:01 > To: gnupg-users@gnupg.org > Subject: Re: GnuPG Clearsign vs. PGP/MIME Signing > > > On Sat, Jun 04, 2005 at 10:42:51AM +0200, Kiefer, Sascha wrote: > > Hmm. > > I just implemented RFC2015 3 days ago. > > The format of PGP/MIME described in that paper does not match the > > format you are using. Your mails start with a Content-Type of > > multipart/mixed and you declare The pgp data as > attachments. But this > > is not true. Maybe I'm missing something, or your messages not > > pgp/smime encoded? I attached your mails (one signed, one > encrypted) > > to this mail, so you can check to see what i mean. > > Possibly the confusion is that RFC-2015 was updated by > RFC-3156. You should do things the 3156 way. > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From harob02 at earthlink.net Sun Jun 5 01:12:51 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sun Jun 5 01:08:47 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <20050604230012.GD19397@jabberwocky.com> References: <42A0F63D.4040008@earthlink.net> <20050604230012.GD19397@jabberwocky.com> Message-ID: <42A23573.1050404@earthlink.net> David Shaw wrote: > Plus, plus, plus. No minuses, though, i hope? Dan p.s. i have started using pgp/mime as a default. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/7c635be9/signature-0001.pgp From harob02 at earthlink.net Sun Jun 5 01:12:51 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sun Jun 5 01:09:06 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <20050604230012.GD19397@jabberwocky.com> References: <42A0F63D.4040008@earthlink.net> <20050604230012.GD19397@jabberwocky.com> Message-ID: <42A23573.1050404@earthlink.net> David Shaw wrote: > Plus, plus, plus. No minuses, though, i hope? Dan p.s. i have started using pgp/mime as a default. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/7c635be9/signature-0002.pgp From harob02 at earthlink.net Sun Jun 5 02:59:52 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sun Jun 5 02:57:00 2005 Subject: [Announce] First release candidate for GnuPG 1.4.2 available In-Reply-To: <873bs360ne.fsf__30182.3318623521$1117544410$gmane$org@wheatstone.g10code.de> References: <873bs360ne.fsf__30182.3318623521$1117544410$gmane$org@wheatstone.g10code.de> Message-ID: <42A24E88.2060909@earthlink.net> Werner Koch wrote: > Hi! > > We are pleased to announce the availability of a release candidate for > the forthcoming 1.4.2 version of gnupg: > ... > Please try it out and report any problems to the gnupg-devel or > gnupg-users list (http://www.gnupg.org/documentation/mailing-lists.html). compiled gnupg-1.4.2rc1 under RedHat Linux 9 no problems so far... just waiting for the Windows binary installer! I like the new clean sigs feature. it's very nice. Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/7bf5af92/signature.pgp From harob02 at earthlink.net Sun Jun 5 03:02:19 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Sun Jun 5 02:59:26 2005 Subject: [Announce] First release candidate for GnuPG 1.4.2 available In-Reply-To: <873bs360ne.fsf__30182.3318623521$1117544410$gmane$org@wheatstone.g10code.de> References: <873bs360ne.fsf__30182.3318623521$1117544410$gmane$org@wheatstone.g10code.de> Message-ID: <42A24F1B.9080609@earthlink.net> Found a problem!! Weird one though... when setting key trust with enigmail for Thunderbird, the openpgp management gives me an 'undefined error', but after this, it changes the trust as if nothing went wrong. I even was the light flashing on my USB drive, indicating file modification. Weird... So even though it worked, it said it didn't. AND Though it almost seemed to work, it REALLY IN EFFECT didn't. it still doesn't recognize trust changes anywhere but in the OpenPGP key management. when verifying sigs, it reports untrusted good sigs. not very nice. Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050604/f82b5fdc/signature.pgp From dshaw at jabberwocky.com Sun Jun 5 04:12:59 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Jun 5 04:09:22 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <42A23573.1050404@earthlink.net> References: <42A0F63D.4040008@earthlink.net> <20050604230012.GD19397@jabberwocky.com> <42A23573.1050404@earthlink.net> Message-ID: <20050605021259.GF19397@jabberwocky.com> On Sat, Jun 04, 2005 at 07:12:51PM -0400, Dan Mundy wrote: > David Shaw wrote: > > Plus, plus, plus. > > No minuses, though, i hope? One or two, yes. Mainly that there are programs out there that - even this many years later - don't understand it. Outlook is the chief culprit here. David From erpo41 at hotpop.com Sun Jun 5 06:55:01 2005 From: erpo41 at hotpop.com (Erpo) Date: Sun Jun 5 06:50:27 2005 Subject: formatting partitions with two filesystems Message-ID: <1117947301.5374.15.camel@localhost.localdomain> Someone emailed me rather than the list about a post I made regarding transparently encrypting filesystems. Due to a bug I just discovered in my mail client (Evolution 2.0.4) it would be a hassle to reply to that message. However, that person is on the list, so here is my reply: It is not possible for a partition to contain two separate filesystems simultaneously, at least in a way that allows two different OSs with no filesystems in common to share data. It is probably impossible to create even a useless partition that is formatted with two filesystems simultaneously. FAT32 serves this purpose well enough for sharing unencrypted data between linux and windows, although, as a side note, I hardly think this is an excuse for the vast array of poorly implemented NTFS drivers for linux and ext2/3 drivers for windows. What a mess! Even if a partition could somehow be treated as an ext3 filesystem and a FAT32 filesystem at the same time, it would not solve Hernan's problem because he requires transparent encryption from two OSs operating on a shared data storage area. Eric From oskar at rbgi.net Sun Jun 5 09:21:51 2005 From: oskar at rbgi.net (Oskar L.) Date: Sun Jun 5 09:18:09 2005 Subject: Set date for signature to expire In-Reply-To: <6.2.1.2.2.20050604042533.03897ea0@localhost> References: <6.2.1.2.2.20050604042533.03897ea0@localhost> Message-ID: <3392.213.169.2.77.1117956111.squirrel@mail.rbgi.net> "Per Tunedal Casual" wrote: > Hi, > I want to sign keys with signatures having a limited life time. Can I set > an expiration date when I sign a key? > > I often get a question if I want my signature to expire when the key > expires, so far so good. I want to set a date of my own will. Hi, May I ask why you, or anyone, would want to do this? If I get a public key with a signature from someone who's key I have verified and who I trust to check keys properly, then why should it matter to me if that signature has expired or not? It still means the same thing; that the person who signed it has verified the key she/he signed. Oskar From oskar at rbgi.net Sun Jun 5 09:40:05 2005 From: oskar at rbgi.net (Oskar L.) Date: Sun Jun 5 09:36:15 2005 Subject: Additional self-signature In-Reply-To: <6.2.1.2.2.20050604042533.03897ea0@localhost> References: <6.2.1.2.2.20050604042533.03897ea0@localhost> Message-ID: <3459.213.169.2.77.1117957205.squirrel@mail.rbgi.net> Hi, Using the release candidate for version 1.4.2, I imported my public and secret key, and just like with version 1.4.1 I got double self-signatures on it. I then deleted the first one, exported both keys, deleted my keyring, imported the keys, and the double self-signatures were still there. I then did the same again, only this time I deleted the second self-signature instead of the first, and this way I got rid of the extra self-signature. With another keypair it worked the other way; by deleting the first self-signature I got rid of it. I suspect that this depends on if you import the public or secret key first, and that this sets the order of the self-signatures. Anyway, is this the way it is meant to work? Would it not be better to have the additional self-signature automatically deleted when importing the keypair? Oskar From gpg.20.subu at spamgourmet.com Sun Jun 5 10:05:19 2005 From: gpg.20.subu at spamgourmet.com (gpg.20.subu@spamgourmet.com) Date: Sun Jun 5 10:01:13 2005 Subject: How to set word wrap in GPG ? Message-ID: <5313cd0905060501056e46983f@mail.gmail.com> Hi I'm sorry if I am repeating this question I use Win XPP, Mozilla 1.7.8 , Enigmail, GPG 1.4.1 My Mozilla word Wrap is set to 72 characters How do I set word wrap in GPG , Enigmail ? TIA subu From mgeisler at mgeisler.net Sun Jun 5 11:36:32 2005 From: mgeisler at mgeisler.net (Martin Geisler) Date: Sun Jun 5 12:04:30 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing References: <42A0F63D.4040008@earthlink.net> <20050604230012.GD19397@jabberwocky.com> <42A23573.1050404@earthlink.net> Message-ID: <87hdgdkuvz.fsf@futtelifut.dyndns.org> Dan Mundy writes: > David Shaw wrote: >> [... all nice features of PGP/MIME...] Plus, plus, plus. > > No minuses, though, i hope? The only thing I've come across is people using Outlook Express: they will see an empty mail with two attachments: your message as one attachment and the signature as another. I don't know how Outlook (not Express) handles things. -- Martin Geisler GnuPG Key: 0x7E45DD38 PHP EXIF Library | PHP Weather | PHP Shell http://pel.sf.net/ | http://phpweather.net/ | http://mgeisler.net/ Read/write EXIF data | Show current weather | A shell in a browser -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : /pipermail/attachments/20050605/ce6b060a/attachment.pgp From patrick at mozilla-enigmail.org Sun Jun 5 13:34:40 2005 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Sun Jun 5 13:40:37 2005 Subject: How to set word wrap in GPG ? In-Reply-To: <5313cd0905060501056e46983f__10032.1035170511$1117958860$gmane$org@mail.gmail.com> References: <5313cd0905060501056e46983f__10032.1035170511$1117958860$gmane$org@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 gpg.20.subu@spamgourmet.com wrote: > Hi > > I'm sorry if I am repeating this question > > I use Win XPP, Mozilla 1.7.8 , Enigmail, GPG 1.4.1 > > My Mozilla word Wrap is set to 72 characters > > How do I set word wrap in GPG , Enigmail ? You can't set any word wrapping in GPG or Enigmail. What's the problem with the 72 characters? - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCouNQ2KgHx8zsInsRAsoSAKDcqttzCvJk9R8AXePaGMjGjhTTzgCfZy2v kX5Me72fIp4d/c/wkntL8ug= =Cvfg -----END PGP SIGNATURE----- From sk at intertivity.com Sun Jun 5 13:45:30 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Sun Jun 5 13:41:06 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <20050604230127.GE19397@jabberwocky.com> Message-ID: <003701c569c4$14430450$f500a8c0@HOME> > Possibly the confusion is that RFC-2015 was updated by > RFC-3156. You should do things the 3156 way. > > David Well, as far as i see there is no difference between the MIME format of rfc2015 and rfc3156. So, what is right? RFC like: Content-Type: multipart/signed; micalg=pgp-md5 protocol="application/pgp-signature"; boundary=bar --bar Content-Type: text/plain; charset=us-ascii Test Message. --bar Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: PGP 8.1 iQA/AwUBQqI6/QInDejiptdCEQL7OwCgwhnncXMuL2gh4yzj8ZJryhGY0wsAoIof z6j0B4UwYiLW0zLeAbEUZiTf =F5ME -----END PGP MESSAGE----- --bar-- Or (enigmail like) Content-Type: multipart/mixed; boundary="foo" --foo Content-Type: text/plain; charset=us-ascii Test Message. --foo Content-Type: application/pgp-signature; name="signature.asc" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP MESSAGE----- Version: PGP 8.1 iQA/AwUBQqI6/QInDejiptdCEQL7OwCgwhnncXMuL2gh4yzj8ZJryhGY0wsAoIof z6j0B4UwYiLW0zLeAbEUZiTf =F5ME -----END PGP MESSAGE----- --foo-- Of cource, the best idea is to accept both. But what should i generate? Regards, Sascha -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1059 bytes Desc: not available Url : /pipermail/attachments/20050605/8564e28a/winmail.bin From patrick at mozilla-enigmail.org Sun Jun 5 14:29:48 2005 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Sun Jun 5 14:27:57 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <003701c569c4$14430450$f500a8c0__47713.1250351251$1117972199$gmane$org@HOME> References: <20050604230127.GE19397@jabberwocky.com> <003701c569c4$14430450$f500a8c0__47713.1250351251$1117972199$gmane$org@HOME> Message-ID: Kiefer, Sascha wrote: >>Possibly the confusion is that RFC-2015 was updated by >>RFC-3156. You should do things the 3156 way. >> >>David > > > Well, as far as i see there is no difference between the MIME format of > rfc2015 and rfc3156. > > So, what is right? > > RFC like: > > Content-Type: multipart/signed; micalg=pgp-md5 > protocol="application/pgp-signature"; boundary=bar > > --bar > Content-Type: text/plain; charset=us-ascii > > Test Message. > > --bar > Content-Type: application/pgp-signature > > -----BEGIN PGP MESSAGE----- > Version: PGP 8.1 > > iQA/AwUBQqI6/QInDejiptdCEQL7OwCgwhnncXMuL2gh4yzj8ZJryhGY0wsAoIof > z6j0B4UwYiLW0zLeAbEUZiTf > =F5ME > -----END PGP MESSAGE----- > > --bar-- > > > Or (enigmail like) What you showed was not Enigmail like. Rather it looks like you're missing the (embedded) pgp mime part created from mailman. Enigmail creates correct RFC 3156 messages. Look e.g. at Dan's last message: Content-Type: multipart/mixed; boundary="foo" --foo Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bar" --bar Content-Type: text/plain; charset=us-ascii Test Message. --bar Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- WHATEVER -----END PGP MESSAGE----- --bar-- --foo Some text from mailman --foo-- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050605/b3528810/signature.pgp From henkdebruijn at wanadoo.nl Sun Jun 5 14:44:06 2005 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Sun Jun 5 14:39:45 2005 Subject: Help with menumessages from gnupg and gpgrelay Message-ID: <115708714.20050605144406@wanadoo.nl> Hi all, Since a couple of days after starting the computer I get a message: Specify User ID for new key You need a User-ID to identify you key I have to fill in Forename and surname Email-Address Comment (optional) After hitting the cancel button (I already have a key) I get another message from gpgrelay: But there is evidence that you already had GPGrelay running with a filled keyring! GPGrelay will not clean up its settings in the registry to prevent data-loss! Check your settings of GnuPG and restart GPGrelay! Who can help me out? TIA I am using GPG 1.4.1. with GPGshell 3.42 and GPGrelay 0.959 -- cheers, Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.5 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust From pt at radvis.nu Sun Jun 5 18:18:31 2005 From: pt at radvis.nu (Per Tunedal Casual) Date: Sun Jun 5 18:13:03 2005 Subject: passphrase or random characters the safest In-Reply-To: <6.2.1.2.2.20050531231240.032c9068@localhost> References: <6.2.1.2.2.20050531231240.032c9068@localhost> Message-ID: <6.2.1.2.2.20050605180414.033dbfb8@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 23:13 2005-05-31, Per Tunedal Casual wrote: >`--------------------------------------------------------------------- >-- >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >At 20:58 2005-05-30, you wrote: > >"Roscoe" wrote: > > > >> Lets say there are about 100000 words in your dictionary. Lets > >> also > >> say there are about 100 different characters on your keyboard. > >> > >> Now for password of random characters we would need: > >> log(340282366920938463463374607431768211456)/log(100) 20 chars. > >> > >> For a password of random words we would need: > >> log(340282366920938463463374607431768211456)/log(100000) 8 words. > >> > >> So I'm going to have to disagree with your 5 words is better then > >> 20 > >> letters[1]. Even if we use a 500000 word dictionary (eg: the > >> number in > >> the OED) then thats still 7 words. > >> > >> Now, thats with randomly picked words. If you want to have some > >> coherence to your string of words then thats only going to > >> increase > >> the number of words needed. > > > >If you want to use words, then I would suggest that you select them > >from > >different languages. Then the attacker will have to use a very > >large > >dictionary, one containing all words from all languages, if she or > >he > >don't know or can't guess from witch languages you have selected > >your > >words. This kind of passphrase will still be relatively vulnerable > >to a > >brute force attack, since the attacker can limit the characters > >used in > >the attack to letters, so throwing in a few special characters > >between the > >words is a good idea. > > > >Oskar > > > > >Thank you Oskar for this idea - it's new to me. Increasing the search >space >by using several languages is a very easy way to improve the security >of a >passphrase or a collection of random words. Some one who wants to do >some >calculations? What about say 1, 2, 3, 4 and 5 languages. How many >random >words are needed to match a 128 bit key? > >Per Tunedal > I will answer my own question: Diceware contains 7776 short English words, abbreviations and easy-to-remember character strings. If you use 1 language: log2(7776)=log(7776)/log(2)=3,8908/0,3010=12,92 bits 128/12,92=9,9 words = 10 words If you use 2 languages: log2(2*7776)=log(15552)/log(2)=4,1918/0,3010=13,92 bits 128/13,92=9,9 words = 10 words If you use 3 languages: log2(3*7776)=log(23328)/log(2)=4,3679/0,3010=14,51 bits 128/14,51=8,8 words = 9 words If you use 4 languages: log2(4*7776)=log(31104)/log(2)=4,4928/0,3010=14,92 bits 128/14,92=8,6 words = 9 words If you use 5 languages: log2(5*7776)=log(38880)/log(2)=4,5897/0,3010=15,25 bits 128/15,25=8,4 words = 9 words Three languages and 9 words is the optimal choice. The creator of Diceware suggest a password corresponding to only 64 bits as a practical choice: "Of course, if you are worried about an organization that can break a seven word passphrase in order to read your e-mail, there are a number of other issues you should be concerned with -- such as how well you pay the team of armed guards that are protecting your computer 24 hours a day." 64 bits would give (after correcting calculations): 10 random characters including special characters. 11 random CAPS, small characters (a-z) and numbers (0-9). 13 random small characters (a-z) and numbers (0-9). 14 random small characters (a-z). 20 random numbers (0-9). 5 random Diceware-word (one language) An English phrase with 54 words. That's a convenient guide, isn't it! Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFCoyXUpPsTvNtsBX8RArjEAJ9OrKxtEbbGNKpfTdUBlJH9ieqvLgCdG2UH 6avzsQ4Ooks01djtsjgGW6E= =cfch -----END PGP SIGNATURE----- From gpg.20.subu at spamgourmet.com Sun Jun 5 18:40:40 2005 From: gpg.20.subu at spamgourmet.com (gpg.20.subu@spamgourmet.com) Date: Sun Jun 5 18:36:25 2005 Subject: How to set word wrap in GPG ? Message-ID: <5313cd0905060509401b4349f2@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Thanks for the reply Patrick Brunschwig - patrick@mozilla-enigmail.org wrote: > gpg.20.subu@spamgourmet.com wrote: > >> Hi > >> I'm sorry if I am repeating this question > >> I use Win XPP, Mozilla 1.7.8 , Enigmail, GPG 1.4.1 > >> My Mozilla word Wrap is set to 72 characters > >> How do I set word wrap in GPG , Enigmail ? > > > You can't set any word wrapping in GPG or Enigmail. What's the > problem with the 72 characters? Many a time I get bad signatures when I have long lines sticking out in the quoted text. This may just a coincidence, but I presently think otherwise. So I wish to be clear about the wrapping issue The way I look at it is ~~~~~~~~~~~~~~~~~~~~~~~ Step 1 - The message is signed as is (without wrapping), by enigmail + GPG Step 2 - then My Mozilla mailer wraps it - at 72 chars (or whatever ..) which means some spaces may be added / words may be broken etc - - and if steps 1 and 2 are sequential there is a chance that I'll get bad sigs on my posts Thanks Subu > > -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: key : http://www.geocities.com/mail_to_subu/pubkey.txt Comment: key : http://maniams2.tripod.com/Sign/pubkey.txt Comment: fingerprint 174E F2B0 C7D2 5AED 0FEC EE1D 686C D1C8 0BE4 6FA2 iD8DBQFCo0SdaGzRyAvkb6IRAjwUAKCBD12HLHrWLxq53P7ef/AR93FzTwCfbM2Z 2qL5I+HF+PEUSDSQcTCZ0vM= =3+EP -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Sun Jun 5 19:03:42 2005 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Sun Jun 5 19:00:04 2005 Subject: How to set word wrap in GPG ? In-Reply-To: <5313cd0905060509401b4349f2__40726.9859141254$1117989675$gmane$org@mail.gmail.com> References: <5313cd0905060509401b4349f2__40726.9859141254$1117989675$gmane$org@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 gpg.20.subu@spamgourmet.com wrote: > > Many a time I get bad signatures when I have long lines sticking out > in the quoted text. This may just a coincidence, but I presently think > otherwise. So I wish to be clear about the wrapping issue > > The way I look at it is > ~~~~~~~~~~~~~~~~~~~~~~~ > > Step 1 - The message is signed as is (without wrapping), by enigmail > + GPG > > Step 2 - then My Mozilla mailer wraps it - at 72 chars (or whatever > ...) which means some spaces may be added / words may be broken etc This should not happen. Enigmail wraps the text and then signs it -- at least if you didn't ignore the warning messages (they only appear 3 times). > - and if steps 1 and 2 are sequential there is a chance that I'll get > bad sigs on my posts Maybe you should disable composition of HTML messages by default, then this won't happen (Tools > Account Settings > Composition & Addressing). - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCozBs2KgHx8zsInsRAszeAJ4xk+K2cU5TYVSPm+fQ8q36AOvMJwCgt2JR 3RmggFNBLrjUCywV/BOF18s= =wdxV -----END PGP SIGNATURE----- From oskar at rbgi.net Mon Jun 6 00:39:08 2005 From: oskar at rbgi.net (Oskar L.) Date: Mon Jun 6 00:35:25 2005 Subject: Passphrase Encoding and Entropy In-Reply-To: <6.2.1.2.2.20050605180414.033dbfb8@localhost> References: <6.2.1.2.2.20050531231240.032c9068@localhost> <6.2.1.2.2.20050605180414.033dbfb8@localhost> Message-ID: <1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> Hi, If I'm not misinformed the passphrase can be encoded using different character sets. Can I in gpg change witch one is used, or does it depend on witch operating system I use? How does it affect the way you calculate entropy if a character is encoded using 16 or 24 bits (as some characters are in UTF-8) or as a 8-bit character, if at all? Also, let's say it is known that the characters in a passphrase has been selected from the 64 ASCII characters A-Z, a-z, 0-9, # and $. This will give each character an entropy of 6 bits (log2(64)), witch if I understand correctly means that 6 of the 8 bits used to represent the character are unknown. But can you in real life tell witch six, for example for the character A, witch in binary is 01000001? The first zero will of course be known, but is there a second known digit? Oskar From harob02 at earthlink.net Mon Jun 6 02:13:48 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Mon Jun 6 01:12:34 2005 Subject: How to set word wrap in GPG ? In-Reply-To: References: <5313cd0905060509401b4349f2__40726.9859141254$1117989675$gmane$org@mail.gmail.com> Message-ID: <42A3953C.90504@earthlink.net> Patrick Brunschwig wrote: > Maybe you should disable composition of HTML messages by default, then > this won't happen (Tools > Account Settings > Composition & Addressing). ...or you could use pgp/mime, which i normally use (i am at someone else's house, so i can't use it for this message...) Dan From harob02 at earthlink.net Mon Jun 6 02:16:38 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Mon Jun 6 01:20:00 2005 Subject: formatting partitions with two filesystems In-Reply-To: <1117947301.5374.15.camel@localhost.localdomain> References: <1117947301.5374.15.camel@localhost.localdomain> Message-ID: <42A395E6.3080207@earthlink.net> Erpo wrote: > Someone emailed me rather than the list about a post I made regarding > transparently encrypting filesystems. Due to a bug I just discovered in > my mail client (Evolution 2.0.4) it would be a hassle to reply to that > message. However, that person is on the list, so here is my reply: > > It is not possible for a partition to contain two separate filesystems > simultaneously, at least in a way that allows two different OSs with no > filesystems in common to share data. It is probably impossible to create > even a useless partition that is formatted with two filesystems > simultaneously. > > FAT32 serves this purpose well enough for sharing unencrypted data > between linux and windows, although, as a side note, I hardly think this > is an excuse for the vast array of poorly implemented NTFS drivers for > linux and ext2/3 drivers for windows. What a mess! > > Even if a partition could somehow be treated as an ext3 filesystem and a > FAT32 filesystem at the same time, it would not solve Hernan's problem > because he requires transparent encryption from two OSs operating on a > shared data storage area. > > > Eric i see... anyway, it was worth a try! i wasn't really serious, but on the off-chance something like that existed, i could find out how to use it, and so could hernan. Dan From unknown_kev_cat at hotmail.com Mon Jun 6 03:46:12 2005 From: unknown_kev_cat at hotmail.com (Anonymous) Date: Mon Jun 6 03:41:55 2005 Subject: Set date for signature to expire References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3392.213.169.2.77.1117956111.squirrel__18397.7765417241$1117956474$gmane$org@mail.rbgi.net> Message-ID: > May I ask why you, or anyone, would want to do this? If I get a public key > with a signature from someone who's key I have verified and who I trust to > check keys properly, then why should it matter to me if that signature has > expired or not? It still means the same thing; that the person who signed > it has verified the key she/he signed. Well if I know that the person is lazy, and keeps the key on an unsecure computer and it is likely that within one year the key will be compromized, I would sign with a one year expiration date. Basicly this indicates that the person that signed the key does not trust that the key will still be uncompromized after the date of expiration. From telegraph at gmx.net Mon Jun 6 13:56:55 2005 From: telegraph at gmx.net (Gregor Zattler) Date: Mon Jun 6 13:53:14 2005 Subject: First release candidate for GnuPG 1.4.2 available In-Reply-To: <42A24F1B.9080609@earthlink.net> Message-ID: <20050606115655.GJ5887@pit.ID-43118.user.dfncis.de> Hi Dan, * Dan Mundy [04. Jun. 2005]: > Found a problem!! Weird one though... > > when setting key trust with enigmail for Thunderbird, the openpgp > management gives me an 'undefined error', but after this, it changes the > trust as if nothing went wrong. I even was the light flashing on my USB > drive, indicating file modification. Weird... So even though it worked, > it said it didn't. > > AND > > Though it almost seemed to work, it REALLY IN EFFECT didn't. it still > doesn't recognize trust changes anywhere but in the OpenPGP key > management. when verifying sigs, it reports untrusted good sigs. not > very nice. Did you restart tunderbird or did you exec thunderbird --> Menu enigmail --> Submenu OpenPGP key management --> New Window: Menu File --> Submenu Reload Key Cache? Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- From mgeisler at mgeisler.net Mon Jun 6 13:48:58 2005 From: mgeisler at mgeisler.net (Martin Geisler) Date: Mon Jun 6 14:05:46 2005 Subject: Passphrase Encoding and Entropy References: <6.2.1.2.2.20050531231240.032c9068@localhost> <6.2.1.2.2.20050605180414.033dbfb8@localhost> <1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> Message-ID: <87br6jn1sl.fsf@futtelifut.dyndns.org> "Oskar L." writes: > Also, let's say it is known that the characters in a passphrase has > been selected from the 64 ASCII characters A-Z, a-z, 0-9, # and $. > This will give each character an entropy of 6 bits (log2(64)), witch > if I understand correctly means that 6 of the 8 bits used to > represent the character are unknown. But can you in real life tell > witch six, for example for the character A, witch in binary is > 01000001? The first zero will of course be known, but is there a > second known digit? When you have 64 different possibilities, all of equal likelyhood, then you can code them using 6 bit. This is what the entropy tells you. The fact that A in the 7-bit ASCII standard is 01000001 is just a coincedence --- they could just as well have put your chosen 64 characters into the lower 6 bits, and then have the other 64 available characters use the high bit. In general it doesn't change anything if you encode your message (a passphrase in your example) in a different encoding: the amount of information stays the same if you still just select your characters From the same subset. So making a passphrase of ASCII characters, and then encoding it using UTF-16 doesn't make it more secure. Sure, with UTF-16 gives you the potential to encode something like 2^16-1 characters, but to calculate the entropy you can disregard all characters which you will never choose. The formula for entropy explains this: H(X) = - sum_{i=1}^n p(i) * log_2(p(i)) Here the p(i)'s are the probability that your message will be "i". With a bigger space of possible messages (a bigger n) then the sum contains more terms, but if you still select your message from the same small set, then most of the terms will be zero. So if a message of value "j" is, say, a Chinese passphrase, then p(j) = 0 would mean that know that you'll never such a passphrase. And thus the term disappears from the sum (well, actually you get a problem with taking the logarighm of zerolet's not go into that). See http://en.wikipedia.org/wiki/Information_entropy for more on how to calculate the entropy, but I hope this helped a bit. -- Martin Geisler GnuPG Key: 0x7E45DD38 PHP EXIF Library | PHP Weather | PHP Shell http://pel.sf.net/ | http://phpweather.net/ | http://mgeisler.net/ Read/write EXIF data | Show current weather | A shell in a browser -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : /pipermail/attachments/20050606/5203313e/attachment.pgp From wk at gnupg.org Mon Jun 6 15:32:14 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 6 15:31:08 2005 Subject: Return codes in GnuPG In-Reply-To: <20050602183512.57027.qmail@web54305.mail.yahoo.com> (William Bradshaw's message of "Thu, 2 Jun 2005 11:35:12 -0700 (PDT)") References: <20050602183512.57027.qmail@web54305.mail.yahoo.com> Message-ID: <87wtp77grl.fsf@wheatstone.g10code.de> On Thu, 2 Jun 2005 11:35:12 -0700 (PDT), William Bradshaw said: > Does anyone have a listing of error/status codes > returned by GnuPG when attempting to decrypt files? See the description of status codes in doc/DETAILS. There are no specific error codes except for 0 = success and not 0 = some kind of failure. Shalom-Salam, Werner From wk at gnupg.org Mon Jun 6 15:35:20 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 6 15:36:03 2005 Subject: 1er contacto In-Reply-To: <42A075CD.80407@gmail.com> (Youssef Aoun's message of "Fri, 03 Jun 2005 17:22:53 +0200") References: <5ca35d405060305435d00a13d@mail.gmail.com> <42A075CD.80407@gmail.com> Message-ID: <87slzv7gmf.fsf@wheatstone.g10code.de> Hi, if you want me to create a Spanish speaking user list, just tell me along with a commitment to do some moderation. Salam-Shalom, Werner From wk at gnupg.org Mon Jun 6 15:42:49 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 6 15:41:03 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <003701c569c4$14430450$f500a8c0@HOME> (Sascha Kiefer's message of "Sun, 5 Jun 2005 13:45:30 +0200") References: <003701c569c4$14430450$f500a8c0@HOME> Message-ID: <87oeaj7g9y.fsf@wheatstone.g10code.de> On Sun, 5 Jun 2005 13:45:30 +0200, Kiefer, Sascha said: > Well, as far as i see there is no difference between the MIME format of > rfc2015 and rfc3156. Correct, 3156 has only minor clarifications. > So, what is right? > RFC like: > Content-Type: multipart/signed; micalg=pgp-md5 > protocol="application/pgp-signature"; boundary=bar Correct. > Or (enigmail like) > Content-Type: multipart/mixed; > boundary="foo" Wrong. IIRC this is a workaround due to problems with the Mozilla code. Enigmail users should nag the Mozilla hackers to provide a working and useful interface to MIME and don't hardcode S/MIME. > But what should i generate? The first of course. Shalom-Salam, Werner From wk at gnupg.org Mon Jun 6 15:46:17 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 6 15:46:03 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <87hdgdkuvz.fsf@futtelifut.dyndns.org> (Martin Geisler's message of "Sun, 05 Jun 2005 11:36:32 +0200") References: <42A0F63D.4040008@earthlink.net> <20050604230012.GD19397@jabberwocky.com> <42A23573.1050404@earthlink.net> <87hdgdkuvz.fsf@futtelifut.dyndns.org> Message-ID: <87k6l77g46.fsf@wheatstone.g10code.de> On Sun, 05 Jun 2005 11:36:32 +0200, Martin Geisler said: > I don't know how Outlook (not Express) handles things. It won't be possible to verify a signature with Outlook due to the fact that it is not possible to get to the raw MIME headers. It might be possible to write a plugin which uses heuristics to verify signatures in most cases. We, g10 Code, are considering to implement this in the new plugin we are working on. Salam-Shalom, Werner From wk at gnupg.org Mon Jun 6 15:54:35 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 6 15:51:04 2005 Subject: Set date for signature to expire In-Reply-To: <3392.213.169.2.77.1117956111.squirrel@mail.rbgi.net> (Oskar L.'s message of "Sun, 5 Jun 2005 10:21:51 +0300 (EEST)") References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3392.213.169.2.77.1117956111.squirrel@mail.rbgi.net> Message-ID: <87fyvv7fqc.fsf@wheatstone.g10code.de> On Sun, 5 Jun 2005 10:21:51 +0300 (EEST), Oskar L said: > May I ask why you, or anyone, would want to do this? If I get a public key > with a signature from someone who's key I have verified and who I trust to > check keys properly, then why should it matter to me if that signature has The signature gives no indication whether you trust the owner of the key to properly (whatever this means to him or you) check the key. You merely declare: I have verified that the information in that key matches the person who asked me to sign it. How this is checked is a personal decision and that personal decision is what a third person than uses to decide for herself on much to trust the owner of the key to properly checking keys before signingin a key. That information (owner trust) is not public and not exported at all (--export-ownertrust may be used to create a backup of this private data). > expired or not? It still means the same thing; that the person who signed > it has verified the key she/he signed. Correct. It states that you signed it at a certain date according to your own policy (which you might even declare using a Policy URL). Shalom-Salam, Werner From wk at gnupg.org Mon Jun 6 15:58:34 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 6 15:56:06 2005 Subject: Set date for signature to expire In-Reply-To: (unknown_kev_cat@hotmail.com's message of "Sun, 5 Jun 2005 21:46:12 -0400") References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3392.213.169.2.77.1117956111.squirrel__18397.7765417241$1117956474$gmane$org@mail.rbgi.net> Message-ID: <87br6j7fjp.fsf@wheatstone.g10code.de> On Sun, 5 Jun 2005 21:46:12 -0400, Anonymous said: > Well if I know that the person is lazy, and keeps the key on an > unsecure computer and it is likely that within one year the key will > be compromized, I would sign with a one year expiration date. Basicly Your are mixing up two things: The statement that you checked the owneership of the key at a certain date and how far you trust the owner of the key to implement decent keymanagment abilities. The latter is what ownertrust is about and for a reason OpenPGP does not define any semantics for it; i.e. there are no explicit rules for a PKI and every user/group may make up their own rules. Salam-Shalom, Werner From sk at intertivity.com Mon Jun 6 16:16:54 2005 From: sk at intertivity.com (Sascha Kiefer) Date: Mon Jun 6 16:12:41 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <87oeaj7g9y.fsf@wheatstone.g10code.de> References: <003701c569c4$14430450$f500a8c0@HOME> <87oeaj7g9y.fsf@wheatstone.g10code.de> Message-ID: <42A45AD6.40506@intertivity.com> Werner Koch schrieb: >The first of course. > >Shalom-Salam, > > Werner > > Okay, perfekt. The PGP/MIME RFC states that you can first sign and then encrypt the mail. In S/MIME it is allowed to first encrypt and then sign the message. Do you think it's feasible to do the same in PGP/MIME? I think it is because the it's still MIME. Regards, Sascha From dshaw at jabberwocky.com Mon Jun 6 17:06:23 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Jun 6 17:02:35 2005 Subject: Additional self-signature In-Reply-To: <3459.213.169.2.77.1117957205.squirrel@mail.rbgi.net> References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3459.213.169.2.77.1117957205.squirrel@mail.rbgi.net> Message-ID: <20050606150623.GB23763@jabberwocky.com> On Sun, Jun 05, 2005 at 10:40:05AM +0300, Oskar L. wrote: > Hi, > > Using the release candidate for version 1.4.2, I imported my public and > secret key, and just like with version 1.4.1 I got double self-signatures > on it. Yes. This will happen with any version. It depends on what version of GnuPG generated your key, and not on what version you are importing to. > Would it not be better to have the additional self-signature > automatically deleted when importing the keypair? This will be an option in 1.4.2, but we're still deciding what the user interface should be. For now, you can do --edit-key and then "clean sigs" to remove this (and other non-useful) signatures. David From wizard at roborooter.com Mon Jun 6 17:16:47 2005 From: wizard at roborooter.com (Francis Gulotta) Date: Mon Jun 6 17:12:33 2005 Subject: How to set word wrap in GPG ? In-Reply-To: References: <5313cd0905060509401b4349f2__40726.9859141254$1117989675$gmane$org@mail.gmail.com> Message-ID: <42A468DF.30700@roborooter.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there a good way to send signed HTML email messages? If I understand the problems come up when gpg thinks an html tag is a gpg tag. So pgp/mime solves this problem? - -Francis Patrick Brunschwig wrote: > > Maybe you should disable composition of HTML messages by default, > then this won't happen (Tools > Account Settings > Composition & > Addressing). > > -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCpGjfTJEaZCt0gQsRAj2ZAKCQzB4wXaA/AL5za7RNsWkLc8X6AACfdGAW WlaoS41fa4Tb/MLpPSb6TOM= =paRC -----END PGP SIGNATURE----- From wizard at roborooter.com Mon Jun 6 17:35:52 2005 From: wizard at roborooter.com (Francis Gulotta) Date: Mon Jun 6 17:31:35 2005 Subject: Max compression In-Reply-To: <20050524145705.56575.qmail@smasher.org> References: <6.1.2.0.2.20050524120615.02dcf790@localhost> <20050524145705.56575.qmail@smasher.org> Message-ID: <42A46D58.1010301@roborooter.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And I'll add that most rsync servers I've used usually keep things set at 7 for a balance between processor cost and compression rates. If processor cost is an issue for you, it pays to test a few of the compression levels out to see what's acceptable. - -Francis Atom Smasher wrote: > On Tue, 24 May 2005, Per Tunedal Casual wrote: > > >>what are the maximum values for compression for zip, zlib and bzip2? The >>default is 6 for zlib according to the manpage. >> >>I would like to set a somewhat higher compression with: --compress-level > > ============== > > the range is 1-9. 1 is the fastest, 9 is the best compression. > > from the gzip man page: > Regulate the speed of compression using the specified digit #, > where -1 or --fast indicates the fastest compression method (less > compression) and -9 or --best indicates the slowest compression > method (best compression). The default compression level is -6 > (that is, biased towards high compression at expense of speed) > > and bzip2: > Set the block size to 100 k, 200 k .. 900 k when compressing. > Has no effect when decompressing. See MEMORY MANAGEMENT below. > The --fast and --best aliases are primarily for GNU gzip > compatibility. In particular, --fast doesn't make things > significantly faster. And --best merely selects the default > behavior. > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCpG1XTJEaZCt0gQsRAszaAKCFmQIhRvLc+lMiENYkujlU22t3fACgvF5n IsFeWXUHlkexovt7S62ehR8= =AcW+ -----END PGP SIGNATURE----- From pschott at drivefinancial.com Mon Jun 6 17:39:13 2005 From: pschott at drivefinancial.com (Peter Schott) Date: Mon Jun 6 17:34:44 2005 Subject: Corruption of KeyRing (possible WinPT related?) Message-ID: <4E28ECEE2E06784AA8921F82878C889E039CD38F@DFSTXEXCH3.dfs.com> Timo, I'm using 1.4.1 on my PC. I was just a little concerned as I don't use GPG on a regular basis so when something reports that one of my keyrings is corrupt, it's probably one of my manager-type programs. Current running WinPT and the Outlook plugin. Those would be the only programs I can think of that would be touching the keyring. If there's something else that could be affecting this, please let me know. I'll check into it. Thanks. -Pete --------------------------- Date: Sat, 4 Jun 2005 11:28:39 +0200 From: Timo Schulz Subject: Re: Corruption of KeyRing (possible WinPT related?) On Fri Jun 03 2005; 13:16, Peter Schott wrote: > I will sometimes start my PC and when the WinPT program launches, I > have a 0-byte pubring or secring. I have backups, but I am a little I heard about this problem one or two times, but fact is that WinPT never writes to the keyring directly. The backup is also a one-way process which means: the pubring.gpg is copied to pubring-bak.gpg but not vice versa. > concerned that I could lose all of my keys due to some corruption or > improper closing of the file. What GPG version you use (1.4.1)? Timo Peter A. Schott drive financial services Database Administrator p: 214.237.3567 c: 214.734.1792 f: 214.237.3495 email: pschott@drivefinancial.com ___________________________________________________________________________________ This e-mail is covered by the Electronic Communications Privacy Act, 18 U.S.C. Sections 2510-2521. The information contained in this e-mail is confidential and intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. This mail and any attachments have been scanned for viruses prior to leaving the Drive Financial Services network. Drive Financial Services will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. ___________________________________________________________________________________ From pt at radvis.nu Mon Jun 6 18:16:07 2005 From: pt at radvis.nu (Per Tunedal Casual) Date: Mon Jun 6 18:08:54 2005 Subject: Passphrase Encoding and Entropy In-Reply-To: <1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> References: <6.2.1.2.2.20050531231240.032c9068@localhost> <6.2.1.2.2.20050605180414.033dbfb8@localhost> <1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> Message-ID: <6.2.1.2.2.20050606181353.037d6cb0@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 00:39 2005-06-06, you wrote: >Hi, > >If I'm not misinformed the passphrase can be encoded using different >character sets. Can I in gpg change witch one is used, or does it depend >on witch operating system I use? How does it affect the way you calculate >entropy if a character is encoded using 16 or 24 bits (as some characters >are in UTF-8) or as a 8-bit character, if at all? > >Also, let's say it is known that the characters in a passphrase has been >selected from the 64 ASCII characters A-Z, a-z, 0-9, # and $. This will >give each character an entropy of 6 bits (log2(64)), witch if I understand >correctly means that 6 of the 8 bits used to represent the character are >unknown. But can you in real life tell witch six, for example for the >character A, witch in binary is 01000001? The first zero will of course be >known, but is there a second known digit? > >Oskar > I suggest that you use , and . instead of # and $. Otherwise the characters are found on completely other places at a US keybord. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFCpHbSpPsTvNtsBX8RAq8vAJ4s5T0kbZ61GUVfCKlnCe5gbi9h+QCfdnN6 pXDRvIUgSWFnzrK2WzHzOUQ= =GPfV -----END PGP SIGNATURE----- From unknown_kev_cat at hotmail.com Mon Jun 6 18:20:33 2005 From: unknown_kev_cat at hotmail.com (Anonymous) Date: Mon Jun 6 18:17:56 2005 Subject: Set date for signature to expire References: <6.2.1.2.2.20050604042533.03897ea0@localhost><3392.213.169.2.77.1117956111.squirrel__18397.7765417241$1117956474$gmane$org@mail.rbgi.net> <87br6j7fjp.fsf__39901.3700349771$1118066913$gmane$org@wheatstone.g10code.de> Message-ID: "> > Your are mixing up two things: The statement that you checked the > owneership of the key at a certain date and how far you trust the > owner of the key to implement decent keymanagment abilities. I know that the OpenPGP group has taken great pains to not define trust. It leaves trust to be defined by the user and/or the application. That said a signature on a key can be one of two things, depending on perspective. #1. A satement that you have checked the ownership of the key at the indicated time. OR #2. A statement that you trust that the UID accurately reflects the true ownership of the key. Both have the same meaning as far as ownership checks, as i would not trust that the UID reflects the true ownership of the key well enough to sign it unless i have verified identity. However the second one does have a reasonable reason for signature expiration. Both are reasonable, and I suspect that many people take the second view, even if the first view is the official one. > Salam-Shalom, > > Werner From wk at gnupg.org Mon Jun 6 18:32:15 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 6 18:31:04 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <42A45AD6.40506@intertivity.com> (Sascha Kiefer's message of "Mon, 06 Jun 2005 16:16:54 +0200") References: <003701c569c4$14430450$f500a8c0@HOME> <87oeaj7g9y.fsf@wheatstone.g10code.de> <42A45AD6.40506@intertivity.com> Message-ID: <87mzq34fao.fsf@wheatstone.g10code.de> On Mon, 06 Jun 2005 16:16:54 +0200, Sascha Kiefer said: > The PGP/MIME RFC states that you can first sign and then encrypt the mail. Doing this on the MIME level allows you to easily strip the encryption layer while leaving the signature intact. > In S/MIME it is allowed to first encrypt and then sign the message. > Do you think it's feasible to do the same in PGP/MIME? I think it is Yes it is possible but you should not do it. When signing an encrypted document you don't know what you are actually signing and it won't be possible to keep the signature intact (e.g. archival purposes) without compromising the encryption key. Salam-Shalom, Werner From twoaday at freakmail.de Mon Jun 6 19:00:44 2005 From: twoaday at freakmail.de (Timo Schulz) Date: Mon Jun 6 19:05:37 2005 Subject: Corruption of KeyRing (possible WinPT related?) In-Reply-To: <4E28ECEE2E06784AA8921F82878C889E039CD38F@DFSTXEXCH3.dfs.com> References: <4E28ECEE2E06784AA8921F82878C889E039CD38F@DFSTXEXCH3.dfs.com> Message-ID: <20050606170044.GA412@daredevil.joesixpack.net> On Mon Jun 06 2005; 10:39, Peter Schott wrote: > Current running WinPT and the Outlook plugin. Those would be the only > programs I can think of that would be touching the keyring. As I said, WinPT never writes the files directly. I heard about one or two where something similar happened, but nobody could really proof that WinPT did the damage. > If there's something else that could be affecting this, please let me > know. I'll check into it. Sorry, right now I've no diea. Are you using WinPT 0.9.92? Timo From patrick at mozilla-enigmail.org Tue Jun 7 09:59:55 2005 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Tue Jun 7 09:57:33 2005 Subject: How to set word wrap in GPG ? In-Reply-To: <42A468DF.30700__9118.8762839467$1118071497$gmane$org@roborooter.com> References: <5313cd0905060509401b4349f2__40726.9859141254$1117989675$gmane$org@mail.gmail.com> <42A468DF.30700__9118.8762839467$1118071497$gmane$org@roborooter.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, PGP/MIME solves the problem. - -Patrick Francis Gulotta wrote: > Is there a good way to send signed HTML email messages? If I understand > the problems come up when gpg thinks an html tag is a gpg tag. So > pgp/mime solves this problem? > > -Francis > > Patrick Brunschwig wrote: > > >>>Maybe you should disable composition of HTML messages by default, >>>then this won't happen (Tools > Account Settings > Composition & >>>Addressing). >>> >>>-Patrick > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCpVP62KgHx8zsInsRAlT9AJ0UIUARzOLxjQCN5MFsRLPXTJSXCACgsywU JDmnPVFIVV34TfmQ9mH275Y= =hDb5 -----END PGP SIGNATURE----- From kyle at there.is.no.cabal.ca Sun Jun 5 03:48:13 2005 From: kyle at there.is.no.cabal.ca (Kyle McMartin) Date: Tue Jun 7 10:35:36 2005 Subject: Unsynchronized public and secret key uids Message-ID: <20050605014813.GC4553@roadwarrior.mcmartin.ca> Hi, Unfortunately, I lost my primary .gnupg directory. I restored my .gnupg from a backup, but it was not particularly recent. As such, my public key has a bunch of extra uids that my secret key does not. I'd just go and delete and re-add them, but I'm concerned this would get rid of signatures on my public keys uid. And I really would prefer to not lose those, or add even more redundant uids. Can someone clarify how the best way to procede from here is? I've looked at the manual, faq, and googled for related subjects trying to figure this out. Thanks, -- Kyle McMartin From cedar at 3web.net Tue Jun 7 11:30:41 2005 From: cedar at 3web.net (C. D. Rok) Date: Tue Jun 7 11:27:10 2005 Subject: HTML mail (was: How to set word wrap...) In-Reply-To: <42A468DF.30700@roborooter.com> References: <5313cd0905060509401b4349f2__40726.9859141254$1117989675$gmane$org@mail.gmail.com> <42A468DF.30700@roborooter.com> Message-ID: <42A56941.2030003@3web.net> Francis Gulotta wrote: > Is there a good way to send signed HTML email messages? ... HTML is often embraced by newcomers, who tend to get carried away with totally unnecessary typefaces, elaborate formatting and distracting backgrounds. (Full text at ;) http://www.harley.com/turn-off-html/ CD Rok From wk at gnupg.org Tue Jun 7 15:34:51 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 7 15:31:11 2005 Subject: HTML mail In-Reply-To: <42A56941.2030003@3web.net> (C. D. Rok's message of "Tue, 07 Jun 2005 09:30:41 +0000") References: <5313cd0905060509401b4349f2__40726.9859141254$1117989675$gmane$org@mail.gmail.com> <42A468DF.30700@roborooter.com> <42A56941.2030003@3web.net> Message-ID: <87fyvu2suc.fsf@wheatstone.g10code.de> On Tue, 07 Jun 2005 09:30:41 +0000, C D Rok said: > HTML is often embraced by newcomers, who tend to get carried away with > totally unnecessary typefaces, elaborate formatting and distracting > backgrounds. ... and any HTML posting to this list will silently be disposed to the bit bucket. Shalom-Salam, Werner From wk at gnupg.org Tue Jun 7 15:40:03 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 7 15:36:07 2005 Subject: Set date for signature to expire In-Reply-To: (unknown_kev_cat@hotmail.com's message of "Mon, 6 Jun 2005 12:20:33 -0400") References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3392.213.169.2.77.1117956111.squirrel__18397.7765417241$1117956474$gmane$org@mail.rbgi.net> <87br6j7fjp.fsf__39901.3700349771$1118066913$gmane$org@wheatstone.g10code.de> Message-ID: <87br6i2slo.fsf@wheatstone.g10code.de> On Mon, 6 Jun 2005 12:20:33 -0400, Anonymous said: > #2. A statement that you trust that the UID accurately reflects the > true ownership of the key. I just wonder how to decide how long this ownership is valid. A year, a month, a day, a minute or even already void in the past? The owner usually can't and you can't for sure give any reasonable estimation. Salam-Shalom, Werner From jharris at widomaker.com Tue Jun 7 19:29:16 2005 From: jharris at widomaker.com (Jason Harris) Date: Tue Jun 7 19:25:20 2005 Subject: Unsynchronized public and secret key uids In-Reply-To: <20050605014813.GC4553@roadwarrior.mcmartin.ca> References: <20050605014813.GC4553@roadwarrior.mcmartin.ca> Message-ID: <20050607172916.GJ356@wilma.widomaker.com> On Sat, Jun 04, 2005 at 09:48:13PM -0400, Kyle McMartin wrote: > Unfortunately, I lost my primary .gnupg directory. I restored my .gnupg > from a backup, but it was not particularly recent. As such, my public > key has a bunch of extra uids that my secret key does not. > I'd just go and delete and re-add them, but I'm concerned this would > get rid of signatures on my public keys uid. And I really would prefer > to not lose those, or add even more redundant uids. On keyserver.kjsl.com, your @achilles.net userid is revoked (on 0x191FCD8A). (Re-)adding it to your secret key would generate a new selfsig that would supersede the revocation, so be careful if you do that to re-revoke it. Otherwise, recreate the userids exactly as they were before and all the old sigs will transfer to them. You already have a lot of selfsigs on your userids (which will also come back when you refresh your key from a keyserver), and recreating and re-signing the userids will add another selfsig to each, but (unless you can do surgery on secring.gpg) that can't be helped now. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 309 bytes Desc: not available Url : /pipermail/attachments/20050607/0bafe363/attachment.pgp From cwsiv at keepandbeararms.com Tue Jun 7 19:16:35 2005 From: cwsiv at keepandbeararms.com (Carl William Spitzer IV) Date: Tue Jun 7 20:30:27 2005 Subject: cross-OS transparent encryption In-Reply-To: <1117834319.5133.46.camel@localhost.localdomain> References: <1117834319.5133.46.camel@localhost.localdomain> Message-ID: <1118116639.8457.12.camel@linux.site> On Fri, 2005-06-03 at 14:31, Erpo wrote: > The spanish thread on the list right now is revolving around the problem > of sharing encrypted data between WinXP and Linux. The original poster > wants to share a read/write partition between the two OSs on a laptop > and have transparent encryption of the files on that partition. Linux has the ability to use encrypted file system but I do not know if there is a windows interface. -- Carl William Spitzer IV From oskar at rbgi.net Tue Jun 7 23:16:05 2005 From: oskar at rbgi.net (Oskar L.) Date: Tue Jun 7 23:12:24 2005 Subject: Passphrase Encoding and Entropy In-Reply-To: <87br6jn1sl.fsf@futtelifut.dyndns.org> References: <6.2.1.2.2.20050531231240.032c9068@localhost><6.2.1.2.2.20050605180414.033dbfb8@localhost><1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> <87br6jn1sl.fsf@futtelifut.dyndns.org> Message-ID: <1400.213.169.25.121.1118178965.squirrel@mail.rbgi.net> "Martin Geisler" wrote: > When you have 64 different possibilities, all of equal likelyhood, > then you can code them using 6 bit. This is what the entropy tells > you. > > The fact that A in the 7-bit ASCII standard is 01000001 is just a > coincedence --- they could just as well have put your chosen 64 > characters into the lower 6 bits, and then have the other 64 available > characters use the high bit. > > In general it doesn't change anything if you encode your message (a > passphrase in your example) in a different encoding: the amount of > information stays the same if you still just select your characters > From the same subset. > > > So making a passphrase of ASCII characters, and then encoding it using > UTF-16 doesn't make it more secure. Sure, with UTF-16 gives you the > potential to encode something like 2^16-1 characters, but to calculate > the entropy you can disregard all characters which you will never > choose. > > The formula for entropy explains this: > > H(X) = - sum_{i=1}^n p(i) * log_2(p(i)) > > Here the p(i)'s are the probability that your message will be "i". > With a bigger space of possible messages (a bigger n) then the sum > contains more terms, but if you still select your message from the > same small set, then most of the terms will be zero. So if a message > of value "j" is, say, a Chinese passphrase, then p(j) = 0 would mean > that know that you'll never such a passphrase. And thus the term > disappears from the sum (well, actually you get a problem with taking > the logarighm of zerolet's not go into that). > > > See http://en.wikipedia.org/wiki/Information_entropy for more on how > to calculate the entropy, but I hope this helped a bit. Thanks for your anwser, but I'm afraid you mostly told me what I already know. What I don't understand is how this relates to breaking passphrases. For example, say I use the passphrase foobar. It has 6 characters, each represented by 8 bits, so it will be represented by 46 bits. These 46 bits are then the key used to symmetrically encrypt/decrypt my secret key, right? (Another question; is salt added to it, and/or is it hashed?) Now if the attacker knows that I have only used the 23 characters a-z in the passphrase, then she/he can represent all of them using 5 bits. But I don't understand how this helps the attacker, since foobar represented this way would obviously produce a completely different key (of only 30 bits). I thought that all this was about time and the amount of data you have to deal with. That, for example, when someone is brute forcing a passphrase it would be 25% faster if all the characters used were represented with only 6 bits instead of 8. I understand why this would be faster, but not who it could possibly work. Oskar From erpo41 at hotpop.com Wed Jun 8 01:39:46 2005 From: erpo41 at hotpop.com (Erpo) Date: Wed Jun 8 01:35:34 2005 Subject: cross-OS transparent encryption In-Reply-To: <1118116639.8457.12.camel@linux.site> References: <1117834319.5133.46.camel@localhost.localdomain> <1118116639.8457.12.camel@linux.site> Message-ID: <1118187586.4908.2.camel@localhost.localdomain> On Tue, 2005-06-07 at 10:16 -0700, Carl William Spitzer IV wrote: > On Fri, 2005-06-03 at 14:31, Erpo wrote: > > The spanish thread on the list right now is revolving around the problem > > of sharing encrypted data between WinXP and Linux. The original poster > > wants to share a read/write partition between the two OSs on a laptop > > and have transparent encryption of the files on that partition. > > Linux has the ability to use encrypted file system but I do not know if > there is a windows interface. I would be surprised if there were a way to get windows to use a dm-crypted partition. And Windows has the ability to use an encrypted filesystem, but unless the quality of the NTFS driver has improved dramatically, I don't think there's a way to use it from Linux. Eric From oskar at rbgi.net Wed Jun 8 01:45:30 2005 From: oskar at rbgi.net (Oskar L.) Date: Wed Jun 8 01:41:51 2005 Subject: Binary public key explained in detail anywhere? In-Reply-To: <1400.213.169.25.121.1118178965.squirrel@mail.rbgi.net> References: <6.2.1.2.2.20050531231240.032c9068@localhost><6.2.1.2.2.20050605180414.033dbfb8@localhost><1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net><87br6jn1sl.fsf@futtelifut.dyndns.org> <1400.213.169.25.121.1118178965.squirrel@mail.rbgi.net> Message-ID: <1626.213.169.25.121.1118187930.squirrel@mail.rbgi.net> Hi, I export a public key in binary format and open it in a hex editor. Is there any documentation explaining what I see? Like if there are any particular bits that begins and ends user ids, signatures etc. Oskar From pt at radvis.nu Wed Jun 8 02:09:59 2005 From: pt at radvis.nu (Per Tunedal Casual) Date: Wed Jun 8 02:10:32 2005 Subject: Set date for signature to expire In-Reply-To: <87br6i2slo.fsf@wheatstone.g10code.de> References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3392.213.169.2.77.1117956111.squirrel__18397.7765417241$1117956474$gmane$org@mail.rbgi.net> <87br6j7fjp.fsf__39901.3700349771$1118066913$gmane$org@wheatstone.g10code.de> <87br6i2slo.fsf@wheatstone.g10code.de> Message-ID: <6.2.1.2.2.20050608020340.037cadf8@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 15:40 2005-06-07, you wrote: >On Mon, 6 Jun 2005 12:20:33 -0400, Anonymous said: > >> #2. A statement that you trust that the UID accurately reflects the >> true ownership of the key. > >I just wonder how to decide how long this ownership is valid. A year, >a month, a day, a minute or even already void in the past? The owner >usually can't and you can't for sure give any reasonable estimation. > > >Salam-Shalom, > > Werner > True, but it might be convenient anyhow. The shorter the time, the safer the guess! One way is to assume that the key is attacked immediately and that all the security is in the passphrase. Make an estimation of the strength of the passphrase and you are done! Issuers of X509 certificates use 1 year for soft certificates and 5 years for card certificates. I don't know their calculations behind that decision. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFCpjkspPsTvNtsBX8RAkMIAJ0a/27Fg8SRJx0HG29SJLPJVJWEjwCeJbcs CCkpCFuC2uy/Vnxri/hGGv0= =95EY -----END PGP SIGNATURE----- From cepl at surfbest.net Wed Jun 8 02:44:44 2005 From: cepl at surfbest.net (Matej Cepl) Date: Wed Jun 8 03:09:48 2005 Subject: buffer shorter than subpacket Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, after import of a key (and it is some time, so forgot which one it was -- can I get list of all public keys on my ring sorted by the time of import?) to gnupg 1.4.1 on Debian/sarge I am getting these error messages whenever I do anything with gpg: chelcicky:matej$ gpg --update-trustdb gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: 2 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: depth: 0 valid: 1 signed: 21 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: depth: 1 valid: 21 signed: 23 trust: 0-, 2q, 0n, 15m, 4f, 0u gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: depth: 2 valid: 6 signed: 25 trust: 0-, 0q, 3n, 1m, 2f, 0u gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: depth: 3 valid: 4 signed: 9 trust: 0-, 2q, 1n, 1m, 0f, 0u gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: depth: 4 valid: 2 signed: 5 trust: 0-, 0q, 0n, 2m, 0f, 0u gpg: next trustdb check due at 2005-06-20 chelcicky:matej$ gpg --version gpg (GnuPG) 1.4.1 Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB, BZIP2 chelcicky:matej$ I guess there is something wrong with my public keyring or trustdb, right? I tried to export both pubring and trustdb into ascii file, remove pubring.gpg and trustdb.gpg, and reimport them again, but if anything then I am getting even more error messages. I hope that it is OK to put my pubring on the web (is it?), so here it is -- . Can anybody tell me how to clean it up? Thanks in advance for any suggestions, Matej Cepl - -- Matej Cepl, http://www.ceplovi.cz/matej GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC 138 Highland Ave. #10, Somerville, Ma 02143, (617) 623-1488 Opinions founded on prejudice are always sustained with the greatest violence. -- Hebrew Proverb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCpj+A4J/vJdlkhKwRAuQaAJ9VBF+ifkLJgA1BAtlnnkvULCuclgCaAqNu /hdS8/fRSNMjS1dlPfpTRD8= =IdIT -----END PGP SIGNATURE----- From wlbradshaw at yahoo.com Wed Jun 8 04:52:45 2005 From: wlbradshaw at yahoo.com (William Bradshaw) Date: Wed Jun 8 04:48:58 2005 Subject: status return codes Message-ID: <20050608025245.2749.qmail@web54308.mail.yahoo.com> I am trying to write a script that automatically decrypts files in a batch mode, and want to know how I can get status codes returned from the GPG command line for error trapping. Anyone done this? Thanks, Bill __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From pt at radvis.nu Wed Jun 8 05:04:52 2005 From: pt at radvis.nu (Per Tunedal Casual) Date: Wed Jun 8 04:58:23 2005 Subject: How to use a revokation key Message-ID: <6.2.1.2.2.20050608050213.037717b8@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I would like to revoke a key with a designated revokation key. How is this done? Per Tunedal Keyid: 0xAE053BE0 Fingerprint: D70D 9057 A985 4944 2191 995A 2D74 F09D AE05 3BE0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFCpmCXpPsTvNtsBX8RArQ4AKCATOKaLeSS6F+V2WJLA6yKJ3/vFQCdHcSN GXOcqz2H701oH9ZUoJJ7oAw= =5QCh -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Jun 8 05:11:39 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jun 8 05:07:50 2005 Subject: How to use a revokation key In-Reply-To: <6.2.1.2.2.20050608050213.037717b8@localhost> References: <6.2.1.2.2.20050608050213.037717b8@localhost> Message-ID: <20050608031139.GA28064@jabberwocky.com> On Wed, Jun 08, 2005 at 05:04:52AM +0200, Per Tunedal Casual wrote: > Hi, > I would like to revoke a key with a designated revokation key. How is this > done? Are you asking how to add a designated revoker to a key or are you the designated revoker and you want to issue a revocation for a key? For 1, do --edit-key thekey then "addrevoker". For 2, do --desig-revoke thekey David From cepl at surfbest.net Wed Jun 8 06:31:14 2005 From: cepl at surfbest.net (Matej Cepl) Date: Wed Jun 8 06:30:09 2005 Subject: buffer shorter than subpacket References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matej Cepl wrote: > after import of a key (and it is some time, so forgot which one it was -- > can I get list of all public keys on my ring sorted by the time of > import?) to gnupg 1.4.1 on Debian/sarge I am getting these error messages > whenever I do anything with gpg: > > chelcicky:matej$ gpg --update-trustdb > gpg: buffer shorter than subpacket Just immediately after sending the message to this newsgroup, I have found out message and yes, it was also PGP Global Directory key, which seems to me screwed up -- when it was removed from my public keyring, everything seems to be all right. Is there any known legitimate reason, why the organization which claims to be the organizer of PGP community distributes broken keys? Sorry for bothering you, Matej - -- Matej Cepl, http://www.ceplovi.cz/matej GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC 138 Highland Ave. #10, Somerville, Ma 02143, (617) 623-1488 He is a self-made man and worships his creator. -- John Bright -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCpnSU4J/vJdlkhKwRAroBAJ0fiyvyM1FOesCwlKLdqZP7Aw7r8wCeMDhp uBExBgGHww0Nz9idQsRFEag= =D31+ -----END PGP SIGNATURE----- From eocsor at gmail.com Wed Jun 8 06:45:36 2005 From: eocsor at gmail.com (Roscoe) Date: Wed Jun 8 06:41:50 2005 Subject: Binary public key explained in detail anywhere? In-Reply-To: <1626.213.169.25.121.1118187930.squirrel@mail.rbgi.net> References: <6.2.1.2.2.20050531231240.032c9068@localhost> <6.2.1.2.2.20050605180414.033dbfb8@localhost> <1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> <87br6jn1sl.fsf@futtelifut.dyndns.org> <1400.213.169.25.121.1118178965.squirrel@mail.rbgi.net> <1626.213.169.25.121.1118187930.squirrel@mail.rbgi.net> Message-ID: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-13.txt That would be all you need I think. On 6/8/05, Oskar L. wrote: > Hi, > > I export a public key in binary format and open it in a hex editor. Is > there any documentation explaining what I see? Like if there are any > particular bits that begins and ends user ids, signatures etc. > > Oskar > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From brunij at earthlink.net Wed Jun 8 06:54:14 2005 From: brunij at earthlink.net (Joseph Oreste Bruni) Date: Wed Jun 8 06:50:00 2005 Subject: status return codes In-Reply-To: <20050608025245.2749.qmail@web54308.mail.yahoo.com> References: <20050608025245.2749.qmail@web54308.mail.yahoo.com> Message-ID: <08C90CAC-E4C5-4270-8F73-D07A052C56B2@earthlink.net> Most shells return the exit status in the "$?" variable. -joe On Jun 7, 2005, at 7:52 PM, William Bradshaw wrote: > I am trying to write a script that automatically > decrypts files in a batch mode, and want to know how I > can get status codes returned from the GPG command > line for error trapping. Anyone done this? > > Thanks, Bill From eocsor at gmail.com Wed Jun 8 07:03:00 2005 From: eocsor at gmail.com (Roscoe) Date: Wed Jun 8 06:59:08 2005 Subject: Passphrase Encoding and Entropy In-Reply-To: <1400.213.169.25.121.1118178965.squirrel@mail.rbgi.net> References: <6.2.1.2.2.20050531231240.032c9068@localhost> <6.2.1.2.2.20050605180414.033dbfb8@localhost> <1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> <87br6jn1sl.fsf@futtelifut.dyndns.org> <1400.213.169.25.121.1118178965.squirrel@mail.rbgi.net> Message-ID: Bit early in the morning to try to comprehend your main question, but I can answer the question about the string to key part :). There are 3 ways to generate a key from a password outlined in the rfc: 1. Merely hashing password. 2. Salting then hashing. 3. Salting then hashing, then hashing again some arbitrary number of times. The thirds the best. I [believe] gpg uses that. Unless there is some [very] good reason not to you should always use a salt. On 6/8/05, Oskar L. wrote: > "Martin Geisler" wrote: > > > When you have 64 different possibilities, all of equal likelyhood, > > then you can code them using 6 bit. This is what the entropy tells > > you. > > > > The fact that A in the 7-bit ASCII standard is 01000001 is just a > > coincedence --- they could just as well have put your chosen 64 > > characters into the lower 6 bits, and then have the other 64 available > > characters use the high bit. > > > > In general it doesn't change anything if you encode your message (a > > passphrase in your example) in a different encoding: the amount of > > information stays the same if you still just select your characters > > From the same subset. > > > > > > So making a passphrase of ASCII characters, and then encoding it using > > UTF-16 doesn't make it more secure. Sure, with UTF-16 gives you the > > potential to encode something like 2^16-1 characters, but to calculate > > the entropy you can disregard all characters which you will never > > choose. > > > > The formula for entropy explains this: > > > > H(X) = - sum_{i=1}^n p(i) * log_2(p(i)) > > > > Here the p(i)'s are the probability that your message will be "i". > > With a bigger space of possible messages (a bigger n) then the sum > > contains more terms, but if you still select your message from the > > same small set, then most of the terms will be zero. So if a message > > of value "j" is, say, a Chinese passphrase, then p(j) = 0 would mean > > that know that you'll never such a passphrase. And thus the term > > disappears from the sum (well, actually you get a problem with taking > > the logarighm of zerolet's not go into that). > > > > > > See http://en.wikipedia.org/wiki/Information_entropy for more on how > > to calculate the entropy, but I hope this helped a bit. > > Thanks for your anwser, but I'm afraid you mostly told me what I already > know. What I don't understand is how this relates to breaking passphrases. > For example, say I use the passphrase foobar. It has 6 characters, each > represented by 8 bits, so it will be represented by 46 bits. These 46 bits > are then the key used to symmetrically encrypt/decrypt my secret key, > right? (Another question; is salt added to it, and/or is it hashed?) > > Now if the attacker knows that I have only used the 23 characters a-z in > the passphrase, then she/he can represent all of them using 5 bits. But I > don't understand how this helps the attacker, since foobar represented > this way would obviously produce a completely different key (of only 30 > bits). > > I thought that all this was about time and the amount of data you have to > deal with. That, for example, when someone is brute forcing a passphrase > it would be 25% faster if all the characters used were represented with > only 6 bits instead of 8. I understand why this would be faster, but not > who it could possibly work. > > Oskar > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From hhhobbit at securemecca.net Tue Jun 7 13:12:41 2005 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Wed Jun 8 14:05:57 2005 Subject: cross-OS transparent encryption Message-ID: <1118142761.8212.30.camel@gandalf.hydrathink.org> Dan Mundy wrote: > >Erpo wrote: > >>The spanish thread on the list right now is revolving around the problem >>of sharing encrypted data between WinXP and Linux. The original poster >>wants to share a read/write partition between the two OSs on a laptop >>and have transparent encryption of the files on that partition. >> >>I said that NTFS will do this (windows only) as well as dm-crypt (linux >>only), but I'm stumped as far as cross-platform solutions with >>compatible on-disk formats. The only suggestion I could offer was to use >>FAT32 and manually encrypt and decrypt the files before using them >>(yuck). Any non-spanish-speakers have suggestions? >> >> >>Eric >> >> >what is the device name of his windows partition? i have found a way to >mount windows partitions in linux at startup. > >as root, gedit /etc/fstab. add a line like this just before the swap line: > >/dev/hda1 /win auto >auto,user,exec,rw,async 0 0 > >create a folder named /win, and reboot. on the gnome desktop there >should be a drive with the title 'win'. next, configure whatever you >need to run off /win. This is how i manage windows files in linux. I will caution you that at one time RedHat put in support for the NTFS file system but for mounting READ ONLY. Unfortunately too many idiots mounted their system NTFS partition RW (read and write) and trashed their Windows Operating system. For that reason, you will have to add support for NTFS yourself, but mount it READ ONLY! Support for FAT32 is built in. I would add that in addition to handling the FAT32 partition, you may want to mount the NTFS partitions, so what I do is add the letter matching the DRIVE: designation on to /win. # as root type mkdir /win mkdir /win/e # my FAT32 partition # This mount line works with FC3. I used a different set of parameters # for FC1 and RH9 & Mandrake. /dev/hda3 /win/e vfat noauto,users,owner 0 0 ------ You do not have to use the rw, since that is the default. I strongly caution against using async, especially if you have EIDE_32BIT=3 and LOOKAHEAD=1 like I do. For me, this means that: /win/e/GnuPG/cryptedfile.gpg on Linux is the same file as: E:\GnuPG\cryptedfile.gpg on Windows are one and the same file. Sorry, but I can't help you out on Debian. The one I used to use on FC1 also worked on SuSE and Mandrake, but I think the above should work with just a few minor tweaks. ENCRYPTION IS USED BY A TROJAN: =============================== I thought you would all like to hear that a Trojan Horse is now using encryption to encrypt people's files and hold them for ransom: http://www.pcmag.com/article2/0,1759,1821782,00.asp http://securityresponse.symantec.com/avcenter/venc/data/trojan.gpcoder.html Now unlike that judge who found the mere presence of PGP on the person's machine (I would have loved being a member of the jury to show the judge just how ignorant he was) as indication of illegal activity, this IS an illegal use of encryption! I am amazed they even caught it at all, and evidently a bat file deleting itself is okay now. HHH -- Key Name: "Henry Hertz Hobbit" pub 1024D/E1FA6C62 2005-04-11 [expires: 2006-04-11] Key fingerprint = ACA0 B65B E20A 552E DFE2 EE1D 75B9 D818 E1FA 6C62 From firelan at gmail.com Wed Jun 8 14:55:39 2005 From: firelan at gmail.com (Hernan Costante) Date: Wed Jun 8 14:51:23 2005 Subject: 1er contacto In-Reply-To: <87slzv7gmf.fsf@wheatstone.g10code.de> References: <5ca35d405060305435d00a13d@mail.gmail.com> <42A075CD.80407@gmail.com> <87slzv7gmf.fsf@wheatstone.g10code.de> Message-ID: <5ca35d405060805552b53328d@mail.gmail.com> it seems to me a good idea 2005/6/6, Werner Koch : > Hi, > > if you want me to create a Spanish speaking user list, just tell me > along with a commitment to do some moderation. > > Salam-Shalom, > > Werner > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From boldyrev+nospam at cgitftp.uiggm.nsc.ru Wed Jun 8 15:20:12 2005 From: boldyrev+nospam at cgitftp.uiggm.nsc.ru (Ivan Boldyrev) Date: Wed Jun 8 20:07:35 2005 Subject: Passphrase Encoding and Entropy References: <6.2.1.2.2.20050531231240.032c9068@localhost> <6.2.1.2.2.20050605180414.033dbfb8@localhost> <1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> <87br6jn1sl.fsf@futtelifut.dyndns.org> <1400.213.169.25.121.1118178965.squirrel__12237.0056146339$1118179329$gmane$org@mail.rbgi.net> Message-ID: On 9134 day of my life Oskar L. wrote: > Now if the attacker knows that I have only used the 23 characters > a-z in the passphrase, then she/he can represent all of them using 5 > bits. But he also knows that you use ASCII encoding for you passphrase. > But I don't understand how this helps the attacker, since foobar > represented this way would obviously produce a completely different > key (of only 30 bits). Nope. -- Ivan Boldyrev Your bytes are bitten. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available Url : /pipermail/attachments/20050608/8c87bdb8/attachment.pgp From erpo41 at hotpop.com Wed Jun 8 22:01:08 2005 From: erpo41 at hotpop.com (Erpo) Date: Wed Jun 8 21:56:20 2005 Subject: encryption ransom virus (was Re: cross-OS transparent encryption) In-Reply-To: <1118142761.8212.30.camel@gandalf.hydrathink.org> References: <1118142761.8212.30.camel@gandalf.hydrathink.org> Message-ID: <1118260868.4907.15.camel@localhost.localdomain> On Tue, 2005-06-07 at 05:12 -0600, Henry Hertz Hobbit wrote: > I will caution you that at one time RedHat put in support for the > NTFS file system [...] The old NTFS driver may have caused problems when partitions were mounted read-write. However, the new NTFS driver doesn't do that. Unless you set a configuration option when the driver is compiled, the driver will not write to the partition even if the kernel tries to mount it R/W and the user has correct permissions. When the writable flag is enabled during compilation, the driver enables OVERWRITE support, which is not the same thing as write support. Overwrite support is supposed to be completely safe, but it's not nearly as useful as actual write support in most cases. But that's not what this thread is about. There are plenty of web pages out there describing all the details of how to (try to) get windows and linux to share information, and some of the methods work well enough. The original poster wanted transparent encryption that's compatible with both OSs, and AFAIK software isn't currently mature enough to support that. It would require huge advances in the NTFS driver, a version of DM-Crypt for windows, or something completely new. Unless there's some other option out there that hasn't already been mentioned, in which case I think a lot of people would be interested, particularly Hernan and me. > ENCRYPTION IS USED BY A TROJAN: > =============================== > I thought you would all like to hear that a Trojan Horse is now using > encryption to encrypt people's files and hold them for ransom: > > http://www.pcmag.com/article2/0,1759,1821782,00.asp > http://securityresponse.symantec.com/avcenter/venc/data/trojan.gpcoder.html > > Now unlike that judge who found the mere presence of PGP on the person's > machine (I would have loved being a member of the jury to show the judge > just how ignorant he was) as indication of illegal activity, this IS an > illegal use of encryption! I am amazed they even caught it at all, and > evidently a bat file deleting itself is okay now. That's a pretty obnoxious virus, judging from the description. Still, there's something odd about the phrase "illegal use of encryption". I'm going to have to think more about that. Thanks, Eric From rmalayter at bai.org Wed Jun 8 22:35:58 2005 From: rmalayter at bai.org (Ryan Malayter) Date: Wed Jun 8 22:32:19 2005 Subject: Passphrase Encoding and Entropy Message-ID: <792DE28E91F6EA42B4663AE761C41C2A04396929@cliff.bai.org> [Oskar L.] > Thanks for your anwser, but I'm afraid you mostly told me > what I already know. What I don't understand is how this > relates to breaking passphrases. > For example, say I use the passphrase foobar. It has 6 > characters, each represented by 8 bits, so it will be > represented by 46 bits. These 46 bits are then the key used > to symmetrically encrypt/decrypt my secret key, right? > (Another question; is salt added to it, and/or is it hashed?) There are a number of options in OpenPGP for converting a pass phrase to a symmetric encryption key. They are called "String-to-Key (S2K) Specifiers" and are listed in RFC-2440. Some are salted, others unstalted, and some use more than one iteration of the hash function. Many different hash functions are supported, although MD5 and SHA-1 are the most commonly used. I believe the GnuPG default settings work like this: the passphrase is stored as unicode (UTF-8 encoding maybe?) in memory, the random 64-bit salt is read from the password file and tacked on to the begginnging of your passphrase. The entire salt + passphrase string is hashed with SHA-1. That generates the encryption key used to encrypt the private key or file with 3DES. > Now if the attacker knows that I have only used the 23 > characters a-z in the passphrase, then she/he can represent > all of them using 5 bits. But I don't understand how this > helps the attacker, since foobar represented this way would > obviously produce a completely different key (of only 30 bits). It helps the attacker because the attacker only needs to try 26^6 combinations instead of 95^6 combinations. That is a big difference. The all-lower case password would require ~2^27 guesses on average to crack. The one using six of the full 95 characters on a U.S. key would require about 2^38 guesses. That makes it ~2000 times harder to crack (but still very weak considering all the multi-core multi-GHz computers cheaply available out there). The fact that the attacker must take the time to make the SHA-1 hash of each guess doesn't really figure into the discussion, since making that hash takes the same amount of time for every guess - it is a "constant time" factor that drops out when comparing the relative strength of one passphrase vs. another. > I thought that all this was about time and the amount of data > you have to deal with. That, for example, when someone is > brute forcing a passphrase it would be 25% faster if all the > characters used were represented with only 6 bits instead of > 8. I understand why this would be faster, but not who it > could possibly work. It works because the attacker just has to make their password-guessing program smart enough to skip the unused characters. They start with "a","b"... then to "aa","ab","ac".... and finally all the way up to "zzzzzy","zzzzzz". If they had to cycle through all the combinations of all the characters on the keyboard, instead of just lower case, there would be 2000 times as many steps in this process. They wold have to go through combinations like "4Av%#." Regards, Ryan From harob02 at earthlink.net Wed Jun 8 23:34:00 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Wed Jun 8 23:30:07 2005 Subject: First release candidate for GnuPG 1.4.2 available In-Reply-To: <20050606115655.GJ5887@pit.ID-43118.user.dfncis.de> References: <42A24F1B.9080609@earthlink.net> <20050606115655.GJ5887@pit.ID-43118.user.dfncis.de> Message-ID: <42A76448.3000302@earthlink.net> Gregor Zattler wrote: > Did you restart tunderbird or did you exec > thunderbird --> Menu enigmail --> Submenu OpenPGP key management > --> New Window: Menu File --> Submenu Reload Key Cache? i did both, and still, i got the same message. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050608/99f6aba0/signature.pgp From harob02 at earthlink.net Wed Jun 8 23:34:00 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Wed Jun 8 23:33:27 2005 Subject: First release candidate for GnuPG 1.4.2 available In-Reply-To: <20050606115655.GJ5887@pit.ID-43118.user.dfncis.de> References: <42A24F1B.9080609@earthlink.net> <20050606115655.GJ5887@pit.ID-43118.user.dfncis.de> Message-ID: <42A76448.3000302@earthlink.net> Gregor Zattler wrote: > Did you restart tunderbird or did you exec > thunderbird --> Menu enigmail --> Submenu OpenPGP key management > --> New Window: Menu File --> Submenu Reload Key Cache? i did both, and still, i got the same message. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050608/99f6aba0/signature-0001.pgp From harob02 at earthlink.net Wed Jun 8 23:42:13 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Wed Jun 8 23:38:13 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <87k6l77g46.fsf@wheatstone.g10code.de> References: <42A0F63D.4040008@earthlink.net> <20050604230012.GD19397@jabberwocky.com> <42A23573.1050404@earthlink.net> <87hdgdkuvz.fsf@futtelifut.dyndns.org> <87k6l77g46.fsf@wheatstone.g10code.de> Message-ID: <42A76635.2060605@earthlink.net> Werner Koch wrote: > On Sun, 05 Jun 2005 11:36:32 +0200, Martin Geisler said: > > >>I don't know how Outlook (not Express) handles things. > > > It won't be possible to verify a signature with Outlook due to the > fact that it is not possible to get to the raw MIME headers. It might > be possible to write a plugin which uses heuristics to verify > signatures in most cases. We, g10 Code, are considering to implement > this in the new plugin we are working on. > > > Salam-Shalom, > > Werner this plugin sounds like a neat idea. will it be featured on the gnupg.org site? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050608/70c3871d/signature.pgp From harob02 at earthlink.net Wed Jun 8 23:42:13 2005 From: harob02 at earthlink.net (Dan Mundy) Date: Wed Jun 8 23:43:50 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <87k6l77g46.fsf@wheatstone.g10code.de> References: <42A0F63D.4040008@earthlink.net> <20050604230012.GD19397@jabberwocky.com> <42A23573.1050404@earthlink.net> <87hdgdkuvz.fsf@futtelifut.dyndns.org> <87k6l77g46.fsf@wheatstone.g10code.de> Message-ID: <42A76635.2060605@earthlink.net> Werner Koch wrote: > On Sun, 05 Jun 2005 11:36:32 +0200, Martin Geisler said: > > >>I don't know how Outlook (not Express) handles things. > > > It won't be possible to verify a signature with Outlook due to the > fact that it is not possible to get to the raw MIME headers. It might > be possible to write a plugin which uses heuristics to verify > signatures in most cases. We, g10 Code, are considering to implement > this in the new plugin we are working on. > > > Salam-Shalom, > > Werner this plugin sounds like a neat idea. will it be featured on the gnupg.org site? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050608/70c3871d/signature-0001.pgp From cedar at 3web.net Thu Jun 9 00:19:03 2005 From: cedar at 3web.net (C. D. Rok) Date: Thu Jun 9 00:15:35 2005 Subject: cross-OS transparent encryption In-Reply-To: <1118260868.4907.15.camel@localhost.localdomain> References: <1118142761.8212.30.camel@gandalf.hydrathink.org> <1118260868.4907.15.camel@localhost.localdomain> Message-ID: <42A76ED7.1060300@3web.net> Erpo wrote: > Unless there's some other option out there that hasn't already been > mentioned, in which case I think a lot of people would be interested, > particularly Hernan and me. One of the disk encryption products for Windows XP/2000/2003 is at: http://www.truecrypt.org/ In their documentation, they list Linux version *that would mount the same* container-file as an encrypted filesystem among the items to be expected in new version(s). (I assume the underlying filesystem for cross-mountable containers would have to be FAT). Check their web page for updates. cdrok From rodrigopadula at sagraluzzatto.com.br Wed Jun 8 23:08:19 2005 From: rodrigopadula at sagraluzzatto.com.br (Rodrigo Padula de Oliveira) Date: Thu Jun 9 01:31:06 2005 Subject: GnuPG in Brazil Message-ID: <42A75E43.4080503@sagraluzzatto.com.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello people!! I am Brazilian and it would like to found a community of GNUPG here in Brazil. I would like to create a discussion list GNUPG-BR for the interested Brazilians in the gnupg. Which the responsible person for the site gnupg.org so that I can request the creation of the discussion list and to put my name here for contacts of Gnupg in Brazil? - -- +================================================+ ~ RODRIGO PADULA DE OLIVEIRA ~ (o- BACHARELANDO EM SISTEMAS DE INFORMA??O ~ //\ FACULDADE METODISTA GRANBERY - FMG ~ V_/_ ~ PostgreSQL - PHP - Linux - Java +================================================+ ~ Membro Fundador do Gunix Linux ~ http://www.gunix.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCp13Y8arYxsJpZ0URAv1bAJ4wMuj9h83tANj0ZliPYkUQAwVf/wCeMPos jCEXMN/O1dzmFqaEMX7B8Q8= =wjEM -----END PGP SIGNATURE----- From wk at gnupg.org Wed Jun 8 13:19:29 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Jun 9 06:35:38 2005 Subject: Set date for signature to expire In-Reply-To: <6.2.1.2.2.20050608020340.037cadf8@localhost> (Per Tunedal Casual's message of "Wed, 08 Jun 2005 02:09:59 +0200") References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3392.213.169.2.77.1117956111.squirrel__18397.7765417241$1117956474$gmane$org@mail.rbgi.net> <87br6j7fjp.fsf__39901.3700349771$1118066913$gmane$org@wheatstone.g10code.de> <87br6i2slo.fsf@wheatstone.g10code.de> <6.2.1.2.2.20050608020340.037cadf8@localhost> Message-ID: <87zmu1f64e.fsf@wheatstone.g10code.de> On Wed, 08 Jun 2005 02:09:59 +0200, Per Tunedal Casual said: > Issuers of X509 certificates use 1 year for soft certificates and 5 years > for card certificates. I don't know their calculations behind that decision. That is a different thing: It is the expiration time of the key; something one should really set and is has been in gpg since the beginnings. Key-signatures are different and there is no counterpart in X.509. Shalom-Salam, Werner From wk at gnupg.org Wed Jun 8 13:24:23 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Jun 9 06:35:46 2005 Subject: Passphrase Encoding and Entropy In-Reply-To: <1400.213.169.25.121.1118178965.squirrel@mail.rbgi.net> (Oskar L.'s message of "Wed, 8 Jun 2005 00:16:05 +0300 (EEST)") References: <6.2.1.2.2.20050531231240.032c9068@localhost> <6.2.1.2.2.20050605180414.033dbfb8@localhost> <1041.213.169.28.246.1118011148.squirrel@mail.rbgi.net> <87br6jn1sl.fsf@futtelifut.dyndns.org> <1400.213.169.25.121.1118178965.squirrel@mail.rbgi.net> Message-ID: <87vf4pf5w8.fsf@wheatstone.g10code.de> Hi! Please don't forget that the passphrase is only used to protect the secret key. It is a last resort protection mechanism. If someone was able to get your secret key you are better off to revoke the key and consider it compromised. The passphrase gives you some time to get the word (i.e. the revocation) spread. Don't rely on the passphrase. There is one exception: When using the -c mode, only the passphrases protects the data and in nthis case you should really make sure that it is a good passphrase. Salam-Shalom, Werner From BPJenkins at delinvest.com Wed Jun 8 15:54:11 2005 From: BPJenkins at delinvest.com (Jenkins, Brian P.) Date: Thu Jun 9 10:49:49 2005 Subject: Can't find public key during encryption Message-ID: <4B6F5BB312714143950685B28BAD226233A7A8@delpwemlphl.delinvest.ad.lfg.com> I run GPG 1.2.4 on a windows cluster using one of 3 users. All users except for 1 work fine on either node. The failing user works on one node of the cluster but not the other. I verified that the registry settings for [HKEY_CURRENT_USER\Software\GNU\GNUPG] "HomeDir"="H:\Data\bin\GnuPG" "gpgProgram"="H:\Data\bin\GnuPG\gpg.exe" "OptFile"="H:\Data\bin\GnuPG\gpg.conf" are the same for all users. I get the error below, of course only on encryption. The failure is below. Why is GPG looking to the C: drive for this operation? \\presto\bin\gnupg\gpg -o tradeint_dial.2005060716424957.pgp -r mondrian --yes --always-trust -e tradeint_dial.2005060716424957 gpg: keyblock resource `c:/gnupg\secring.gpg': file open error gpg: keyblock resource `c:/gnupg\pubring.gpg': file open error gpg: mondrian: skipped: public key not found gpg: tradeint_dial.2005060716424957: encryption failed: public key not found Thanks, Brian Jenkins This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. From wk at gnupg.org Thu Jun 9 10:58:12 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Jun 9 10:56:04 2005 Subject: GnuPG in Brazil In-Reply-To: <42A75E43.4080503@sagraluzzatto.com.br> (Rodrigo Padula de Oliveira's message of "Wed, 08 Jun 2005 18:08:19 -0300") References: <42A75E43.4080503@sagraluzzatto.com.br> Message-ID: <87zmtzrjob.fsf@wheatstone.g10code.de> On Wed, 08 Jun 2005 18:08:19 -0300, Rodrigo Padula de Oliveira said: > Which the responsible person for the site gnupg.org so that I can I guess that's me. > request the creation of the discussion list and to put my name here for > contacts of Gnupg in Brazil? I have created the list and send you some info by PM. http://lists.gnupg.org/pipermail/gnupg-br/2005-June/000000.html I will put list it also on the website. Thanks, Werner From wk at gnupg.org Thu Jun 9 10:59:26 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Jun 9 10:56:23 2005 Subject: GnuPG Clearsign vs. PGP/MIME Signing In-Reply-To: <42A76635.2060605@earthlink.net> (Dan Mundy's message of "Wed, 08 Jun 2005 17:42:13 -0400") References: <42A0F63D.4040008@earthlink.net> <20050604230012.GD19397@jabberwocky.com> <42A23573.1050404@earthlink.net> <87hdgdkuvz.fsf@futtelifut.dyndns.org> <87k6l77g46.fsf@wheatstone.g10code.de> <42A76635.2060605@earthlink.net> Message-ID: <87vf4nrjm9.fsf@wheatstone.g10code.de> On Wed, 08 Jun 2005 17:42:13 -0400, Dan Mundy said: > this plugin sounds like a neat idea. will it be featured on the > gnupg.org site? Sure. Salam-Shalom, Werner From wk at gnupg.org Thu Jun 9 11:14:02 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Jun 9 11:11:01 2005 Subject: 1er contacto In-Reply-To: <5ca35d405060805552b53328d@mail.gmail.com> (Hernan Costante's message of "Wed, 8 Jun 2005 09:55:39 -0300") References: <5ca35d405060305435d00a13d@mail.gmail.com> <42A075CD.80407@gmail.com> <87slzv7gmf.fsf@wheatstone.g10code.de> <5ca35d405060805552b53328d@mail.gmail.com> Message-ID: <87mzpzrixx.fsf@wheatstone.g10code.de> On Wed, 8 Jun 2005 09:55:39 -0300, Hernan Costante said: > it seems to me a good idea Okay. I created gnupg-es. I need however 1 or 2 folks to moderate the list; i.e. wipe out spam and accept message from non-subscribed posters. http://lists.gnupg.org/pipermail/gnupg-es/2005-June/000000.html Shalom-Salam, Werner From sjlopezb at hackindex.com Thu Jun 9 14:23:13 2005 From: sjlopezb at hackindex.com (=?ISO-8859-15?Q?Santiago_Jos=E9_L=F3pez_Borraz=E1s?