From alphasigmax at gmail.com Tue May 2 18:15:15 2006 From: alphasigmax at gmail.com (Alphax) Date: Tue May 2 18:15:58 2006 Subject: Retrieving keys via v3 fingerprint Message-ID: <44578593.2070404@gmail.com> How does one get keys from a keyserver when only the v3 fingerprint is known? I recovered the fingerprints from a trustdb (they had 00000000 appended), but I can't work out how to get them off a keyserver... -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060503/d4f63f43/signature.pgp From dshaw at jabberwocky.com Tue May 2 18:50:19 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue May 2 18:49:29 2006 Subject: Retrieving keys via v3 fingerprint In-Reply-To: <44578593.2070404@gmail.com> References: <44578593.2070404@gmail.com> Message-ID: <20060502165019.GA12448@jabberwocky.com> On Wed, May 03, 2006 at 01:45:15AM +0930, Alphax wrote: > How does one get keys from a keyserver when only the v3 fingerprint is > known? I recovered the fingerprints from a trustdb (they had 00000000 > appended), but I can't work out how to get them off a keyserver... You can't. It would require the keyserver to be able to retrieve by v3 fingerprint and none can. David From wk at gnupg.org Tue May 2 19:35:38 2006 From: wk at gnupg.org (Werner Koch) Date: Tue May 2 19:41:23 2006 Subject: card inactive In-Reply-To: <200604301608.16577.adi-lists@koalatux.ch> (Adrian Friedli's message of "Sun, 30 Apr 2006 16:08:07 +0200") References: <200604301608.16577.adi-lists@koalatux.ch> Message-ID: <871wvcmis5.fsf@wheatstone.g10code.de> On Sun, 30 Apr 2006 16:08:07 +0200, Adrian Friedli said: > $ gpg -v --card-status > gpg: reader slot 0: using ccid driver > gpg: apdu_send_simple(0) failed: card inactive Please run with gpg --debug 2048 --debug-ccid-driver -v --card-status It is likely that the card is indeed broken. Shalom-Salam, Werner From mlisten at hammernoch.net Tue May 2 19:44:53 2006 From: mlisten at hammernoch.net (=?ISO-8859-15?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Tue May 2 19:43:49 2006 Subject: Retrieving keys via v3 fingerprint In-Reply-To: <44578593.2070404@gmail.com> References: <44578593.2070404@gmail.com> Message-ID: <44579A95.9000102@hammernoch.net> Hi, On 02.05.2006 18:15 Uhr, Alphax wrote: > How does one get keys from a keyserver when only the v3 fingerprint is > known? I recovered the fingerprints from a trustdb (they had 00000000 > appended), but I can't work out how to get them off a keyserver... The last 4 bytes of the fingerprint are identical to the key ID for V3 keys. Ludwig From fmadeira at gmail.com Tue May 2 18:18:08 2006 From: fmadeira at gmail.com (Frederico Madeira) Date: Tue May 2 19:55:59 2006 Subject: Export Private Key Message-ID: <1146586689.2904.20.camel@madeira.no-ip.com> How i export my primate key to another computer ?? Fred From dshaw at jabberwocky.com Tue May 2 20:10:44 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue May 2 20:09:45 2006 Subject: Export Private Key In-Reply-To: <1146586689.2904.20.camel@madeira.no-ip.com> References: <1146586689.2904.20.camel@madeira.no-ip.com> Message-ID: <20060502181044.GA12506@jabberwocky.com> On Tue, May 02, 2006 at 01:18:08PM -0300, Frederico Madeira wrote: > How i export my primate key to another computer ?? gpg --export-secret-key (the key) > thefile.sec (copy the file over) gpg --import thefile.sec David From dshaw at jabberwocky.com Tue May 2 20:11:13 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue May 2 20:10:16 2006 Subject: Retrieving keys via v3 fingerprint In-Reply-To: <44579A95.9000102@hammernoch.net> References: <44578593.2070404@gmail.com> <44579A95.9000102@hammernoch.net> Message-ID: <20060502181113.GB12506@jabberwocky.com> On Tue, May 02, 2006 at 07:44:53PM +0200, Ludwig H?gelsch?fer wrote: > Hi, > > On 02.05.2006 18:15 Uhr, Alphax wrote: > > How does one get keys from a keyserver when only the v3 fingerprint is > > known? I recovered the fingerprints from a trustdb (they had 00000000 > > appended), but I can't work out how to get them off a keyserver... > > The last 4 bytes of the fingerprint are identical to the key ID for V3 keys. No, they are not. That's V4 keys. David From mlisten at hammernoch.net Tue May 2 21:11:14 2006 From: mlisten at hammernoch.net (=?ISO-8859-15?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Tue May 2 21:10:13 2006 Subject: Retrieving keys via v3 fingerprint In-Reply-To: <20060502181113.GB12506@jabberwocky.com> References: <44578593.2070404@gmail.com> <44579A95.9000102@hammernoch.net> <20060502181113.GB12506@jabberwocky.com> Message-ID: <4457AED2.4050908@hammernoch.net> Hi, On 02.05.2006 20:11 Uhr, David Shaw wrote: > On Tue, May 02, 2006 at 07:44:53PM +0200, Ludwig H?gelsch?fer wrote: > >> The last 4 bytes of the fingerprint are identical to the key ID for V3 keys. > > No, they are not. That's V4 keys. I always mix V3 and V4 up... Sorry. Ludwig From adi-lists at koalatux.ch Wed May 3 00:27:18 2006 From: adi-lists at koalatux.ch (Adrian Friedli) Date: Wed May 3 00:26:25 2006 Subject: card inactive In-Reply-To: <871wvcmis5.fsf@wheatstone.g10code.de> References: <200604301608.16577.adi-lists@koalatux.ch> <871wvcmis5.fsf@wheatstone.g10code.de> Message-ID: <200605030027.33266.adi-lists@koalatux.ch> Hi Am Dienstag, 2. Mai 2006 19:35 schrieb Werner Koch: > Please run with > > ? gpg --debug 2048 --debug-ccid-driver -v --card-status $ gpg --debug 2048 --debug-ccid-driver -v --card-status gpg: reading options from `/home/adi/.gnupg/gpg.conf' gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:6010146e:0) gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0518 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 1 5.0V gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4000 gpg: DBG: ccid-driver: dwMaxiumumClock 12000 gpg: DBG: ccid-driver: bNumClockSupported 0 gpg: DBG: ccid-driver: dwDataRate 9600 bps gpg: DBG: ccid-driver: dwMaxDataRate 307200 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 0 gpg: DBG: ccid-driver: dwMaxIFSD 252 gpg: DBG: ccid-driver: dwSyncProtocols 00000000 gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000100BA gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto voltage selection gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: TPDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 263 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable gpg: DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT gpg: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN gpg: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN gpg: DBG: ccid-driver: status: 41 error: FE octet[9]: 00 data: gpg: DBG: ccid-driver: CCID command failed: CCID timed out while talking to the ICC gpg: reader slot 0: using ccid driver gpg: DBG: send apdu: c=00 i=A4 p0=04 p1=00 lc=6 le=-1 gpg: DBG: ccid-driver: status: 41 error: FE octet[9]: 00 data: gpg: DBG: ccid-driver: CCID command failed: CCID timed out while talking to the ICC gpg: apdu_send_simple(0) failed: card inactive gpg: DBG: ccid-driver: status: 01 error: 00 octet[9]: 01 data: gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0518 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 1 5.0V gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4000 gpg: DBG: ccid-driver: dwMaxiumumClock 12000 gpg: DBG: ccid-driver: bNumClockSupported 0 gpg: DBG: ccid-driver: dwDataRate 9600 bps gpg: DBG: ccid-driver: dwMaxDataRate 307200 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 0 gpg: DBG: ccid-driver: dwMaxIFSD 252 gpg: DBG: ccid-driver: dwSyncProtocols 00000000 gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000100BA gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto voltage selection gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: TPDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 263 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 Please insert the card and hit return or enter 'c' to cancel: c gpg: selecting openpgp failed: general error gpg: OpenPGP card not available: general error secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 mhh... that doesn't say anything to me :-( Greets Adrian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060503/ec60af21/attachment-0001.pgp From alphasigmax at gmail.com Wed May 3 10:29:52 2006 From: alphasigmax at gmail.com (Alphax) Date: Wed May 3 10:30:37 2006 Subject: Retrieving keys via v3 fingerprint In-Reply-To: <20060502165019.GA12448@jabberwocky.com> References: <44578593.2070404@gmail.com> <20060502165019.GA12448@jabberwocky.com> Message-ID: <44586A00.8040103@gmail.com> David Shaw wrote: > On Wed, May 03, 2006 at 01:45:15AM +0930, Alphax wrote: >> How does one get keys from a keyserver when only the v3 fingerprint is >> known? I recovered the fingerprints from a trustdb (they had 00000000 >> appended), but I can't work out how to get them off a keyserver... > > You can't. It would require the keyserver to be able to retrieve by > v3 fingerprint and none can. > So, why does GPG store trustdb entries in this manner? I had a situation where my keyring died, but my trustdb was intact... is there no way to recover those keys? I still have the old keyring... -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060503/4eeb34a8/signature.pgp From dshaw at jabberwocky.com Wed May 3 14:33:12 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed May 3 14:32:41 2006 Subject: Retrieving keys via v3 fingerprint In-Reply-To: <44586A00.8040103@gmail.com> References: <44578593.2070404@gmail.com> <20060502165019.GA12448@jabberwocky.com> <44586A00.8040103@gmail.com> Message-ID: <20060503123312.GA13513@jabberwocky.com> On Wed, May 03, 2006 at 05:59:52PM +0930, Alphax wrote: > David Shaw wrote: > > On Wed, May 03, 2006 at 01:45:15AM +0930, Alphax wrote: > >> How does one get keys from a keyserver when only the v3 fingerprint is > >> known? I recovered the fingerprints from a trustdb (they had 00000000 > >> appended), but I can't work out how to get them off a keyserver... > > > > You can't. It would require the keyserver to be able to retrieve by > > v3 fingerprint and none can. > > > > So, why does GPG store trustdb entries in this manner? How GPG stores internal trust data and what keyservers support have nothing to do with each other. > I had a situation where my keyring died, but my trustdb was > intact... is there no way to recover those keys? I still have the > old keyring... Work on the keyring with --list-packets? It depends what you mean by "died". David From hhhobbit7 at netscape.net Wed May 3 16:01:35 2006 From: hhhobbit7 at netscape.net (Henry Hertz Hobbit) Date: Wed May 3 16:01:25 2006 Subject: USB Drive Use Message-ID: <00559C97.3995336C.0307202B@netscape.net> >Sarixe Avaliesz wrote: >> John W. Moore III wrote: >>> If you mean GPG then Yes there is. Check out GPG 2 GO on my Homepage: >>> >>> http://tinyurl.com/9ubue >>> >>> JOHN :-D >>> Timestamp: Wednesday 26 Apr 2006, 18:54 --400 (Eastern Daylight Time) >> No, I mean GPA. I already have successfully installed GPG on my USB >> device. It's GPA (GNU Privacy Assistant). Actually, It doesn't need to >> be GPA, I'm just looking for a portable frontend to GPG that I can >> install on the USB device and use on multiple computers. One of these >> computers has the users configured in such a way that the privileges are >> very limited, thus I can't have anything with a registry value, etc. >> Any suggestions? > >For a multi-environment setup, the Java-based Occulti suite >(http://sourceforge.net/projects/occulti) might be an option. Of course, >it's still in beta, and I've never used it, and I have no idea if it >would work on a USB device, but it's worth a try... I think you are asking for something that can't be done. I don't mean the USB drive - I mean the registry. As much as you would like to think that you don't have registry settings, you do! For almost program you need TWO: 1. For the program itself, registry entries need to be entered into the HKEY_LOCAL_MACHINE area. There is no way around that. If you don't want a GUI program but something that runs in a cmd.exe window then that may be possible. Even though you don't have a lot of access rights, I think the Administrator shouldn't have any problems with installing WinPT on the machines that you use: http://www.winpt.org It (and GnuPG of course) will need to be installed on every machine you intend to use. 2. You DO have your own registry settings. They are stored in the HKEY_CURRENT_USER area, and each user has their own area. In fact, this is ONE of the reasons that scanning for spies in the registry is so difficult. Even if I am an administrator I cannot see your registry area when I am scanning with Spybot Search & Destroy, Ad-Aware, or other AntiSpy tools. That means scans must be done for each and every user that uses the system - yeah, dumb but necessary. Now having said that, I really think you need to twist their arm to put WinPT on. You will just have to search for the WinPT and GnuPG entries in the registry and find the ones in the HKEY_CURRENT_USER area (YOURS, not the APPS), and instead of having them point to your folder in the Documents and Settings (should have been just People), point them over to the USB drive. E.G.: [HKEY_CURRENT_USER\Software\GNU\GNUPG] "HomeDir"="C:\\Documents and Settings\\hhhobbit\\Application Data\\GnuPG" "gpgProgram"="C:\\Program Files\\GnuPG\\gpg.exe" "OptFile"="C:\\Documents and Settings\\hhhobbit\\Application Data\\GnuPG\\gpg.conf" becomes (assuming your USB drive is F:) : [HKEY_CURRENT_USER\Software\GNU\GNUPG] "HomeDir"="F:\\hhhobbit\\GnuPG" "gpgProgram"="C:\\Program Files\\GnuPG\\gpg.exe" "OptFile"="F:\\hhhobbit\\GnuPG\\gpg.conf" and just move the files there on the USB drive (in my case into the F:\hhhobbit\GnuPG folder). Actually, it sounds like they have already installed GnuPG, so why is it a hassle for them to also install WinPT? In