Gnupg-users Digest, Vol 25, Issue 16

Zhou, Mike MZhou at usg.com
Tue Oct 18 16:33:11 CEST 2005


Can GnuPG import X.509 certificate/pubkey ?

Thanks
Mike Zhou

-----Original Message-----
From: gnupg-users-bounces+mzhou=usg.com at gnupg.org
[mailto:gnupg-users-bounces+mzhou=usg.com at gnupg.org] On Behalf Of
gnupg-users-request at gnupg.org
Sent: Tuesday, October 18, 2005 2:55 AM
To: gnupg-users at gnupg.org
Subject: Gnupg-users Digest, Vol 25, Issue 16


Send Gnupg-users mailing list submissions to
	gnupg-users at gnupg.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.gnupg.org/mailman/listinfo/gnupg-users
or, via email, send a message with subject or body 'help' to
	gnupg-users-request at gnupg.org

You can reach the person managing the list at
	gnupg-users-owner at gnupg.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Gnupg-users digest..."


Today's Topics:

   1. Re: Bogus Key on Keyservers (Nicholas Cole)
   2. Re: Bogus Key on Keyservers (Tad Marko)
   3. Re: Bogus Key on Keyservers (John W. Moore III)
   4. new (2005-10-16) keyanalyze results (+sigcheck) (Jason Harris)
   5. gpg not running in shell script.  Need Help
      (Kanakadandila,	Sivaramakrishna (GE Consumer & Industrial))
   6. Make GnuPG create files with .pgp extension
      (Ismael Valladolid Torres)
   7. Modifying an uid, can it be done? (Ismael Valladolid Torres)
   8. Re: Modifying an uid, can it be done? (Erwan David)
   9. Emacs interface to gpg (Patrik Jonsson)
  10. Encrypt from memory to disc? (Steve Leibel)


----------------------------------------------------------------------

Message: 1
Date: Sun, 16 Oct 2005 18:09:27 +0100 (BST)
From: Nicholas Cole <npcole at yahoo.co.uk>
Subject: Re: Bogus Key on Keyservers
To: gnupg-users at gnupg.org
Message-ID: <20051016170927.17322.qmail at web25407.mail.ukl.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1


--- Tad Marko <tad at tadland.net> wrote:


> > You can't. That's like asking how you can stop
> other people from
> > printing out badges that say "I am Tad Marko" and
> pinning them to their
> > shirts.
> 
> I'm not asking for that. I want them to not say that
> a given key goes
> to tad at tadland.net.
> 
> > Besides, if you could do that, what would stop
> someone else from
> > deleting YOUR key off of the keyserver or flagging
> THEIR key as the real
> > Tad Marko?
> 
> An email verification step?


The problem is, that IF the email infrastructure was
secure enough to be trusted, there would be no need
for pgp/gpg/smime at all.  An email verification step
is not, and cannot be, 100% secure.  

Of course, in many cases, email is not re-routed,
server admins can be trusted, email systems are not
broken in to - to the extent that email without
additional security is largely trusted as "good
enough".

But, in fact, if someone is willing to forge a key
with your name on, it is probably one of those times
that email may well not be "good enough".  Hence the
need to rely on key fingerprints, not on the email
system.

Best, 

Nicholas


		
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new
Yahoo! Security Centre. http://uk.security.yahoo.com



------------------------------

Message: 2
Date: Sun, 16 Oct 2005 15:25:50 -0500
From: Tad Marko <tad at tadland.net>
Subject: Re: Bogus Key on Keyservers
To: gnupg-users at gnupg.org
Message-ID: <20051016202550.GA23826 at www.tadland.net>
Content-Type: text/plain; charset=us-ascii