=) Date: Thu Jun 9 14:19:08 2005 Subject: 1er contacto In-Reply-To: <87mzpzrixx.fsf@wheatstone.g10code.de> References: <5ca35d405060305435d00a13d@mail.gmail.com> <42A075CD.80407@gmail.com> <87slzv7gmf.fsf@wheatstone.g10code.de> <5ca35d405060805552b53328d@mail.gmail.com> <87mzpzrixx.fsf@wheatstone.g10code.de> Message-ID: <42A834B1.6050203@hackindex.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 El 09/06/05 11:14, Werner Koch escribi?: > Okay. I created gnupg-es. I need however 1 or 2 folks to moderate the > list; i.e. wipe out spam and accept message from non-subscribed > posters. > > > http://lists.gnupg.org/pipermail/gnupg-es/2005-June/000000.html Oooooohhhh!!! THANK's!!!!! :-)) I suscribed in the list :-)) Thank's. ;-)) What's administrative this list?? - -- Slds de Santiago Jos? L?pez Borraz?s. Admin de hackindex.com Conocimientos avanzados en seguridad inform?tica. Conocimientos avanzados en redes peque?as y grandes. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2rc1 (GNU/Linux) iQIVAwUBQqg0sLuF9/q6J55WAQomSA//dWXj0ZMlCqGD16WdcGiw2mBlX5hIjKzT r+ZaLVnDd4iSreLv3d6zWnINe7iekWPFa6xn4xsidbpdcnMKi4JlFgp22PLzpd/C SGu+TCBt7fQpy0RGDdjuhStA/Z4bloktGGYcaFnhecNWf21hLEDckB262m2iQ5xa pe8Mu1DrPAEecTmY52a1V7JmvcA5a4Prl0WVGokJbRO908MWM8AIUmlqtUJ2m1AX 5TC+3CSqkhOa5IjVpCy68+m4EyDWJpzNj8muKaTJkgc7x3zxgR3D6jXDZmCV+Uov 9NiWajq8iQfCmpTTIgjowvf758FhFG4v4/LpV3cep8XtPjeeXRu6X6sUfLBO3aQt fNn+y1KSodx5cgSDb1cuNXx0pMBd99C2dwwnllPo0zGPFLnpGkWIALapiDFGQRyZ AUhAiRFkJdMWi6r3ST5jy+wqypLmsMsGeVhTdYrRXhrMHAGX3nAW2sgrBHqIM3R5 3XA9l5+z/nZ3lI75AIpv0oaQaDuV4mRGBKMC5qIIkZS0nfSKLqZR6vE803EZqHa9 FjqUx7qm2IIdFoe8TqTsTuPdv0LnzYrxfwyUjkKVLYZf6wjoSEZSS59HibO9/skw mmQAL6iTvbjgFEYc127030SC0llcOAhWHVL4tXZqrv2RDwSKfNlvFmhbOvG+8nLZ iPELc1cBP1E= =FdSd -----END PGP SIGNATURE----- From wk at gnupg.org Thu Jun 9 16:34:51 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Jun 9 16:31:05 2005 Subject: 1er contacto In-Reply-To: <42A834B1.6050203@hackindex.com> (=?utf-8?q?Santiago_?= =?utf-8?q?Jos=C3=A9_L=C3=B3pez_Borraz=C3=A1s's_message_of?= "Thu, 09 Jun 2005 14:23:13 +0200") References: <5ca35d405060305435d00a13d@mail.gmail.com> <42A075CD.80407@gmail.com> <87slzv7gmf.fsf@wheatstone.g10code.de> <5ca35d405060805552b53328d@mail.gmail.com> <87mzpzrixx.fsf@wheatstone.g10code.de> <42A834B1.6050203@hackindex.com> Message-ID: <871x7br438.fsf@wheatstone.g10code.de> On Thu, 09 Jun 2005 14:23:13 +0200, Santiago Jos? L?pez Borraz?s said: > What's administrative this list?? Things like removing users who are not able to do that using the web interface. You need to learn a bit about Mailman, though. Salam-Shalom, Werner From wk at gnupg.org Thu Jun 9 16:38:39 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Jun 9 16:36:05 2005 Subject: Can't find public key during encryption In-Reply-To: <4B6F5BB312714143950685B28BAD226233A7A8@delpwemlphl.delinvest.ad.lfg.com> (Brian P. Jenkins's message of "Wed, 8 Jun 2005 09:54:11 -0400") References: <4B6F5BB312714143950685B28BAD226233A7A8@delpwemlphl.delinvest.ad.lfg.com> Message-ID: <87wtp3ppcg.fsf@wheatstone.g10code.de> On Wed, 8 Jun 2005 09:54:11 -0400, Jenkins, Brian P said: > "gpgProgram"="H:\Data\bin\GnuPG\gpg.exe" > \\presto\bin\gnupg\gpg -o tradeint_dial.2005060716424957.pgp -r mondrian > --yes --always-trust -e tradeint_dial.2005060716424957 Why are you running a different copy of gpg than given in the registry? This is probably not the problem, though. Please run \\presto\bin\gnupg\gpg --version to see what Homedirecty GnuPG is using. The check what echo %GNUPGHOME% gives. Shalom-Salam, Werner From ndof at gmx.li Fri Jun 10 13:16:17 2005 From: ndof at gmx.li (=?ISO-8859-1?Q?Hans_M=FCller?=) Date: Fri Jun 10 14:12:38 2005 Subject: PGP Disk 8 containers under Linux Message-ID: <42A97681.4070600@gmx.li> is the a way to mount PGP Disk 8 containers under Linux?? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 889 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050610/1412780a/signature-0001.pgp From hhhobbit7 at netscape.net Sat Jun 11 00:00:55 2005 From: hhhobbit7 at netscape.net (Henry Hertz Hobbit) Date: Fri Jun 10 23:57:15 2005 Subject: Can't find public key during encryption Message-ID: <67C66B13.00708638.0307202B@netscape.net> >Message: 4 >Date: Wed, 8 Jun 2005 09:54:11 -0400 >From: "Jenkins, Brian P." >Subject: Can't find public key during encryption >To: >Message-ID: > <4B6F5BB312714143950685B28BAD226233A7A8@delpwemlphl.delinvest.ad.lfg.com> > >Content-Type: text/plain; charset="us-ascii" > >I run GPG 1.2.4 on a windows cluster using one of 3 users. All users >except for 1 work fine on either node. The failing user works on one >node of the cluster but not the other. I verified that the registry >settings for >[HKEY_CURRENT_USER\Software\GNU\GNUPG] >"HomeDir"="H:\Data\bin\GnuPG" >"gpgProgram"="H:\Data\bin\GnuPG\gpg.exe" >"OptFile"="H:\Data\bin\GnuPG\gpg.conf" > >are the same for all users. I get the error below, of course only on >encryption. > >The failure is below. Why is GPG looking to the C: drive for this >operation? > > >\\presto\bin\gnupg\gpg -o tradeint_dial.2005060716424957.pgp -r mondrian >--yes --always-trust -e tradeint_dial.2005060716424957 >gpg: keyblock resource `c:/gnupg\secring.gpg': file open error >gpg: keyblock resource `c:/gnupg\pubring.gpg': file open error >gpg: mondrian: skipped: public key not found >gpg: tradeint_dial.2005060716424957: encryption failed: public key not >found > >Thanks, >Brian Jenkins > Brian: I suspect that the [HKEY_CURRENT_USER\Software\GNU\GNUPG] key on one of the machines (you said cluster but intimated that it consisted of only two machines) is wrong. You must have a separate key for each machine since each machine has their own registry. The only thing that is hard coded in the source code is for a failure of the GetTempPath() function in g10\exec.c file: /* lines 140...145 */ if(tmp==NULL) { #if defined (_WIN32) tmp=m_alloc(256); if(GetTempPath(256,tmp)==0) strcpy(tmp,"c:\\windows\\temp"); If the registry key isn't the problem, then I suspect the gpg.conf file is either different or not there on the one machine and user you are having problems with. Ciao Henry Hertz Hobbit -- Key Name: "Henry Hertz Hobbit" pub 1024D/E1FA6C62 2005-04-11 [expires: 2006-04-11] Key fingerprint = ACA0 B65B E20A 552E DFE2 EE1D 75B9 D818 E1FA 6C62 __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp From slashlars at ecentricarts.com Sat Jun 11 00:22:45 2005 From: slashlars at ecentricarts.com (slashlars) Date: Sat Jun 11 01:25:32 2005 Subject: encrypt data, not file, in one line? Message-ID: I want to invoke GnuPG on a Windows 2000 server from within a web application. Problem: I don't want to write temporary plaintext files. Encrypting a file is no problem: I do something like: gpg -o cipher.txt.asc -a -r slashlars@ecentricarts.com --batch --encrypt plain.txt My web app can retrieve a result from stdout, so I don't need the output file: gpg -a -r slashlars@ecentricarts.com --batch --encrypt plain.txt But I can't figure out how to encrypt data from stdin, except interactively at the Windows command prompt, typing or pasting it in and ending with ctrl-C. I had hoped to find an option like --encrypt-data which would cause the arg after --encrypt to be treated as plaintext data instead of a filename. i.e. gpg -a -r -r slashlars@ecentricarts.com --batch --encrypt-data --encrypt Your secret word is 'dog' Is there a way to get that to work, either a set of gpg options or in the way I call it on a command line? The manuals, man page, Google search and a scan of the archives here in gnupg-users has not turned up anything for me. My (very limited) Windows shell knowledge (plus searches online) doesn't tell me how to pipe data in, except that I can direct a file into stdin -- but of course, I don't want to write the plaintext into a file in the first place! -- Lars ......................................... "If they ever come up with a swashbuckling school, I think one of the courses should be Laughing, Then Jumping Off Something." -- Jack Handey From cedar at 3web.net Sat Jun 11 15:51:59 2005 From: cedar at 3web.net (C. D. Rok) Date: Sat Jun 11 15:48:26 2005 Subject: encrypt data, not file, in one line? In-Reply-To: References: Message-ID: <42AAEC7F.4030605@3web.net> slashlars wrote: > Problem: I don't want to write temporary plaintext files. Whatever you are doing, you should take into account one simple fact: if you write data in one program to later on read it in the next one, *you* have (some) control over what and where remains on that disk. If you "pipe" data from one program into another using the shell, *the system* writes pieces of "pipe" on the disk, and you have little or no control over what and where will be left on that disk. cdrok From jdbeyer at exit109.com Sat Jun 11 16:30:07 2005 From: jdbeyer at exit109.com (Jean-David Beyer) Date: Sat Jun 11 16:25:52 2005 Subject: encrypt data, not file, in one line? In-Reply-To: <42AAEC7F.4030605@3web.net> References: <42AAEC7F.4030605@3web.net> Message-ID: <42AAF56F.20008@exit109.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 C. D. Rok wrote: > slashlars wrote: > >> Problem: I don't want to write temporary plaintext files. > > > Whatever you are doing, you should take into account one simple > fact: if you write data in one program to later on read it in > the next one, *you* have (some) control over what and where > remains on that disk. If you "pipe" data from one program into > another using the shell, *the system* writes pieces of "pipe" > on the disk, and you have little or no control over what and > where will be left on that disk. I think you may be up to the whim of the system in any case. In UNIX and probably Linux systems, data in pipes tends to remain in RAM from when it it placed into the queue and when the consuming process reads it out. There is a limit (once it was something like 1024 bytes) on how much the producing process would write until it blocked, and it would unblock only when the consuming process emptied it out. - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 10:20:00 up 13 days, 16:56, 3 users, load average: 4.44, 4.27, 4.20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCqvVuPtu2XpovyZoRAkQKAKCZPxbJfBnbNBKKNGZbFi5oFRPaQQCdE2Zi KFTrviW3+t/YKpYgDrjEKUw= =6NH9 -----END PGP SIGNATURE----- From unknown_kev_cat at hotmail.com Sat Jun 11 20:18:02 2005 From: unknown_kev_cat at hotmail.com (Joe Smith) Date: Sat Jun 11 20:12:30 2005 Subject: encrypt data, not file, in one line? References: Message-ID: What about: " echo SOME DATA HERE|gpg ... " This is not valid using just the standard execution methods under windows IIRC, but if you are using the cmd.exe shell it should work. 'echo' is a shell builtin. From jdbeyer at exit109.com Sat Jun 11 21:19:33 2005 From: jdbeyer at exit109.com (Jean-David Beyer) Date: Sat Jun 11 21:15:26 2005 Subject: encrypt data, not file, in one line? In-Reply-To: References: Message-ID: <42AB3945.2020408@exit109.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe Smith wrote: > What about: > " > echo SOME DATA HERE|gpg ... > " > This is not valid using just the standard execution methods under > windows IIRC, but if you are using the cmd.exe shell it should work. > 'echo' is a shell builtin. I know next to nothing about Windows. In Linux (and probably any other UNIX system), ECHO(1) FSF ECHO(1) NAME echo - display a line of text SYNOPSIS echo [OPTION]... [STRING]... DESCRIPTION NOTE: your shell may have its own version of echo which will supercede the version described here. Please refer to your shell's documentation for details about the options it supports. ... In the Linux case, I can run: $ echo SOME DATA HERE | gpg -e -r jdbeyer >gpg.out and produce an output file that can be decrypted to produce the original. Surely that would have fit a pipe, so nothing need be written out to disk. - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 15:05:00 up 13 days, 21:41, 3 users, load average: 5.09, 5.07, 5.04 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCqzlFPtu2XpovyZoRAnplAKCM/5BMoPm7rq0RctQlqHk35oEA/wCgvUzg /47OJitadZWmuMA0HtMDlns= =qcBD -----END PGP SIGNATURE----- From wolfgang.rosenauer at an-netz.de Sun Jun 12 17:07:48 2005 From: wolfgang.rosenauer at an-netz.de (Wolfgang Rosenauer) Date: Sun Jun 12 17:02:17 2005 Subject: gpg --change-pin doesn't work for me In-Reply-To: <42761216.6020000@an-netz.de> References: <4275F442.6020408@an-netz.de> <20050502105821.GI6409@mbwg.de> <42761216.6020000@an-netz.de> Message-ID: <42AC4FC4.7040702@an-netz.de> Hi, a long time ago: Wolfgang Rosenauer wrote: > Matthias Kirschner wrote: > >> which smartcard reader are you using? > > this error I get with a Towitoko chipdrive micro. > I can test with a Reiner SCT cyberjack at home. it works with the Reiner SCT reader but not with the Towitoko. I wasn't able to test 1.4.1 or 1.4.2rc1 yet. Wolfgang From slashlars at ecentricarts.com Mon Jun 13 16:53:28 2005 From: slashlars at ecentricarts.com (slashlars) Date: Mon Jun 13 16:51:55 2005 Subject: encrypt data, not file, in one line? In-Reply-To: Message-ID: Thanks, Joe -- that does the trick, so long as SOME DATA HERE contains no line breaks. The results of some v quick tests: If the data contains characters the W32 shell would interpret (e.g. < ) then it seems the plaintext must be in double-quotes; unfortunately, the quotes become part of the plaintext and appear when ciphertext is decrypted. It seems like there should be a way to allow for multi-line input or escaping special characters without quoting the entire input; if I come up with something (trial & error!) I'll post to list. (Not to bash MS but I find the command shell pretty anemic and the interface inconsistent... well, I don't have to like it, just use it at work.) re: C.D.Rok's post and Jean-David Beyer's first in thread: yes, it's my understanding that attacks which capture the OS's scratch files or in-memory variables might recover plaintext. At my (modest) level of expertise, not much I can do about that! The scenario I'm trying to avoid is e.g. bad person eavesdrops on my web app server's temp directory, and captures a plaintext file in the interval between when I write it and when I delete it after producing ciphertext. Another scenario: my web app server throws an error after writing & before deletion, leaving the plaintext on disk. Thanks to all for responses. -- Lars > -----Original Message----- > From: gnupg-users-bounces@gnupg.org > [mailto:gnupg-users-bounces@gnupg.org]On Behalf Of Joe Smith > Sent: Saturday, June 11, 2005 2:18 PM > To: gnupg-users@gnupg.org > Subject: Re: encrypt data, not file, in one line? > > > What about: > " > echo SOME DATA HERE|gpg ... > " > This is not valid using just the standard execution methods under windows > IIRC, but if you are using the cmd.exe shell it should work. > 'echo' is a shell builtin. From vliscony at gmail.com Mon Jun 13 17:26:07 2005 From: vliscony at gmail.com (Rogier van Vlissingen) Date: Mon Jun 13 18:22:22 2005 Subject: What happened to the Win32 version of gnupg Message-ID: I tried to install enigmail to thunderbird on my win2k PC, and found that a repurted Win32 version of gnupg was nowhere to be found. Are there any answers, alternatives? Thanks. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ From mail at mark-kirchner.de Mon Jun 13 18:50:46 2005 From: mail at mark-kirchner.de (Mark Kirchner) Date: Mon Jun 13 18:46:41 2005 Subject: What happened to the Win32 version of gnupg In-Reply-To: References: Message-ID: <512209392.20050613185046@mark-kirchner.de> On Monday, June 13, 2005, 5:26:07 PM, Rogier wrote: > I tried to install enigmail to thunderbird on my win2k PC, and found > that a repurted Win32 version of gnupg was nowhere to be found. Hm, what about http://www.gnupg.org/(en)/download/index.html#auto-ref-1 or (from the above address) ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.1.exe Or are you looking for v1.4.2? At the moment, there is only a release candidate of that version and AFAIK there will be no Win32 build of it until a final is released. Shouldn't be a big deal, v1.4.1 is just fine. Regards, Mark Kirchner -- _____________________________________________________________ Key (0x172C073C): http://www.mark-kirchner.de/keys/key-mk.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 183 bytes Desc: not available Url : /pipermail/attachments/20050613/900b3ff2/attachment-0001.pgp From patrick at mozilla-enigmail.org Mon Jun 13 18:50:15 2005 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Mon Jun 13 18:47:34 2005 Subject: What happened to the Win32 version of gnupg In-Reply-To: References: Message-ID: <42ADB947.60603@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rogier van Vlissingen wrote: > I tried to install enigmail to thunderbird on my win2k PC, and found > that a repurted Win32 version of gnupg was nowhere to be found. > > Are there any answers, alternatives? Did you actually install GnuPG? If yes, the go to the Enigmail preferences and browse for gpg.exe. If GnuPG is not installed, then download and install it from http://www.gnupg.org/(en)/download/index.html - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCrblF2KgHx8zsInsRAvEzAJwIy5vAUSWTxRykMO8n//79HT3aBgCg8oKz v0UvcohllzqP8iZ3oCuzN0g= =3L1T -----END PGP SIGNATURE----- From dapilori at yahoo.it Mon Jun 13 18:01:35 2005 From: dapilori at yahoo.it (Dario Pilori) Date: Mon Jun 13 18:57:48 2005 Subject: Serpent Message-ID: <42ADADDF.90405@yahoo.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there a Serpent plugin for GnuPG? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: For info see http://www.gnupg.org Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCra3dedgx8U6iKx4RApIkAJ9bKboTzboYOti9wn29tHnxW/8++gCeN7MQ GNBFI3ljP1A7BTKgq9Z13rY= =miPH -----END PGP SIGNATURE----- ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it From aldert at rotz.org Mon Jun 13 18:44:38 2005 From: aldert at rotz.org (Aldert J.B.P. Hazenberg) Date: Mon Jun 13 19:32:49 2005 Subject: What happened to the Win32 version of gnupg In-Reply-To: References: Message-ID: <42ADB7F6.8070800@rotz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rogier van Vlissingen wrote: > I tried to install enigmail to thunderbird on my win2k PC, and found > that a repurted Win32 version of gnupg was nowhere to be found. > > Are there any answers, alternatives? > Try the windows installer, I think it is pretty good... http://www.gnupg.org/(en)/download/index.html#auto-ref-1 Or directly : GnuPG 1.4.1 compiled for Microsoft Windows : ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.1.exe Signature and SHA-1 checksum : ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.1.exe.sig Aldert. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iQIVAwUBQq239RbFttBkLonZAQK/7hAAmB0ood8rebMzAmmlUsyun5VCRxcmCSvk eorgupv2Vb9/apaesX2gSVDMUnjiaAbrHP9twbBlARisFnwp/yO9RWTHZwUPzP6c zxG4Cl+0DFMRAiCnCNaViU9CeLpJSAYQVUFGf24hoj/Xv06hnA6N/2iCiNW9YevL 5cwtC6DD6BLC3Xm+a6OyaS63GErh4AnxwCzhbXKo+iAVIe2kQEKIkVd7hx93vWp0 VaP7Jr4ft9P+6KqMWzKXiekRKJS3lyGof70UicTidq2kIIx93XUhUk+6IDlG/1yH X/VCBduQSGsWPOUIj7pV8IZd/AGxPRFZ50R/pz6Wnsmk28ZXwc8wtgrtgqs8RzOw P0m1/yUOdvmg2+FDQUj2mXnk08pwqjfZjxWF690YvdmTAWqJCkEviL6+2yPxAu+I rWhuFT7BxRUdKEppF06N36ob1KXTW0rhLqeCz9jNy51inFoINcLh9MrxqwsAtuQg vRYIm93nUsuOWBnOBscfXTF94LSpETejBde5zskC32Do5cwFXiK0hY7ppNV7gLGL HsNQKBNg2O3oxFNR4Ekog58taQ/OuilxFShjSvPbIyJyo8N+RGFIIbznhg9RuzAG vKej+YacDJCM8OoUwdeWFdM8fx04RjfAB18lX1PymvQLY3zK8xWv5C9UqCXxnEJc TykXHSXhNp4= =qeqG -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Jun 13 19:50:21 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Jun 13 19:46:30 2005 Subject: Serpent In-Reply-To: <42ADADDF.90405@yahoo.it> References: <42ADADDF.90405@yahoo.it> Message-ID: <20050613175021.GA13968@jabberwocky.com> On Mon, Jun 13, 2005 at 06:01:35PM +0200, Dario Pilori wrote: > Is there a Serpent plugin for GnuPG? No. Serpent is not part of OpenPGP. David From jharris at widomaker.com Tue Jun 14 01:02:02 2005 From: jharris at widomaker.com (Jason Harris) Date: Tue Jun 14 00:58:14 2005 Subject: new (2005-06-12) keyanalyze results (+sigcheck) Message-ID: <20050613230201.GR356@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-06-12/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 0409e46d18e6bbb4d238c74565407aa49f6912e7 12222198 preprocess.keys f25c8438341e42aba53c0fb002e8d64d9574565e 7677090 othersets.txt 0331aa4eb82603744dcc000ae3fdf13a8a47629b 3067786 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f 1450 index.html 9363b694209083c5b2d9ba8324b53dd3f3495aa3 3005 keyring_stats c5d9e35f815ff7c9aba21fbaf174f232e49d4854 1207478 msd-sorted.txt.bz2 1761094ad31c27358cb7b1aa3371f040f002bca6 26 other.txt 14a8bc6b8da44d82777b7f4c623edd1182ff9b24 1654745 othersets.txt.bz2 9791f94c72a840546ebc048caad9da75a6cebd68 4999086 preprocess.keys.bz2 9005afd09ef38c1bcb8173d166ad9011f934b087 12206 status.txt aab21b4da5e9ab0ef461609d1a2fc8422b7c8276 210507 top1000table.html 364609600299db153fceab18b29efa9575d8f9d8 30404 top1000table.html.gz 6dfd8e1368929ba071c5905cfbabbb79465a377d 10893 top50table.html 5d7f4886765b2513b188a80b2369f020ebfa14b8 2619 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 309 bytes Desc: not available Url : /pipermail/attachments/20050613/596c52ae/attachment.pgp From David.Bauer at SCHERING.DE Tue Jun 14 10:01:14 2005 From: David.Bauer at SCHERING.DE (David.Bauer@SCHERING.DE) Date: Tue Jun 14 10:42:49 2005 Subject: import pgp public key in gnupg Message-ID: Hello, I want to import a public key from pgp 8.1 into gnupg 1.4.1. The pgp key is RSA 1024. gpg returns this error messages: gpg: armor header: Version: PGP 8.1 gpg: can't handle public key algorithm 100 gpg: key EEE64249: no valid user IDs gpg: this may be caused by a missing self-signature I do not understand the "missing self-signature" because the key has a self-signature in pgp. Any hints what I'm doing wrong ? Thanks, David. From jk at survival-international.org Fri Jun 10 16:13:20 2005 From: jk at survival-international.org (Julian Kramer) Date: Tue Jun 14 10:48:03 2005 Subject: Compatibility with Eudora and Apple Mail Message-ID: -- Is GnuPGP compatible with Eudora and Apple Mail? Read Survival's urgent appeal for the Bushmen and their court case against the Botswana government on our website: http://www.survival-international.org/appeal.php?id=11 We help tribal peoples defend their lives, protect their lands and determine their own futures. Julian Kramer Web Officer Survival International 6 Charterhouse Buildings London EC1M 7ET UK Tel: 020 7687 8700 Fax: 020 7687 8701 http://www.survival-international.org From unknown_kev_cat at hotmail.com Sun Jun 12 01:58:47 2005 From: unknown_kev_cat at hotmail.com (Tacvek) Date: Tue Jun 14 10:48:07 2005 Subject: Recent MD5 Collision Message-ID: Lucks' and Daum's new attack on MD5 is very scary. Cryptographically it is a no-op in that it abuses the user. The postscript file that is signed contains both messages. A similar exploit would be to have a program that prints one document on Caesar's computer (printer), but a different one on all other computers (printers). Exploit is due to user's thinking of postscript programs as documents, and signatures on them being equivalent to signatures on the output. The rest of this message ignores this fact, just as most users will. The attack works due to the fact that: If md5(M)==md5(M') then md5(M||A)==md5(M'||A), where || stands for concatenate. Import to note that A||M||B and A||M'||B also work. The attack is then simple, find ANY M and M' such that md5(M)==md5(M') [In reality certain characters or sequences may need to be avoided, but in postscript it seems to generally not be too big a problem.] Then construct A and B. Here is a possible A and B for a basic-like programming language. This example assumes that M can be differentiated from M' because the first character of M is #, but the first character of M' is something different. ---- BEGIN A ---- temp$=" ---- END A---- ---- BEGIN B ---- "\nIf left$(temp$,1)="#" then\nprint "Message A"\nelse\nprint "Message B"\nEnd If ---- END B---- Obviously A and B could be changed arbitrarily. That is what has already been done. What is really scary is that if somebody finds *ANY* SHA-1 collision the above could be used in exactly the same way. this actually applies to all Merkle-Damg?rd hash functions. From prudek at bvx.cz Tue Jun 14 10:40:42 2005 From: prudek at bvx.cz (Milos Prudek) Date: Tue Jun 14 11:14:02 2005 Subject: ftp.gnupg.org down? Message-ID: <42AE980A.70505@bvx.cz> Hi, ftp.gnupg.org does not respond to anonymous login. Is this a known problem? This problem prevents compilation of KDE 3.4.1 from sources using the Konstruct script, and probably other KDE versions. -- Milos Prudek http://www.spoxdesign.com - your web usability testing From erpo41 at hotpop.com Tue Jun 14 14:08:45 2005 From: erpo41 at hotpop.com (Erpo) Date: Tue Jun 14 14:03:53 2005 Subject: ftp.gnupg.org down? In-Reply-To: <42AE980A.70505@bvx.cz> References: <42AE980A.70505@bvx.cz> Message-ID: <1118750925.4918.3.camel@localhost.localdomain> On Tue, 2005-06-14 at 10:40 +0200, Milos Prudek wrote: > Hi, > > ftp.gnupg.org does not respond to anonymous login. Is this a known problem? I can connect, but I can't get any sort of login prompt. +1 data point. > This problem prevents compilation of KDE 3.4.1 from sources using the > Konstruct script, and probably other KDE versions. And just when I think I've seen it all, OSS manages to surprise me again. ;) Eric From dshaw at jabberwocky.com Tue Jun 14 14:23:01 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 14 14:19:10 2005 Subject: import pgp public key in gnupg In-Reply-To: References: Message-ID: <20050614122301.GB14674@jabberwocky.com> On Tue, Jun 14, 2005 at 10:01:14AM +0200, David.Bauer@SCHERING.DE wrote: > Hello, > > I want to import a public key from pgp 8.1 into gnupg 1.4.1. > The pgp key is RSA 1024. > > gpg returns this error messages: > > gpg: armor header: Version: PGP 8.1 > gpg: can't handle public key algorithm 100 > gpg: key EEE64249: no valid user IDs > gpg: this may be caused by a missing self-signature > > I do not understand the "missing self-signature" because the key has a > self-signature in pgp. > Any hints what I'm doing wrong ? Judging byt eh "algorithm 100", I suspect that key is one of PGP's X.509 hybrids. GnuPG does not support that. David From dshaw at jabberwocky.com Tue Jun 14 14:24:06 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 14 14:20:13 2005 Subject: Compatibility with Eudora and Apple Mail In-Reply-To: References: Message-ID: <20050614122406.GC14674@jabberwocky.com> On Fri, Jun 10, 2005 at 03:13:20PM +0100, Julian Kramer wrote: > > -- > Is GnuPGP compatible with Eudora and Apple Mail? http://www.macupdate.com/info.php/id/7654 David From shavital at mac.com Tue Jun 14 14:41:02 2005 From: shavital at mac.com (Charly Avital) Date: Tue Jun 14 14:36:47 2005 Subject: import pgp public key in gnupg In-Reply-To: References: Message-ID: <42AED05E.10804@mac.com> I believe this issue has been commented upon in this forum, a couple of years ago maybe; it was about "public key algorithms 100 to 110" being 'reserved for private or experimental use'. I have tried to download key EEE64249 from 4 different keyservers, nothing found. As for "missing self signature", try to import the key while adding the option --allow-non-selfsigned-uid. But I don't believe this will solve the issue of algorithm 100. I hope you get a better response from a more savvy user. Charly David.Bauer@SCHERING.DE wrote the following on 6/14/05 4:01 AM: > Hello, > > I want to import a public key from pgp 8.1 into gnupg 1.4.1. > The pgp key is RSA 1024. > > gpg returns this error messages: > > gpg: armor header: Version: PGP 8.1 > gpg: can't handle public key algorithm 100 > gpg: key EEE64249: no valid user IDs > gpg: this may be caused by a missing self-signature > > I do not understand the "missing self-signature" because the key has a > self-signature in pgp. > Any hints what I'm doing wrong ? > > Thanks, > David. From jan at gondor.com Tue Jun 14 14:58:32 2005 From: jan at gondor.com (Jan Niehusmann) Date: Tue Jun 14 14:54:09 2005 Subject: Set date for signature to expire In-Reply-To: <6.2.1.2.2.20050608020340.037cadf8@localhost> References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3392.213.169.2.77.1117956111.squirrel__18397.7765417241$1117956474$gmane$org@mail.rbgi.net> <87br6j7fjp.fsf__39901.3700349771$1118066913$gmane$org@wheatstone.g10code.de> <87br6i2slo.fsf@wheatstone.g10code.de> <6.2.1.2.2.20050608020340.037cadf8@localhost> Message-ID: <20050614125832.GA9982@gondor.com> On Wed, Jun 08, 2005 at 02:09:59AM +0200, Per Tunedal Casual wrote: > True, but it might be convenient anyhow. The shorter the time, the safer > the guess! > > One way is to assume that the key is attacked immediately and that all the > security is in the passphrase. Make an estimation of the strength of the > passphrase and you are done! But then, the safe guess would be that the attack did start immediately when the key was generated, not when the signature was added. So, following your logic, you should never sign a key older than your estimated passphrase-guessing-time. I guess one should leave that decission to the key owner. The signature only tells one thing: This key belongs to person XYZ. And nothing about key security. Signature expiration dates are useful when "person XYZ" is not (only) a natural person, but some kind of role account (eg. "CEO of Company ABC"), where that role is not a permanent one, but may change in future. Currently, I can't imagine other sensible uses for signature expiration (but I'm not claiming there aren't - it's only my limited imagination). Yours, Jan From brianlunergan at yahoo.ca Tue Jun 14 14:07:29 2005 From: brianlunergan at yahoo.ca (Brian Lunergan) Date: Tue Jun 14 15:03:46 2005 Subject: Possible content for gnupg.conf file... Message-ID: <20050614120730.42334.qmail@web54503.mail.yahoo.com> I suppose this is a rookie question, but what would be appropriate content for the configuration/options file? I've looked about but can't seem to find any suggestions out on the web about a likely default file. This is what I have in place: display-charset ISO-8859-1 default-recipient-self keyserver random.sks.keyserver.penguin.de keyserver-options auto-key-retrieve include-subkeys load-extension c:\windows\system\idea.dll default-cert-level 3 no-greeting no-mdc-warning no-mangle-dos-filenames no-secmem-warning Is this workable? Any suggestions for additions, deletions, or improvements would be greatly appreciated. --- Brian Lunergan *************************************** IM Contact: AIM: lnrgnb ICQ: 207423899 MSN: brianlunergan@hotmail.com (nickname: GreyWolf706) Yahoo: brianlunergan *************************************** __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From dshaw at jabberwocky.com Tue Jun 14 15:14:14 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 14 15:10:25 2005 Subject: Set date for signature to expire In-Reply-To: <20050614125832.GA9982@gondor.com> References: <6.2.1.2.2.20050604042533.03897ea0@localhost> <3392.213.169.2.77.1117956111.squirrel__18397.7765417241$1117956474$gmane$org@mail.rbgi.net> <87br6j7fjp.fsf__39901.3700349771$1118066913$gmane$org@wheatstone.g10code.de> <87br6i2slo.fsf@wheatstone.g10code.de> <6.2.1.2.2.20050608020340.037cadf8@localhost> <20050614125832.GA9982@gondor.com> Message-ID: <20050614131414.GD14674@jabberwocky.com> On Tue, Jun 14, 2005 at 02:58:32PM +0200, Jan Niehusmann wrote: > On Wed, Jun 08, 2005 at 02:09:59AM +0200, Per Tunedal Casual wrote: > > True, but it might be convenient anyhow. The shorter the time, the safer > > the guess! > > > > One way is to assume that the key is attacked immediately and that all the > > security is in the passphrase. Make an estimation of the strength of the > > passphrase and you are done! > > But then, the safe guess would be that the attack did start immediately > when the key was generated, not when the signature was added. So, > following your logic, you should never sign a key older than your > estimated passphrase-guessing-time. > > I guess one should leave that decission to the key owner. The signature > only tells one thing: This key belongs to person XYZ. And nothing about > key security. In general I agree. There is one spot in GnuPG where the behavior is slightly different than this - if you sign a key that has an expiration date (key expiration), then by default the expiration date of your signature will be that date. This was added because in v4 OpenPGP keys, there is no notion of a "hard" expiration date. We currently only have a "soft" expiration date that can be extended. It's one of those little fiddly details that come up now and then. > Signature expiration dates are useful when "person XYZ" is not (only) a > natural person, but some kind of role account (eg. "CEO of Company > ABC"), where that role is not a permanent one, but may change in future. > > Currently, I can't imagine other sensible uses for signature expiration > (but I'm not claiming there aren't - it's only my limited imagination). They're also useful for a CA or a CA-like entity, who want to verify for a artifically short period of time. For example, something like keyserver.pgp.com, which verifies only for 2 weeks to force users of your key to refresh frequently. Or take a CA that sells certifications - they want you to buy another signature after a year :) David From shavital at mac.com Tue Jun 14 15:36:39 2005 From: shavital at mac.com (Charly Avital) Date: Tue Jun 14 15:32:28 2005 Subject: Compatibility with Eudora and Apple Mail In-Reply-To: References: Message-ID: On Jun 10, 2005, at 10:13 AM, Julian Kramer wrote: > > -- > Is GnuPGP compatible with Eudora and Apple Mail? For Eudora see For Apple.mail see . There are different versions for different OS X: - 10.3.x Panther. - 10.4.x Tiger. The above page shows what you have to do in order to enable Mail.bundles under 10.4.1 Latest version, although beta, is pretty stable Generally, Mac GnuPG (MacGPG Project) issues are addressed in: Charly [...] From wk at gnupg.org Tue Jun 14 16:15:36 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 14 16:16:07 2005 Subject: ftp.gnupg.org down? In-Reply-To: <1118750925.4918.3.camel@localhost.localdomain> (erpo41@hotpop.com's message of "Tue, 14 Jun 2005 05:08:45 -0700") References: <42AE980A.70505@bvx.cz> <1118750925.4918.3.camel@localhost.localdomain> Message-ID: <87br69owhj.fsf@wheatstone.g10code.de> On Tue, 14 Jun 2005 05:08:45 -0700, Erpo said: > I can connect, but I can't get any sort of login prompt. +1 data point. Its up again. The problem is that the server leaks file descriptors and have still not being able to nail the problem down. I guess I need to switch to a newer kernel. Salam-Shalom, Werner From gpg.20.subu at spamgourmet.com Tue Jun 14 16:47:22 2005 From: gpg.20.subu at spamgourmet.com (gpg.20.subu@spamgourmet.com) Date: Tue Jun 14 16:43:02 2005 Subject: What happened to the Win32 version of gnupg Message-ID: <5313cd090506140747323171e1@mail.gmail.com> > > Or are you looking for v1.4.2? At the moment, there is only a release > candidate of that version and AFAIK there will be no Win32 build of > it until a final is released. Shouldn't be a big deal, v1.4.1 is just > fine. > I thought that there *is* a win 32 version of 1.4.2 somewhere Am I wrong ? Thanks Subu Mark Kirchner - mail@mark-kirchner.de wrote: > On Monday, June 13, 2005, 5:26:07 PM, Rogier wrote: > >> I tried to install enigmail to thunderbird on my win2k PC, and >> found that a repurted Win32 version of gnupg was nowhere to be >> found. > > > Hm, what about > > http://www.gnupg.org/(en)/download/index.html#auto-ref-1 > > or (from the above address) > > ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.1.exe > > Or are you looking for v1.4.2? At the moment, there is only a release > candidate of that version and AFAIK there will be no Win32 build of > it until a final is released. Shouldn't be a big deal, v1.4.1 is just > fine. > > Regards, Mark Kirchner From oskar at rbgi.net Tue Jun 14 19:13:09 2005 From: oskar at rbgi.net (Oskar L.) Date: Tue Jun 14 19:09:21 2005 Subject: What happened to the Win32 version of gnupg In-Reply-To: <5313cd090506140747323171e1@mail.gmail.com> References: <5313cd090506140747323171e1@mail.gmail.com> Message-ID: <2307.213.169.3.83.1118769189.squirrel@mail.rbgi.net> gpg.20.subu@spamgourmet.com wrote: > I thought that there *is* a win 32 version of 1.4.2 somewhere > > Am I wrong ? > > Thanks > > Subu Version 1.4.2 has not been released yet, but a release candidate for it has. There is no official Windows binary for the release candidate, but since the source code is available, someone could make one, and release it "somewhere". Oskar From David.Bauer at SCHERING.DE Wed Jun 15 08:44:11 2005 From: David.Bauer at SCHERING.DE (David.Bauer@SCHERING.DE) Date: Wed Jun 15 08:39:56 2005 Subject: import pgp public key in gnupg Message-ID: Hi Charly, the key import works with this option. gpg identifies this as "old style (PGP 2.x) signature" and warns, that this key is not certified with a trusted signature. Anyway, I could sucessfully extract a file which was signed with this public key and that's what I need. So many thanks for your help ! David. I believe this issue has been commented upon in this forum, a couple of years ago maybe; it was about "public key algorithms 100 to 110" being 'reserved for private or experimental use'. I have tried to download key EEE64249 from 4 different keyservers, nothing found. As for "missing self signature", try to import the key while adding the option --allow-non-selfsigned-uid. But I don't believe this will solve the issue of algorithm 100. I hope you get a better response from a more savvy user. Charly David.Bauer@SCHERING.DE wrote the following on 6/14/05 4:01 AM: > Hello, > > I want to import a public key from pgp 8.1 into gnupg 1.4.1. > The pgp key is RSA 1024. > > gpg returns this error messages: > > gpg: armor header: Version: PGP 8.1 > gpg: can't handle public key algorithm 100 > gpg: key EEE64249: no valid user IDs > gpg: this may be caused by a missing self-signature > > I do not understand the "missing self-signature" because the key has a > self-signature in pgp. > Any hints what I'm doing wrong ? > > Thanks, > David. From leo at wau.mis.ah.nl Thu Jun 16 15:30:39 2005 From: leo at wau.mis.ah.nl (Leo Weppelman) Date: Thu Jun 16 16:07:52 2005 Subject: feature req + patch: spaces in proxy auhorization Message-ID: <20050616133039.GC31767@wau.mis.ah.nl> At work, we have proxy authorization that contains spaces. This is problematic with a lot of applications and also gnupg :-/ The patch below contains a simple fix that allows escapes in the proxy authorization so that I can do the following (in gpg.conf): keyserver-options http-proxy=http://leo%20wep:geheim@proxy.ah.nl:8080 Leo. --- http.c 2005-02-03 12:16:27.000000000 +0100 +++ /tmp/http.c 2005-06-16 15:21:48.000000000 +0200 @@ -335,6 +335,8 @@ uri->auth=p; *p3++='\0'; p=p3; + if( (n = remove_escapes( uri->auth )) < 0 ) + return G10ERR_BAD_URI; } strlwr( p ); -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20050616/1e1c0a79/attachment.pgp From atom at smasher.org Fri Jun 17 07:27:49 2005 From: atom at smasher.org (Atom Smasher) Date: Fri Jun 17 07:23:28 2005 Subject: OEM key loggers Message-ID: <20050617052746.13513.qmail@smasher.org> does anyone know if this is true? http://www.chromance.de/wtf/lol.htm if it is... -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The difference between genius and stupidity is that genius has its limits." -- Albert Einstein From hawke at hawkesnest.net Fri Jun 17 09:23:46 2005 From: hawke at hawkesnest.net (Alex L. Mauer) Date: Fri Jun 17 09:20:30 2005 Subject: OEM key loggers In-Reply-To: <20050617052746.13513.qmail__36451.986389193$1118986556$gmane$org@smasher.org> References: <20050617052746.13513.qmail__36451.986389193$1118986556$gmane$org@smasher.org> Message-ID: Atom Smasher wrote: > does anyone know if this is true? > http://www.chromance.de/wtf/lol.htm > > if it is... It's not. See http://www.dansdata.com/keyghost.htm for the source of the images, and "If you do a search for dept. of homeland security's logo, it is a blue colour circular logo with an eagle in it. The one on the fake letter is a five-pointed star, which is commonly used for Sheriff's office." Source: http://www.boingboing.net/2005/06/16/conspiracy_theory_of.html -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. gpg/gpg key id: 51192FF2 @ subkeys.pgp.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050617/fd3d18dc/signature.pgp From sk at intertivity.com Fri Jun 17 11:34:27 2005 From: sk at intertivity.com (Sascha Kiefer) Date: Fri Jun 17 11:30:13 2005 Subject: How to detect inline PGP in mails! Best practice? Message-ID: <42B29923.3090605@intertivity.com> Hi list, i'm writing on a programm which verifies and decrypts messages as they arrive. It it is fully S/MIME (using M$ Crypto API) and PGP/MIME (GnuPG) compatible. The hardest problem i face is to detect inline PGP parts and handling them correctly: * if the charset != us-ascii inside textmails is not always bad since most MTA's keep the original charset; so handling the data as binary is often the best choice!?! * what about detached signatures of attachments? * sending a PGP/MIME to this mailing list makes it even worse (see Topic: "GnuPG Clearsign vs. PGP/MIME Signing" for more details) * ... Do you have some hints? Regards, Sascha From sk at intertivity.com Fri Jun 17 12:42:23 2005 From: sk at intertivity.com (Sascha Kiefer) Date: Fri Jun 17 12:38:01 2005 Subject: How to detect inline PGP in mails! Best practice? In-Reply-To: <20050617102335.GA9199@mail.gasops.co.uk> References: <42B29923.3090605@intertivity.com> <20050617102335.GA9199@mail.gasops.co.uk> Message-ID: <42B2A90F.9020304@intertivity.com> Thanks. But S/MIME and PGP/MIME works fine already. ;-) What is still (partly) unfinsihed is PGP/INLINE. Regards, Sascha Shaun Lipscombe schrieb: >* Sascha Kiefer wrote: > > > >>Hi list, >> >>i'm writing on a programm which verifies and decrypts messages as they >>arrive. It it is fully S/MIME (using M$ Crypto API) and PGP/MIME >>(GnuPG) compatible. The hardest problem i face is to detect inline >>PGP parts and handling them correctly: >> >> > >Well you could write a procmail rule to detect the S/MIME attachments. > >Content-Type: multipart/signed; protocol= one of these: > >MIME Type File Extension > >Application/pkcs7-mime (signedData, .p7m >envelopedData) > >Application/pkcs7-mime (degenerate .p7c >signedData "certs-only" message) > >Application/pkcs7-signature .p7s > >Then pipe the command through openssl. > >You cant use mimeStrip.pl or stripmime.pl (although they work great for >normal attachments) you would need to modify them to work with S/MIME. >You could then pipe the attachment through stripsmime.pl and then >openssl. > >As for the PGP data... > >:0 fBw >* ^-----BEGIN PGP MESSAGE----- >* * !Content-type: multipart >| formail -i "Content-Type: application/pgp; format=text; x-action=encryptsign" > >:0 fBw >* ^-----BEGIN PGP SIGNED MESSAGE----- >* !Content-type: multipart >| formail -i "Content-Type: application/pgp; format=text; x-action=sign" > >And then pipe it through gpg using no passphrase on your private key. >Automating decryption in this way is justified so long as you understand >the implications and the person knows that the public key (or >certificate for S/MIME) is that of a computer rather than a person. > >Shaun > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > From sk at intertivity.com Fri Jun 17 15:51:48 2005 From: sk at intertivity.com (Sascha Kiefer) Date: Fri Jun 17 15:47:31 2005 Subject: Detecting data type Message-ID: <42B2D574.1080003@intertivity.com> Hi list, Is it possible to check if a file has been signed or encrypted; like: this a file, tell me if you are able to understand it! regards, Sascha From cedar at 3web.net Fri Jun 17 16:48:24 2005 From: cedar at 3web.net (cdr) Date: Fri Jun 17 16:44:52 2005 Subject: Privacy Implications Of Signing Keys In-Reply-To: <20050617111302.GJ9199@mail.gasops.co.uk> References: <20050617111302.GJ9199@mail.gasops.co.uk> Message-ID: <42B2E2B8.8050807@3web.net> Shaun Lipscombe wrote: > Just wondering (as you do)... as great as it is signing other people's > keys, someones public key does actually reveal quite a lot about the > real world movements and aquaintances of the keyholder as it accumulates > signatories does it not? The main purpose of Web-of-trust is to make life easier for you-know-who and (perhaps) to keep alive the memory of Phil Zimmermann and the Golden Age... Chuck Rok From Billt at Mahagonny.com Fri Jun 17 20:49:33 2005 From: Billt at Mahagonny.com (Bill Thompson) Date: Fri Jun 17 20:45:52 2005 Subject: Privacy Implications Of Signing Keys In-Reply-To: <20050617111302.GJ9199@mail.gasops.co.uk> References: <20050617111302.GJ9199@mail.gasops.co.uk> Message-ID: <20050617114933.0067ef4f@BeBop> On Fri, 17 Jun 2005 12:13:02 +0100 Shaun Lipscombe wrote: > Just wondering (as you do)... as great as it is signing other people's > keys, someones public key does actually reveal quite a lot about the > real world movements and aquaintances of the keyholder as it accumulates > signatories does it not? Yes, but if you want to remain anonymous what is the point of cryptographically signing your e-mail? You can't have it both ways. -- Bill Thompson BillT@Mahagonny.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050617/022c1476/attachment.pgp From cedar at 3web.net Fri Jun 17 21:46:18 2005 From: cedar at 3web.net (cdr) Date: Fri Jun 17 21:42:38 2005 Subject: Privacy Implications Of Signing Keys In-Reply-To: <20050617114933.0067ef4f@BeBop> References: <20050617111302.GJ9199@mail.gasops.co.uk> <20050617114933.0067ef4f@BeBop> Message-ID: <42B3288A.6070207@3web.net> Bill Thompson wrote: > Yes, but if you want to remain anonymous what is the point of > cryptographically signing your e-mail? Guarantee of continuity of particular communication thread (as opposed to the guarantee of correspondent's identity). C. Rok From johanw at vulcan.xs4all.nl Fri Jun 17 22:29:05 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri Jun 17 22:49:37 2005 Subject: Privacy Implications Of Signing Keys In-Reply-To: <20050617114933.0067ef4f@BeBop> Message-ID: <200506172029.j5HKT50j008872@vulcan.xs4all.nl> Bill Thompson wrote: >Yes, but if you want to remain anonymous what is the point of >cryptographically signing your e-mail? You can't have it both ways. Assuring a mail comes from the same (unkbown) sender. The cracker of the "improved" MS DRM system used it this way: his mails (actually, newsgroup postings) were signed with a key, and someone who wanted to give him information about the DRM system could do so in secret by encrypting it to his key. But for obvious reasons he didn't want to become known. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From skip at pobox.com Sat Jun 18 00:17:44 2005 From: skip at pobox.com (Skip Montanaro) Date: Sat Jun 18 00:51:49 2005 Subject: How to delete key w/ duplicate id? Message-ID: I recently installed GnuPG on my Mac laptop, not realizing it was apparently installed at some previous time. After the install I generated a new key but gave the same id as an earlier key. My keyring now has three keys: % gpg --list-keys /Users/skip/.gnupg/pubring.gpg ------------------------------ pub 1024D/D0AA36FE 2001-03-30 uid Skip Montanaro sub 1024g/88676B77 2001-03-30 pub 1024D/B805F237 2000-04-04 uid Neil Schemenauer uid Neil A. Schemenauer sub 1536g/90A32543 2000-04-04 pub 1024D/A5F59887 2005-06-11 uid Skip Montanaro sub 2048g/B2FD262D 2005-06-11 Note that the first and last keys have the same uid. Everything I've tried always selects the first item. How can I select and delete the last item? Thanks, -- Skip Montanaro skip@pobox.com From rabbi at quickie.net Sat Jun 18 00:46:14 2005 From: rabbi at quickie.net (Len Sassaman) Date: Sat Jun 18 01:16:07 2005 Subject: Privacy Implications Of Signing Keys In-Reply-To: <20050617114933.0067ef4f@BeBop> References: <20050617111302.GJ9199@mail.gasops.co.uk> <20050617114933.0067ef4f@BeBop> Message-ID: On Fri, 17 Jun 2005, Bill Thompson wrote: > Yes, but if you want to remain anonymous what is the point of > cryptographically signing your e-mail? You can't have it both ways. Sure you can. Read up on anonymous and pseudonymous mail systems. But that's not the danger what Shaun was talking about. The "Web of Trust" idea creates a very easy to parse social network analysis that is not paralleled by the process of signing email. (The dangers of key signing have been discussed extensively on the cypherpunks list. I suggest reading the archives.) From psykosh at earthlink.net Fri Jun 17 23:26:52 2005 From: psykosh at earthlink.net (Psy-Kosh) Date: Sat Jun 18 01:53:55 2005 Subject: Privacy Implications Of Signing Keys In-Reply-To: <20050617114933.0067ef4f@BeBop> References: <20050617111302.GJ9199@mail.gasops.co.uk> <20050617114933.0067ef4f@BeBop> Message-ID: <42B3401C.6070102@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>Just wondering (as you do)... as great as it is signing other people's >>>>keys, someones public key does actually reveal quite a lot about the >>>>real world movements and aquaintances of the keyholder as it accumulates >>>>signatories does it not? > >> >> Yes, but if you want to remain anonymous what is the point of >> cryptographically signing your e-mail? You can't have it both ways. Not to mention that anyone can sign keys, independant of the will of the key's owner. (I think a protocol to actually remove unwanted sigs from a key may be useful. (ie, a way to have the removal propagated by the keyservers)) For instance, a friend of mine apperently signed my key with a couple nonsense keys he generated just to emphasize the point. Psy-Kosh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQCVAwUBQrNAHJzw44XQRmJ0AQIUgAP/YauOXnZRGJPcyp8+Ns/mZmO2K7VJJDrD IFlDrt6io495sWae6boGhTTXwsKVeiK27c3k64FgVSSoP9UU18XMdOQK+pcTUE4L lzc9oCPFVyq7c4EwL6JezYHXo2uq1I7Iaua3RfNv32tnE8n22tLRwzZY5/BlreE/ MQ2zoztvswM= =Ii6a -----END PGP SIGNATURE----- From chd at chud.net Sat Jun 18 01:22:06 2005 From: chd at chud.net (Chris De Young) Date: Sat Jun 18 01:56:54 2005 Subject: How to delete key w/ duplicate id? In-Reply-To: References: Message-ID: <20050617232206.GF7420@dionysus.chud.net> [...] > pub 1024D/A5F59887 2005-06-11 > uid Skip Montanaro > sub 2048g/B2FD262D 2005-06-11 > > Note that the first and last keys have the same uid. Everything I've tried > always selects the first item. How can I select and delete the last item? gpg --delete-keys A5F59887 ? Cheers, -Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050617/7c996fc9/attachment.pgp From patrick at fexl.com Sat Jun 18 01:05:19 2005 From: patrick at fexl.com (patrick) Date: Sat Jun 18 02:18:22 2005 Subject: How to delete key w/ duplicate id? In-Reply-To: References: Message-ID: <20050617230420.M45378@fexl.com> On Fri, 17 Jun 2005 22:17:44 +0000 (UTC), Skip Montanaro wrote > I recently installed GnuPG on my Mac laptop, not realizing it > was apparently installed at some previous time. After the > install I generated a new key but gave the same id as an > earlier key. My keyring now has three keys: > > % gpg --list-keys > /Users/skip/.gnupg/pubring.gpg > ------------------------------ > pub 1024D/D0AA36FE 2001-03-30 > uid Skip Montanaro > sub 1024g/88676B77 2001-03-30 > > pub 1024D/B805F237 2000-04-04 > uid Neil Schemenauer > uid Neil A. Schemenauer > sub 1536g/90A32543 2000-04-04 > > pub 1024D/A5F59887 2005-06-11 > uid Skip Montanaro > sub 2048g/B2FD262D 2005-06-11 > > Note that the first and last keys have the same uid. > Everything I've tried always selects the first item. How can > I select and delete the last item? I'm pretty sure you'd just use the 32-bit key id as follows: gpg --delete-key A5F59887 -- Patrick From skip at pobox.com Sat Jun 18 04:48:52 2005 From: skip at pobox.com (Skip Montanaro) Date: Sat Jun 18 05:02:03 2005 Subject: How to delete key w/ duplicate id? References: <20050617232206.GF7420@dionysus.chud.net> Message-ID: Chris De Young chud.net> writes: > > How can I select and delete the last item? > gpg --delete-keys A5F59887 Thanks. I'm pretty much brand new to gpg. I tried some other things (I no longer remember quite what), but whatever I tried I kept getting the first key and decided it was better to ask than to accidentally delete the key I knew I wanted to keep. Skip From alphasigmax at gmail.com Sat Jun 18 06:52:29 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Jun 18 07:55:18 2005 Subject: Privacy Implications Of Signing Keys In-Reply-To: <42B3401C.6070102@earthlink.net> References: <20050617111302.GJ9199@mail.gasops.co.uk> <20050617114933.0067ef4f@BeBop> <42B3401C.6070102@earthlink.net> Message-ID: <42B3A88D.1080902@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Psy-Kosh wrote: > > > Not to mention that anyone can sign keys, independant of the will of the > key's owner. (I think a protocol to actually remove unwanted sigs from a > key may be useful. (ie, a way to have the removal propagated by the > keyservers)) For instance, a friend of mine apperently signed my key > with a couple nonsense keys he generated just to emphasize the point. > > Psy-Kosh Yes, signatures on a key should probably be revokable by the keys owner. But it would take a newer version of the OpenPGP standard for this to happen. Anyway, a signature on a key means nothing whatsoever unless you happen to trust the key that issued the signature, so unless you countersigned the key that signed yours, there is a high degree of deniability. - -- Alphax OpenPGP key: 0xF874C613 - http://tinyurl.com/cc9up http://en.wikipedia.org/wiki/User:Alphax There are two kinds of people: those who say to God, 'Thy will be done,' and those to whom God says, 'All right, then, have it your way.' - C. S. Lewis -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCs6iN/RxM5Ph0xhMRAsvBAJ9Wxk3M98yP3gIHB5a6RnLZPi5K/wCfU/1c Rzr4P90t4u0sIhRTr314a+Q= =lFxc -----END PGP SIGNATURE----- From alphasigmax at gmail.com Sat Jun 18 10:58:59 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Jun 18 10:56:18 2005 Subject: Corrupt keys Message-ID: <42B3E253.8010004@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Recently, I discovered the following message on GPG startup: gpg: signature packet without timestamp This prevented a few programs which rely on GPG from working entirely. Fortunately, GPGshell is not so fussy, and I keep a log of when I have imported keys, so I was able to track down and remove the keys that gave this message when I checked the signatures on them (4 in total). Deleting these keys from my keyring solved the problem. Is it possible to remove packets from a key that do not show up as signatures, or are these keys (I can send you a list of the keyids on request) permanantly corrupted? - -- Alphax OpenPGP key: 0xF874C613 - http://tinyurl.com/cc9up http://en.wikipedia.org/wiki/User:Alphax There are two kinds of people: those who say to God, 'Thy will be done,' and those to whom God says, 'All right, then, have it your way.' - C. S. Lewis -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCs+JT/RxM5Ph0xhMRAuj8AJ4megeUjMRDqEJLyvatwx+jdnTRMACfQEve JBQ/DSttJ9WCu2zc/K4z8uM= =KvPH -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Fri Jun 17 19:44:49 2005 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Sat Jun 18 12:32:15 2005 Subject: How to detect inline PGP in mails! Best practice? In-Reply-To: <42B29923.3090605@intertivity.com> References: <42B29923.3090605@intertivity.com> Message-ID: Sascha Kiefer wrote: > Hi list, > > i'm writing on a programm which verifies and decrypts messages as they > arrive. > It it is fully S/MIME (using M$ Crypto API) and PGP/MIME (GnuPG) > compatible. > The hardest problem i face is to detect inline PGP parts and handling > them correctly: > > * if the charset != us-ascii inside textmails is not always bad since > most MTA's keep the > original charset; so handling the data as binary is often the best > choice!?! > * what about detached signatures of attachments? > * sending a PGP/MIME to this mailing list makes it even worse > (see Topic: "GnuPG Clearsign vs. PGP/MIME Signing" for more details) > * ... > > Do you have some hints? From wk at gnupg.org Sat Jun 18 13:32:57 2005 From: wk at gnupg.org (Werner Koch) Date: Sat Jun 18 13:31:17 2005 Subject: Corrupt keys In-Reply-To: <42B3E253.8010004@gmail.com> (alphasigmax@gmail.com's message of "Sat, 18 Jun 2005 18:28:59 +0930") References: <42B3E253.8010004@gmail.com> Message-ID: <87slzfew7q.fsf@wheatstone.g10code.de> On Sat, 18 Jun 2005 18:28:59 +0930, Alphax said: > Recently, I discovered the following message on GPG startup: > gpg: signature packet without timestamp gpg in general needs the timestamp of the signature to figure out the latest signature. However when the signature is not used we should not throw an error and let gpg return failure. I changed it to a warning onlu message. Shalom-Salam, Werner From sk at intertivity.com Sat Jun 18 14:03:33 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Sat Jun 18 13:58:43 2005 Subject: How to detect inline PGP in mails! Best practice? In-Reply-To: Message-ID: <000201c573fd$c8bd81b0$f500a8c0@HOME> Thanks. I use a similar approaches... I just finished (more less) the part yesterday where the body is text/html only and does not have an alternative text/plain. What i figuered that you can pipe any content (encrypted or/and signed) to gnupg using the option --decrypt and it will verify and/or decrypt the data => you do not have to differentiate between encrypted or signed data, just interpret the status-output > -----Original Message----- > From: gnupg-users-bounces@gnupg.org > [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Patrick Brunschwig > Sent: Freitag, 17. Juni 2005 19:45 > To: gnupg-users@gnupg.org > Subject: Re: How to detect inline PGP in mails! Best practice? > > > Sascha Kiefer wrote: > > Hi list, > > > > i'm writing on a programm which verifies and decrypts > messages as they > > arrive. It it is fully S/MIME (using M$ Crypto API) and PGP/MIME > > (GnuPG) compatible. > > The hardest problem i face is to detect inline PGP parts > and handling > > them correctly: > > > > * if the charset != us-ascii inside textmails is not always > bad since > > most MTA's keep the original charset; so handling the data > as binary > > is often the best choice!?! > > * what about detached signatures of attachments? > > * sending a PGP/MIME to this mailing list makes it even worse > > (see Topic: "GnuPG Clearsign vs. PGP/MIME Signing" for > more details) > > * ... > > > > Do you have some hints? > > From experience, I can tell you that it's not always quite > easy. I can tell you what I do in Enigmail. For attachments, > I'm looking at the content-type (application/pgp-*) and for > the file name extension. If the filename extension is *.asc, > *.pgp or *.gpg I try to decrypt the file. I have so far not > tried to verify signatures of attachments; I plan to > implement this in one of the next releases. Once I'll try to > verify signatures of attachments, I'll first look for a > similar file name (e.g. without .asc); if not found I'll try > to get the original file name from the signature. I don't > assume binary or ascii armored files, I simply pipe the whole > file to gpg. > > For the mail body, I'm looking for ---- BEGIN PGP (.*) > and if found for ---- END PGP (.*) > If both are found, I decrypt or verify according to (.*), or > let the user know that a key is available. There are a few > pitfalls, like message decoding (base64, quoted-printable). > Furthermore, the character set of an encrypted mail body is > often set to US-ASCII, even if the content is e.g. UTF-8 > > HTH > -Patrick > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From messtic at oreka.com Sat Jun 18 19:26:13 2005 From: messtic at oreka.com (Alain Bench) Date: Sun Jun 19 01:13:57 2005 Subject: How to detect inline PGP in mails! Best practice? In-Reply-To: References: <42B29923.3090605@intertivity.com> Message-ID: <20050618172613.GA14207@oreka.com> Hello Patrick, On Friday, June 17, 2005 at 7:44:49 PM +0200, Patrick Brunschwig wrote: > what I do in Enigmail. For attachments, I'm looking at the > content-type (application/pgp-*) What about the types Mutt generates since version 1.5.1: | Content-Type: text/plain; x-action=pgp-{encrypted,signed,keys} Bye! Alain. -- When you want to reply to a mailing list, please avoid doing so from a digest. This often builds incorrect references and breaks threads. From sk at intertivity.com Sun Jun 19 04:39:40 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Sun Jun 19 04:34:42 2005 Subject: How to detect inline PGP in mails! Best practice? In-Reply-To: <20050618172613.GA14207@oreka.com> Message-ID: <001001c57478$27359e10$f500a8c0@HOME> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not aware of that. Are u using mutt? May u send me a signed, encrypted and your public key so i can get the idea? Regards, Sascha > -----Original Message----- > From: gnupg-users-bounces@gnupg.org > [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Alain Bench > Sent: Samstag, 18. Juni 2005 19:26 > To: GnuPG users ml > Subject: Re: How to detect inline PGP in mails! Best practice? > > > Hello Patrick, > > On Friday, June 17, 2005 at 7:44:49 PM +0200, Patrick > Brunschwig wrote: > > > what I do in Enigmail. For attachments, I'm looking at the > > content-type (application/pgp-*) > > What about the types Mutt generates since version 1.5.1: > > | Content-Type: text/plain; x-action=pgp-{encrypted,signed,keys} > > > Bye! Alain. > -- > When you want to reply to a mailing list, please avoid doing > so from a digest. This often builds incorrect references and > breaks threads. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQrTa3gInDejiptdCEQKFjACbB2X4DEz8XICkVVSQh6NblZaOANsAn2Bx SOQOHqcKXObKQ35aCKuLxsBB =Svn7 -----END PGP SIGNATURE----- From messtic at oreka.com Sun Jun 19 18:49:20 2005 From: messtic at oreka.com (Alain Bench) Date: Sun Jun 19 19:11:40 2005 Subject: How to detect inline PGP in mails! Best practice? In-Reply-To: <001001c57478$27359e10$f500a8c0@HOME> References: <20050618172613.GA14207@oreka.com> <001001c57478$27359e10$f500a8c0@HOME> Message-ID: <20050619164920.GF16583@oreka.