addition to WinPT and GnuPG registry entries you may have some Mingw32 registry entries, but all of those will probably NOT need to be changed. Now with that information you can see that it is possible with almost ALL of the front ends if you can alter the registry entries THAT ARE YOURS. I don't think that it is an unreasonable request. If they are competent SysAdmins that you are working with it should be entirely possible. I can highly recommend WinPT because you can even handle encrypted mail using a browser if necessary. HHH __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp From benjamin at py-soft.co.uk Wed May 3 16:13:07 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed May 3 16:12:40 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' In-Reply-To: <4455219B.9020903@mac.com> References: <444E029A.5030202@mac.com> <4454FBAE.5040007@py-soft.co.uk> <4455219B.9020903@mac.com> Message-ID: <4458BA73.8010608@py-soft.co.uk> Charly Avital wrote: > I very much doubt I'll be able to do what you did. I'll try. > If I don't succeed, I'll e-mail you again a week or so from now, > thanking you in advance for your assistance. That's the job interview out of the way... Now, did you have any luck? I seem to recall having to fiddle around with the GPG Makefiles too. Um, it's probably going to be easier if I update the various ports to the latest versions... Take care, Ben From shavital at mac.com Wed May 3 18:58:45 2006 From: shavital at mac.com (Charly Avital) Date: Wed May 3 18:58:15 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' In-Reply-To: <4458BA73.8010608@py-soft.co.uk> References: <444E029A.5030202@mac.com> <4454FBAE.5040007@py-soft.co.uk> <4455219B.9020903@mac.com> <4458BA73.8010608@py-soft.co.uk> Message-ID: <4458E145.3030607@mac.com> As I wrote in a separate e-mail, no luck yet. Take care, Charly Benjamin Donnachie wrote on 5/3/06 10:13 AM: > Charly Avital wrote: >> I very much doubt I'll be able to do what you did. I'll try. >> If I don't succeed, I'll e-mail you again a week or so from now, >> thanking you in advance for your assistance. > > That's the job interview out of the way... Now, did you have any luck? > > I seem to recall having to fiddle around with the GPG Makefiles too. > Um, it's probably going to be easier if I update the various ports to > the latest versions... > > Take care, > > Ben > From JPClizbe at comcast.net Wed May 3 21:05:28 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Wed May 3 21:05:28 2006 Subject: USB Drive Use In-Reply-To: <00559C97.3995336C.0307202B@netscape.net> References: <00559C97.3995336C.0307202B@netscape.net> Message-ID: <4458FEF8.3050807@comcast.net> Henry Hertz Hobbit wrote: > [HKEY_CURRENT_USER\Software\GNU\GNUPG] > "HomeDir"="C:\\Documents and Settings\\hhhobbit\\Application Data\\GnuPG" > "gpgProgram"="C:\\Program Files\\GnuPG\\gpg.exe" > "OptFile"="C:\\Documents and Settings\\hhhobbit\\Application Data\\GnuPG\\gpg.conf" > > and just move the files there on the USB drive (in my case into > the F:\hhhobbit\GnuPG folder). > > Actually, it sounds like they have already installed GnuPG, so why is > it a hassle for them to also install WinPT? In addition to WinPT and > GnuPG registry entries you may have some Mingw32 registry entries, but > all of those will probably NOT need to be changed. The user has installed GnuPG on a flash/USB drive along with keyrings. He's looking for a GUI GnuPG front end. OptFile and gpgProgram are not GnuPG entries. They are set by other programs which use GnuPG, such as GPGrelay. GnuPG first tries to find gpg.connf and keyrings in its default location: ~/.gnupg on *nix type systems or by looking up the registry value HKCU\Software\GNU\GNUPG\HomeDir on Win32 systems. The default location may be overridden by setting the environment variable GNUPGHOME. The environment variable GNUPGHOME may be overridden by specifying the --homedir option on the command line. This is documented behavior. Copying the GnuPG files from the installation directory and keyring files from one' HomeDir to the USB/Flash device and then setting up an initialization BAT script that adds the binaries to your PATH and sets GNUPGHOME and you have GnuPG working on the USB/Flash device. This is the approach used by the GPG2GO project. One of the more common applications users want along with GnuPG on a portable flash device is email. Portable Thunderbird and Enigmail handle this quite well with no registry involvement. Enigmail also supplies a simple key management GUI interface. As far as more full-featured GnuPG front ends for Win32, WinPT and GPGshell both store user preferences under HKCU\Software. I don't recall if there is a requirement that these be installed in order to function, but I don't believe there is. If there is enough interest, I'm sure a version of WinPT could be knocked together that relied on CONF/INI files instead of the Windows registry for preference storage. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 668 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060503/c7a83516/signature.pgp From benjamin at py-soft.co.uk Wed May 3 21:51:26 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed May 3 22:25:25 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' In-Reply-To: <4455219B.9020903@mac.com> References: <444E029A.5030202@mac.com> <4454FBAE.5040007@py-soft.co.uk> <4455219B.9020903@mac.com> Message-ID: <445909BE.50702@py-soft.co.uk> For the benefit of the lists... To get gpg-agent v1.9.20 (required for smartcards) working under Mac OS with darwin ports: Replace the file /opt/local/var/db/dports/sources/rsync.rsync.darwinports.org_dpupdate_dports/security/gpg-agent/Portfile with the attached, and place the attached *.diff files in /opt/local/var/db/dports/sources/rsync.rsync.darwinports.org_dpupdate_dports/security/gpg-agent/files/ Then type the following: sudo port clean gpg-agent sudo port install gpg-agent Some of the gpg modules do not correctly link with the pth library and for now the Portfile contains the following messy fix: configure.env LDFLAGS="-L/opt/local/lib -lpth". This will need tidying up at some point, perhaps through changes in the Makefiles (hence copy to devel list). See also http://bugzilla.opendarwin.org/show_bug.cgi?id=3730 Ben Donnachie. -------------- next part -------------- --- tools/gpgparsemail.c 2005-12-14 10:45:28.000000000 +0000 +++ tools/gpgparsemail.c 2006-04-10 09:52:49.000000000 +0100 @@ -145,7 +145,7 @@ return p; } -static char * +/* static */ char * stpcpy (char *a,const char *b) { while (*b) -------------- next part -------------- --- scd/scdaemon.c 2005-10-27 09:37:09.000000000 +0100 +++ scd/scdaemon.c 2006-05-03 16:03:07.000000000 +0100 @@ -139,11 +139,12 @@ /* The card dirver we use by default for PC/SC. */ #if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__) #define DEFAULT_PCSC_DRIVER "winscard.dll" +#elif defined(__APPLE__) + #define DEFAULT_PCSC_DRIVER "/System/Library/Frameworks/PCSC.framework/PCSC" #else #define DEFAULT_PCSC_DRIVER "libpcsclite.so" #endif - /* Flag to indicate that a shutdown was requested. */ static int shutdown_pending; -------------- next part -------------- # $Id: Portfile,v 1.6 2005/11/05 13:32:30 yeled Exp $ PortSystem 1.0 name gpg-agent version 1.9.20 revision 2 categories security maintainers yeled@opendarwin.org description GPG key agent long_description gpg-agent is a key management agent similar \ in function to ssh-agent. homepage http://www.gnupg.org/ platforms darwin distname gnupg-${version} distfiles gnupg-${version}.tar.bz2 extract.cmd bunzip2 master_sites ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/ \ ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/alpha/gnupg/ checksums md5 93899203fc0530f03e146d49b65c1e28 configure.env LDFLAGS="-L/opt/local/lib -lpth" configure.args --mandir=${prefix}/share/man \ --infodir=${prefix}/share/info \ --with-pinentry-pgm=${prefix}/bin/pinentry \ --enable-agent-only depends_lib port:gettext port:libiconv port:zlib port:bison \ port:libgpg-error port:libassuan port:libgcrypt port:libksba \ port:pth port:pinentry destroot.dir ${worksrcpath}/agent test.run yes test.dir ${worksrcpath}/checks test.target check patchfiles patch-scdaemon.diff patch-gpgparsemail.diff variant darwin { configure.args-append --disable-asm --disable-dynload } variant sunos { configure.args-append --disable-asm --disable-dynload } post-destroot { file delete -force ${destroot}${prefix}/share/info/dir } From benjamin at py-soft.co.uk Thu May 4 04:53:08 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu May 4 04:52:55 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' In-Reply-To: <4455219B.9020903@mac.com> References: <444E029A.5030202@mac.com> <4454FBAE.5040007@py-soft.co.uk> <4455219B.9020903@mac.com> Message-ID: <44596C94.70008@py-soft.co.uk> For the benefit of the lists... To get gpg-agent v1.9.20 (required for smartcards) working under Mac OS with darwin ports: Replace the file /opt/local/var/db/dports/sources/rsync.rsync.darwinports.org_dpupdate_dports/security/gpg-agent/Portfile with the attached, and place the attached *.diff files in /opt/local/var/db/dports/sources/rsync.rsync.darwinports.org_dpupdate_dports/security/gpg-agent/files/ Then type the following: sudo port clean gpg-agent sudo port install gpg-agent Some of the gpg modules do not correctly link with the pth library and for now the Portfile contains the following messy fix: configure.env LDFLAGS="-L/opt/local/lib -lpth". This will need tidying up at some point, perhaps through changes in the Makefiles (hence copy to devel list). See also http://bugzilla.opendarwin.org/show_bug.cgi?id=3730 Ben Donnachie. -------------- next part -------------- --- tools/gpgparsemail.c 2005-12-14 10:45:28.000000000 +0000 +++ tools/gpgparsemail.c 2006-04-10 09:52:49.000000000 +0100 @@ -145,7 +145,7 @@ return p; } -static char * +/* static */ char * stpcpy (char *a,const char *b) { while (*b) -------------- next part -------------- --- scd/scdaemon.c 2005-10-27 09:37:09.000000000 +0100 +++ scd/scdaemon.c 2006-05-03 16:03:07.000000000 +0100 @@ -139,11 +139,12 @@ /* The card dirver we use by default for PC/SC. */ #if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__) #define DEFAULT_PCSC_DRIVER "winscard.dll" +#elif defined(__APPLE__) + #define DEFAULT_PCSC_DRIVER "/System/Library/Frameworks/PCSC.framework/PCSC" #else #define DEFAULT_PCSC_DRIVER "libpcsclite.so" #endif - /* Flag to indicate that a shutdown was requested. */ static int shutdown_pending; -------------- next part -------------- # $Id: Portfile,v 1.6 2005/11/05 13:32:30 yeled Exp $ PortSystem 1.0 name gpg-agent version 1.9.20 revision 2 categories security maintainers yeled@opendarwin.org description GPG key agent long_description gpg-agent is a key management agent similar \ in function to ssh-agent. homepage http://www.gnupg.org/ platforms darwin distname gnupg-${version} distfiles gnupg-${version}.tar.bz2 extract.cmd bunzip2 master_sites ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/ \ ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/alpha/gnupg/ checksums md5 93899203fc0530f03e146d49b65c1e28 configure.env LDFLAGS="-L/opt/local/lib -lpth" configure.args --mandir=${prefix}/share/man \ --infodir=${prefix}/share/info \ --with-pinentry-pgm=${prefix}/bin/pinentry \ --enable-agent-only depends_lib port:gettext port:libiconv port:zlib port:bison \ port:libgpg-error port:libassuan port:libgcrypt port:libksba \ port:pth port:pinentry destroot.dir ${worksrcpath}/agent test.run yes test.dir ${worksrcpath}/checks test.target check patchfiles patch-scdaemon.diff patch-gpgparsemail.diff variant darwin { configure.args-append --disable-asm --disable-dynload } variant sunos { configure.args-append --disable-asm --disable-dynload } post-destroot { file delete -force ${destroot}${prefix}/share/info/dir } From alphasigmax at gmail.com Thu May 4 16:37:22 2006 From: alphasigmax at gmail.com (Alphax) Date: Thu May 4 16:38:22 2006 Subject: Retrieving keys via v3 fingerprint In-Reply-To: <20060503123312.GA13513@jabberwocky.com> References: <44578593.2070404@gmail.com> <20060502165019.GA12448@jabberwocky.com> <44586A00.8040103@gmail.com> <20060503123312.GA13513@jabberwocky.com> Message-ID: <445A11A2.8030002@gmail.com> David Shaw wrote: > On Wed, May 03, 2006 at 05:59:52PM +0930, Alphax wrote: >> David Shaw wrote: >>> On Wed, May 03, 2006 at 01:45:15AM +0930, Alphax wrote: >>>> How does one get keys from a keyserver when only the v3 fingerprint is >>>> known? I recovered the fingerprints from a trustdb (they had 00000000 >>>> appended), but I can't work out how to get them off a keyserver... >>> You can't. It would require the keyserver to be able to retrieve by >>> v3 fingerprint and none can. >>> >> So, why does GPG store trustdb entries in this manner? > > How GPG stores internal trust data and what keyservers support have > nothing to do with each other. > Ok. >> I had a situation where my keyring died, but my trustdb was >> intact... is there no way to recover those keys? I still have the >> old keyring... > > Work on the keyring with --list-packets? It depends what you mean by > "died". > Hrm. I got 317163 lines of output (redirected to a file) with the message "gpg: packet(2) with unknown version 0" on stderr (I think). I might try gpgsplit on it next... -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060505/ed369fea/signature.pgp From feitao at msn.com Thu May 4 16:42:27 2006 From: feitao at msn.com (feitao) Date: Thu May 4 16:42:03 2006 Subject: Can I see the checksum when I sign/verify a file? Message-ID: Hi, I wonder if I can actually see the sha1/md5 checksum when I sign/verify a file. That is, when gpg -s -e somefile gpg -d somefile.gpg is there an option to print out the checksum when signing/verifying the file? (not --print-mds to calculate it again) And how can I choose the hash method (sha1 or md5) when signing? Thanks a million. Fei From dshaw at jabberwocky.com Thu May 4 17:10:43 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Thu May 4 17:09:50 2006 Subject: Can I see the checksum when I sign/verify a file? In-Reply-To: <006f01c66f88$f6d7c8d0$a3292480@yale95629b92ac> References: <006f01c66f88$f6d7c8d0$a3292480@yale95629b92ac> Message-ID: <20060504151043.GA20702@jabberwocky.com> On Thu, May 04, 2006 at 10:42:27AM -0400, feitao wrote: > Hi, > > I wonder if I can actually see the sha1/md5 checksum when I sign/verify a > file. That is, when > gpg -s -e somefile > gpg -d somefile.gpg > is there an option to print out the checksum when signing/verifying the > file? (not --print-mds to calculate it again) There isn't. Note that the hash that is used when making a signature is not the same one that you'd get when using something like --print-md anyway. There are timestamps, subpackets, etc, in the hash used in the signature. --print-md is a raw hash of just the file. > And how can I choose the hash method (sha1 or md5) when signing? --personal-digest-prefs takes a list of hash algorithms. It will pick the first one that is usable for your signature type. Don't use md5. David From prhelms at comcast.net Thu May 4 17:34:55 2006 From: prhelms at comcast.net (Phil Helms) Date: Thu May 4 18:56:09 2006 Subject: Can I see the checksum when I sign/verify a file? In-Reply-To: <20060504151043.GA20702@jabberwocky.com> References: <006f01c66f88$f6d7c8d0$a3292480@yale95629b92ac> <20060504151043.GA20702@jabberwocky.com> Message-ID: <445A1F1F.4050305@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why not use MD5? - -- Phil Helms prhelms@comcast.net David Shaw wrote: > >> And how can I choose the hash method (sha1 or md5) when signing? > > --personal-digest-prefs takes a list of hash algorithms. It will pick > the first one that is usable for your signature type. > > Don't use md5. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEWh8bVZgW0Iu66O0RAh5gAKCBjacvH7VwHwCxrfYvYDLhPNSpEACfRGJf 2Mtf5JtUdDPkJEtHYyvspnE= =yif8 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu May 4 19:07:04 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Thu May 4 19:06:06 2006 Subject: Can I see the checksum when I sign/verify a file? In-Reply-To: <445A1F1F.4050305@comcast.net> References: <006f01c66f88$f6d7c8d0$a3292480@yale95629b92ac> <20060504151043.GA20702@jabberwocky.com> <445A1F1F.4050305@comcast.net> Message-ID: <20060504170704.GB20702@jabberwocky.com> On Thu, May 04, 2006 at 09:34:55AM -0600, Phil Helms wrote: > Why not use MD5? http://cryptography.hyperlink.cz/MD5_collisions.html MD5 is deprecated in OpenPGP. The current OpenPGP draft says: * The MD5 hash algorithm has been found to have weaknesses, with collisions found in a number of cases. MD5 is deprecated for use in OpenPGP. Implementations MUST NOT generate new signatures using MD5 as a hash function. They MAY continue to consider old signatures that used MD5 as valid. David From cri at linux.it Thu May 4 19:56:10 2006 From: cri at linux.it (Cristian Rigamonti) Date: Thu May 4 19:55:45 2006 Subject: Athena ASE drive IIIe card reader In-Reply-To: <20060426143503.GA4112@pegasus> References: <20060426143503.GA4112@pegasus> Message-ID: <20060504175610.GA5834@pegasus> On Wed, Apr 26, 2006 at 04:35:03PM +0200, Cristian Rigamonti wrote: > Hi, can anyone confirm if the Athena ASE drive IIIe card reader is supported by > gpg? Ok, just for the records, I finally managed to test one of these and it works like a charm with the libasedrive-usb Debian package. Cri -- GPG/PGP Key-Id 0x943A5F0E - http://www.linux.it/~cri/cri.asc Free software, free society - http://www.fsfeurope.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20060504/1c4ffce0/attachment.pgp From vedaal at hush.com Fri May 5 18:20:13 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Fri May 5 18:20:21 2006 Subject: simultaneous encryption to public key, and conventional (symmetric) Message-ID: <200605051620.k45GKEmN035551@mailserver2.hushmail.com> when a gnupg message is encrypted to one user's public key, and at the same time to another user by symmetric encryption without a public key, is the same session key used for the encryption, or does the symmetric encryption have a different session key made from an s2k hash of the passphrase ? tia, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From dshaw at jabberwocky.com Fri May 5 19:06:56 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri May 5 19:06:14 2006 Subject: simultaneous encryption to public key, and conventional (symmetric) In-Reply-To: <200605051620.k45GKEmN035551@mailserver2.hushmail.com> References: <200605051620.k45GKEmN035551@mailserver2.hushmail.com> Message-ID: <20060505170656.GA23529@jabberwocky.com> On Fri, May 05, 2006 at 12:20:13PM -0400, vedaal@hush.com wrote: > when a gnupg message is encrypted to one user's public key, and at > the same time to another user by symmetric encryption without a > public key, > > is the same session key used for the encryption, > > or does the symmetric encryption have a different session key made > from an s2k hash of the passphrase ? No. It's the same session key throughout. Having multiple session keys would effectively equal sending the entire message multiple times, once for each session key. David From mk at fsfe.org Fri May 5 22:29:44 2006 From: mk at fsfe.org (Matthias Kirschner) Date: Fri May 5 23:26:05 2006 Subject: card inactive In-Reply-To: <200604301608.16577.adi-lists@koalatux.ch> References: <200604301608.16577.adi-lists@koalatux.ch> Message-ID: <20060505202944.GA4296@mbwg.de> Hi Adrian, * Adrian Friedli [2006-04-30 16:08:07 +0200]: > I've got a SCM SCR335 cardreader and a cryptocard from fsfe.org. I've setup > udev, so the user has access to the device. > Then when I want to access my card: > > $ gpg -v --card-status > gpg: pcsc_connect failed: unknown reader (0x80100009) > gpg: card reader not available > gpg: OpenPGP card not available: general error have you build your own GnuPG? I had the same problem. Werner noticed, that I've to install libusb-dev before building GnuPG. After that it worked perfect. Best wishes, Matze -- Join the Fellowship and protect your freedom! (http://www.fsfe.org) From adi-lists at koalatux.ch Fri May 5 23:36:58 2006 From: adi-lists at koalatux.ch (Adrian Friedli) Date: Fri May 5 23:35:42 2006 Subject: card inactive In-Reply-To: <20060505202944.GA4296@mbwg.de> References: <200604301608.16577.adi-lists@koalatux.ch> <20060505202944.GA4296@mbwg.de> Message-ID: <200605052337.11271.adi-lists@koalatux.ch> Hi Am Freitag, 5. Mai 2006 22:29 schrieb Matthias Kirschner: > have you build your own GnuPG? No, I'm using the package from Debian unstable. Greets Adrian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060505/bc2a8f87/attachment.pgp From shavital at mac.com Sat May 6 12:52:36 2006 From: shavital at mac.com (Charly Avital) Date: Sat May 6 12:52:20 2006 Subject: Configuring gpg-agent Message-ID: <445C7FF4.8060506@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 1. Running Thunderbird 1.5.0.2, Enigmail 0.94.0, Mac OS 10.4.6, gpg 1.4.3 (compiled from source). 2. 'Use gpg-agent for passphrase handling' enabled in Thunderbird/OpenPGP Preferences 3. use-agent enabled in gpg.conf 4. gpg-agent.conf contains: default-cache-ttl 1200 pinentry-program /opt/local/bin/pinentry 5. Following two lines included in bashrc: GPG_TTY=`tty` export GPG_TTY 6. $ gpg-agent --version: gpg-agent (GnuPG) 1.9.20 Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. 7. $ gpg2 --version: gpg (GnuPG) 1.9.20 Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, TIGER192, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB 8. $ gpg-agent gpg-agent: gpg-agent running and available 9. $ echo "test" | gpg2 -ase -r 0xA57A8EFA | gpg2 gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: WARNING: This version of gpg is not very matured and gpg: WARNING: only intended for testing. Please keep using gpg: WARNING: gpg 1.2.x, 1.3.x or 1.4.x for OpenPGP gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: WARNING: This version of gpg is not very matured and gpg: WARNING: only intended for testing. Please keep using gpg: WARNING: gpg 1.2.x, 1.3.x or 1.4.x for OpenPGP You need a passphrase to unlock the secret key for user: "Charly Avital " 1024-bit DSA key, ID 37C6D2AB, created 2002-09-26 You need a passphrase to unlock the secret key for user: "Charly Avital (GnuPG) " 2048-bit ELG key, ID CE3A0945, created 2002-02-11 (main key ID A57A8EFA) gpg: encrypted with 2048-bit ELG key, ID CE3A0945, created 2002-02-11 "Charly Avital (GnuPG) " test gpg: Signature made Sat May 6 06:10:58 2006 EDT using DSA key ID 37C6D2AB gpg: Good signature from "Charly Avital " 10. When trying to clear-sign a test message (with 'Use gpg-agent for passphrase handling' enabled in Thunderbird/OpenPGP Preferences), the error message is: OpenPGP Alert Send Operation aborted Error - bad passphrase gpg command line and output: /usr/local/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 - --comment 'Using GnuPG with Mozilla - http://enigmail/mozdev.org' - --digest-algo sha256 -t --clearsign -u 0xA57A8EFA --use-agent gpg: gpg-agent is not available in this session gpg: can't query passphrase in batch mode gpg: Invalid passphrase; please try again ? gpg: can't query passphrase in batch mode gpg: Invalid passphrase; please try again ? gpg: can't query passphrase in batch mode gpg: skipped "0xA57A8EFA": bad passphrase gpg; [stdin]: clearsign failed: bad passphrase Thanks in advance for any hint or explanation why the error message says that 'gpg: gpg-agent is not available in this session' whereas the command gpg-agent outputs gpg-agent: gpg-agent running and available and 'Invalid passphrase' whereas echo "test" indicates that the passphrase has been correctly entered. I am running no device that requires a smart card. I only want to have gpg-agent working to handle the passphrase when signing, and decrypting. I am sure I have not configured something as it should be. I don't know what that something might be. Thanks again, Charly This message was signed with 'use gpg-agent for passphrase handling' disabled. I entered the passphrase manually -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRFx/7s3GMi2FW4PvAQg2vwf/QWKelX4ce3+gdIY1qXFVjl9ppOSXN/Yt TdbDAl+CeS7d2RhgBN2kS2c+vwOKlAUCUzisDx/vrU8YM2RnmKcYTLNoh2ByNxLk ejueig8WL7g/sS40o8OjXBOWwynnHpTvnHhaO0GtI7xAMyKNIIV7mGyX5H8N2h2u ZWN3zk5aWQzPGvsunv5u0zw4EZ772vKbI3oZdTXJSFa3Dl5zKtXXju16wWlR6yk7 X7B5nFBuUIbSmE94mU+0ZUEXD0QE3GMvPTp6C7CyCeO6CqCLGNaIL7MDJ7A+77T8 BCoXWSuSu/v/KvNq/STbHmuJEH94kBF0s/ZkIJaF2cJtHZ0vT38eDg== =B5bP -----END PGP SIGNATURE----- From benjamin at py-soft.co.uk Sat May 6 18:49:00 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sat May 6 18:48:39 2006 Subject: Configuring gpg-agent In-Reply-To: <445C7FF4.8060506@mac.com> References: <445C7FF4.8060506@mac.com> Message-ID: <445CD37C.30405@py-soft.co.uk> Charly Avital wrote: > 1. Running Thunderbird 1.5.0.2, Enigmail 0.94.0, Mac OS 10.4.6, gpg > 1.4.3 (compiled from source). Further to my message to you, I know that you are running gnupg2 from the Mac OS port. It is compiled with the option --disable-agent and I suspect that this may be preventing it from working correctly with the separate gpg-agent port. I've got a few things to finish and then I will investigate this further. Take care, Ben From benjamin at py-soft.co.uk Sat May 6 19:47:27 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sat May 6 19:47:06 2006 Subject: Configuring gpg-agent In-Reply-To: <445C7FF4.8060506@mac.com> References: <445C7FF4.8060506@mac.com> Message-ID: <445CE12F.1060805@py-soft.co.uk> Charly Avital wrote: > 10. When trying to clear-sign a test message (with 'Use gpg-agent for > passphrase handling' enabled in Thunderbird/OpenPGP Preferences), the > error message is: > OpenPGP Alert > Send Operation aborted > Error - bad passphrase > gpg command line and output: > /usr/local/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 > --comment 'Using GnuPG with Mozilla - http://enigmail/mozdev.org' > --digest-algo sha256 -t --clearsign -u 0xA57A8EFA --use-agent > gpg: gpg-agent is not available in this session > gpg: can't query passphrase in batch mode > gpg: Invalid passphrase; please try again ? > gpg: can't query passphrase in batch mode > gpg: Invalid passphrase; please try again ? > gpg: can't query passphrase in batch mode > gpg: skipped "0xA57A8EFA": bad passphrase > gpg; [stdin]: clearsign failed: bad passphrase I should really read messages in more detail before replying! I hadn't noticed that you had been able to get gpg-agent working! > Thanks in advance for any hint or explanation why the error message says > that > > 'gpg: gpg-agent is not available in this session' whereas the command > gpg-agent outputs gpg-agent: gpg-agent running and available Firstly, the system maintains separate copies of the environment - when you open a terminal and add GPG_AGENT_INFO etc to the environment it does not update the "master" copy, so when you open Thunderbird from the Applications menu it does not know how to access gpg-agent. > and 'Invalid passphrase' whereas echo "test" indicates that the > passphrase has been correctly entered. gpg-agent uses pinentry for passphrase handling. Under Mac OS it is configured to use the current terminal for input. However, when Thunderbird / Enigmail execute gpg2 there is no terminal and therefore it cannot get a passphrase. > I am sure I have not configured something as it should be. I don't know > what that something might be. I'm about to look into whether pinentry can be made to play nicely under Mac OS. Ben From benjamin at py-soft.co.uk Sat May 6 19:56:47 