On Sun, Oct 16, 2005 at 06:09:27PM +0100, Nicholas Cole wrote:
> 
> --- Tad Marko <tad at tadland.net> wrote:
> > An email verification step?
> 
> 
> The problem is, that IF the email infrastructure was
> secure enough to be trusted, there would be no need
> for pgp/gpg/smime at all.  An email verification step
> is not, and cannot be, 100% secure.
> 
> Of course, in many cases, email is not re-routed,
> server admins can be trusted, email systems are not
> broken in to - to the extent that email without
> additional security is largely trusted as "good
> enough".
> 
> But, in fact, if someone is willing to forge a key
> with your name on, it is probably one of those times
> that email may well not be "good enough".  Hence the
> need to rely on key fingerprints, not on the email
> system.
> 
> Best,
> 
> Nicholas

Right, which is the reason for the continued need to let people know
your key signature via a trusted means. But, if someone was wanting to
hassle you by creating scads of bogus keys on keyservers, it still makes
it that much more difficult for people to obtain the correct key.

If someone were more sophisticated, as you suggest, it seems that it is
even more imperative for someone to be able to get the bogus keys out of
view.

Tad



------------------------------

Message: 3
Date: Sun, 16 Oct 2005 16:37:09 -0400
From: "John W. Moore III" <johnmoore3rd at joimail.com>
Subject: Re: Bogus Key on Keyservers
To: Tad Marko <tad at tadland.net>
Cc: GnuPG Users List <gnupg-users at gnupg.org>
Message-ID: <4352B9F5.2090309 at joimail.com>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tad Marko wrote:

> Right, which is the reason for the continued need to let people know 
> your key signature via a trusted means. But, if someone was wanting to

> hassle you by creating scads of bogus keys on keyservers, it still 
> makes it that much more difficult for people to obtain the correct 
> key.
> 
> If someone were more sophisticated, as you suggest, it seems that it 
> is even more imperative for someone to be able to get the bogus keys 
> out of view.

Why not just list your Key on Big Lumber and direct folks there to
retrieve your Key?  You can place the link to "your" Key in a Comment
Line and then they will only be directed to your "official" Key.  This
way, only You can make alterations to your Key.

JOHN :)
Timestamp: Sunday 16 Oct 2005, 04:36 PM --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJDUrnyAAoJEBCGy9eAtCsPHhUH/2OuqveAO+c3mAtyOE/tE6Mt
DJVhozjAmX7AvbIAk3WnyLXoRDzoCZM+ixllFkumgtVGYLTLRNt9OlGyXhNNYqZr
Nvj8So4qresXlxMsAafyhaz8wFTRWvNNDeH0IBw6sWwVIxqJv5A0q7ZafLMKXBoZ
vysRUN2DJqBGGkqFATMuE4v6IbjYTQI+3Nv0IE51awWR8LvimosWBOuhvRZaRJf/
Q4Cmva5AFEcZX0otSGHo3DLwG7Z8l84U21+q74XqgGd7UKgDepunpa3gRVGQYmk0
uZFhSyUQsgxCmH/dpnWickJsYMcgvXoINqvMgbclPVi+6KCp4W1GqI3OQIRksZY=
=fbXd
-----END PGP SIGNATURE-----



------------------------------

Message: 4
Date: Sun, 16 Oct 2005 18:54:33 -0400
From: Jason Harris <jharris at widomaker.com>
Subject: new (2005-10-16) keyanalyze results (+sigcheck)
To: keyanalyze-discuss at dtype.org, keysignings at alt.org,
	pgp-keyserver-folk at kjsl.com, gnupg-users at gnupg.org,
	biglumber-news at biglumber.com
Cc: Jason Harris <jharris at widomaker.com>
Message-ID: <20051016225433.GA1686 at wilma.widomaker.com>
Content-Type: text/plain; charset="us-ascii"


New keyanalyze results are available at:

  http://keyserver.kjsl.com/~jharris/ka/2005-10-16/

Signatures are now being checked using keyanalyze+sigcheck:

  http://dtype.org/~aaronl/

Earlier reports are also available, for comparison:

  http://keyserver.kjsl.com/~jharris/ka/

Even earlier monthly reports are at:

  http://dtype.org/keyanalyze/

SHA-1 hashes and sizes for all the "permanent" files:

0c24fc1a8f0460a684adead03c4a7d75f6ab05d6        12961044
preprocess.keys
a81756c80b2e8e1ca4707cae5ec1cb110e766a6a        7879988 othersets.txt
471a94cc551df864f336f07f7f9302b11bf47480        3209328 msd-sorted.txt

a751f9d5477744a4f5e5ce6ebad6a60908e317ee        1372    index.html
dd753055135324a3a3e3a044f90cd5086a161855        2291    keyring_stats
04c604743a47b6df1a86993007d73e4bc65aa25c        1261656
msd-sorted.txt.bz2
3af077d39605ed6104ca445d9f4e4dcf8ba68662        26      other.txt
e427f66b822bda6ef2ee0e096bbd965a14901726        1703033
othersets.txt.bz2
9f3af8a41d66cd99749fd5791dab4336af6e255e        5242735
preprocess.keys.bz2
e08590542b279056a050a76e2a1db66b14e6f9ee        13357   status.txt
6c554b4ed39106b25fe6e88defff550ed1db7e08        210178
top1000table.html
d52e1c405cb167e970f4475a4b9b9a9babd5b0ef        30228
top1000table.html.gz
a54f6dd2ea497b7a0b5bad758c1e0a8a1d762e76        10778   top50table.html
40b84290946d44d87126d31075da13027fe72b80        2534    D3/D39DA0E3

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't
it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20051016/992cb840/attachment-0001.pgp

------------------------------

Message: 5
Date: Mon, 17 Oct 2005 10:34:13 +0530
From: "Kanakadandila,	Sivaramakrishna \(GE Consumer & Industrial\)"
	<S.Krishna at ge.com>
Subject: gpg not running in shell script.  Need Help
To: <gnupg-users at gnupg.org>
Message-ID:
	
<F3271236DC877443A030EABDADD4DFB702717B39 at HYDMLVEM01.e2k.ad.ge.com>
Content-Type: text/plain;	charset="iso-8859-1"


Hi

I need help in running gpg command through shell script in Informatica.

This is what I tried

I have a shell script which will decrypt the file. It is running fine
when I ran the same script from $ prompt in Unix. The same is not
running when I ran through Informatica as a command. I also initialized
the PATH session in the script. But nothing is working.

Am I missing any thing? Appreciate any help.

Siva

Shell Script content

#!/bin/ksh
. /home/apinf/.profile

PATH=$PATH:/pwrctr/siva/ ; export PATH

DIR=/pwrctr/siva/

cd $DIR

echo "Decrypt Started"

echo "Password" | gpg -v --passphrase-fd 0 /pwrctr/siva/GEINDSYS.cyc.pgp


echo "Decrypt Successful"








------------------------------

Message: 6
Date: Mon, 17 Oct 2005 15:47:11 +0200
From: Ismael Valladolid Torres <ismaeval at free.fr>
Subject: Make GnuPG create files with .pgp extension
To: gnupg-users at gnupg.org
Message-ID: <4353AB5F.2090509 at free.fr>
Content-Type: text/plain; charset=us-ascii

Most often, recipients of my encrypted files are users of legacy PGP
versions. So I use to rename my .gpg files to .pgp so they can access
them directly with their PGP shell extensions.

Is there any way to make GnuPG to create files directly with the .pgp
extension without specifying the complete expected file name using the
-o option?

Cordially, Ismael
-- 
http://lamediahostia.blogspot.com/



------------------------------

Message: 7
Date: Mon, 17 Oct 2005 16:27:42 +0200
From: Ismael Valladolid Torres <ismaeval at free.fr>
Subject: Modifying an uid, can it be done?
To: gnupg-users at gnupg.org
Message-ID: <4353B4DE.8050707 at free.fr>
Content-Type: text/plain; charset=us-ascii

I edit my own public key:

$ gpg --edit-key ismael
gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under certain conditions. See the
file COPYING for details.