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Sascha, On Sunday, June 19, 2005 at 4:39:40 AM +0200, Sascha Kiefer wrote: >> Mutt generates since version 1.5.1: >>| Content-Type: text/plain; x-action=pgp-{encrypted,signed,keys} > May u send me a signed, encrypted and your public key so i can get the > idea? With pleasure (out of pgp-keys). And this list mail is also signed inline with Mutt 1.5.9. This format has 3 advantages: ? PGP nature can be detected without costly body parsing, unlike in pure text/plain. ? It's text/plain, without the interoperability problems of app/pgp. PGP unaware mailers will ignore x-action parameter, and display the inline cleartext. No one should fail and show an unknown attachment, like happened with application/pgp. ? Other parameters of CT: text/plain are possible, especially charset. Note straight Mutt forces sending either US-Ascii or UTF-8: No Latin-1 nor other charsets. This has pros and cons. Patch exists to permit sending any charset. OTOH reading any charset always works. Bye! Alain. - -- Give your computer's unused idle processor cycles to a scientific goal: The Folding@home project at . -----BEGIN PGP SIGNATURE----- iD8DBQFCtaILTqBX6MHEYBURAhemAJwOASLo1/2HszDKYFj0KZkuHA3MdgCgoR2g HxZ/AeTjgoMgsWggJEM16kU= =dBgP -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Sun Jun 19 21:01:01 2005 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Sun Jun 19 20:57:01 2005 Subject: How to detect inline PGP in mails! Best practice? In-Reply-To: <20050618172613.GA14207__27380.4013421342$1119136756$gmane$org@oreka.com> References: <42B29923.3090605@intertivity.com> <20050618172613.GA14207__27380.4013421342$1119136756$gmane$org@oreka.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alain Bench wrote: > Hello Patrick, > > On Friday, June 17, 2005 at 7:44:49 PM +0200, Patrick Brunschwig wrote: > > >>what I do in Enigmail. For attachments, I'm looking at the >>content-type (application/pgp-*) > > > What about the types Mutt generates since version 1.5.1: > > | Content-Type: text/plain; x-action=pgp-{encrypted,signed,keys} Is there some specification available for this x-action parameter? Does any other MUA apart from mutt support it? - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCtcDp2KgHx8zsInsRAkCBAKD4OzNFW0xfv9y0F7fdD+32yypwVgCgv5fF Y9ABe1k9pwWXJDZgbemRwYo= =uboE -----END PGP SIGNATURE----- From h_hucke at aeon.icebear.org Sun Jun 19 23:56:23 2005 From: h_hucke at aeon.icebear.org (Henning Hucke) Date: Mon Jun 20 05:59:08 2005 Subject: How to detect inline PGP in mails! Best practice? In-Reply-To: References: <42B29923.3090605@intertivity.com> <20050618172613.GA14207__27380.4013421342$1119136756$gmane$org@oreka.com> Message-ID: On Sun, 19 Jun 2005, Patrick Brunschwig wrote: > [...] > > | Content-Type: text/plain; x-action=pgp-{encrypted,signed,keys} > > Is there some specification available for this x-action parameter? Does > any other MUA apart from mutt support it? You know what the "x-" infront of mail headers and MIME types means? Regards Henning Hucke -- MANIC-DEPRESSIVE: Easy glum, easy glow. From a_entin at hotmail.com Fri Jun 17 19:07:25 2005 From: a_entin at hotmail.com (Ari Entin) Date: Mon Jun 20 10:49:49 2005 Subject: New Outlook Plugin .99.1 (Beta) - works great! Message-ID: Hats off and a big "thanks" to the G10 group for the new Outlook Plugin v. .99.1 (Beta). I tested it and it resolved all of the prior problems I was having with the plugin and Outlook 2003. Primarily, the new version resolved the error that occurred each time I tried to decrypt a message that stated, "The message is neither encrypted nor signed." Thanks again! Sincerely, Ari Entin From cordesralf at web.de Sun Jun 19 21:30:11 2005 From: cordesralf at web.de (Ralf Cordes) Date: Mon Jun 20 10:49:57 2005 Subject: SmartCard doesn't work Message-ID: <42B5C7C3.40702@web.de> Hello, I bought me a SmartCard and the first thing I've done was to change the PIN and the Admin-PIN. I wrote these PINs down on paper to learn them. After creating a key everything was fine. But when I tried to use the card the next day nothing worked. Neither my new PINs nor the PINs which came with the card. I also wrote a mail to KernelConcepts but got no reply. Now I have a nice card without function. Is there a possibility to clear everything on the card? Even the PINs? Thanks to all Ralf Cordes From wk at gnupg.org Mon Jun 20 11:08:55 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 20 11:06:17 2005 Subject: SmartCard doesn't work In-Reply-To: <42B5C7C3.40702@web.de> (Ralf Cordes's message of "Sun, 19 Jun 2005 21:30:11 +0200") References: <42B5C7C3.40702@web.de> Message-ID: <873brde6oo.fsf@wheatstone.g10code.de> On Sun, 19 Jun 2005 21:30:11 +0200, Ralf Cordes said: > card the next day nothing worked. Neither my new PINs nor the PINs which > came with the card. I also wrote a mail to KernelConcepts but got no reply. What does the "gpg --card-status" show? > Now I have a nice card without function. Is there a possibility to clear > everything on the card? Even the PINs? No. Salam-Shalom, Werner From gpg.20.subu at spamgourmet.com Mon Jun 20 14:13:01 2005 From: gpg.20.subu at spamgourmet.com (gpg.20.subu@spamgourmet.com) Date: Mon Jun 20 14:08:41 2005 Subject: Expired Subkey - How to extend expiry using GPG command line Message-ID: <5313cd0905062005135a25915e@mail.gmail.com> Hi I have a key where the sub key has expired Is there a way to extend the validity of the *sub key* using GPG command line interface p.s. - As of now I am little hesitant to set up GPG shell etc - learn these and then do the sub key edit - so would prefer a straight sub - key editing Thanks in adv -- Subu From spifftraq at gmail.com Mon Jun 20 13:30:50 2005 From: spifftraq at gmail.com (Spiff Traq) Date: Mon Jun 20 14:27:08 2005 Subject: New Outlook Plugin .99.1 (Beta) - works great! In-Reply-To: References: Message-ID: <11e5220b05062004303f64cbed@mail.gmail.com> On 6/17/05, Ari Entin wrote: > Hats off and a big "thanks" to the G10 group for the new Outlook Plugin v. > .99.1 (Beta) Anyone got a link to the software for us who arn't so into the gnupg world yet? /J?rgen From wk at gnupg.org Mon Jun 20 15:01:15 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 20 15:01:17 2005 Subject: SmartCard doesn't work In-Reply-To: <42B68BC8.7060500@web.de> (Ralf Cordes's message of "Mon, 20 Jun 2005 11:26:32 +0200") References: <42B5C7C3.40702@web.de> <873brde6oo.fsf@wheatstone.g10code.de> <42B68BC8.7060500@web.de> Message-ID: <87fyvdb2sk.fsf@wheatstone.g10code.de> On Mon, 20 Jun 2005 11:26:32 +0200, Ralf Cordes said: > PIN retry counter : 3 0 3 That is not a real problem. The CHV2 tries have been used up. In general CHV1 and CHV2 are synced however when you enter a wrong PIN the corrsponding CHV's retry counter gets decremented. Please check why you entered the wrong PIN before restting the retry counter. The factory default PIN is "123456" without the quotes. To reset the PIN counter, enter on the command line: gpg --card-edit then admin then passwd and the select 2 for unblocking the PIN. You are then asked for the Admin PIN (CHV3); the factory default for it is "12345678". Enter it and check whether the counters are all back to 3 by ysing the command "list". If you are bnot sure of the AdminPIN anymore, don't keep on trying but check the used software first and think hardwhether you really changed the ADminPIN or whether it is still at the default value. Salam-Shalom, Werner From gpg at jason.markley.name Mon Jun 20 15:08:30 2005 From: gpg at jason.markley.name (Jason Markley) Date: Mon Jun 20 16:06:38 2005 Subject: New Outlook Plugin .99.1 (Beta) - works great! In-Reply-To: <11e5220b05062004303f64cbed@mail.gmail.com> References: <11e5220b05062004303f64cbed@mail.gmail.com> Message-ID: <42B6BFCE.3020503@jason.markley.name> Here ya go.... ftp://ftp.g10code.com/g10code/outlgpg/gpgexch-dll-0.99.2.zip ftp://ftp.g10code.com/g10code/outlgpg/gpgexch-dll-0.99.1.zip However.....I can't seem to get the plugin to work with outlook. It crashes every time I try to decrypt or encrypt an email. Also, there's no toolbar buttons on the main outlook window (for those of us that use the preview-pane). Are there special usage or install instructions for this plugin in order to get it to work? It does work with an exchange account in oulook, right? -Jason Spiff Traq wrote: >On 6/17/05, Ari Entin wrote: > > >>Hats off and a big "thanks" to the G10 group for the new Outlook Plugin v. >>.99.1 (Beta) >> >> > >Anyone got a link to the software for us who arn't so into the gnupg world yet? > >/J?rgen > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From gpg at jason.markley.name Mon Jun 20 15:34:59 2005 From: gpg at jason.markley.name (Jason Markley) Date: Mon Jun 20 16:36:26 2005 Subject: New Outlook Plugin .99.1 (Beta) - works great! In-Reply-To: <11e5220b05062004303f64cbed@mail.gmail.com> References: <11e5220b05062004303f64cbed@mail.gmail.com> Message-ID: <42B6C603.9050500@jason.markley.name> Here ya go.... ftp://ftp.g10code.com/g10code/outlgpg/gpgexch-dll-0.99.2.zip ftp://ftp.g10code.com/g10code/outlgpg/gpgexch-dll-0.99.1.zip However.....I can't seem to get the plugin to work with outlook. It crashes every time I try to decrypt or encrypt an email. Also, there's no toolbar buttons on the main outlook window (for those of us that use the preview-pane). Are there special usage or install instructions for this plugin in order to get it to work? It does work with an exchange account in oulook, right? -Jason Spiff Traq wrote: >On 6/17/05, Ari Entin wrote: > > >>Hats off and a big "thanks" to the G10 group for the new Outlook Plugin v. >>.99.1 (Beta) >> >> > >Anyone got a link to the software for us who arn't so into the gnupg world yet? > >/J?rgen > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From shavital at mac.com Mon Jun 20 17:13:49 2005 From: shavital at mac.com (Charly Avital) Date: Mon Jun 20 17:09:41 2005 Subject: Expired Subkey - How to extend expiry using GPG command line In-Reply-To: <5313cd0905062005135a25915e@mail.gmail.com> References: <5313cd0905062005135a25915e@mail.gmail.com> Message-ID: <42B6DD2D.8040707@mac.com> gpg.20.subu@spamgourmet.com wrote the following on 6/20/05 8:13 AM: > Hi > > > I have a key where the sub key has expired > > Is there a way to extend the validity of the *sub key* using GPG command > line interface > > p.s. - As of now I am little hesitant to set up GPG shell etc - learn > these and then do the sub key edit - so would prefer a straight sub - > key editing > > Thanks in adv > > -- Subu gpg --edit-key [key ID] then Command> key N where N is the subkey's index. e.g. if the subkey whose validity you want to extend is the first listed subkey, or if it is the only listed subkey, then the command would be Command> key 1 this will put a * after the word sub, indicating that this particular subkey has been selected. then Command> expire and follow the prompts. Hope this works for you, it works for me (Macintosh OS X 10.4.1) Charly From wk at gnupg.org Mon Jun 20 18:08:09 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 20 18:06:17 2005 Subject: New Outlook Plugin .99.1 (Beta) - works great! In-Reply-To: <42B6BFCE.3020503@jason.markley.name> (Jason Markley's message of "Mon, 20 Jun 2005 09:08:30 -0400") References: <11e5220b05062004303f64cbed@mail.gmail.com> <42B6BFCE.3020503@jason.markley.name> Message-ID: <87y8959fkm.fsf@wheatstone.g10code.de> On Mon, 20 Jun 2005 09:08:30 -0400, Jason Markley said: > However.....I can't seem to get the plugin to work with outlook. It > crashes every time I try to decrypt or encrypt an email. Also, > there's no toolbar buttons on the main outlook window (for those of us > that use the preview-pane). Are there special usage or install Thanks for the report. Please note that we are working on that thing and that it has not undergo any serious testing yet. Shalom-Salam, Werner From twoaday at gmx.net Mon Jun 20 18:34:24 2005 From: twoaday at gmx.net (Timo Schulz) Date: Mon Jun 20 19:37:15 2005 Subject: New Outlook Plugin .99.1 (Beta) - works great! In-Reply-To: <42B6BFCE.3020503@jason.markley.name> References: <11e5220b05062004303f64cbed@mail.gmail.com> <42B6BFCE.3020503@jason.markley.name> Message-ID: <20050620163424.GC369@daredevil.joesixpack.net> On Mon Jun 20 2005; 09:08, Jason Markley wrote: > However.....I can't seem to get the plugin to work with outlook. It > crashes every time I try to decrypt or encrypt an email. Also, there's > no toolbar buttons on the main outlook window (for those of us that use > the preview-pane). Are there special usage or install instructions for First please note that the plugin is still beta. But I got a lot of feedback from persons who said it works. There seem to be some problems with some Outlook (+ SP X) versions and we are working on it. But the latest beta (0.99.2) solved a lot of problems which were reported from users. It seems that Outlook 2000 + SP3 is one of the candidates of causes some trouble. I test it myself successfully with Outlook 2000 (no SP) and Outlook 2003 (also no SP). I would be glad if you could send me a 'Dr. Watson' Logfile after the crash occurred. Or any other stack backtrace like logfile. And no, there are no special install instructions. Just copy the libgpgmedlgs.dll into your c:\$win\system32 directory and run regsv32 gpgexch.dll. That's it. From wk at gnupg.org Mon Jun 20 21:58:24 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 20 22:13:28 2005 Subject: [Announce] GnuPG 1.9.17 (S/MIME and gpg-agent) released Message-ID: <87ll5494wv.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From codex24 at gmail.com Mon Jun 20 22:22:55 2005 From: codex24 at gmail.com (Kevin Calman) Date: Mon Jun 20 23:18:36 2005 Subject: Positive Verification? Message-ID: <7bee715e0506201322769ea538@mail.gmail.com> Please forgive if this has been asked and answered before, I have just suscribed and can't figure out how to search the archives.... I am using GPG 1.4.0 under cygwin on Windows XP/P SP2. I am making up a process for encrypted archiving, where the same user will create signed and encrypted content, and potentially verify and decrypt this content after retrival from off-site media. I need to confirm that the file received was authentically produced by the same user. The files are large binary archives. I have public and private keys for the generic identity, "user" and I create the file thusly: > gpg -u user -r user -r my-identity -o file.tar.gpg -se file.tar When I verify the file, there is no prompt for secret key passphrase, I get no useful output, and the command always succeeds (i.e., always a 0 return code). I verfy as follows: > gpg --verify-files file.tar.gpg If I actually decrypt the file, I do a passphrase prompt, I get useful output which identifies which identity is decrypting the file. Shouldn't verify-files do the same thing? Assuming I have multiple private keys, and a file is encrypted to mulitple recipients, how do I selecting which identity to use to verify and/or decrypt the file? Thanks for any info you can provide. -- Opinions herein are exclusively my own, unless you share them. Kevin Calman, codex24 at gmail dot com, Austin, TX, US From oskar at rbgi.net Tue Jun 21 02:14:34 2005 From: oskar at rbgi.net (Oskar L.) Date: Tue Jun 21 02:10:52 2005 Subject: Filename for digests In-Reply-To: <7bee715e0506201322769ea538@mail.gmail.com> References: <7bee715e0506201322769ea538@mail.gmail.com> Message-ID: <1185.213.169.3.112.1119312874.squirrel@mail.rbgi.net> Sorry if this is a bit off topic. When you calculate the hashes (sha1) for several files, and save them in a singel file, then is there any standard witch states or suggests what this file should be called? Oskar From wk at gnupg.org Tue Jun 21 06:37:49 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 21 06:36:14 2005 Subject: Filename for digests In-Reply-To: <1185.213.169.3.112.1119312874.squirrel@mail.rbgi.net> (Oskar L.'s message of "Tue, 21 Jun 2005 03:14:34 +0300 (EEST)") References: <7bee715e0506201322769ea538@mail.gmail.com> <1185.213.169.3.112.1119312874.squirrel@mail.rbgi.net> Message-ID: <87vf4872aq.fsf@wheatstone.g10code.de> On Tue, 21 Jun 2005 03:14:34 +0300 (EEST), Oskar L said: > Sorry if this is a bit off topic. When you calculate the hashes (sha1) for > several files, and save them in a singel file, then is there any standard > witch states or suggests what this file should be called? Not that I know of. The format used by sha1sum is probably the best suited one. Salam-Shalom, Werner From alphasigmax at gmail.com Tue Jun 21 10:48:21 2005 From: alphasigmax at gmail.com (Alphax) Date: Tue Jun 21 10:45:45 2005 Subject: Corrupt keys In-Reply-To: <42B3E253.8010004@gmail.com> References: <42B3E253.8010004@gmail.com> Message-ID: <42B7D455.4090705@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alphax wrote: > Recently, I discovered the following message on GPG startup: > > gpg: signature packet without timestamp > More fun: gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket I'm guessing these are from the infamous "PGP Global Directory Verification Key". Fortunately, I have a "clean" copy of this key - it has about 3 sigs on it, as opposed to the current 500+. Actually, I'd be interested to hear who has a non-corrupt copy of this key, and how many sigs are on it (please make public, so we can all share it!). Oh, and why does this list not automagically set the Reply-to header? - -- Alphax OpenPGP key: 0xF874C613 - http://tinyurl.com/cc9up http://en.wikipedia.org/wiki/User:Alphax There are two kinds of people: those who say to God, 'Thy will be done,' and those to whom God says, 'All right, then, have it your way.' - C. S. Lewis -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCt9RV/RxM5Ph0xhMRAtrPAJ4syutqplm0d4PFDKAYZydeKVPbdgCggFxm jd2HfTmJHj9zOV2xM5tFye8= =L7Md -----END PGP SIGNATURE----- From linux at codehelp.co.uk Tue Jun 21 12:04:38 2005 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Jun 21 12:03:42 2005 Subject: Corrupt keys In-Reply-To: <42B7D455.4090705@gmail.com> References: <42B3E253.8010004@gmail.com> <42B7D455.4090705@gmail.com> Message-ID: <200506211104.41878.linux@codehelp.co.uk> On Tuesday 21 June 2005 9:48 am, Alphax wrote: > Fortunately, I have a "clean" copy of this key as does subkeys.pgp.net - it was retrieved automatically and without spurious signatures or errors. > - it > has about 3 sigs on it, gpg --list-sigs 0xF874C613 pub 1024D/F874C613 2005-04-28 uid Alphax sig 97394664 2005-05-23 [User ID not found] sig 3 F874C613 2005-04-29 Alphax sig 1 P C521097E 2005-05-05 [User ID not found] sig 1 P 9C851DF1 2005-05-05 [User ID not found] uid Andrew Cranwell (Alphax) sig 97394664 2005-05-23 [User ID not found] sig 3 F874C613 2005-04-28 Alphax sig 1 P C521097E 2005-05-05 [User ID not found] uid Andrew Cranwell sig 97394664 2005-05-23 [User ID not found] sig 3 F874C613 2005-04-29 Alphax sig 1 P C521097E 2005-05-05 [User ID not found] sub 2048g/51E09049 2005-04-28 sig F874C613 2005-04-28 Alphax > as opposed to the current 500+. Delete the key from your keyring, retrieve it from subkeys.pgp.net and change your keyserver preference. > Actually, I'd be > interested to hear who has a non-corrupt copy of this key, and how many > sigs are on it (please make public, so we can all share it!). > > Oh, and why does this list not automagically set the Reply-to header? Because it's sensible and uses decent headers like List-Id. :-) -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050621/add84d0b/attachment.pgp From mail at mark-kirchner.de Tue Jun 21 12:24:00 2005 From: mail at mark-kirchner.de (Mark Kirchner) Date: Tue Jun 21 12:19:24 2005 Subject: Corrupt keys In-Reply-To: <200506211104.41878.linux@codehelp.co.uk> References: <42B3E253.8010004@gmail.com> <42B7D455.4090705@gmail.com> <200506211104.41878.linux@codehelp.co.uk> Message-ID: <1471003315.20050621122400@mark-kirchner.de> On Tuesday, June 21, 2005, 12:04:38 PM, Neil wrote: >> Fortunately, I have a "clean" copy of this key > > as does subkeys.pgp.net - it was retrieved automatically and without > spurious signatures or errors. I guess he's talking about the PGP Global Directory key (0xCA57AD7C). Regards, Mark Kirchner -- _____________________________________________________________ Key (0x172C073C): http://www.mark-kirchner.de/keys/key-mk.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 183 bytes Desc: not available Url : /pipermail/attachments/20050621/4b1fa996/attachment.pgp From adam00f at ducksburg.com Tue Jun 21 11:44:40 2005 From: adam00f at ducksburg.com (Adam Funk) Date: Tue Jun 21 12:31:19 2005 Subject: How to import a secret subkey? Message-ID: <200506211044.40648.adam00f@ducksburg.com> I recently created a new subkey for a keypair that I use on two machines, but I cannot get the subkey onto the second machine. I have tried gpg --export, --export-secret and --export-secret-subkey on the first computer but gpg --import refuses to add the subkey on the second one. How can I do this? Thanks, Adam From dshaw at jabberwocky.com Tue Jun 21 15:11:51 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 21 15:08:03 2005 Subject: How to import a secret subkey? In-Reply-To: <200506211044.40648.adam00f@ducksburg.com> References: <200506211044.40648.adam00f@ducksburg.com> Message-ID: <20050621131151.GB6289@jabberwocky.com> On Tue, Jun 21, 2005 at 10:44:40AM +0100, Adam Funk wrote: > I recently created a new subkey for a keypair that I use on two > machines, but I cannot get the subkey onto the second machine. I have > tried gpg --export, --export-secret and --export-secret-subkey on the > first computer but gpg --import refuses to add the subkey on the second > one. > > How can I do this? You can't. GnuPG does not currently support merging secret subkeys. To do it, you need to delete the secret key on the second machine and re-import the whole key. David From wk at gnupg.org Tue Jun 21 16:44:35 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 21 16:49:13 2005 Subject: [Announce] Second release candidate for GnuPG 1.4.2 available Message-ID: <87d5qfwyzw.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From jharris at widomaker.com Tue Jun 21 19:38:47 2005 From: jharris at widomaker.com (Jason Harris) Date: Tue Jun 21 19:34:43 2005 Subject: Corrupt keys In-Reply-To: <200506211104.41878.linux@codehelp.co.uk> References: <42B3E253.8010004@gmail.com> <42B7D455.4090705@gmail.com> <200506211104.41878.linux@codehelp.co.uk> Message-ID: <20050621173847.GK356@wilma.widomaker.com> On Tue, Jun 21, 2005 at 11:04:38AM +0100, Neil Williams wrote: > On Tuesday 21 June 2005 9:48 am, Alphax wrote: > > Fortunately, I have a "clean" copy of this key > as does subkeys.pgp.net - it was retrieved automatically and without spurious > signatures or errors. Neil, you must have hit keyserver.kjsl.com; the rest of the servers in subkeys.pgp.net are SKS (1.0.9) and don't (yet) filter these bogus packets. > > Actually, I'd be > > interested to hear who has a non-corrupt copy of this key, and how many > > sigs are on it (please make public, so we can all share it!). After retrieving it from keyserver.kjsl.com to an empty keyring: %gpg --check-sigs CA57AD7C pub 2048R/CA57AD7C 2004-12-06 uid PGP Global Directory Verification Key sig! CA57AD7C 2005-04-04 PGP Global Directory Verification Key sig! CA57AD7C 2004-12-06 PGP Global Directory Verification Key 458 signatures not checked due to missing keys -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 309 bytes Desc: not available Url : /pipermail/attachments/20050621/70aebd0d/attachment.pgp From linux at codehelp.co.uk Tue Jun 21 21:21:40 2005 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Jun 21 21:17:21 2005 Subject: Corrupt keys In-Reply-To: <20050621173847.GK356@wilma.widomaker.com> References: <42B3E253.8010004@gmail.com> <200506211104.41878.linux@codehelp.co.uk> <20050621173847.GK356@wilma.widomaker.com> Message-ID: <200506212021.43837.linux@codehelp.co.uk> On Tuesday 21 June 2005 6:38 pm, Jason Harris wrote: > On Tue, Jun 21, 2005 at 11:04:38AM +0100, Neil Williams wrote: > > On Tuesday 21 June 2005 9:48 am, Alphax wrote: > > > Fortunately, I have a "clean" copy of this key > > > > as does subkeys.pgp.net - it was retrieved automatically and without > > spurious signatures or errors. > > Neil, you must have hit keyserver.kjsl.com; the rest of the servers > in subkeys.pgp.net are SKS (1.0.9) and don't (yet) filter these bogus > packets. It wasn't a keyserver issue, I was under the impression the problem was the key being used to sign the messages: 0xF874C613 whereas you are looking at 0xCA57AD7C. > %gpg --check-sigs CA57AD7C > 458 signatures not checked due to missing keys -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050621/1d0badba/attachment.pgp From wk at gnupg.org Wed Jun 22 08:08:29 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 22 13:34:42 2005 Subject: How to import a secret subkey? In-Reply-To: <20050621131151.GB6289@jabberwocky.com> (David Shaw's message of "Tue, 21 Jun 2005 09:11:51 -0400") References: <200506211044.40648.adam00f@ducksburg.com> <20050621131151.GB6289@jabberwocky.com> Message-ID: <87mzpincte.fsf@wheatstone.g10code.de> On Tue, 21 Jun 2005 09:11:51 -0400, David Shaw said: > You can't. GnuPG does not currently support merging secret subkeys. > To do it, you need to delete the secret key on the second machine and > re-import the whole key. We might however add this soon. IIRC most code is already there as we do something similar with card backup keys. Won't go into 1.4.2 though. At least not offically because it is "strings-frozen" to allow for proper and complete translations. Shalom-Salam, Werner From a_entin at hotmail.com Mon Jun 20 16:49:58 2005 From: a_entin at hotmail.com (Ari Entin) Date: Wed Jun 22 18:40:44 2005 Subject: New Outlook Plugin .99.1 (Beta) - works great! In-Reply-To: <42B6C603.9050500@jason.markley.name> Message-ID: You can also try this site which has compiled the Outlook plugin with an installer and WinPT: http://www.equipmente.de/viewtopic.php?t=642 Try the following to install: 1) Go to Tolls -> Options->Other and click on "Advanced Options" and then "Add-in Manager." 2) Uncheck the "GPG Exchange" box 3) Click on OK until you return to your Outlook screen 4) Close down outlook 5) Go to the Task Manager and make sure that Outlook.exe is not running. If it is, terminate it. 6) Uninstall the Outlook Plugin. I suggest that you unregister the plugin by opening up a command prompt and typing: "regsvr32 /u gpgexch.dl" 7) Now, install the Outlook plugin again 8) If its not loading, see step 1 and make sure that the "GPG Exchange" box is checked. Open and close Outlook. It should work. Ari Entin >From: Jason Markley >To: Spiff Traq >CC: Ari Entin , gnupg-users@gnupg.org >Subject: Re: New Outlook Plugin .99.1 (Beta) - works great! >Date: Mon, 20 Jun 2005 09:34:59 -0400 > >Here ya go.... > >ftp://ftp.g10code.com/g10code/outlgpg/gpgexch-dll-0.99.2.zip > >ftp://ftp.g10code.com/g10code/outlgpg/gpgexch-dll-0.99.1.zip > >However.....I can't seem to get the plugin to work with outlook. It >crashes every time I try to decrypt or encrypt an email. Also, there's no >toolbar buttons on the main outlook window (for those of us that use the >preview-pane). Are there special usage or install instructions for this >plugin in order to get it to work? It does work with an exchange account >in oulook, right? > >-Jason > > >Spiff Traq wrote: > >>On 6/17/05, Ari Entin wrote: >> >> >>>Hats off and a big "thanks" to the G10 group for the new Outlook Plugin >>>v. >>>.99.1 (Beta) >>> >>> >> >>Anyone got a link to the software for us who arn't so into the gnupg world >>yet? >> >>/Jörgen >> >>_______________________________________________ >>Gnupg-users mailing list >>Gnupg-users@gnupg.org >>http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> From cordesralf at web.de Mon Jun 20 21:09:53 2005 From: cordesralf at web.de (Ralf Cordes) Date: Wed Jun 22 18:40:51 2005 Subject: SmartCard doesn't work In-Reply-To: <87d5qgaoyt.fsf@wheatstone.g10code.de> References: <42B5C7C3.40702@web.de> <873brde6oo.fsf@wheatstone.g10code.de> <42B68BC8.7060500@web.de> <87fyvdb2sk.fsf@wheatstone.g10code.de> <42B6C2F6.4070801@web.de> <877jgpauau.fsf@wheatstone.g10code.de> <42B6EC0A.2010206@web.de> <87d5qgaoyt.fsf@wheatstone.g10code.de> Message-ID: <42B71481.9060007@web.de> At first I use WinPT 0.9.92. But I had problems with the passphrase. So I changed to command line. There the PINs which I changed with WinPT worked. That evening I also could encrypt and sign mails. But the next day the problems came up. Werner Koch schrieb: > On Mon, 20 Jun 2005 18:17:14 +0200, Ralf Cordes said: > > >>I'm using GnuPG 1.4.1, Windows 2000 and a ReinerSCT CardJack which I got >> from my bank when activating HBCI. > > > Command line or some frontend? For example, older WinPT versions had > a bug related to the PIN entry. > > > Salam-Shalom, > > Werner > > From ruben.de.visscher at skynet.be Tue Jun 21 18:04:16 2005 From: ruben.de.visscher at skynet.be (Ruben De Visscher) Date: Wed Jun 22 18:40:55 2005 Subject: Message Digest Message-ID: <77f44a7b5d4b22d6201f313fc747c6b5@skynet.be> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I heard that recently, the SHA-1 message digest has been broken. Because GnuPG uses this algorithm to make its digital signatures i think it would be a good thing to implement a safer digest like SHA-2 for example. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCuDqWQ17IHYmwl+4RAvvhAJ4q04ME5QLs6JqDnMaypG0KBkNU6wCfWwuX ZPpAr8XJTN8DMpWBpSQ9RIw= =nfxS -----END PGP SIGNATURE----- From gpg.20.subu at spamgourmet.com Wed Jun 22 09:01:19 2005 From: gpg.20.subu at spamgourmet.com (gpg.20.subu@spamgourmet.com) Date: Wed Jun 22 18:41:00 2005 Subject: Expired Subkey - How to extend expiry using GPG command line Message-ID: <1119423679.15295.236899592@webmail.messagingengine.com> Thanks a ton This worked like a charm I've updated my subkeys Regards Subu Charly Avital - shavital@mac.com wrote: > gpg.20.subu@spamgourmet.com wrote the following on 6/20/05 8:13 AM: > >>Hi >> >> >>I have a key where the sub key has expired >> >>Is there a way to extend the validity of the *sub key* using GPG command >>line interface >> >>p.s. - As of now I am little hesitant to set up GPG shell etc - learn >>these and then do the sub key edit - so would prefer a straight sub - >>key editing >> >>Thanks in adv >> >>-- Subu > > > > gpg --edit-key [key ID] > then > Command> key N where N is the subkey's index. > e.g. if the subkey whose validity you want to extend is the first listed > subkey, or if it is the only listed subkey, then the command would be > Command> key 1 > this will put a * after the word sub, indicating that this particular > subkey has been selected. then > Command> expire > and follow the prompts. > > Hope this works for you, it works for me (Macintosh OS X 10.4.1) > Charly > -- http://www.fastmail.fm - Access your email from home and the web From gpg.20.subu at spamgourmet.com Wed Jun 22 09:04:33 2005 From: gpg.20.subu at spamgourmet.com (gpg.20.subu@spamgourmet.com) Date: Wed Jun 22 18:41:05 2005 Subject: Expired Subkey - How to extend expiry using GPG command line Message-ID: <1119423873.15695.236899713@webmail.messagingengine.com> Hi Charly Thanks a ton This worked like a charm I've updated my subkeys Regards Subu p.s. - for some reason my post to the GPG list is awaiting moderation. So I've copied it to Charly Avital as well Charly Avital - shavital@mac.com wrote: > gpg.20.subu@spamgourmet.com wrote the following on 6/20/05 8:13 AM: > >>Hi >> >> >>I have a key where the sub key has expired >> >>Is there a way to extend the validity of the *sub key* using GPG command >>line interface >> >>p.s. - As of now I am little hesitant to set up GPG shell etc - learn >>these and then do the sub key edit - so would prefer a straight sub - >>key editing >> >>Thanks in adv >> >>-- Subu > > > > gpg --edit-key [key ID] > then > Command> key N where N is the subkey's index. > e.g. if the subkey whose validity you want to extend is the first listed > subkey, or if it is the only listed subkey, then the command would be > Command> key 1 > this will put a * after the word sub, indicating that this particular > subkey has been selected. then > Command> expire > and follow the prompts. > > Hope this works for you, it works for me (Macintosh OS X 10.4.1) > Charly > -- http://www.fastmail.fm - Choose from over 50 domains or use your own From johanw at vulcan.xs4all.nl Wed Jun 22 18:56:33 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed Jun 22 19:08:09 2005 Subject: Message Digest In-Reply-To: <77f44a7b5d4b22d6201f313fc747c6b5@skynet.be> Message-ID: <200506221656.j5MGuXZZ002449@vulcan.xs4all.nl> Ruben De Visscher wrote: >I heard that recently, the SHA-1 message digest has been broken. This is incorrect. However, it appears that SHA-1 is not as strong as its size suggests. >Because GnuPG uses this algorithm to make its digital signatures i >think it would be a good thing to implement a safer digest like SHA-2 >for example. It already does implement the different SHA-2 algorithms. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dshaw at jabberwocky.com Wed Jun 22 20:25:00 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jun 22 20:21:11 2005 Subject: Message Digest In-Reply-To: <77f44a7b5d4b22d6201f313fc747c6b5@skynet.be> References: <77f44a7b5d4b22d6201f313fc747c6b5@skynet.be> Message-ID: <20050622182500.GB11778@jabberwocky.com> On Tue, Jun 21, 2005 at 06:04:16PM +0200, Ruben De Visscher wrote: > I heard that recently, the SHA-1 message digest has been broken. > Because GnuPG uses this algorithm to make its digital signatures i > think it would be a good thing to implement a safer digest like SHA-2 > for example. GnuPG supports all of the SHA-2 hashes (256, 384, 512). David From adam00f at ducksburg.com Wed Jun 22 22:08:18 2005 From: adam00f at ducksburg.com (Adam Funk) Date: Wed Jun 22 22:37:42 2005 Subject: How to import a secret subkey? In-Reply-To: References: Message-ID: <200506222108.18654.adam00f@ducksburg.com> > Date: Tue, 21 Jun 2005 09:11:51 -0400 > From: David Shaw > > > I recently created a new subkey for a keypair that I use on two > > machines, but I cannot get the subkey onto the second machine. ?I > > have tried gpg --export, --export-secret and --export-secret-subkey > > on the first computer but gpg --import refuses to add the subkey on > > the second one. > > > > How can I do this? > > You can't. ?GnuPG does not currently support merging secret subkeys. > To do it, you need to delete the secret key on the second machine and > re-import the whole key. That worked. Thanks! I think there used to be a restriction that "gpg --import secretkey.gpg" wouldn't work without setting a special option. Is importing secret keys by accident no longer considered a risk? From udjinrg at forenet.by Thu Jun 23 08:51:27 2005 From: udjinrg at forenet.by (Maxim Britov) Date: Thu Jun 23 09:41:33 2005 Subject: is gnupg can retrieve only ascii keys from http? Message-ID: <20050623095127.1667facf@maxim-l.office.modum.by> gpg can retrieve only ascii keys from http? $ LANG= gpg --keyserver http://www.clamav.net/gpg/tkojm.gpg --recv-keys 0x985A444B gpg: requesting key 985A444B from http server www.clamav.net gpgkeys: key 985A444B not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0 I can get this key with wget. For example: $ LANG= gpg --keyserver http://pgpru.com/contacts/keys/0x84F8C181.asc --recv-keys 0x84F8C181 gpg: requesting key 84F8C181 from http server pgpru.com gpg: key 84F8C181: "Kent " not changed gpg: Total number processed: 1 gpg: unchanged: 1 $ LANG= gpg --version gpg (GnuPG) 1.4.2-cvs -- Maxim Britov GnuPG KeyID 0x4580A6D66F3DB1FB xmpp:maxim@modum.by icq 198171258 Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB GnuPG-ru Team (http://lists.gnupg.org/mailman/listinfo/gnupg-ru) From dshaw at jabberwocky.com Thu Jun 23 14:34:02 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 23 14:30:15 2005 Subject: is gnupg can retrieve only ascii keys from http? In-Reply-To: <20050623095127.1667facf@maxim-l.office.modum.by> References: <20050623095127.1667facf@maxim-l.office.modum.by> Message-ID: <20050623123402.GC12401@jabberwocky.com> On Thu, Jun 23, 2005 at 09:51:27AM +0300, Maxim Britov wrote: > gpg can retrieve only ascii keys from http? > > $ LANG= gpg --keyserver http://www.clamav.net/gpg/tkojm.gpg --recv-keys 0x985A444B > gpg: requesting key 985A444B from http server www.clamav.net > gpgkeys: key 985A444B not found on keyserver > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > > I can get this key with wget. > > For example: > > $ LANG= gpg --keyserver http://pgpru.com/contacts/keys/0x84F8C181.asc --recv-keys 0x84F8C181 > gpg: requesting key 84F8C181 from http server pgpru.com > gpg: key 84F8C181: "Kent " not changed > gpg: Total number processed: 1 > gpg: unchanged: 1 That's correct. At some point, I may change this, but it is not currently a feature. David From messtic at oreka.com Fri Jun 24 17:52:07 2005 From: messtic at oreka.com (Alain Bench) Date: Fri Jun 24 18:06:58 2005 Subject: UTF-8 support In-Reply-To: <25355.1116660061@www56.gmx.net> References: <23460.1116509668@www39.gmx.net> <25355.1116660061@www56.gmx.net> Message-ID: <20050624155206.GA4380@oreka.com> [copy to libiconv author] Hello, On Saturday, May 21, 2005 at 9:21:01 AM +0200, mus1876@gmx.info wrote: > when setting utf-8 for cmd.exe, gpg switches back to its default > character set. In cmd.exe I do the follwoing to change the codepage: > [chcp 65001] Active Codepage: 65001. > gpg: conversion from `utf-8' to `CP65001' not available > gpg: using character set `iso-8859-1' The name mapping between 65001 local CP and UTF-8 standard name is lacking both in GnuPG util/strgutil.c, and in libiconv-1.9.2 libcharset/lib/localcharset.c. This lack should be easy to correct. In the meantime you can use the gpg --charset=utf-8 option when used on a CP-65001 terminal. Bye! Alain. -- How to Report Bugs Effectively From shavital at mac.com Sun Jun 26 22:56:10 2005 From: shavital at mac.com (Charly Avital) Date: Sun Jun 26 22:52:15 2005 Subject: Secure viewer in PGP 9.0.1 for Mac OS X In-Reply-To: References: <425D789E-958C-456C-B9A3-AD81C6577AF9@cox-internet.com> <6.0.3.0.2.20050617140005.0327b5f8@pop3.myrealbox.com> Message-ID: While carrying out some tests with GnuPG and the options --for-our-eyes-only and --output [filename], within the macgpg-users list, I tried to decrypt a test message composed with MacGPG (GnuPG for the Mac) 1.4.2rc2 configured with these two options. The received message could be decrypted using GPGMail and Eudora GPG. Eudora GPG displayed, in its output 'gpg: NOTE: sender requested "for-your-eyes-only"' Using PGP 9.0.1 to decrypt that same test message, an on-screen window informed: 'Caution The message you are decrypting is for your eyes only. It is recommended that this message only be read under the most secure circumstances.' and two buttons 'Cancel' and 'OK'. Clicking the OK button produced a secure-viewer window with the decrypted message (and PGP testimonial) printed in tempest-resistant font. My question to the pgp-users list is: how to set the request for the secure-viewer function for outgoing messages under PGP 9.0.1. In previous versions of PGP, the option could be enabled by marking a small square button. TIA Charly From shavital at mac.com Mon Jun 27 00:09:24 2005 From: shavital at mac.com (Charly Avital) Date: Mon Jun 27 00:05:06 2005 Subject: [PGP-USERS] Secure viewer in PGP 9.0.1 for Mac OS X - "for-your-eyes-only" in GnuPG In-Reply-To: <42BEE2CF.11129.1F91261@localhost> References: <42BEE2CF.11129.1F91261@localhost> Message-ID: <0939923A-0EE2-47F5-8C5F-F019083E1B96@mac.com> On Jun 26, 2005, at 5:15 PM, Tom McCune wrote: >> [...] >> I don't know about Macs, but on Windows, the option is there when >> using >> Current Window usage from PGPtray. I have found how to do it, it requires to "force" PGP to display the window where encryption key(s) can be selected manually to encrypt to a recipient. That window includes two additional options that can be set: conventional encryption, secure viewer. In order to "force" (for lack of a better term) PGP to display that window, one must go through the Services menu (Mac OS X), which might be something similar to PGPtray. The resulting message (composed with secure viewer selected) is decrypted by PGP in the usual "visible" way, even when using the Services menu. Moreover, when decrypting that same message with GnuPG, the decrypted text shows but the GPG Output does not display any mention of for-your-eyes-only. All this requires some more testing (and some attention from PGP); it's interesting to note that, as I reported previously, a message composed with GnuPG, with the for-your-eyes-only and output options enabled, is correctly decrypted by PGP 9.0.1, using the secure viewer window. > I should add that although this really does send the message as > desired, > the Secure Viewer is only used for me when decrypting via Current > Window > usage - the email proxy decrypts as usual, as if that flag had > never been > set. > I have tried decrypting that secure viewer message using PGP from the Services menu, and from the Dock, but without getting the decrypted text to show in a secure viewer window. Only a message composed with GnuPG and the required options gets PGP 9.0.1 to use the secure viewer window. Charly From dshaw at jabberwocky.com Mon Jun 27 02:06:52 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Jun 27 02:03:13 2005 Subject: UTF-8 support In-Reply-To: <20050624155206.GA4380@oreka.com> References: <23460.1116509668@www39.gmx.net> <25355.1116660061@www56.gmx.net> <20050624155206.GA4380@oreka.com> Message-ID: <20050627000652.GA12582@jabberwocky.com> On Fri, Jun 24, 2005 at 05:52:07PM +0200, Alain Bench wrote: > [copy to libiconv author] > > Hello, > > On Saturday, May 21, 2005 at 9:21:01 AM +0200, mus1876@gmx.info wrote: > > > when setting utf-8 for cmd.exe, gpg switches back to its default > > character set. In cmd.exe I do the follwoing to change the codepage: > > [chcp 65001] Active Codepage: 65001. > > gpg: conversion from `utf-8' to `CP65001' not available > > gpg: using character set `iso-8859-1' > > The name mapping between 65001 local CP and UTF-8 standard name is > lacking both in GnuPG util/strgutil.c, and in libiconv-1.9.2 > libcharset/lib/localcharset.c. This lack should be easy to correct. It's already in the latest release candidate for 1.4.2. David From jharris at widomaker.com Mon Jun 27 05:26:28 2005 From: jharris at widomaker.com (Jason Harris) Date: Mon Jun 27 05:22:43 2005 Subject: new (2005-06-26) keyanalyze results (+sigcheck) Message-ID: <20050627032627.GP356@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-06-26/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: b5a00abe3b776c83b0af690a5f7c91c16a0e421f 12298572 preprocess.keys 61270c9e47cd0b472d2627ca1c7e3306d41977bf 7706862 othersets.txt 80d81c2a1c0fce0b29b49400d696d82f9938b8c6 3083834 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f 1450 index.html 011d6f0ec83a45fca4f757fbe5a318fd483e1d17 2291 keyring_stats 228d54ef15916d9af2211c8c92c4cb860c9572b5 1212645 msd-sorted.txt.bz2 81ca8f4957d98f37a7696c4e4b36a59fe5322b43 26 other.txt d935a36758e1edb01699c052d7f37f779628db5f 1661135 othersets.txt.bz2 e659ce52d5bbb1ec9d8046174e2e6f7cf9eb1f95 5028165 preprocess.keys.bz2 03ea0473e8b685c83695bfc97843759154380444 12275 status.txt 1ac9fa5282b6ac7a1e14a0d0f55a314785704ebc 210512 top1000table.html 6e685336416a71d4952b98dd910f99f63f7c1660 30382 top1000table.html.gz c693ef22a86ab244e3120e7ebf151170ce61c717 10890 top50table.html 27dfe522be1c9f7e8a604b10b72150a338c1e3ec 2619 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 309 bytes Desc: not available Url : /pipermail/attachments/20050626/7b6ba159/attachment.pgp From shavital at mac.com Mon Jun 27 05:55:52 2005 From: shavital at mac.com (Charly Avital) Date: Mon Jun 27 05:52:00 2005 Subject: "--for-your-eyes-only" Message-ID: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> According to man gpg: ------------------- Set the `for your eyes only' flag in the message. This causes GnuPG to refuse to save the file unless the --output option is given, and PGP to use the "secure viewer" with a Tempest-resistant font to display the message. This option overrides --set-filename. --no-for-your-eyes-only disables this option. ------------------ In a few tests I did, using gpg 1.4.2rc2, self testing an encrypted and signed text: - without --output: the result is a message without text, that shows 'encrypted,signed' in its long headers. - with --output [filename]: the result is an encrypted and signed message that is processed by GnuPG as any other such message, without any special warnings or limitations. The same message processed with PGP is decrypted, verified and displayed in a "secure-view" window with TEMPEST Attack Prevention fonts. At the receiving end, how does GnuPG processes a message that has been encrypted using "--for-your-eyes-only", without --output? Where does the actual text of the message goes? Is there such a text? Charly From dshaw at jabberwocky.com Mon Jun 27 06:32:30 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Jun 27 06:28:48 2005 Subject: "--for-your-eyes-only" In-Reply-To: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> Message-ID: <20050627043230.GB12582@jabberwocky.com> On Sun, Jun 26, 2005 at 11:55:52PM -0400, Charly Avital wrote: > According to man gpg: > ------------------- > Set the `for your eyes only' flag in the message. This > causes GnuPG to refuse to save the file unless the --output > option is given, and PGP to use the "secure viewer" with a > Tempest-resistant font to display the message. This option > overrides --set-filename. > --no-for-your-eyes-only disables this option. > ------------------ > > In a few tests I did, using gpg 1.4.2rc2, self testing an encrypted > and signed text: > - without --output: the result is a message without text, that shows > 'encrypted,signed' in its > long headers. I'm afraid I don't know what this means. GnuPG has no such 'long headers', so I assume you're calling it from some front end. > At the receiving end, how does GnuPG processes a message that has > been encrypted using > "--for-your-eyes-only", without --output? Where does the actual text > of the message goes? Is there such a text? In that case GnuPG discards the text and does not save or display it. Davd From shavital at mac.com Mon Jun 27 07:16:47 2005 From: shavital at mac.com (Charly Avital) Date: Mon Jun 27 07:12:33 2005 Subject: "--for-your-eyes-only" In-Reply-To: <20050627043230.GB12582@jabberwocky.com> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> Message-ID: <42BF8BBF.30704@mac.com> David Shaw wrote the following on 6/27/05 12:32 AM: [...] > I'm afraid I don't know what this means. GnuPG has no such 'long > headers', so I assume you're calling it from some front end. Indeed, because 'long headers' has nothing to do with GnuPG per se, it is a MUA viewing option that displays the 'long headers' aka 'extended headers' of the message itself. I pointed out that fact, because the receiving MUA (in long headers mode) + GnuPG indicated that the message, although without text, had been encrypted and signed. If there is no text to be decrypted or verified, how does the receiving GnuPG + MUA "knows" that this was an encrypted and signed message? > >>At the receiving end, how does GnuPG processes a message that has >>been encrypted using >>"--for-your-eyes-only", without --output? Where does the actual text >>of the message goes? Is there such a text? > > > In that case GnuPG discards the text and does not save or display it. Then, is that combination of options, --for-your-eyes-only and --output, meant to be used, at the receiving end, by PGP users only, and/or by users of any other encryption software/platform that has the capability to display the decrypted/verified text in a secure viewer form, or in such a way that the decrypted/verified output can be viewed, but not saved? A correction to my previous post: when a message processed in MacGPG (GnuPG for the Mac), with those two options, is decrypted using GnuPG (e.g. by command line) the verbose gpg output contains a line reading: gpg: NOTE: sender requested "for-your-eyes-only" Is this line intended for the recipient's information only, or is there a way the recipient can actually view the decrypted/verified text in a secure viewer mode? I apologize if this a repetition of my previous question. Charly From wk at gnupg.org Mon Jun 27 09:39:30 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 27 09:36:12 2005 Subject: How to import a secret subkey? In-Reply-To: <200506222108.18654.adam00f@ducksburg.com> (Adam Funk's message of "Wed, 22 Jun 2005 21:08:18 +0100") References: <200506222108.18654.adam00f@ducksburg.com> Message-ID: <8764w0meod.fsf@wheatstone.g10code.de> On Wed, 22 Jun 2005 21:08:18 +0100, Adam Funk said: > I think there used to be a restriction that "gpg --import secretkey.gpg" > wouldn't work without setting a special option. Is importing secret keys > by accident no longer considered a risk? This was fixed with version 1.0.7 about 3 years ago. gpg won't set the ownertrust of an imported key; the user is expected to do it. Salam-Shalom, Werner From anonymous at remailer.metacolo.com Mon Jun 27 13:22:44 2005 From: anonymous at remailer.metacolo.com (Anonymous Sender) Date: Mon Jun 27 14:13:39 2005 Subject: keeping possession of a private key secret Message-ID: If I create a keypair in the normal way, the mails, files, etc., encrypted with it are protected by the passphrase as well as the private key. But access to my hard drive would easily reveal $ gpg --list-secret-keys my secret identity that I want to use for pseudonymous publishing. Any suggestions on good ways to keep it secure without too much hassle every time I want to use it? Thanks. From hawke at hawkesnest.net Mon Jun 27 23:30:15 2005 From: hawke at hawkesnest.net (Alex Mauer) Date: Mon Jun 27 23:27:26 2005 Subject: pinpad cardreader; imported smart-card keys Message-ID: I'll ask the quick question first: I purchased an SCM SPR332 card reader, based on the Smartcard Howto's statement (about the SPR532) "The pinpad may be used to securely enter the PIN". I have found that I cannot use the pinpad, at least not with gnupg. Is this due to a misinterpretation of that statement? If so, perhaps changing the howto to indicate that while it may be used to securely enter a pin, Gnupg doesn't support this functionality. Or is it simply that the SPR532 works and the SPR 332 does not? Since the 332 is just a usb-only version of the 532, I'm figuring gnupg doesn't support this feature at all. I'd be happy to help test/debug if anyone's willing to add it. Secondly, the longer and more involved question: I recently acquired an OpenPGP smart card, and while starting to use it, I noticed some strangeness: First, my current arrangement is as follows: I have a DSA master signing key, an ElGamal encryption subkey, and a DSA signing subkey. To use the smart card, I need to add an RSA signing key, and an RSA encryption key as well. Well, I did so, and this went reasonably smoothly. But, I then tried to make these keys usable on another system. >From what I can google, I should be able to (re)generate the stub keys by using 'gpg --card-status'. But, this seems not to work. If I then copy the pubring.gpg from the first machine and import it on the second, then when I run 'gpg --card-status' it fills in the field "General key info", and then it can apparently generate the stub RSA keys. But the secret parts of the subkeys are not available (indicated with a #, which I'm used to seeing for the master key). So I figure I'll import those secret parts, but it tells me "secret keys unchanged: 1" and nothing changes. So, I delete the secret keyring from the new machine, and import the old subkeys' secret parts first, then the new RSA subkeys' public parts. Now everything seems to work. BUT, when i run gpg --list-secret-keys I get the following output (removing some extra uids): sec# 1024D/51192FF2 2002-03-22 uid Alex L. Mauer (Home) ssb 2048g/9150664F 2004-07-01 ssb 1024D/3F52F59F 2004-12-13 sec# 1024D/51192FF2 2002-03-22 uid Alex L. Mauer (Home) ssb# 2048g/1DA6A1C7 2003-06-27 ssb# 2048g/9150664F 2004-07-01 ssb# 1024D/3F52F59F 2004-12-13 ssb# 2048g/96FAE64B 2002-03-22 ssb# 2048g/0193A5EB 2003-04-15 ssb> 1024R/4A1C1224 2005-06-27 ssb> 1024R/F40CACBA 2005-06-27 Shouldn't gnupg only produce one entry for that, like: sec# 1024D/51192FF2 2002-03-22 uid Alex L. Mauer (Home) ssb# 2048g/1DA6A1C7 2003-06-27 ssb 2048g/9150664F 2004-07-01 ssb 1024D/3F52F59F 2004-12-13 ssb# 2048g/96FAE64B 2002-03-22 ssb# 2048g/0193A5EB 2003-04-15 ssb> 1024R/4A1C1224 2005-06-27 ssb> 1024R/F40CACBA 2005-06-27 Shouldn't I be able to import the secret parts of subkeys 9150664f and 3f52f59f after the stub keys have been created?? Oh, this is with gnupg 1.4.1 and 1.4.2rc2 -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 264 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050627/24055e57/signature.pgp From dshaw at jabberwocky.com Tue Jun 28 05:18:26 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 28 05:14:45 2005 Subject: "--for-your-eyes-only" In-Reply-To: <42BF8BBF.30704@mac.com> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> Message-ID: <20050628031826.GA17400@jabberwocky.com> On Mon, Jun 27, 2005 at 11:16:47AM +0000, Charly Avital wrote: > when a message processed in MacGPG (GnuPG for the Mac), with those two > options, is decrypted using GnuPG (e.g. by command line) the verbose gpg > output contains a line reading: > gpg: NOTE: sender requested "for-your-eyes-only" > > Is this line intended for the recipient's information only, or is there > a way the recipient can actually view the decrypted/verified text in a > secure viewer mode? I apologize if this a repetition of my previous > question. If I understand your question, no, there is no secure viewer built into GnuPG. There are many reasons, but two good ones are that GnuPG is a command line application, and you can't really make a secure viewer on the command line, and by its nature a secure viewer would not be nearly portable enough. However, GnuPG can call other programs to do other tasks (keyserver access programs, JPEG viewers for photo IDs), so it's not impossible that GnuPG could call an external secure viewer program. I don't know of one offhand though. David From wk at gnupg.org Tue Jun 28 08:45:21 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 28 08:46:12 2005 Subject: "--for-your-eyes-only" In-Reply-To: <20050628031826.GA17400@jabberwocky.com> (David Shaw's message of "Mon, 27 Jun 2005 23:18:26 -0400") References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> Message-ID: <87aclbgeta.fsf@wheatstone.g10code.de> On Mon, 27 Jun 2005 23:18:26 -0400, David Shaw said: > However, GnuPG can call other programs to do other tasks (keyserver > access programs, JPEG viewers for photo IDs), so it's not impossible > that GnuPG could call an external secure viewer program. I don't know > of one offhand though. Nor do I know. We planned to add such a viewer to the GPA utility and the CVS carries Marcus Kuhn's fonts for a long time - however nobody has yet found time to write a GTK+ widget to make use of this font. If there is someone with GTK+ experience and some spare time I would really appreciate to see such a feature. Shalom-Salam, Werner From wk at gnupg.org Tue Jun 28 08:53:42 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 28 08:51:11 2005 Subject: pinpad cardreader; imported smart-card keys In-Reply-To: (Alex Mauer's message of "Mon, 27 Jun 2005 16:30:15 -0500") References: Message-ID: <8764vzgefd.fsf@wheatstone.g10code.de> On Mon, 27 Jun 2005 16:30:15 -0500, Alex Mauer said: > I purchased an SCM SPR332 card reader, based on the Smartcard Howto's > statement (about the SPR532) "The pinpad may be used to securely enter > the PIN". I have found that I cannot use the pinpad, at least not with As of now the "may be" means with software supporting it but not with GnuPG :-(. The longer answer is that I have worked on it and added code to the CCID driver to check this out. It works fine but there is one party missing: We need to have a mechanism t tell the upper layers that a pinpad reader is available and that the pinentry shall not be used for entering the PIN but to display a note saying: Please enter the PIN on the reader keypad. Given the demand of support for the keypad, I will start to work on it soon. >> From what I can google, I should be able to (re)generate the stub keys > by using 'gpg --card-status'. But, this seems not to work. I need to see what happens; will get back to you later. Salam-Shalom, Werner From shavital at mac.com Tue Jun 28 10:58:52 2005 From: shavital at mac.com (Charly Avital) Date: Tue Jun 28 10:54:43 2005 Subject: "--for-your-eyes-only" In-Reply-To: <20050628031826.GA17400@jabberwocky.com> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> Message-ID: <42C1114C.6070702@mac.com> David Shaw wrote the following on 6/27/05 11:18 PM: [...] > If I understand your question, > no, there is no secure viewer built > into GnuPG. There are many reasons, but two good ones are that GnuPG > is a command line application, and you can't really make a secure > viewer on the command line, and by its nature a secure viewer would > not be nearly portable enough. I may not understand what you mean by "portable". I suppose that a secure viewer (software program) could not be nearly ported to GnuPG? > > However, GnuPG can call other programs to do other tasks (keyserver > access programs, JPEG viewers for photo IDs), so it's not impossible > that GnuPG could call an external secure viewer program. I don't know > of one offhand though. As far as I can remember the evolution of PGP, I think (but I am not sure) that the concept of a secure viewer is a PGP proprietary function built-in in their software. I shall not discuss whether TEMPEST attacks, when targeted to CRT or LCD displays pose a real threat to encryption users (who is the targeting agent? who are the targeted/chosen users?) because I have no expertise or even reasonable knowledge of the technological aspects of that issue. But if it is, in fact, a viable way to breach confidentiality, it is possible that GnuPG could consider to include an external secure viewer program in future developments. As a matter of fact, according to Werner's email, some work has already been done, and is included in the CVS. Thanks, Charly From jdbeyer at exit109.com Tue Jun 28 13:26:20 2005 From: jdbeyer at exit109.com (Jean-David Beyer) Date: Tue Jun 28 13:21:59 2005 Subject: "--for-your-eyes-only" In-Reply-To: <20050628031826.GA17400@jabberwocky.com> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> Message-ID: <42C133DC.3020904@exit109.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > On Mon, Jun 27, 2005 at 11:16:47AM +0000, Charly Avital wrote: > > >> when a message processed ... is decrypted using GnuPG (e.g. by command >> line) the verbose gpg output contains a line reading: gpg: NOTE: sender >> requested "for-your-eyes-only" >> >> Is this line intended for the recipient's information only, or is there >> a way the recipient can actually view the decrypted/verified text in a >> secure viewer mode? I apologize if this a repetition of my previous >> question. > I am a newbie at this, but I do not see how it is possible to impliment this. While I suppose it might be possible to make an e-mail user agent (such as mutt) decrypt GPG | PGP e-mail and display it on a user's screen, and disable any ability to save the decrypted mail with the mail user agent, I do not see how it would be possible to stop the reader (i.e., the person, not the program) from copying and pasting that decrypted email; e.g., by pressing a save-screen button, or by simply copying and pasting with the mouse. In other words, even if the software were trustworthy, you are still at the mercy of the wisdom and intelligence and trustworthyness of the person receiving it. So you really must trust, in addition to the GPG programs, the user, and that is pretty difficult, IMAO, except in certain situations. - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 07:20:00 up 13 days, 1:10, 3 users, load average: 4.33, 4.28, 4.13 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCwTPbPtu2XpovyZoRAvSfAKDVu+LOOAQrbV26odgAzSkDFYaqWACePBcf d1erwCgMVlLXFyzrg+HsCaU= =MJv/ -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Tue Jun 28 11:16:00 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue Jun 28 13:26:47 2005 Subject: "--for-your-eyes-only" In-Reply-To: <20050628031826.GA17400@jabberwocky.com> Message-ID: <200506280916.j5S9G0De018646@vulcan.xs4all.nl> David Shaw wrote: >is a command line application, and you can't really make a secure >viewer on the command line, and by its nature a secure viewer would >not be nearly portable enough. [...] >However, GnuPG can call other programs to do other tasks (keyserver >access programs, JPEG viewers for photo IDs), so it's not impossible >that GnuPG could call an external secure viewer program. I don't know >of one offhand though. Which makes me think... outputting the text to a .jpg (or .gif or .png) with secure fonts shown in the picture. The picture could then be looked at in an external vieuwer. That would be completely portable. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From johanw at vulcan.xs4all.nl Tue Jun 28 13:44:19 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue Jun 28 13:40:28 2005 Subject: "--for-your-eyes-only" In-Reply-To: <42C133DC.3020904@exit109.com> Message-ID: <200506281144.j5SBiJU8023573@vulcan.xs4all.nl> Jean-David Beyer wrote: >I do not see how it would be possible to stop the reader (i.e., the person, >not the program) from copying and pasting that decrypted email; It isn't. And if all else fails he can still write it down by hand. It's considerd more like a hint, not as a 100% secure thing. And it might prevent that decryptd files are on the computer by accident. After all, if you mail something secret and the receiver will tell it further, no encryption protocol is going to protect you against that. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From hvictor at henphyt.yerphi.am Tue Jun 28 13:00:54 2005 From: hvictor at henphyt.yerphi.am (Victor Harutyunyan) Date: Tue Jun 28 13:55:17 2005 Subject: HTTP keyserver creation. Message-ID: <42C12DE6.6050300@henphyt.yerphi.am> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, I have installed gnupg-1.4.1 and apache_1.3.3. How can I configure HTTP keyserver? Regards, Victor. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCwS3W4saHoNULrvoRAkO1AJ4t4K9aVac3JJM1YkMOgw4Gd7HuWwCdG9Bs Ymjsly0qKxn9Pvrv1ZGjgfU= =J11b -----END PGP SIGNATURE----- From wk at gnupg.org Tue Jun 28 14:42:19 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 28 14:41:13 2005 Subject: "--for-your-eyes-only" In-Reply-To: <42C1114C.6070702@mac.com> (Charly Avital's message of "Tue, 28 Jun 2005 04:58:52 -0400") References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> <42C1114C.6070702@mac.com> Message-ID: <87br5qfyac.fsf@wheatstone.g10code.de> On Tue, 28 Jun 2005 04:58:52 -0400, Charly Avital said: > I may not understand what you mean by "portable". > I suppose that a secure viewer (software program) could not be nearly > ported to GnuPG? GnuPG is a command line tyool which only manges text input and output and as such it is pretty portable. For a viewer you need a graphical user interface to be able to display custom made fonts. Portability is harder to achieve than with text tools but in general not a real problem. However, it is a well known paradigm on Unix to have small specialized tools and not to put every thing into one big application. A secure, or well better tempest resistent, viewer should for sure be done as a separate application or as part of a gpg frontend. > I shall not discuss whether TEMPEST attacks, when targeted to CRT or LCD > displays pose a real threat to encryption users (who is the targeting > agent? who are the targeted/chosen users?) because I have no expertise > or even reasonable knowledge of the technological aspects of that issue. See http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.pdf for the theory and examples of tempest attacks. > But if it is, in fact, a viable way to breach confidentiality, it is > possible that GnuPG could consider to include an external secure viewer > program in future developments. As a matter of fact, according to > Werner's email, some work has already been done, and is included in the CVS. Well, there has not been much work done. It was planned for some later GPA releases but development of GPA more or less stopped so we are not quite where we wanted to be a long time ago. A simple text renderer as an alternative to less(1) on X would be useful for quite some applications. IIRC, GNOME has a gless tool which could be enhanced by using filtered fonts. I new text widget for GTK+ is probably the best way to achieve this. Salam-Shalom, Werner From wk at gnupg.org Tue Jun 28 14:52:28 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 28 14:51:09 2005 Subject: "--for-your-eyes-only" In-Reply-To: <200506280916.j5S9G0De018646@vulcan.xs4all.nl> (Johan Wevers's message of "Tue, 28 Jun 2005 11:16:00 +0200 (MET DST)") References: <200506280916.j5S9G0De018646@vulcan.xs4all.nl> Message-ID: <877jgefxtf.fsf@wheatstone.g10code.de> On Tue, 28 Jun 2005 11:16:00 +0200 (MET DST), Johan Wevers said: > Which makes me think... outputting the text to a .jpg (or .gif or .png) > with secure fonts shown in the picture. The picture could then be looked > at in an external vieuwer. That would be completely portable. Actually a neat idea. It could be implemented as a new conversion to netpbm or ImageMagick. There is just one caveat: | Tempest protection by filtered fonts and related techniques are in the | process of being patented internationally. This demonstration font can | be copied and used freely in products for which the source code is | made freely available (see the GNU General Public License for | details). Contact the author for further information if you want to | use this technology in commercial or military products. | | This package is available from | | http://www.cl.cam.ac.uk/~mgk25/st-fonts.zip Where this - but only this - shouldn't be a problem even if the EU continues to ignore the will of its citizens and national parliaments in next week's parliament reading on software patent. Shalom-Salam, Werner From hawke at hawkesnest.net Tue Jun 28 17:35:58 2005 From: hawke at hawkesnest.net (Alex Mauer) Date: Tue Jun 28 17:33:32 2005 Subject: pinpad cardreader; imported smart-card keys In-Reply-To: <8764vzgefd.fsf__21848.2916862287$1119941455$gmane$org@wheatstone.g10code.de> References: <8764vzgefd.fsf__21848.2916862287$1119941455$gmane$org@wheatstone.g10code.de> Message-ID: Werner Koch wrote: > As of now the "may be" means with software supporting it but not with > GnuPG :-(. As I was afraid of; perhaps the howto could be updated to clarify that > > The longer answer is that I have worked on it and added code to the > CCID driver to check this out. How about the SC daemon? > We need to have a mechanism t tell the upper layers that a > pinpad reader is available and that the pinentry shall not be used for > entering the PIN but to display a note saying: Please enter the PIN on > the reader keypad. Would it work to have the PIN entry still display, but if the PIN is entered on the keypad accept that and remove the PIN entry box? > Given the demand of support for the keypad, I will start to work on it > soon. Glad to hear it; thanks! -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 264 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050628/d1aba416/signature-0001.pgp From jharris at widomaker.com Tue Jun 28 20:19:41 2005 From: jharris at widomaker.com (Jason Harris) Date: Tue Jun 28 20:15:39 2005 Subject: HTTP keyserver creation. In-Reply-To: <42C12DE6.6050300@henphyt.yerphi.am> References: <42C12DE6.6050300@henphyt.yerphi.am> Message-ID: <20050628181941.GW356@wilma.widomaker.com> On Tue, Jun 28, 2005 at 04:00:54PM +0500, Victor Harutyunyan wrote: > I have installed gnupg-1.4.1 and apache_1.3.3. > How can I configure HTTP keyserver? Try SKS: http://www.nongnu.org/sks/ (Victor appears to be using Debian; can someone point him to a/the packaged version?) -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 309 bytes Desc: not available Url : /pipermail/attachments/20050628/0ab9d149/attachment.pgp From wk at gnupg.org Tue Jun 28 20:40:48 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 28 20:41:11 2005 Subject: pinpad cardreader; imported smart-card keys In-Reply-To: (Alex Mauer's message of "Tue, 28 Jun 2005 10:35:58 -0500") References: <8764vzgefd.fsf__21848.2916862287$1119941455$gmane$org@wheatstone.g10code.de> Message-ID: <87vf3ycojz.fsf@wheatstone.g10code.de> On Tue, 28 Jun 2005 10:35:58 -0500, Alex Mauer said: > As I was afraid of; perhaps the howto could be updated to clarify that We will do this. >> The longer answer is that I have worked on it and added code to the >> CCID driver to check this out. > How about the SC daemon? Its the same code (source copied). > Would it work to have the PIN entry still display, but if the PIN is > entered on the keypad accept that and remove the PIN entry box? It is not a realy proble, we just need to pass the information to the upper layers. Plain and simple software craft. Salam-Shalom, Werner From km at km-it.de Thu Jun 23 17:40:36 2005 From: km at km-it.de (Konrad Mathieu) Date: Tue Jun 28 21:32:04 2005 Subject: Equivalent to option -f ? Message-ID: <200506231540.j5NFeCGv021356@web.local> Hi, my name is Konrad and I am completely new to this list. I have to adapt a shell script to work with GPG instead of PGP and it contains the -f option for acting like a filter. Actually, the full command is: pgp -f -ea rvsdata How do I make gpg behave exactly the same? Thanks and cheers, Konrad From xuan--2005.06.26--gnupg-users--gnupg.org at baldauf.org Mon Jun 27 01:32:36 2005 From: xuan--2005.06.26--gnupg-users--gnupg.org at baldauf.org (=?ISO-8859-1?Q?Xu=E2n_Baldauf?=) Date: Tue Jun 28 21:32:11 2005 Subject: gpg --symmetric with same passphrases Message-ID: <42BF3B14.2030508@baldauf.org> Hello, is it secure to use for different files, to be encrypted using "gpg --symmetric", the same passphrase? Or does this pose a risk of a cryptographic attack which would not exist if different passphrases were used? Background: There are multiple notebook computers whose each root filesystem is encrypted using dm-crypt. The partition encryption key is is different for each encrypted filesystem and resides as a file on a different filesystem in encrypted form. It is not feasible to store the different encryption keys in one keyring (in order to avoid multiple files encrypted with the same passphrase), because then, copies of that keyring would have to reside on all notebook computers. It is not feasible to use different passphrases, either. Thank you, Xu?n. From kha at treskal.com Tue Jun 28 14:42:03 2005 From: kha at treskal.com (Karl =?iso-8859-1?Q?Hasselstr=F6m?=) Date: Tue Jun 28 21:32:16 2005 Subject: "--for-your-eyes-only" In-Reply-To: <200506281144.j5SBiJU8023573@vulcan.xs4all.nl> References: <42C133DC.3020904@exit109.com> <200506281144.j5SBiJU8023573@vulcan.xs4all.nl> Message-ID: <20050628124203.GA17516@malin> On 2005-06-28 13:44:19 +0200, Johan Wevers wrote: > Jean-David Beyer wrote: > > > I do not see how it would be possible to stop the reader (i.e., > > the person, not the program) from copying and pasting that > > decrypted email; > > It isn't. And if all else fails he can still write it down by hand. If I'm not mistaken, the thing that gpg tries (or will try) to protect against in this case is the cleartext being written to temporary files and such things. That is, protect the user from herself (by making it hard to make mistakes), not protect the cleartext from the user. -- Karl Hasselstr?m, kha@treskal.com www.treskal.com/kalle From wk at gnupg.org Tue Jun 28 22:39:38 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 28 22:36:14 2005 Subject: Equivalent to option -f ? In-Reply-To: <200506231540.j5NFeCGv021356@web.local> (Konrad Mathieu's message of "Thu, 23 Jun 2005 17:40:36 +0200") References: <200506231540.j5NFeCGv021356@web.local> Message-ID: <873br2cj1x.fsf@wheatstone.g10code.de> On Thu, 23 Jun 2005 17:40:36 +0200, Konrad Mathieu said: > I have to adapt a shell script to work with GPG instead of PGP and it contains the -f option for acting like a filter. Actually, There is no need for such an option because gpg, being a good Unix citizen, does this by default. > the full command is: pgp -f -ea rvsdata > How do I make gpg behave exactly the same? Either: gpg -ea Message-ID: <200506282149.j5SLnti9010336@vulcan.xs4all.nl> Werner Koch wrote: >There is just one caveat: [...] >| http://www.cl.cam.ac.uk/~mgk25/st-fonts.zip >Where this - but only this - shouldn't be a problem even if the EU >continues to ignore the will of its citizens and national parliaments >in next week's parliament reading on software patent. I'm affraid I don't understand what you mean (my English might be lacking). Are you saying that my idea to output a picture with tempest-resistant fonts won't couse a problem, or that even if tempest-resistant fonts are patented only the fonts from the above URL can be used for this purpose? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From shatadal at vfemail.net Tue Jun 28 22:03:23 2005 From: shatadal at vfemail.net (Shatadal) Date: Wed Jun 29 01:25:51 2005 Subject: "--for-your-eyes-only" In-Reply-To: <200506281144.j5SBiJU8023573@vulcan.xs4all.nl> References: <200506281144.j5SBiJU8023573@vulcan.xs4all.nl> Message-ID: <42C1AD0B.6040105@vfemail.net> Johan Wevers wrote: > Jean-David Beyer wrote: > > >>I do not see how it would be possible to stop the reader (i.e., the person, >>not the program) from copying and pasting that decrypted email; > > > It isn't. And if all else fails he can still write it down by hand. It's > considerd more like a hint, not as a 100% secure thing. And it might > prevent that decryptd files are on the computer by accident. > > After all, if you mail something secret and the receiver will tell > it further, no encryption protocol is going to protect you against > that. > This may help in IM http://www.cypherpunks.ca/otr/ but the authors put in the caveat that this method may not be feasible for e-mail due to its latency. From wk at gnupg.org Wed Jun 29 08:56:38 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 29 08:56:14 2005 Subject: "--for-your-eyes-only" In-Reply-To: <200506282149.j5SLnti9010336@vulcan.xs4all.nl> (Johan Wevers's message of "Tue, 28 Jun 2005 23:49:54 +0200 (MET DST)") References: <200506282149.j5SLnti9010336@vulcan.xs4all.nl> Message-ID: <87u0jhbqhl.fsf@wheatstone.g10code.de> On Tue, 28 Jun 2005 23:49:54 +0200 (MET DST), Johan Wevers said: > Are you saying that my idea to output a picture with tempest-resistant > fonts won't couse a problem, or that even if tempest-resistant fonts are > patented only the fonts from the above URL can be used for this purpose? In case swpats gets legalized in EU it won't be possible to write free tempest resistant viewers. The exception are viewers available under a copyleft license (like the GPL) using the mentioned specific font. Salam-Shalom, Werner From alex at bofh.net.pl Wed Jun 29 10:55:02 2005 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Wed Jun 29 11:34:49 2005 Subject: "--for-your-eyes-only" In-Reply-To: <42C1114C.6070702@mac.com> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> <42C1114C.6070702@mac.com> Message-ID: <20050629085502.GC24772@syjon.fantastyka.net> On Tue, Jun 28, 2005 at 04:58:52AM -0400, Charly Avital wrote: > > However, GnuPG can call other programs to do other tasks (keyserver > > access programs, JPEG viewers for photo IDs), so it's not impossible > > that GnuPG could call an external secure viewer program. I don't know > > of one offhand though. > > As far as I can remember the evolution of PGP, I think (but I am not > sure) that the concept of a secure viewer is a PGP proprietary function > built-in in their software. Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS. Unless they patented it (sigh) it can be renginered back to the GPG, like Photo-IDs. -- mors ab alto 0x46399138 From wk at gnupg.org Wed Jun 29 16:36:53 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 29 16:36:16 2005 Subject: "--for-your-eyes-only" In-Reply-To: <20050629085502.GC24772@syjon.fantastyka.net> (Janusz A. Urbanowicz's message of "Wed, 29 Jun 2005 10:55:02 +0200") References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> <42C1114C.6070702@mac.com> <20050629085502.GC24772@syjon.fantastyka.net> Message-ID: <87fyv19qm2.fsf@wheatstone.g10code.de> On Wed, 29 Jun 2005 10:55:02 +0200, Janusz A Urbanowicz said: > Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS. Huh, that's new to me. Both versions are pure command line tools without a graphical part. No way to make use fo filtered fonts. I am not sure what kind of software you collect untder the term of FLOSS; if you mean Free Software, PGP has never been Free Software despite what many people claimed. > Unless they patented it (sigh) it can be renginered back to the GPG, like > Photo-IDs. Photo IDs are a feature of PGP6 and now OpenPGP. Salam-Shalom, Werner From alex at bofh.net.pl Wed Jun 29 16:54:39 2005 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Wed Jun 29 16:51:29 2005 Subject: "--for-your-eyes-only" In-Reply-To: <87fyv19qm2.fsf@wheatstone.g10code.de> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> <42C1114C.6070702@mac.com> <20050629085502.GC24772@syjon.fantastyka.net> <87fyv19qm2.fsf@wheatstone.g10code.de> Message-ID: <20050629145439.GF24772@syjon.fantastyka.net> On Wed, Jun 29, 2005 at 04:36:53PM +0200, Werner Koch wrote: > On Wed, 29 Jun 2005 10:55:02 +0200, Janusz A Urbanowicz said: > > > Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS. > > Huh, that's new to me. Both versions are pure command line tools > without a graphical part. No way to make use fo filtered fonts. The aim of the secure viewer then was to make difficult to obtain eyes-only message text as a file or a pipe. It checked if output is a live tty, prevented the plaintext ending on the swap and leaving any temp files. It was really difficult to get eyes-only message in plain file form with it in the way (there was no /dev/vcs etc in the days and it needs root anyway). > I am not sure what kind of software you collect untder the term of > FLOSS; if you mean Free Software, PGP has never been Free Software > despite what many people claimed. Software that was distributed under GPL: pgp 2.3 and 2.3a. And pleaase don't let the discussion slip in legalese tetrapiloctomisation. > > Unless they patented it (sigh) it can be renginered back to the GPG, like > > Photo-IDs. > > Photo IDs are a feature of PGP6 and now OpenPGP. My point exactly, excapt that secure viewer needs not to be defined in the protocol RFC. -- mors ab alto 0x46399138 From oub at mat.ucm.es Wed Jun 29 19:34:26 2005 From: oub at mat.ucm.es (Uwe Brauer) Date: Wed Jun 29 17:34:16 2005 Subject: problems with the mailing list Message-ID: <87fyv1ysm5.fsf@mat.ucm.es> Hello I subscribed yesterday to the list, got the typical welcome msg, but my posting of today got refused, reason being that I am a non member. I am using the gmane fontend in order to communicate with the list. Could anybody tell me what is the reason for this strange behaviour. Thanks Uwe Brauer From shavital at mac.com Wed Jun 29 18:10:45 2005 From: shavital at mac.com (Charly Avital) Date: Wed Jun 29 18:06:56 2005 Subject: "--for-your-eyes-only" In-Reply-To: <87fyv19qm2.fsf@wheatstone.g10code.de> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> <42C1114C.6070702@mac.com> <20050629085502.GC24772@syjon.fantastyka.net> <87fyv19qm2.fsf@wheatstone.g10code.de> Message-ID: <42C2C805.4090107@mac.com> Werner Koch wrote the following on 6/29/05 10:36 AM: > On Wed, 29 Jun 2005 10:55:02 +0200, Janusz A Urbanowicz said: > > >>Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS. > > > Huh, that's new to me. Both versions are pure command line tools > without a graphical part. No way to make use fo filtered fonts. Those two versions, for the Mac, were not pure command line tools. I have no idea what they did for Windows users. Version 2.3 of MacPGP was the first PGP port to the Mac. Not really a Mac application, it worked somehow with a combination of minimalistic GUI and command line essentials. It was a good starting point for Mac users who wanted to learn about PGP. I started with that, and I remember it was nerve-wracking (for me at least). Version 2.6.3x (maybe it was called FatMacPGP 2.6.3, I am not sure) was a quantum leap (sort of): it would run on PowerPC and also on 68020 and 68030 CPUs, and behaved like a real Mac application, with many GUI niceties (or maybe not really a GUI, but some kind of front or shell), but also with an option to use CLI. There was a feature called something like "allow viewing by recipient only", but I don't remember whether it was the secure viewer with TEMPEST resistant fonts, or a warning meant for the recipient that the decrypted message would not be saved into a file, and would only be displayed on the recipient's computer display. The recipient could chose to abide by the warning, or to save the decrypted message using some specific command or option. > > I am not sure what kind of software you collect untder the term of > FLOSS; if you mean Free Software, PGP has never been Free Software > despite what many people claimed. FLOSS = Free Libre Open Source Software. PGP 2.x.x versions were free software (lower case, meaning free of payment); Philip R. Zimmermann made PGP available for free (at the beginning of PGP's career). Whether this qualifies for Free Software (upper case), I don't know. Charly From shavital at mac.com Wed Jun 29 18:24:37 2005 From: shavital at mac.com (Charly Avital) Date: Wed Jun 29 18:20:19 2005 Subject: problems with the mailing list In-Reply-To: <87fyv1ysm5.fsf@mat.ucm.es> References: <87fyv1ysm5.fsf@mat.ucm.es> Message-ID: <42C2CB45.2070209@mac.com> Your quote message got through fine. Are you sure you used the correct e-mail address (i.e. the e-mail address you used to subscribe to the list) when you sent the post that was refused? Your public key AD24CFB593B61FDD displays 4 different UIDs, none of them is identical to oub@mat.ucm.es Charly Uwe Brauer wrote the following on 6/29/05 1:34 PM: > Hello > > I subscribed yesterday to the list, got the typical welcome msg, but > my posting of today got refused, reason being that I am a non > member. I am using the gmane fontend in order to communicate with the > list. Could anybody tell me what is the reason for this strange > behaviour. > > Thanks > > Uwe Brauer From shavital at mac.com Wed Jun 29 18:29:33 2005 From: shavital at mac.com (Charly Avital) Date: Wed Jun 29 18:25:13 2005 Subject: "Out of office" notifications. Message-ID: I have grown tired to receive out office notifications from siering@elpino.de everytime I post to the list. That address is now on my junk list. Charly From wk at gnupg.org Wed Jun 29 19:16:59 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 29 19:16:16 2005 Subject: "--for-your-eyes-only" In-Reply-To: <20050629145439.GF24772@syjon.fantastyka.net> (Janusz A. Urbanowicz's message of "Wed, 29 Jun 2005 16:54:39 +0200") References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> <42C1114C.6070702@mac.com> <20050629085502.GC24772@syjon.fantastyka.net> <87fyv19qm2.fsf@wheatstone.g10code.de> <20050629145439.GF24772@syjon.fantastyka.net> Message-ID: <87acl99j78.fsf@wheatstone.g10code.de> On Wed, 29 Jun 2005 16:54:39 +0200, Janusz A Urbanowicz said: > The aim of the secure viewer then was to make difficult to obtain eyes-only > message text as a file or a pipe. It checked if output is a live tty, Okay, that is something different. I was solely speaking of a tempest resistant viewer - the kind of thing PGP 6 named "secure viewer(/ing mode)". > Software that was distributed under GPL: pgp 2.3 and 2.3a. And pleaase don't That's right. However these are AFAIK the only versions under the GPL without restrictions. The widely used 2.6* versions are under a non free license diasllowing to change certain parts of the software or to distribute only parts of it. > let the discussion slip in legalese tetrapiloctomisation. http://fsfeurope.org/documents/whyfs.html > My point exactly, excapt that secure viewer needs not to be defined in the > protocol RFC. In fact there used to be a long discussion whether to keep the for-your-eyes-only feature in OpenPGP or to drop it. It does not belong into the standard as OpenPGP defines a message format and not an application. Shalom-Salam, Werner From wk at gnupg.org Wed Jun 29 19:36:00 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 29 19:36:16 2005 Subject: "Out of office" notifications. In-Reply-To: (Charly Avital's message of "Wed, 29 Jun 2005 12:29:33 -0400") References: Message-ID: <871x6l9ibj.fsf@wheatstone.g10code.de> On Wed, 29 Jun 2005 12:29:33 -0400, Charly Avital said: > I have grown tired to receive out office notifications from > siering@elpino.de everytime I post to the list. > That address is now on my junk list. I have disabled mail delivery to that account. Salam-Shalom, Werner From oub at mat.ucm.es Thu Jun 30 13:07:11 2005 From: oub at mat.ucm.es (Uwe Brauer) Date: Thu Jun 30 11:03:37 2005 Subject: pgp keys in gnupg: IDEA need for all recipients? Message-ID: <87k6kcf6hs.fsf@mat.ucm.es> Hello Since it seems my original message did not arrive, I resend it and apologise if it has been double posted. As a long term user of pgp.2.6.3 I want to switch to gnupgp, but would prefer to continue using my pgp key. So I looked up the information available in http://www.gnupg.org/gph/en/pgp2x.html and followed the steps indicated. One thing remains unclear to me: it concerns IDEA. As I understand it I have to compile idea.c (and maybe rsa.c or rsaref.c) in order to use my key. However does this mean that _every_ user who will use my public key, should do the *same*? I tried to send myself a message using my imported pgp key, with gnupg. However that failed since the modules have yet not be complied. But that seems to me that every user who want to communicate with me using that public key, should do the same, is this right? (If so I will not use my pgp key since I will expect that most gnupgp users I know are not willing or able to do this compilation.) Thanks Uwe Brauer From mail at mark-kirchner.de Thu Jun 30 11:23:17 2005 From: mail at mark-kirchner.de (Mark Kirchner) Date: Thu Jun 30 11:18:56 2005 Subject: pgp keys in gnupg: IDEA need for all recipients? In-Reply-To: <87k6kcf6hs.fsf@mat.ucm.es> References: <87k6kcf6hs.fsf@mat.ucm.es> Message-ID: <42C3BA05.2050905@mark-kirchner.de> Ugh, apologies for the direct reply to Uwe Brauer instead of the list. Uwe Brauer wrote: > [pgp2.6.3 key & IDEA]. As I understand it I have to compile idea.c > (and maybe rsa.c or rsaref.c) in order to use my key. > > However does this mean that _every_ user who will use my public > key, should do the *same*? Yes, as long as your key requires the use of IDEA-encryption, everybody who's trying to encrypt to you has to use an IDEA-enabled client. In the case og gnupg that means that one has to compile in idea.c or use idea.dll (on windows). Regards, Mark Kirchner From wk at gnupg.org Thu Jun 30 12:35:22 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Jun 30 12:36:15 2005 Subject: pgp keys in gnupg: IDEA need for all recipients? In-Reply-To: <42C3BA05.2050905@mark-kirchner.de> (Mark Kirchner's message of "Thu, 30 Jun 2005 11:23:17 +0200") References: <87k6kcf6hs.fsf@mat.ucm.es> <42C3BA05.2050905@mark-kirchner.de> Message-ID: <87slz06sk5.fsf@wheatstone.g10code.de> On Thu, 30 Jun 2005 11:23:17 +0200, Mark Kirchner said: > Yes, as long as your key requires the use of IDEA-encryption, > everybody who's trying to encrypt to you has to use an IDEA-enabled Nope. IDEA is an optional algorithm in OpenPGP. All OpenPGP compliant applications will use 3DES as the default algorithm if there are no preferences defined. Obviously you can't decrypt archived messages without having IDEA. You better keep an old copy of pgp 2.6 around. When migrating to gpg the best soultion is to set the passphrase to empty using pgp2, export and import the secret key into gpg and set the passphrase again so that it gets protected using a modern algorithm. Shalom-Salam, Werner From alex at bofh.net.pl Thu Jun 30 13:34:21 2005 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Thu Jun 30 13:31:06 2005 Subject: "--for-your-eyes-only" In-Reply-To: <87acl99j78.fsf@wheatstone.g10code.de> References: <129A7D8C-15BA-49F6-B1AD-44923A5CA727@mac.com> <20050627043230.GB12582@jabberwocky.com> <42BF8BBF.30704@mac.com> <20050628031826.GA17400@jabberwocky.com> <42C1114C.6070702@mac.com> <20050629085502.GC24772@syjon.fantastyka.net> <87fyv19qm2.fsf@wheatstone.g10code.de> <20050629145439.GF24772@syjon.fantastyka.net> <87acl99j78.fsf@wheatstone.g10code.de> Message-ID: <20050630113421.GE470@syjon.fantastyka.net> On Wed, Jun 29, 2005 at 07:16:59PM +0200, Werner Koch wrote: > On Wed, 29 Jun 2005 16:54:39 +0200, Janusz A Urbanowicz said: > > > The aim of the secure viewer then was to make difficult to obtain eyes-only > > message text as a file or a pipe. It checked if output is a live tty, > > Okay, that is something different. I was solely speaking of a tempest > resistant viewer - the kind of thing PGP 6 named "secure viewer(/ing > mode)". Yes, but if the threat model involves TEMPEST, should it also involve TEMPEST from optical wavelenghts (reflected light)? -- mors ab alto 0x46399138 From mail at mark-kirchner.de Thu Jun 30 14:08:05 2005 From: mail at mark-kirchner.de (Mark Kirchner) Date: Thu Jun 30 14:03:42 2005 Subject: pgp keys in gnupg: IDEA need for all recipients? In-Reply-To: <87slz06sk5.fsf@wheatstone.g10code.de> References: <87k6kcf6hs.fsf@mat.ucm.es> <42C3BA05.2050905@mark-kirchner.de> <87slz06sk5.fsf@wheatstone.g10code.de> Message-ID: <42C3E0A5.8050209@mark-kirchner.de> Werner Koch wrote: >>Yes, as long as your key requires the use of IDEA-encryption, >>everybody who's trying to encrypt to you has to use an IDEA-enabled > > Nope. IDEA is an optional algorithm in OpenPGP. All OpenPGP > compliant applications will use 3DES as the default algorithm if there > are no preferences defined. Right, seems I keep forgetting that. Sorry, my bad. Regards, Mark From kage at vego.no Thu Jun 30 21:31:03 2005 From: kage at vego.no (KG) Date: Thu Jun 30 22:04:01 2005 Subject: invalid packet (corrupt file?) Message-ID: <20050630193013.PKMA11566.amsfep12-int.chello.nl@kh10b9ysyr0tzg> I'm trying to decrypt a symmetrically encrypted file, but get the following error message(s): C:\gpg\gpg>gpg -v -o c:\out.bkf -d d:\data.bkf.gpg gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase gpg: original file name='data.bkf' gpg: [don't know]: invalid packet (ctb=63) gpg: [don't know]: invalid packet (ctb=66) gpg: WARNING: message was not integrity protected gpg: [don't know]: invalid packet (ctb=37) The outfile is written, but only partially. Does this simply mean that the .gpg file is corrupt and that the archive can not be recovered? It has been burned on a dvdrom, and I had some issues getting a 3GB+ file burned. This is gnupg 1.4.0 running on Windows XP The error messages aren't all that informative, not even in verbose mode. Thanks for all help! KG From DBSMITH at OhioHealth.com Thu Jun 30 23:22:32 2005 From: DBSMITH at OhioHealth.com (DBSMITH@OhioHealth.com) Date: Thu Jun 30 23:18:12 2005 Subject: automating signing of keys Message-ID: gpg users: I am running gpg 1.2.1 on AIX 5.2 I saw on the archive list ( http://marc.theaimsgroup.com/?t=105352149400003&r=1&w=2) for automating key signing after an expiration of an individual key: gpg - -command-fd 0 - -status-fd 2 [...] but what is the full functional string: I tried gpg - -options "file" - -command-fd 0 - -status-fd 2 - -sign-key talx and it returned: [GNUPG:] GET_LINE sign_uid.expire I then exited and got a return code of 130 after typing echo $? please help! thank you, derek Derek B. Smith OhioHealth IT UNIX / TSM / EDM Teams 614-566-4145 From kage at vego.no Thu Jun 30 12:03:23 2005 From: kage at vego.no (kage@vego.no) Date: Sun Jul 3 16:51:05 2005 Subject: invalid packet (corrupt file?) Message-ID: <20050630120323.vrlgbjhen3swc04g@www.vego.no> I'm trying to decrypt a symmetrically encrypted file, but get the following error message(s): C:\gpg\gpg>gpg -v -o c:\out.bkf -d d:\data.bkf.gpg gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase gpg: original file name='data.bkf' gpg: [don't know]: invalid packet (ctb=63) gpg: [don't know]: invalid packet (ctb=66) gpg: WARNING: message was not integrity protected gpg: [don't know]: invalid packet (ctb=37) The outfile is written, but only partially. Does this simply mean that the .gpg file is corrupt and that the archive can not be recovered? It has been burned on a dvdrom, and I had some issues getting a 3GB+ file burned. This is gnupg 1.4.0 running on Windows XP The error messages aren't all that informative, not even in verbose mode. Thanks for all help! KG From peter at palfrader.org Wed Jun 29 17:19:57 2005 From: peter at palfrader.org (Peter Palfrader) Date: Mon Jul 4 10:39:23 2005 Subject: [Sks-devel] Re: HTTP keyserver creation. In-Reply-To: <20050628181941.GW356@wilma.widomaker.com> References: <42C12DE6.6050300@henphyt.yerphi.am> <20050628181941.GW356@wilma.widomaker.com> Message-ID: <20050629151957.GM28176@opium.palfrader.org> On Tue, 28 Jun 2005, Jason Harris wrote: > On Tue, Jun 28, 2005 at 04:00:54PM +0500, Victor Harutyunyan wrote: > > > I have installed gnupg-1.4.1 and apache_1.3.3. > > How can I configure HTTP keyserver? > > Try SKS: > > http://www.nongnu.org/sks/ > > (Victor appears to be using Debian; can someone point him to a/the > packaged version?) There's a source package at https://svn.clearairturbulence.org/debian-sks/trunk/sks you can get it with svn co https://svn.clearairturbulence.org/debian-sks/trunk/sks (apt-get install subversion first) It should build on sarge once you have all the build dependencies installed, but I haven't tried in a while. Let me know if there are any problems. -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/