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sat May 6 19:56:16 2006 Subject: Configuring gpg-agent In-Reply-To: <445CE12F.1060805@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> Message-ID: <445CE35F.3030207@py-soft.co.uk> Benjamin Donnachie wrote: > I'm about to look into whether pinentry can be made to play nicely under > Mac OS. I've since had a quick look at pinentry and it /may/ play nicely with Mac OS with qt3-mac, the Qt Tool Kit (Native Aqua Version) port. It's going to take some time to compile and install and I'll let you know how it goes... Ben From benjamin at py-soft.co.uk Sat May 6 22:02:12 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sat May 6 22:01:50 2006 Subject: Configuring gpg-agent In-Reply-To: <445CE35F.3030207@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> Message-ID: <445D00C4.5080805@py-soft.co.uk> Benjamin Donnachie wrote: > I've since had a quick look at pinentry and it /may/ play nicely with > Mac OS with qt3-mac, the Qt Tool Kit (Native Aqua Version) port. Well... it's sort of working... After installing qt3-mac from ports I disabled the ports copy of pinentry. I then downloaded the pinentry source and compiled it with the following options, ./configure --enable-pinentry-qt --prefix=/opt/local --with-qt-includes=/opt/local/include/qt3/ --with-qt-libraries=/opt/local/lib/ Open a terminal and type eval $(gpg-agent --daemon) followed by echo $GPG_AGENT_INFO. Note the output of the latter. Then start Applications / Utilities / X. In the xterm window start Thunderbird by typing /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin Then under OpenPGP -> Preferences -> Additional parameters for gnupg type --gpg-agent-info= followed by the output you noted from echo $GPG_AGENT_INFO above. Now try to send a signed message. Thunderbird will hang. However, if you kill it by entering ctrl+c in the xterm window you will then notice a window asking you to enter your passphrase! So, partial success, I suppose... Ben From benjamin at py-soft.co.uk Sat May 6 22:04:59 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sat May 6 22:04:39 2006 Subject: Configuring gpg-agent In-Reply-To: <445D00C4.5080805@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> Message-ID: <445D016B.8010303@py-soft.co.uk> Benjamin Donnachie wrote: > Well... it's sort of working... I left out s step... additionally, I changed pinentry-program in gpg-agent.conf to /opt/local/bin/pinentry-qt Ben From benjamin at py-soft.co.uk Sat May 6 22:36:43 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sat May 6 22:36:18 2006 Subject: Configuring gpg-agent In-Reply-To: <445D00C4.5080805@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> Message-ID: <445D08DB.7080204@py-soft.co.uk> Benjamin Donnachie wrote: > Well... it's sort of working... I left out a step... additionally, I changed pinentry-program in gpg-agent.conf to /opt/local/bin/pinentry-qt Ben From benjamin at py-soft.co.uk Sat May 6 22:49:40 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sat May 6 22:49:11 2006 Subject: Configuring gpg-agent In-Reply-To: <445D00C4.5080805@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> Message-ID: <445D0BE4.2040809@py-soft.co.uk> Benjamin Donnachie wrote: > Then start Applications / Utilities / X. In the xterm window start > Thunderbird by typing > /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin No need to start it under X. However, pinentry does expect the DISPLAY variable to be set so you will need to type export DISPLAY=0 first. However, it still doesn't work properly. I'm currently trying to ascertain whether there is a value of DISPLAY that will work with qt3-mac and enable pinentry to grab the keyboard. It may be necessary to install qt3 instead and use X11. Ben From benjamin at py-soft.co.uk Sun May 7 03:44:32 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sun May 7 03:44:13 2006 Subject: Configuring gpg-agent In-Reply-To: <445D00C4.5080805@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> Message-ID: <445D50FF.90402@py-soft.co.uk> Benjamin Donnachie wrote: > Now try to send a signed message. Thunderbird will hang. However, if > you kill it by entering ctrl+c in the xterm window you will then notice > a window asking you to enter your passphrase! This is a known issue with running qt applications natively with Mac OS, see http://lists.trolltech.com/qt-interest/2003-03/thread00690-0.html The easiest solution will be to install either qt or GTK+ for X11, and then launch thunderbird from within xterm (the X11 terminal). Ben From benjamin at py-soft.co.uk Sun May 7 12:07:33 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sun May 7 12:07:21 2006 Subject: Configuring gpg-agent In-Reply-To: <445D50FF.90402@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> <445D50FF.90402@py-soft.co.uk> Message-ID: <445DC6E5.4010106@py-soft.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Benjamin Donnachie wrote: > The easiest solution will be to install either qt or GTK+ for X11, and > then launch thunderbird from within xterm (the X11 terminal). Got it working at last! :-) The steps required are: 1. Install qt for x11. ie sudo port install qt 2. Read a book / go for a walk while it compiles. 3. Disable pinentry - sudo port deactivate pinentry. 4. Download pinentry-0.7.2 source and extract. 5. Then type export LDFLAGS="-L/opt/local/lib/ -liconv" and export MOC=/opt/local/bin/moc 6. Then ./configure --enable-pinentry-qt --prefix=/opt/local - --with-qt-includes=/opt/local/include/qt3/ - --with-qt-libraries=/opt/local/lib/ --with-x --disable-rpath - --disable-fallback-curses 7. Then make and sudo make install 8. Verify that ~/.gnupg/gpg-agent.conf contains pinentry-program /opt/local/bin/pinentry-qt 9. Verify that ~/.gnupg/gpg.conf contains use-agent 10. Start X11; Applications / Utilities / X. 11. In an xterm window start gpg-agent with eval $(gpg-agent --daemon) 12. Start thunderbird with /Applications/Thunderbird/Contents/MacOS/thunderbird-bin 13. In OpenPGP - Preferences ensure that you remove any - --gpg-agent-info= option and that use agent is enabled under advance. 14. Now try to send a signed message! 15. After a short delay the pinentry-qt input box should appear! It would be nice to have a native MacOS pinentry program and I shall add it to my things to get round to eventually... :-) Take care, Ben PS. If all goes well, this should be signed with gpg-agent's help... >fingers crossed< -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.20 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRF3G5OgNmph0Y1E2AQJ1dw/9E7QFPDjolgbXf+LEe2hI5wQ07Kxg8p0T /MksuV42gjy7KwLomdxciaS3VUvRIW+6NXhCSdILWsvUYeVmvmghlWh7bH503hdf EglhUjQUSw6QhyuH4x6BhvCBVO8rlBSHmjeZ6Fsg4rx8yNa5IdpzHpVYCMvtK84Q M/z/5JJcg5V4inql6AxM/xoUKQrYrvZrDEta+TiTtfEjPOAle+srDbJd5Z+DrBEc wamLZzvc6X8i19kociMb+hYWxE1geTEkUQ0ng8HdkuwYH1r5qYpPcIEJReDRQlUp NXb1+2zN4dTEn6wCUvtM/Xrmkfg8i7o/mVR/cHplBHGyiPnS86QXy6TxmfawHn48 VeQi7Sxmh4iWIeMJnDold/tcNf4zaXappBVRNVfQcdj+jG+fdQr5kV1WexM0rG0l IaZVFp2D0IEuA7BxP9HhjhnEDOy/m1YpehwWoShYLPalLSVqsFV8wf1faLPKihMn leBaSncYoPd/eBl0zZONT8IDoH3knEqXMedGLw2zSTSWQAXcwgmnSzL1jvr8W5KF 7PRTDTOoxnpb2J9CgimFFXW60tJYy3AyRa/blZCy4VIOvgvTFNMFDcTbpdD5aclo SG7XCmWmOFViLRFQsmPMiaHwEuVp4UH2OI/59RTiPlsRHGa285cwLL8f8bpHDHuV 2J00yVhBL2U= =smV3 -----END PGP SIGNATURE----- From benjamin at py-soft.co.uk Sun May 7 12:27:17 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sun May 7 12:26:54 2006 Subject: Configuring gpg-agent In-Reply-To: <445DC6E5.4010106@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> <445D50FF.90402@py-soft.co.uk> <445DC6E5.4010106@py-soft.co.uk> Message-ID: <445DCB85.6080401@py-soft.co.uk> Benjamin Donnachie wrote: > 12. Start thunderbird with > /Applications/Thunderbird/Contents/MacOS/thunderbird-bin Deliberate mistake! You need to start /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin Ben From benjamin at py-soft.co.uk Sun May 7 13:32:23 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sun May 7 13:31:59 2006 Subject: Configuring gpg-agent In-Reply-To: <445DC6E5.4010106@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> <445D50FF.90402@py-soft.co.uk> <445DC6E5.4010106@py-soft.co.uk> Message-ID: <445DDAC7.2010603@py-soft.co.uk> Benjamin Donnachie wrote: > 1. Install qt for x11. ie sudo port install qt That should be sudo port install qt3 D'oh... :-) Ben From benjamin at py-soft.co.uk Sun May 7 14:01:45 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sun May 7 14:01:25 2006 Subject: Configuring gpg-agent In-Reply-To: <445DC6E5.4010106@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> <445D50FF.90402@py-soft.co.uk> <445DC6E5.4010106@py-soft.co.uk> Message-ID: <445DE1A9.6030202@py-soft.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Benjamin Donnachie wrote: > It would be nice to have a native MacOS pinentry program and I shall add > it to my things to get round to eventually... :-) That's the easy bit done - see attached! :-) Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRF3hpugNmph0Y1E2AQKNZxAAo2Ug50k5FAWZHhf1QvnPtBVoAYx7x6FW fkmhJQ95hlv6X2Olv3NfMcGEmD24XSAP+lL57ywvpiWjXhs4wO15MWgeV0t7LCV8 rgecCnE43c/gILwrB1iKacJLgHubsvDk4vcSAKz2iWwQJk1G7bE1PLTAwLwvxZPO F0eEEuptGKwFrsfPUqlGjJcdB0A0MouM3NEP9yUw7smhYmbcorssdtD+esSaQ70Y plKGyrXLJT+zMRhLpMV2S5ERNPjQxZyyN/bFMXV9NWC3PWUNtaQIT0f8jj4YEwR+ Z6hU8ZoOm+bOASJDxxmzWlX4ucNQmyQv7JQF2TahXrsGNDFMC/vRhVJTcNSr8tOJ BlNx4JRKamsDOi63vDZjkZdTV/MeFaxSCMqOxhpmYeJ5LJKBURCGZr6ul70GLN5+ 3/EKyiIWje1S6udRgvBnuj6dv35GrSGOmEdzPGbmWQ0UKniaVKvy38rwbHnvDHHm U0/85by8tbYi9jk4mBWvJBenHNmmpCDqy8Fi12oOSiHXj66Quz+qLM+3qbxHIsVj iDz7scm9QThVPnIQ4bDpeOz4TTOD9jSy44VhBKmrD00PhW+SfGrF2pzz+g6OVARF mO0Vvwj6sG0Afm28gZq6Tcrz2QLqR3UVK0rsH9EGEEvYSX24w45QZPDRzS03hEvg S4eY9btDBHs= =YCXO -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: pinentry-mac.jpg Type: image/jpeg Size: 25526 bytes Desc: not available Url : /pipermail/attachments/20060507/4b1bd580/pinentry-mac-0001.jpg From ml at mareichelt.de Sun May 7 12:17:49 2006 From: ml at mareichelt.de (markus reichelt) Date: Sun May 7 14:26:04 2006 Subject: Typo found in gpg 1.4.3 Message-ID: <20060507101749.GB27504@dantooine> po/de.po:msgstr "%d marignal-needed, %d complete-needed, %s Trust-Modell\n" I guess it should be "marginal-needed" -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : /pipermail/attachments/20060507/a91dd467/attachment.pgp From trevor at haligonian.com Sun May 7 17:50:23 2006 From: trevor at haligonian.com (Trevor Smith) Date: Sun May 7 17:50:14 2006 Subject: Typo found in gpg 1.4.3 In-Reply-To: <20060507101749.GB27504@dantooine> References: <20060507101749.GB27504@dantooine> Message-ID: On 7-May-06, at 7:17 AM, markus reichelt wrote: > po/de.po:msgstr "%d marignal-needed, %d complete-needed, %s > Trust-Modell\n" > > I guess it should be "marginal-needed" and "Trust-Model". -- Trevor Smith trevor@haligonian.com -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20060507/4135bc42/PGP.pgp From jharris at widomaker.com Mon May 8 01:36:59 2006 From: jharris at widomaker.com (Jason Harris) Date: Mon May 8 01:36:54 2006 Subject: new (2006-04-30) keyanalyze results (+sigcheck) Message-ID: <20060507233659.GA1077@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-04-30/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 1059588ed173448de70c3e1d59c248e5515f8d50 13610124 preprocess.keys 6ad818eb0684c5876ff6ad5096b122438af86bbd 8140670 othersets.txt b6bc38794747fe0d50c0e3b2bf16ec67234dbb49 3329280 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html a049a273fc202a3ccaf6bf3f0b6dc0d789699452 2291 keyring_stats dbd6ebd35a2540058dc4e6c04100a27f07fbd2b5 1307051 msd-sorted.txt.bz2 11bdfc7319ddb9743e711588a74d24197ce7b58d 26 other.txt f44cec3fafd07f5d4978eaba05119460980e539a 1763303 othersets.txt.bz2 86ec1e9f06530c4f2ced848ed21308d85a02c56e 5524740 preprocess.keys.bz2 3ae9972bcbb257e945ff314ddc86663cfb335afc 13882 status.txt 216644d26ab6366a7e65ab983c0f94e775f11484 209761 top1000table.html 3d48ed7719e6e0cf8f66d1876f10b80d90fa5970 29956 top1000table.html.gz 1bdfb1066ed3518180d95db17bc1dfa5d97d5c00 10776 top50table.html a34f50531c228cc99ac92985e754a7f907f24714 2544 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 315 bytes Desc: not available Url : /pipermail/attachments/20060507/cd6c488f/attachment.pgp From coffeepot at gmail.com Mon May 8 15:48:02 2006 From: coffeepot at gmail.com (Coffee Pot) Date: Mon May 8 17:26:17 2006 Subject: GPG4Palm Message-ID: <383465ba0605080648g7d8124ebs26e40064c5efebd@mail.gmail.com> Hi, Any plans for a GPG for Palm OS? PGP has discontinued their PGP Mobile for Palm OS. The latest version is 2.0.2; it is not available commercially and it does not work well with Palm OS 5 and above. I have tried the previous versions of PGP for palm and they crashed my Palm. Only version 2.0.2 worked marginally without crashing my Tungsten T. A Palm OS version of GPG would enable better and easier key exchange and key signing during conferences; furthermore, it enables encryption of emails using mobile devices. Thanks -- ____ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and contains legally privileged and/or confidential information. If you are not the intended recipient of this e-mail (or the person responsible for delivering this document to the intended recipient), you are hereby notified that any dissemination, distribution, printing or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please respond to the individual sending the message and notify me, and permanently delete the original and any copy of any e-mail and any printout thereof. http://en.wikipedia.org/wiki/Boulder_Pledge From sebastian at karotte.org Mon May 8 15:56:05 2006 From: sebastian at karotte.org (Sebastian Wiesinger) Date: Mon May 8 17:26:20 2006 Subject: Speed of trustdb update? Message-ID: <20060508135605.GA25288@data.fire-world.de> Hi, I'm using gnupg quite a lot