Secret key is available.

pub  1024D/DE721AF4  created: 2005-06-20  expires: never       usage: CS
                     trust: ultimate      validity: ultimate
sub  2048g/689908B7  created: 2005-06-20  expires: never       usage: E
[ultimate] (1). Ismael Valladolid <i.valladolid at oberthurcs.com>

I'd like to edit my uid, adding my second surname and setting the
company I work for as a comment. However I don't know how to modify an
existing uid. Can it be done? If so, how? If not posible, why not?

Of course I can add new uids using the adduid command:

[ultimate] (1)  Ismael Valladolid <i.valladolid at oberthurcs.com> [
unknown] (2)  Ismael Valladolid Torres (Oberthur Card Systems)
<i.valladolid at oberthurcs.com> [ unknown] (3). Ismael Valladolid Torres
<ismaeval at free.fr>

Looks like it would be enough deleting uid 1 and setting uid 2 and
primary, then it would "look like" I had edited the first uid. However
in that case I lose the "ultimate" tag to the left of the primary key.
What does this tag mean here? Which way to have this tag for the new
uids created?

Cordially, Ismael
-- 
http://lamediahostia.blogspot.com/



------------------------------

Message: 8
Date: Mon, 17 Oct 2005 20:09:25 +0200
From: Erwan David <erwan at rail.eu.org>
Subject: Re: Modifying an uid, can it be done?
To: gnupg-users at gnupg.org
Message-ID: <20051017180925.GB3969 at ratagaz.local>
Content-Type: text/plain; charset=us-ascii

Le Mon 17/10/2005, Ismael Valladolid Torres disait

> Looks like it would be enough deleting uid 1 and setting uid 2 and 
> primary, then it would "look like" I had edited the first uid. However

> in that case I lose the "ultimate" tag to the left of the primary key.

> What does this tag mean here? Which way to have this tag for the new 
> uids created?

You cannot modify uids (they are signed, if you change them, you break
them). However you can add the new uid, revoke the old one and change
the "default" uid with gpg --edit-key


-- 
Erwan



------------------------------

Message: 9
Date: Mon, 17 Oct 2005 14:11:36 -0700
From: Patrik Jonsson <patrik at ucolick.org>
Subject: Emacs interface to gpg
To: gnupg-users at gnupg.org
Message-ID: <43541388.4050606 at ucolick.org>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

I just started using gpg and was looking around for an emacs mode to
encrypt/decrypt files during load and save.  There are a few vague
references to crypt++, but they are all stale web sites and messages
from years ago.  I finally managed to locate something that looked like
the crypt++ web site, which had a notice that development on crypt++ had
ceased and that instead crypt.el from xemacs should be used.  However, I
downloaded the current version of xemacs and found no crypt.el.

Can anyone tell me what's going on with this?  It seems like such an
OBVIOUS thing that I'm really surprised, given that people have written
emacs modes for every conceivable and inconceivable need, it's so hard
to find information.

Thanks,

/Patrik Jonsson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDVBOIT+KvsdUW5p8RAgE6AJ0QaJlAjpwP1tw354zVPiCUaz+zhgCgg8f0
n7b+7xz9edesbIK6z/90KU4=
=0fQV
-----END PGP SIGNATURE-----



------------------------------

Message: 10
Date: Mon, 17 Oct 2005 21:55:57 -0700
From: Steve Leibel <stevel at bluetuna.com>
Subject: Encrypt from memory to disc?
To: gnupg-users at gnupg.org
Message-ID: <p06200722bf7a304b14a6@[192.168.100.30]>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

I have an application where I have data in memory that needs to be 
encrypted without ever being written to disc, even temporarily.

Using PGP I can run "pgp -feat" and then pipe the data to the pgp 
process. That works very well.

I have to do the same thing for GPG, but I can't figure out how to 
send data to GPG directly from memory.

Any suggestions greatly appreciated.



------------------------------

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


End of Gnupg-users Digest, Vol 25, Issue 16
*******************************************



More information about the Gnupg-users mailing list