and after importing ~100 keys from a keysigning party, the trustdb updates got painfully slow: $ time gpg --check-trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 124 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 124 signed: 37 trust: 113-, 0q, 0n, 3m, 8f, 0u gpg: depth: 2 valid: 9 signed: 11 trust: 5-, 3q, 0n, 0m, 1f, 0u gpg: next trustdb check due at 2006-06-25 real 0m54.860s user 0m42.880s sys 0m1.710s As you see it takes almost am minute to update everything. Is there a way to make that process quicker? I already do --rebuild-keydb-caches every night but it doesn't help very much. The only solution right now is to disable the automatic trustdb-checks and update it in the middle of the night. The system is a AMD K6 with 350MHz, perhaps it's just too slow? Any ideas how to speed up the trustdb check would be appreciated. Regards, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) Wehret den Anfaengen: http://odem.org/informationsfreiheit/ 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 286 bytes Desc: Digital signature Url : /pipermail/attachments/20060508/4a305e2c/attachment.pgp From dshaw at jabberwocky.com Mon May 8 17:38:49 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon May 8 17:37:56 2006 Subject: Speed of trustdb update? In-Reply-To: <20060508135605.GA25288@data.fire-world.de> References: <20060508135605.GA25288@data.fire-world.de> Message-ID: <20060508153849.GA11050@jabberwocky.com> On Mon, May 08, 2006 at 03:56:05PM +0200, Sebastian Wiesinger wrote: > Hi, > > I'm using gnupg quite a lot and after importing ~100 keys from a > keysigning party, the trustdb updates got painfully slow: > > $ time gpg --check-trustdb > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > gpg: depth: 0 valid: 1 signed: 124 trust: 0-, 0q, 0n, 0m, 0f, 1u > gpg: depth: 1 valid: 124 signed: 37 trust: 113-, 0q, 0n, 3m, 8f, 0u > gpg: depth: 2 valid: 9 signed: 11 trust: 5-, 3q, 0n, 0m, 1f, 0u > gpg: next trustdb check due at 2006-06-25 > > real 0m54.860s > user 0m42.880s > sys 0m1.710s > > > As you see it takes almost am minute to update everything. Is there a > way to make that process quicker? I already do --rebuild-keydb-caches > every night but it doesn't help very much. The only solution right now > is to disable the automatic trustdb-checks and update it in the middle > of the night. > > The system is a AMD K6 with 350MHz, perhaps it's just too slow? Any > ideas how to speed up the trustdb check would be appreciated. What version of GnuPG are you using? David From benjamin at py-soft.co.uk Mon May 8 17:40:01 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Mon May 8 17:39:36 2006 Subject: Configuring gpg-agent In-Reply-To: <445DE1A9.6030202@py-soft.co.uk> References: <445C7FF4.8060506@mac.com> <445CE12F.1060805@py-soft.co.uk> <445CE35F.3030207@py-soft.co.uk> <445D00C4.5080805@py-soft.co.uk> <445D50FF.90402@py-soft.co.uk> <445DC6E5.4010106@py-soft.co.uk> <445DE1A9.6030202@py-soft.co.uk> Message-ID: <445F6651.7030004@py-soft.co.uk> Benjamin Donnachie wrote: >>> It would be nice to have a native MacOS pinentry program and I shall >>> add it to my things to get round to eventually... :-) > That's the easy bit done - see attached! :-) Scrub that - with a few minor changes to gpg-agent and pinentry I've now got the latter working natively under MacOS with no X11 in sight! :-) I'll tidy up my code and once it's tested I'll post it here... Then Werner Koch et al are free to incorporate it if they wish. Ben From henkdebruijn at wanadoo.nl Mon May 8 18:45:03 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Mon May 8 18:43:56 2006 Subject: more than one keyserver Message-ID: <804127635.20060508184503@wanadoo.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I have the following lines in my gpg.conf keyserver hkp://pgp.surfnet.nl keyserver-options auto-key-retrieve keyserver-options import-clean auto-key-locate hkp://pgp.surfnet.nl Is this the correct order/rank? I would like to use pgp.mit.edu as well but don't know to organize that. - -- Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.80.03 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4128: (MingW32) - GPGshell v3.51 iQEVAwUBRF91aRHuy+60ZN0PAQht1gf+MHCOmKM7j1Wk/OyqVkSfHJPJsqTwm2wQ sHDcjvmyL95f9fU6FqI7hkUXEh3AY91JoV02z7CJDU2OLZ1Lv8IREjthSiMVMaD3 dDst4YTUR1JgprscZSs7mskCAoBUjC6LfyO5IxsqK/Wp2CLSUTpWNNeMIJvvfgyf LoFJmwSVpacYYBrYqzqQOBYbV+uccOtyigqpbQMnQpqQEPfnNhnCt/ReBuZRRhrp tkDRDUAeV7lSYX48PJpopRpUUrEri5NqrfbJ6WH2enThO7bE9dWcemp/zcoUtkq+ 1/vKpXZ7y69DW86e9LcX1ZCvDzpcq0OTh1Fu6XRDA1XmuyUWPO6B5Q== =vrjc -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon May 8 18:56:56 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon May 8 18:56:02 2006 Subject: more than one keyserver In-Reply-To: <804127635.20060508184503@wanadoo.nl> References: <804127635.20060508184503@wanadoo.nl> Message-ID: <20060508165656.GB11050@jabberwocky.com> On Mon, May 08, 2006 at 06:45:03PM +0200, Henk M. de Bruijn wrote: > Hi, > > I have the following lines in my gpg.conf > keyserver hkp://pgp.surfnet.nl > keyserver-options auto-key-retrieve > keyserver-options import-clean > auto-key-locate hkp://pgp.surfnet.nl > Is this the correct order/rank? It depends. What are you trying to do? David From henkdebruijn at wanadoo.nl Mon May 8 20:08:09 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Mon May 8 20:07:07 2006 Subject: more than one keyserver In-Reply-To: <20060508165656.GB11050@jabberwocky.com> References: <804127635.20060508184503@wanadoo.nl> <20060508165656.GB11050@jabberwocky.com> Message-ID: <192213206.20060508200809@wanadoo.nl> On Mon, 8 May 2006 12:56:56 -0400GMT (8-5-2006, 18:56 +0200, where I live), David Shaw wrote: > On Mon, May 08, 2006 at 06:45:03PM +0200, Henk M. de Bruijn wrote: >> I have the following lines in my gpg.conf >> keyserver hkp://pgp.surfnet.nl >> keyserver-options auto-key-retrieve >> keyserver-options import-clean >> auto-key-locate hkp://pgp.surfnet.nl >> Is this the correct order/rank? > It depends. What are you trying to do? When I receive a signed message from somebody who's key is not on my keyring, automaticly fetch that key. -- Henk ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.80.03 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 484 bytes Desc: not available Url : /pipermail/attachments/20060508/e8ea70a8/attachment.pgp From sebastian at karotte.org Mon May 8 23:41:58 2006 From: sebastian at karotte.org (Sebastian Wiesinger) Date: Mon May 8 23:41:08 2006 Subject: Speed of trustdb update? In-Reply-To: <20060508153849.GA11050@jabberwocky.com> References: <20060508135605.GA25288@data.fire-world.de> <20060508153849.GA11050@jabberwocky.com> Message-ID: <20060508214157.GA30886@data.fire-world.de> * David Shaw [2006-05-08 17:44]: > > The system is a AMD K6 with 350MHz, perhaps it's just too slow? Any > > ideas how to speed up the trustdb check would be appreciated. > > What version of GnuPG are you using? 1.4.3 gpg (GnuPG) 1.4.3 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Regards, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) Wehret den Anfaengen: http://odem.org/informationsfreiheit/ 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 286 bytes Desc: Digital signature Url : /pipermail/attachments/20060508/94535627/attachment.pgp From dshaw at jabberwocky.com Mon May 8 23:52:16 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon May 8 23:51:18 2006 Subject: more than one keyserver In-Reply-To: <192213206.20060508200809@wanadoo.nl> References: <804127635.20060508184503@wanadoo.nl> <20060508165656.GB11050@jabberwocky.com> <192213206.20060508200809@wanadoo.nl> Message-ID: <20060508215216.GA11772@jabberwocky.com> On Mon, May 08, 2006 at 08:08:09PM +0200, Henk M. de Bruijn wrote: > On Mon, 8 May 2006 12:56:56 -0400GMT (8-5-2006, 18:56 +0200, where I > live), David Shaw wrote: > > > On Mon, May 08, 2006 at 06:45:03PM +0200, Henk M. de Bruijn wrote: > > >> I have the following lines in my gpg.conf > >> keyserver hkp://pgp.surfnet.nl > >> keyserver-options auto-key-retrieve > >> keyserver-options import-clean > >> auto-key-locate hkp://pgp.surfnet.nl > >> Is this the correct order/rank? > > > It depends. What are you trying to do? > > When I receive a signed message from somebody who's key is not on my > keyring, automaticly fetch that key. Then you're fine. The auto-key-locate and import-clean are not needed for that purpose, but won't hurt you. David From sarixe at gmail.com Tue May 9 02:09:34 2006 From: sarixe at gmail.com (Sarixe Avaliesz) Date: Tue May 9 02:08:59 2006 Subject: USB Drive Use In-Reply-To: <00559C97.3995336C.0307202B@netscape.net> References: <00559C97.3995336C.0307202B@netscape.net> Message-ID: ... I have no idea how this happened, but now, on each new computer I use, WinPT is asking me where GPG is. It seems that the registry settings just remember where gpg is, and the program just asks if it doesn't see anything. this isn't a problem, as i am able to use it after setting it up. In effect, my goal is accomplished, just a little annoying to get started. Sarixe -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060508/1c09ea91/signature.pgp From coffeepot at gmail.com Tue May 9 03:05:19 2006 From: coffeepot at gmail.com (Coffee Pot) Date: Tue May 9 03:04:18 2006 Subject: GnuPG4Palm? Message-ID: <383465ba0605081805u313c5802q9e2bc3f2d9374808@mail.gmail.com> Hi, Any plans for a GPG for Palm OS, i.e. something similar to GPG4Win? PGP has discontinued their PGP Mobile for Palm OS. The latest version is 2.0.2; it is not available commercially and it does not work well with Palm OS 5 and above. I have tried the previous trial versions of PGP for palm and they crashed my Palm. Only version 2.0.2 worked marginally without crashing my Tungsten T. A Palm OS version of GPG would enable better and easier key exchange and key signing during conferences; furthermore, it enables encryption of emails using mobile devices. Thanks -- ____ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and contains legally privileged and/or confidential information. If you are not the intended recipient of this e-mail (or the person responsible for delivering this document to the intended recipient), you are hereby notified that any dissemination, distribution, printing or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please respond to the individual sending the message and notify me, and permanently delete the original and any copy of any e-mail and any printout thereof. http://en.wikipedia.org/wiki/Boulder_Pledge From henkdebruijn at wanadoo.nl Tue May 9 06:21:36 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Tue May 9 06:20:41 2006 Subject: more than one keyserver In-Reply-To: <20060508215216.GA11772@jabberwocky.com> References: <804127635.20060508184503@wanadoo.nl> <20060508165656.GB11050@jabberwocky.com> <192213206.20060508200809@wanadoo.nl> <20060508215216.GA11772@jabberwocky.com> Message-ID: <446018D0.2080301@wanadoo.nl> On 8-5-2006 23:52 David Shaw wrote: > On Mon, May 08, 2006 at 08:08:09PM +0200, Henk M. de Bruijn wrote: >>> It depends. What are you trying to do? >> When I receive a signed message from somebody who's key is not on my >> keyring, automaticly fetch that key. > Then you're fine. The auto-key-locate and import-clean are not needed I understand that auto-key-locate is for when you want to send an encrypted message to an addres that is not on your keyring. -- Henk _________________________________________________________________________ Mozilla Thunderbird version 1.5.0.2 (20060308) with Enigmail 0.94.0 PGPkey at: http://www.biglumber.com/x/web?qs=0X11EECBEEB464DD0F Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust From dshaw at jabberwocky.com Tue May 9 06:27:33 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue May 9 06:26:49 2006 Subject: more than one keyserver In-Reply-To: <446018D0.2080301@wanadoo.nl> References: <804127635.20060508184503@wanadoo.nl> <20060508165656.GB11050@jabberwocky.com> <192213206.20060508200809@wanadoo.nl> <20060508215216.GA11772@jabberwocky.com> <446018D0.2080301@wanadoo.nl> Message-ID: <20060509042733.GA11985@jabberwocky.com> On Tue, May 09, 2006 at 06:21:36AM +0200, Henk M. de Bruijn wrote: > On 8-5-2006 23:52 David Shaw wrote: > > On Mon, May 08, 2006 at 08:08:09PM +0200, Henk M. de Bruijn wrote: > > >>> It depends. What are you trying to do? > > >> When I receive a signed message from somebody who's key is not on my > >> keyring, automaticly fetch that key. > > > Then you're fine. The auto-key-locate and import-clean are not needed > > I understand that auto-key-locate is for when you want to send an > encrypted message to an addres that is not on your keyring. Yes. It is unrelated to fetching a key when receiving a signed message. David From twoaday at gmx.net Tue May 9 08:03:57 2006 From: twoaday at gmx.net (Timo Schulz) Date: Tue May 9 07:57:34 2006 Subject: USB Drive Use In-Reply-To: References: <00559C97.3995336C.0307202B@netscape.net> Message-ID: <20060509060357.GA1308@daredevil.joesixpack.net> On Mon May 08 2006; 20:09, Sarixe Avaliesz wrote: > ... I have no idea how this happened, but now, on each new computer I > use, WinPT is asking me where GPG is. It seems that the registry > settings just remember where gpg is, and the program just asks if it > doesn't see anything. this isn't a problem, as i am able to use it > after setting it up. In effect, my goal is accomplished, just a little Actually I work on WinPT mobile support. In this mode, WinPT would avoid to store global settings and/or to use the registry. It would also try to get all needed helpers (gpg.exe, ...) directly from the USB stick and thus all config questions would be avoided also. The problem is that the code need to be changed at several places and this takes some time. Timo From feitao at msn.com Tue May 9 14:07:11 2006 From: feitao at msn.com (feitao) Date: Tue May 9 14:07:34 2006 Subject: List embedded filename Message-ID: Hi, I am wondering if it is possible add a command to list embedded filename, for example, --list-filename. Currently, the only way I know to get the embedded filename is to decrypt the whole file in verbose mode. Also, it would be great if other information is embedded, say file size and timestamp, and can be extracted easily. Thanks. From benjamin at py-soft.co.uk Tue May 9 15:15:19 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Tue May 9 15:15:08 2006 Subject: Running pinentry natively under MacOS. Message-ID: <446095E7.2040204@py-soft.co.uk> Charly Avital has kindly helped me check the following instructions and they should now be correct. The following steps are required to run pinentry natively under Mac OS, ie without X11. These steps also have the advantage that GUI programs which use ssh, such as Fugu, can now work with smartcard logins. NB These steps assume that you previously used darwinports to install gpg2 and associated libraries in /opt/local. 1. Firstly, install qt3-mac. Available from www.trolltech.com or using sudo port install qt3-mac. (If using ports make sure you deactivate other versions of qt first! eg sudo port deactivate qt3) 2. Download and extract pinentry. In the pinentry sub-directory apply the attached patch-pinentry.diff patch. ie patch -p0 < /path/to/patch-pinentry.diff 3. Then export MOC=/opt/local/bin/moc and export LDFLAGS="-L/opt/local/lib -liconv" followed by ./configure --enable-pinentry-qt --prefix=/opt/local --with-qt-includes=/opt/local/include/qt3/ --with-qt-libraries=/opt/local/lib/ --disable-rpath --disable-fallback-curses 4. Make and then sudo make install. 5. Create the directory /opt/local/pinentry-qt.app Create the subdirectories /opt/local/pinentry-qt.app/Contents/ and /opt/local/pinentry-qt.app/Contents/MacOS If performing these steps in finder pinentry-qt.app will appear as an application, you will need to right click and select Show Package Contents before creating the subdirectories. 6. Copy /opt/local/bin/pinentry-qt to /opt/local/pinentry-qt.app/Contents/MacOS/ 7. Place attached files Info.plist and PkgInfo in /opt/local/pinentry-qt.app/Contents/ 8. Modify ~/.gnupg/gpg-agent.conf so that pinentry-program points to /opt/local/pinentry-qt.app/Contents/MacOS/pinentry-qt 9. Download and extract the gpg2 source code (Currently v1.9.20). Then apply attached patch-gpgparsemail.diff, patch-scdaemon.diff and patch-query.diff patches. 10. Then export LDFLAGS="-L/opt/local/lib -lpth" followed by ./configure --prefix=/opt/local --with-pinentry-pgm=/opt/local/pinentry-qt.app/Contents/MacOS/pinentry-qt --enable-agent-only 11. make and then sudo make install Now test it has all worked - open a terminal, type eval $(/opt/local/bin/gpg-agent --daemon) followed by echo test | gpg -ase -r "your email address" | gpg BE PATIENT! It can take a few moments for pinentry to pop up. At the moment - to work with Thunderbird/Enigmail you will need to start it from a terminal. The steps required are: open terminal, type eval $(gpg-agent --daemon) and then /Applications/Thunderbird/Contents/MacOS/thunderbird-bin I am currently working on a solution which will negate this step. (Any Mac OS gurus out there, please get in touch!) Ben cc: gnu-devel For developers to incorporate my Mac OS patches if they wish. opendarwin For information of the gpg-agent and pinentry maintainers. enigmail For information of readers wishing to use Engimail with gpg-agent under Mac OS. macgpg-users Details of patches required to run gpg-agent and pinentry under Mac OS. -------------- next part -------------- --- pinentry/pinentry.c 2004-12-22 11:37:50.000000000 +0000 +++ pinentry/pinentry.c 2006-05-08 01:54:55.000000000 +0100 @@ -255,12 +255,17 @@ int pinentry_have_display (int argc, char **argv) { +#if defined(Q_OS_MACX) + // If running native QT under Mac OS display is irrelevant + return 1; +#else if (getenv ("DISPLAY")) return 1; for (; argc; argc--, argv++) if (!strcmp (*argv, "--display")) return 1; return 0; +#endif } -------------- next part -------------- A non-text attachment was scrubbed... Name: Info.plist Type: text/xml Size: 318 bytes Desc: not available Url : /pipermail/attachments/20060509/6bcf89df/Info-0001.bin -------------- next part -------------- APPL -------------- next part -------------- --- scd/scdaemon.c 2005-10-27 09:37:09.000000000 +0100 +++ scd/scdaemon.c 2006-05-03 16:03:07.000000000 +0100 @@ -139,11 +139,12 @@ /* The card dirver we use by default for PC/SC. */ #if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__) #define DEFAULT_PCSC_DRIVER "winscard.dll" +#elif defined(__APPLE__) + #define DEFAULT_PCSC_DRIVER "/System/Library/Frameworks/PCSC.framework/PCSC" #else #define DEFAULT_PCSC_DRIVER "libpcsclite.so" #endif - /* Flag to indicate that a shutdown was requested. */ static int shutdown_pending; -------------- next part -------------- --- tools/gpgparsemail.c 2005-12-14 10:45:28.000000000 +0000 +++ tools/gpgparsemail.c 2006-04-10 09:52:49.000000000 +0100 @@ -145,7 +145,7 @@ return p; } -static char * +/* static */ char * stpcpy (char *a,const char *b) { while (*b) -------------- next part -------------- --- agent/query.c 2005-11-28 09:55:57.000000000 +0000 +++ agent/query.c 2006-05-08 16:06:13.000000000 +0100 @@ -217,6 +217,16 @@ else pgmname++; +#if defined(__APPLE__) + // If running under MacOS then pinentry must be invoked by sh + // otherwise bundle information is not processed and pinentry will + // be unable to grab keyboard / screen. + + argv[0] = "sh"; + argv[1] = "-c"; + argv[2] = opt.pinentry_program; + argv[3] = NULL; +#else argv[0] = pgmname; if (ctrl->display && !opt.keep_display) { @@ -226,7 +236,8 @@ } else argv[1] = NULL; - +#endif + i=0; if (!opt.running_detached) { @@ -237,8 +248,13 @@ no_close_list[i] = -1; /* Connect to the pinentry and perform initial handshaking */ - rc = assuan_pipe_connect2 (&ctx, opt.pinentry_program, (char**)argv, - no_close_list, atfork_cb, NULL); + rc = assuan_pipe_connect2 (&ctx, + #if defined(__APPLE__) + "/bin/sh" // See above. + #else + opt.pinentry_program + #endif + , (char**)argv, no_close_list, atfork_cb, NULL); if (rc) { log_error ("can't connect to the PIN entry module: %s\n", From wk at gnupg.org Tue May 9 17:09:43 2006 From: wk at gnupg.org (Werner Koch) Date: Tue May 9 17:11:27 2006 Subject: GPG4Palm In-Reply-To: <383465ba0605080648g7d8124ebs26e40064c5efebd@mail.gmail.com> (Coffee Pot's message of "Mon, 8 May 2006 16:48:02 +0300") References: <383465ba0605080648g7d8124ebs26e40064c5efebd@mail.gmail.com> Message-ID: <874pzzfd54.fsf@wheatstone.g10code.de> "Coffee Pot" writes: > Any plans for a GPG for Palm OS? No. Salam-Shalom, Werner From benjamin at py-soft.co.uk Tue May 9 17:56:41 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Tue May 9 17:56:14 2006 Subject: Running pinentry natively under MacOS. In-Reply-To: <446095E7.2040204@py-soft.co.uk> References: <446095E7.2040204@py-soft.co.uk> Message-ID: <4460BBB9.3050804@py-soft.co.uk> Benjamin Donnachie wrote: > At the moment - to work with Thunderbird/Enigmail you will need to start > it from a terminal. The steps required are: open terminal, type eval > $(gpg-agent --daemon) and then > /Applications/Thunderbird/Contents/MacOS/thunderbird-bin > > I am currently working on a solution which will negate this step. (Any > Mac OS gurus out there, please get in touch!) Here's how to make gpg-agent start on login *and* for it to be available to all programs, including GUIs and Terminal programs: 1. Create the directory ~/.MacOSX and save the attached environment.plist file into there. This file will ensure that the required environment variables are available to GUI programs. 2. Save the attached login.command file to /opt/local/bin/login.command You may wish to modify this file for your own needs - it starts gpg-agent and saves the output to ~/.gnupg/.gpg-agent 3. Make sure that it is executable chmod +x /opt/local/bin/login.command 4. Edit the file ~/.profile to include eval $(cat ~/.gnupg/.gpg-agent) This makes the environment variables available to command line programs. 5. The under system preferences, accounts, login items add the file /opt/local/bin/login.command 6. Then logout and log back in again. gpg-agent will automatically be started, and every application will be able to access it without you having to start a terminal first! Annoyingly, I can't stop the terminal window that just hangs about when you log in... Just close for now... Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: environment.plist Type: text/xml Size: 364 bytes Desc: not available Url : /pipermail/attachments/20060509/19ef8130/environment.bin -------------- next part -------------- #!/bin/sh echo -n -e "\033]0;Starting gpg-agent - please wait\007" killall gpg-agent /opt/local/bin/gpg-agent --daemon --enable-ssh-support --use-standard-socket > ~/.gnupg/.gpg-agent echo -n -e "\033]0;Starting gpg-agent - DONE\007" echo "** This window is now safe to close **" From david.gray at turpin-distribution.com Tue May 9 16:55:15 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Tue May 9 18:26:02 2006 Subject: Rijndael usage Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B61048@KASHMIR.extenza-turpin.com> Hello all, Wonder if anyone could give advice on using GnuPG to decrypt Files encoded with the Rijndael cipher. One of our customers is using a software house to build a website that will send encrypted order files to us (the distributor of their stock). The files Are basically CSV format data files. I've received an email from them containing two symmetric keys for testing purposes. These do not look like any I've seen before... key: "ABCDE%^$ABCDE-99" and iv: "ABCDE$*@ABCDE-99" (Values changed for email) I've used GnuPG and PGP in the past and keys have always distributed as text files In the format below -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.3 (OpenVMS/Alpha) . . . -----END PGP PUBLIC KEY BLOCK----- Which can be imported into the local keyring and then used from there. I've asked for an example of how the software house use these keys internally but The example they gave is in C# which I don't know. I'm going to do the decryption on OpenVMS but could certainly translate a unix style command line example if anyone could post. Thanks in advance David. From benjamin at py-soft.co.uk Tue May 9 20:43:54 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Tue May 9 20:43:57 2006 Subject: Running pinentry natively under MacOS. In-Reply-To: <4460BBB9.3050804@py-soft.co.uk> References: <446095E7.2040204@py-soft.co.uk> <4460BBB9.3050804@py-soft.co.uk> Message-ID: <4460E2EA.8000101@py-soft.co.uk> Benjamin Donnachie wrote: > 1. Create the directory ~/.MacOSX and save the attached > environment.plist file into there. Well done to Charly for spotting my "deliberate" mistake. > > > > > GPG_AGENT_INFO > /Users/benjamin/.gnupg/S.gpg-agent:0:1 > SSH_AUTH_SOCK > /Users/benjamin/.gnupg/S.gpg-agent.ssh > > You will need to edit environment.plist to reflect your system, unless you're luckily enough to have the account name benjamin!!! NB The short-cut ~ does NOT work and you will need to type the path in full. Once you've changed environment.plist you will need to log out and then in again for it to take effect. Ben From coffeepot at gmail.com Tue May 9 21:59:33 2006 From: coffeepot at gmail.com (Moueen BG) Date: Tue May 9 21:58:32 2006 Subject: GPG4Palm In-Reply-To: <874pzzfd54.fsf@wheatstone.g10code.de> References: <383465ba0605080648g7d8124ebs26e40064c5efebd@mail.gmail.com> <874pzzfd54.fsf@wheatstone.g10code.de> Message-ID: <383465ba0605091259w7335ce40y3cb8900e97ee5f33@mail.gmail.com> I appreciate the time you guys dedicate for the development and maintenance of GnuPG. Many people use a PDA in their work and/or daily routines. Do you use a PDA? How many of the Physicians you know use a PDA. PGP was one of the few reliable HIPAA compliant applications for Palm. Now the available applications vary in reliability and show a near complete lack of standardization. The PGP people refuse to make PGP for Palm available even commercially. How about a "SuperWaba" (http://www.superwaba.org/) port? This would make it useful on more than one platform (Palm OS, Symbian 7.0s (Nokia 6600, 6670) etc...), No? Would this introduce more security headaches? The Palm/PDA port is probably not a priority for most developers, but people are becoming more mobile. As I said, I appreciate your work. GnuPG is a great product even without a Palm port. Thanks On 5/9/06, Werner Koch wrote: > writes: > > > Any plans for a GPG for Palm OS? > > No. > > > Salam-Shalom, > > Werner > > -- ____ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and contains legally privileged and/or confidential information. If you are not the intended recipient of this e-mail (or the person responsible for delivering this document to the intended recipient), you are hereby notified that any dissemination, distribution, printing or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please respond to the individual sending the message and notify me, and permanently delete the original and any copy of any e-mail and any printout thereof. http://en.wikipedia.org/wiki/Boulder_Pledge From JPClizbe at comcast.net Tue May 9 22:54:32 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Tue May 9 22:54:19 2006 Subject: GnuPG4Palm? In-Reply-To: <383465ba0605081805u313c5802q9e2bc3f2d9374808@mail.gmail.com> References: <383465ba0605081805u313c5802q9e2bc3f2d9374808@mail.gmail.com> Message-ID: <44610188.9020008@comcast.net> Coffee Pot wrote: > Any plans for a GPG for Palm OS, i.e. something similar to GPG4Win? > > PGP has discontinued their PGP Mobile for Palm OS. The latest version > is 2.0.2; it is not available commercially and it does not work well > with Palm OS 5 and above. I have tried the previous trial versions of PGP > for palm and they crashed my Palm. Only version 2.0.2 worked > marginally without crashing my Tungsten T. PGP Mobile and Palm OS 5 have been discussed more on Yahoo's PGP-Basics list and much more on the cryptorights.org PGP-Users list. I would suggest checking or asking on the PGP-User list as top execs from PGP Corp read and respond there. Quoting Will Price, VP Engineering PGP Corp, from PGP-Users, 2003-06-08: "In some respects, we are just as frustrated as you may be. If I may be quite frank, Palm OS 5 was a hack job not ready for prime time. If we felt that some amount of maintenance work would quickly clean up issues with different Palm OS 5 devices, we would engage the effort." "I look forward to Palm OS 6. Palm OS 5 appears to be a halfway step down the transition road towards Palm OS 6 later this year which will (finally!) bring full support for the new processor types allowing acceptable speeds for all the key sizes and one hopes fix the API issues which prevent some of the features of PGP on Palm OS 4.X from working properly on Palm OS 5. It is my hope that a major new release of PGP Mobile will be ready for that OS and others." [https://lists.cryptorights.org/mailman/private/pgp-users/2003-June/018689.html Archive available to list subscribers] Many in the PGP Mobile camp have taken that as a promise that "When Palm OS 6 ships, we'll have PGP Mobile 3.0 ready." Garnet (Palm OS 5.x) still seems to be Palm's OS of choice. Cobalt (Palm OS 6) doesn't seem any closer to shipping. And with ACCESS now driving Palm OS development, an all-Linux Palm OS is rumored on the horizon, even with the developer site still pushing Cobalt. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 668 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060509/50b1532f/signature.pgp From dshaw at jabberwocky.com Tue May 9 23:15:46 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue May 9 23:14:47 2006 Subject: Rijndael usage In-Reply-To: <5155685DF4FC004297C9F5D769CBF51C02B61048@KASHMIR.extenza-turpin.com> References: <5155685DF4FC004297C9F5D769CBF51C02B61048@KASHMIR.extenza-turpin.com> Message-ID: <20060509211546.GA24636@jabberwocky.com> On Tue, May 09, 2006 at 03:55:15PM +0100, David Gray wrote: > Hello all, > > Wonder if anyone could give advice on using GnuPG to decrypt > Files encoded with the Rijndael cipher. > > One of our customers is using a software house to build a website that > will send encrypted order files to us (the distributor of their stock). The > files > Are basically CSV format data files. > > I've received an email from them containing two symmetric keys for testing > purposes. These do not look like any I've seen before... > > key: "ABCDE%^$ABCDE-99" and > iv: "ABCDE$*@ABCDE-99" > > (Values changed for email) You can't use GPG or PGP to decrypt this. It looks like they're encrypting using raw Rijndael. David From dshaw at jabberwocky.com Tue May 9 23:16:38 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue May 9 23:15:38 2006 Subject: List embedded filename In-Reply-To: <002001c67361$1a3216b0$a3292480@yale95629b92ac> References: <002001c67361$1a3216b0$a3292480@yale95629b92ac> Message-ID: <20060509211638.GB24636@jabberwocky.com> On Tue, May 09, 2006 at 08:07:11AM -0400, feitao wrote: > Hi, > > I am wondering if it is possible add a command to list embedded filename, > for example, --list-filename. Currently, the only way I know to get the > embedded filename is to decrypt the whole file in verbose mode. Also, it > would be great if other information is embedded, say file size and > timestamp, and can be extracted easily. Why do you need to list embedded filenames? What is the purpose of the extraction of this data? David From david.gray at turpin-distribution.com Wed May 10 10:09:03 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Wed May 10 10:07:04 2006 Subject: Rijndael usage Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B61051@KASHMIR.extenza-turpin.com> Hi David, Thanks for the info, even if it's not what I wanted to hear. :-) What do you mean by "raw Rijndael"? The C# code that the software house are using is shown below, even if I clone this program am I likely to be able to decrypt without them sending me a key in ASCII format? Thanks David. public string DecodeString(byte[] encodedsource) { System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding(); byte[] bytes = encodedsource; MemoryStream memstream = new MemoryStream(); memstream.Write(bytes, 0, bytes.Length); memstream.Position = 0; SymmetricAlgorithm algorithm = SymmetricAlgorithm.Create("RijnDael"); algorithm.Key = key; algorithm.IV = iv; ICryptoTransform transform = algorithm.CreateDecryptor(); CryptoStream cryptstream = new CryptoStream(memstream, transform, CryptoStreamMode.Read); StreamReader reader = new StreamReader(cryptstream); string returnstring = reader.ReadToEnd(); memstream.Dispose(); reader.Dispose(); cryptstream.Dispose(); return returnstring; } -----Original Message----- From: David Shaw [mailto:dshaw@jabberwocky.com] Sent: 09 May 2006 22:16 To: gnupg-users@gnupg.org Subject: Re: Rijndael usage On Tue, May 09, 2006 at 03:55:15PM +0100, David Gray wrote: > Hello all, > > Wonder if anyone could give advice on using GnuPG to decrypt > Files encoded with the Rijndael cipher. > > One of our customers is using a software house to build a website that > will send encrypted order files to us (the distributor of their stock). The > files > Are basically CSV format data files. > > I've received an email from them containing two symmetric keys for > testing > purposes. These do not look like any I've seen before... > > key: "ABCDE%^$ABCDE-99" and > iv: "ABCDE$*@ABCDE-99" > > (Values changed for email) You can't use GPG or PGP to decrypt this. It looks like they're encrypting using raw Rijndael. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Wed May 10 11:11:20 2006 From: wk at gnupg.org (Werner Koch) Date: Wed May 10 11:16:16 2006 Subject: GPG4Palm In-Reply-To: <383465ba0605091259w7335ce40y3cb8900e97ee5f33@mail.gmail.com> (Moueen BG's message of "Tue, 9 May 2006 22:59:33 +0300") References: <383465ba0605080648g7d8124ebs26e40064c5efebd@mail.gmail.com> <874pzzfd54.fsf@wheatstone.g10code.de> <383465ba0605091259w7335ce40y3cb8900e97ee5f33@mail.gmail.com> Message-ID: <87wtcu9rd3.fsf@wheatstone.g10code.de> "Moueen BG" writes: > the few reliable HIPAA compliant applications for Palm. Now the > available applications vary in reliability and show a near complete > lack of standardization. The PGP people refuse to make PGP for Palm > available even commercially. I am not using a PDA, instead I carry an TP X31 around which is more versatile ;-). Thus I won't spent time on porting gpg for Palm or Symbian. Paid development is obviously a different case. > How about a "SuperWaba" (http://www.superwaba.org/) port? This would > make it useful on more than one platform (Palm OS, Symbian 7.0s (Nokia > 6600, 6670) etc...), No? Would this introduce more security headaches? I have only looked at the Nokia 770 recently but frankly did not found the time to figure out good entropy sources for random numbers. Salam-Shalom, Werner From wk at gnupg.org Wed May 10 11:22:21 2006 From: wk at gnupg.org (Werner Koch) Date: Wed May 10 11:26:13 2006 Subject: Rijndael usage In-Reply-To: <5155685DF4FC004297C9F5D769CBF51C02B61051@KASHMIR.extenza-turpin.com> (David Gray's message of "Wed, 10 May 2006 09:09:03 +0100") References: <5155685DF4FC004297C9F5D769CBF51C02B61051@KASHMIR.extenza-turpin.com> Message-ID: <87slni9quq.fsf@wheatstone.g10code.de> David Gray writes: > What do you mean by "raw Rijndael"? The output of the cipher not embedded into any protocol (like OpenPGP). Such a protocol needs to specify for example where to put the IV, what key size is used etc. I don't know the CryptStream stuff from C#; it might have some defaults to create a stream in some protocol. To write a compatible implementaion, one needs to know at least the key size, the mode of operation (e.g. CBC or CFB) and the way padding is done. > The C# code that the software house are using is shown below, even if > I clone this program am I likely to be able to decrypt without them sending > me a key in ASCII format? You also need how to transform a key from whatever ASCII format to the format actually used. In general keys are not used directly but preprocessed to match the required key length of the algorithm. Salam-Shalom, Werner From SeidlS at schneider.com Wed May 10 18:32:24 2006 From: SeidlS at schneider.com (SeidlS@schneider.com) Date: Wed May 10 19:56:01 2006 Subject: Upgrading from 1.2.1 to 1.4.4 Message-ID: We are beginning the process to upgrade our gnuPG installation from 1.2.1 to 1.4.4. I have looked on the website, but have not found directions on how to do this upgrade. Can someone please provide me that information, or a link to the site containing that information? Also, what things should we be watching out for in the upgrade? Are the concerns or special steps that we need to take to be able to use the same key rings and same secrete keys? Thanks Scott Seidl Electronic Communication Services seidls@schneider.com Tel) 920-592-2163 This document, and any attachments therein, contains proprietary and confidential information that may not be disclosed without the prior written permission of Schneider National, Inc. and its subsidiaries. Unauthorized use or misuse of this information and its contents is strictly prohibited. Schneider National, Inc. vigorously protects its rights. From ml at mareichelt.de Wed May 10 20:09:55 2006 From: ml at mareichelt.de (markus reichelt) Date: Wed May 10 20:09:05 2006 Subject: Upgrading from 1.2.1 to 1.4.4 In-Reply-To: References: Message-ID: <20060510180955.GA3657@dantooine> * SeidlS@schneider.com wrote: > We are beginning the process to upgrade our gnuPG installation from > 1.2.1 to 1.4.4. I have looked on the website, but have not found > directions on how to do this upgrade. Can someone please provide > me that information, or a link to the site containing that > information? Last time I checked the latest version was 1.4.3 You could uninstall the current gnupg if you use a package system. Then install the new one. Or just compile and install the latest version, end users won't notice any difference. Well, I didn't :-) However, when it comes to signing keys gnupg as of version 1.4.x needs the config option ask-cert-level to be either present in ~./gnupg/options or on the command line - in case that particular option is missing, the default level of signature (0) is given to keys being signed (if no default-cert-level option is passed along to gnupg of course). I still fail to see the benefit of this behaviour, but that's the way it is. -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : /pipermail/attachments/20060510/306cfbfb/attachment.pgp From dshaw at jabberwocky.com Wed May 10 20:18:49 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed May 10 20:18:11 2006 Subject: Upgrading from 1.2.1 to 1.4.4 In-Reply-To: References: Message-ID: <20060510181849.GB27595@jabberwocky.com> On Wed, May 10, 2006 at 11:32:24AM -0500, SeidlS@schneider.com wrote: > > We are beginning the process to upgrade our gnuPG installation from 1.2.1 > to 1.4.4. I have looked on the website, but have not found directions on > how to do this upgrade. Can someone please provide me that information, or > a link to the site containing that information? > > Also, what things should we be watching out for in the upgrade? Are the > concerns or special steps that we need to take to be able to use the same > key rings and same secrete keys? There should be no special steps to take. Aside from the obvious steps of making a backup and testing that your environment still does what you want it to do, you can just install 1.4.3 on top of 1.2.1. David From johanw at vulcan.xs4all.nl Wed May 10 21:56:16 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed May 10 23:26:06 2006 Subject: Upgrading from 1.2.1 to 1.4.4 In-Reply-To: <20060510181849.GB27595@jabberwocky.com> Message-ID: <200605101956.k4AJuGgu010329@vulcan.xs4all.nl> David Shaw wrote: >There should be no special steps to take. Aside from the obvious >steps of making a backup and testing that your environment still does >what you want it to do, you can just install 1.4.3 on top of 1.2.1. The OP doesn't state what system he uses, but on Linux I have a synlink /usr/local/lib/gnupg which currently points to /usr/local/lib/gnupg-143. If you set it up like this you canjust rename the directory where 1.2.1 resides, and chenging back is just renaming one symlink. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From ml at mareichelt.de Wed May 10 23:39:45 2006 From: ml at mareichelt.de (markus reichelt) Date: Wed May 10 23:38:40 2006 Subject: Upgrading from 1.2.1 to 1.4.4 In-Reply-To: <200605101956.k4AJuGgu010329@vulcan.xs4all.nl> References: <20060510181849.GB27595@jabberwocky.com> <200605101956.k4AJuGgu010329@vulcan.xs4all.nl> Message-ID: <20060510213945.GA4462@dantooine> * Johan Wevers wrote: > David Shaw wrote: > > >There should be no special steps to take. Aside from the obvious > >steps of making a backup and testing that your environment still > >does what you want it to do, you can just install 1.4.3 on top of > >1.2.1. > > The OP doesn't state what system he uses, but on Linux I have a > /synlink usr/local/lib/gnupg which currently points to > //usr/local/lib/gnupg-143. If you set it up like this you canjust > rename the directory where 1.2.1 resides, and chenging back is just > renaming one symlink. What about the executable(s)? Language files? I use that kind of approach too, but not with gnupg. One has to know in detail where stuff is installed etc. Not recommended for ordinary users. -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : /pipermail/attachments/20060510/ab9924ed/attachment.pgp From daniel at rio-grande.ping.de Fri May 5 23:19:05 2006 From: daniel at rio-grande.ping.de (Daniel Hess) Date: Thu May 11 12:58:53 2006 Subject: dns cert support (was: GnuPG 1.4.3 released) In-Reply-To: <20060404215707.GB31590@jabberwocky.com> References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> <20060404215707.GB31590@jabberwocky.com> Message-ID: <20060505211905.GA2363@rio-grande.ping.de> On Tue, Apr 04, 2006 at 05:57:07PM -0400, David Shaw wrote: > On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote: > > Also, is there a tool that produces a snippet which is ready for > > inclusion into a zone file anywhere? Something similar to ssh-keygen > > for SSHFP RRs: > > weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g > > galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2 > > weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key > > galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2 > > Good idea. I just checked one in to the GnuPG SVN. I've played with it to make it generate output for tinydns (djbdns). Maybe somebody has use for it, so here is the patch. One note: You need to run axfrdns to get key-records working. Daniel -------------- next part -------------- --- make-dns-cert.c.orig 2006-05-05 22:43:19.000000000 +0200 +++ make-dns-cert.c 2006-05-05 22:50:25.000000000 +0200 @@ -32,6 +32,8 @@ #include #include +int djbdns = 0; + /* We use TYPE37 instead of CERT since not all nameservers can handle CERT yet... */ @@ -66,7 +68,10 @@ fprintf(stderr,"Warning: key file %s is larger than the default" " GnuPG max-cert-size\n",keyfile); - printf("%s\tTYPE37\t\\# %u 0003 0000 00 ", + if(djbdns) + printf(":%s:37:\\000\\003\\000\\000\\000",name); + else + printf("%s\tTYPE37\t\\# %u 0003 0000 00 ", name,(unsigned int)statbuf.st_size+5); err=1; @@ -83,7 +88,10 @@ } for(i=0;i Hi, Just wondering how do you clear sign a variable please on the command line? I'm running this in a php script... $emailbody = "reg-city:Ely\n"; $emailbody .= "reg-postcode:CB6 1RA\n"; $emailbody .= "reg-country:GB\n"; $cmd = "echo $passphrase | $gpg --passphrase-fd 0 --no-tty -u $key --force-v3-sigs --no-secmem-warning --clearsign $emailbody" . "" . " &> /tmp/error "; $encrypted_message = shell_exec($cmd); But it's simply not working. Does anyone know how I can clearsign a variable without all this file interaction please? Many thanks, Gordon From kai at kaikretschmann.de Tue May 9 07:54:47 2006 From: kai at kaikretschmann.de (Kai Kretschmann) Date: Thu May 11 12:59:01 2006 Subject: smart card usage on multiple workstations Message-ID: <44602EA7.6000000@kaikretschmann.de> Dear list, I can successfully generate a key pair on my smart card using gpg and even use that key to sign something. But how do I use this key on a second computer? I was thinking of simply plugging the card into another workstation and use it there too. But the second gpg installation by itself doesn't know anything about this key. importing the public part via keyservers isn't enough as it still misses the private key part. How do I give the second gpg the hint to search on the card for this key? Thanks, From benjamin at py-soft.co.uk Wed May 10 13:07:02 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu May 11 12:59:03 2006 Subject: Running pinentry natively under MacOS. In-Reply-To: <4460BBB9.3050804@py-soft.co.uk> References: <446095E7.2040204@py-soft.co.uk> <4460BBB9.3050804@py-soft.co.uk> Message-ID: <4461C956.9050007@py-soft.co.uk> Benjamin Donnachie wrote: > 2. Save the attached login.command file to /opt/local/bin/login.command Delete /opt/local/bin/login.command and instead save the attached application into Applications. It is a simple bit of AppleScript that takes care of starting gpg-agent - full details at the bottom. > 4. Edit the file ~/.profile to include eval $(cat ~/.gnupg/.gpg-agent) You still need to complete this step. > 5. The under system preferences, accounts, login items add the file > /opt/local/bin/login.command Instead, add attached script. > 6. Then logout and log back in again. gpg-agent will automatically be > started, and every application will be able to access it without you > having to start a terminal first! Alternatively, just click on "start gpg-agent". NB you will (probably) need to close any open Terminal windows if you want to be able to access gpg-agent within them. Don't forget to create ~/.MacOSX/environment.plist as per my previous message. > Annoyingly, I can't stop the terminal window that just hangs about when > you log in... Just close for now... No more annoying terminal windows, and no more annoying issues with login.command. Ben Full AppleScript listing for start gpg-agent.app: (* Set to location of gpg-agent *) set gpgagentProgram to "/opt/local/bin/gpg-agent" (* Set to gpg-agent options *) set gpgagentOptions to "--daemon --enable-ssh-support --use-standard-socket" (* Set to location of file used to store environment variables for ~/.profile *) set gpgagentEnvironment to "~/.gnupg/.gpg-agent" (* See whether gpg-agent is already running and if so kill it *) set gpgagentRunning to do shell script "ps -x | grep --count " & gpgagentProgram (* Tests indicate that script actually starts two copies of grep *) if gpgagentRunning > 2 then (* display dialog "Gonna kill it" *) do shell script "killall gpg-agent" end if (* Now run gpg-agent *) do shell script gpgagentProgram & " " & gpgagentOptions & " > " & gpgagentEnvironment -------------- next part -------------- Skipped content of type multipart/appledouble From alex at bofh.net.pl Thu May 11 13:46:26 2006 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Thu May 11 13:45:45 2006 Subject: Rijndael usage In-Reply-To: <5155685DF4FC004297C9F5D769CBF51C02B61051@KASHMIR.extenza-turpin.com> References: <5155685DF4FC004297C9F5D769CBF51C02B61051@KASHMIR.extenza-turpin.com> Message-ID: <20060511114626.GI24811@hell.pl> On Wed, May 10, 2006 at 09:09:03AM +0100, David Gray wrote: > Hi David, > Thanks for the info, even if it's not what I wanted to hear. :-) > > What do you mean by "raw Rijndael"? raw binary algorithm data not enveloped with any metadata (file format) From the code it is either raw binary data or some kind of Windows stream. Someone may try to recreate it on Unix using gcrypt or mcrypt libraries, but much simpler and more secure it woll be to make them use some application like gnupg, which could be scripted in place of the code you supplied. Alex From alex at bofh.net.pl Thu May 11 13:52:00 2006 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Thu May 11 13:50:55 2006 Subject: Upgrading from 1.2.1 to 1.4.4 In-Reply-To: <200605101956.k4AJuGgu010329@vulcan.xs4all.nl> References: <20060510181849.GB27595@jabberwocky.com> <200605101956.k4AJuGgu010329@vulcan.xs4all.nl> Message-ID: <20060511115200.GJ24811@hell.pl> On Wed, May 10, 2006 at 09:56:16PM +0200, Johan Wevers wrote: > David Shaw wrote: > > >There should be no special steps to take. Aside from the obvious > >steps of making a backup and testing that your environment still does > >what you want it to do, you can just install 1.4.3 on top of 1.2.1. > > The OP doesn't state what system he uses, but on Linux I have a synlink > /usr/local/lib/gnupg which currently points to /usr/local/lib/gnupg-143. > If you set it up like this you canjust rename the directory where 1.2.1 > resides, and chenging back is just renaming one symlink. An organized way to dit is to use GNU stow. You configure & compile gpg as usual, then (assuming you have stow installed and old gnupg-X.Y was also stow'ed) do make prefix=/usr/local/stow/gnupg-X.Z install and cd /usr/local/stow && stow -D gnupg-X.Y && stow gnupg-X.Z all is seamlessly switched in /usr/local bin and lib alex From Laurent.Jumet at advalvas.be Thu May 11 13:30:52 2006 From: Laurent.Jumet at advalvas.be (Laurent Jumet) Date: Thu May 11 15:56:06 2006 Subject: GnuPG 1.4.3 manual... Message-ID: Hello ! I compiled the manual in a PDF printable way, in 9 pages. http://users.skynet.be/laurent.jumet/MyMan_GnuPG%20143.pdf -- Laurent Jumet KeyID: 0xCFAF704C From joerg at schmitz-linneweber.de Fri May 12 09:14:08 2006 From: joerg at schmitz-linneweber.de (Joerg Schmitz-Linneweber) Date: Fri May 12 09:13:36 2006 Subject: smart card usage on multiple workstations In-Reply-To: <44602EA7.6000000@kaikretschmann.de> References: <44602EA7.6000000@kaikretschmann.de> Message-ID: <200605120914.08888.joerg@schmitz-linneweber.de> Hi Kai! Am Dienstag, 9. Mai 2006 07:54 schrieb Kai Kretschmann: > ... > But how do I use this key on a second computer? I was thinking of simply > plugging the card into another workstation and use it there too. But the According to Werner the missing "stubs" for the private keys (which are on the card), should be generated by gpg "on-the-fly" if you issue a command like --card-status or the like... (Please have a look in the mail-archive with keywords "opengpg card") But here this _never_ happend with all of our cards and all version of gpg! :-( The stubs were only generated in the "key issuing" gpg installation. Our only chance to move the stubs to other/new workstations was to manually export the (priv.) keys/stubs or move the keyrings. HTH. Salut, J?rg -- gpg/pgp key # 0xd7fa4512 fingerprint 4e89 6967 9cb2 f548 a806 ?7e8b fcf4 2053 d7fa 4512 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : /pipermail/attachments/20060512/ebfdbb94/attachment.pgp From wk at gnupg.org Fri May 12 12:17:19 2006 From: wk at gnupg.org (Werner Koch) Date: Fri May 12 12:21:18 2006 Subject: Typo found in gpg 1.4.3 In-Reply-To: (Trevor Smith's message of "Sun, 7 May 2006 12:50:23 -0300") References: <20060507101749.GB27504@dantooine> Message-ID: <87wtcrim34.fsf@wheatstone.g10code.de> Trevor Smith writes: > On 7-May-06, at 7:17 AM, markus reichelt wrote: >> po/de.po:msgstr "%d marignal-needed, %d complete-needed, %s >> Trust-Modell\n" >> >> I guess it should be "marginal-needed" > > and "Trust-Model". Trust-Modell is actually correct although ist is an English/German mix. Sometimes it is not easy to find corresponding and short translations for English terms. Anyway, I fixed the first one and changed Trust-Modell to Vertrauensmodell - knowing that this will lead to "classic Vertrauensmodell" or even "external Vertrauensmodell" :-( Thanks, Werner From qed at tiscali.it Fri May 12 20:22:01 2006 From: qed at tiscali.it (Qed) Date: Fri May 12 20:55:02 2006 Subject: gpg --list-packets strange behaviour Message-ID: <4464D249.2000402@tiscali.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Using GnuPG 1.4.3. If I examine with --list-packets a message encrypted with $ gpg -e -r MyOwnKey the result is: > :pubkey enc packet: version 3, algo 16, keyid 3645ABF6365A1799 > data: [2047 bits] > data: [2047 bits] > :signature packet: algo 17, keyid 1FE0E1D039795DA7 > version 4, created 1146492584, md5len 0, sigclass 19 > digest algo 2, begin of digest 88 1d > hashed subpkt 2 len 4 (sig created 2006-05-01) > subpkt 16 len 8 (issuer key ID 1FE0E1D039795DA7) > data: [160 bits] > data: [158 bits] > > You need a passphrase to unlock the secret key for > user: "Q.E.D. (Quod Erat Demonstrandum) " > :signature packet: algo 17, keyid 1FE0E1D039795DA7 > version 4, created 1146492584, md5len 0, sigclass 19 > digest algo 2, begin of digest 88 1d > hashed subpkt 2 len 4 (sig created 2006-05-01) > subpkt 16 len 8 (issuer key ID 1FE0E1D039795DA7) > data: [160 bits] > data: [158 bits] > 2048-bit ELG-E key, ID 365A1799, created 2004-12-04 (main key ID 58D14EB3) > > Enter passphrase: but if I run gpg --homedir WrongHomeDir --list-packets > :pubkey enc packet: version 3, algo 16, keyid 3645ABF6365A1799 > data: [2047 bits] > data: [2047 bits] > :encrypted data packet: > length: 110 > mdc_method: 2 > gpg: encrypted with ELG-E key, ID 365A1799 > gpg: decryption failed: secret key not available So I imported the pubkey in WrongHomeDir, now list-packets is: > :pubkey enc packet: version 3, algo 16, keyid 3645ABF6365A1799 > data: [2043 bits] > data: [2044 bits] > :encrypted data packet: > length: 110 > mdc_method: 2 > :signature packet: algo 17, keyid 1FE0E1D039795DA7 > version 4, created 1146492584, md5len 0, sigclass 19 > digest algo 2, begin of digest 88 1d > hashed subpkt 2 len 4 (sig created 2006-05-01) > subpkt 16 len 8 (issuer key ID 1FE0E1D039795DA7) > data: [160 bits] > data: [158 bits] > gpg: encrypted with 2048-bit ELG-E key, ID 365A1799, created 2004-12-04 > "Q.E.D. (Quod Erat Demonstrandum) " > gpg: decryption failed: secret key not available After the removal of pubkey from WrongHomeDir keyring: > :pubkey enc packet: version 3, algo 16, keyid 3645ABF6365A1799 > data: [2043 bits] > data: [2044 bits] > :encrypted data packet: > length: 110 > mdc_method: 2 > gpg: encrypted with ELG-E key, ID 365A1799 > gpg: decryption failed: secret key not available I simply don't understand. Why list-packets reports these spurios(?) certification signature packets(they must be cross certifications since 39795DA7 is a signing subkey) as part of the message when I have the corresponding pubkey in keyring? Is this a bug or I am missing something? - -- Q.E.D. ICQ UIN: 301825501 OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEZNJJH+Dh0Dl5XacRA+5FAJ0Ro9/2pl4miYucVxF9i/iwZNeF+QCfQYYS vHcEm2iEQVc0wiGCBKbU/Zc= =Ok+f -----END PGP SIGNATURE----- From feitao at msn.com Sat May 13 03:29:17 2006 From: feitao at msn.com (feitao) Date: Sat May 13 03:28:49 2006 Subject: list-packets: raw data: unknown length Message-ID: If the size of an encrypted file is large, say, 5G, --list-packets will show "literal data packet: raw data: unknown length" and does not show any information of the next packet (signature packet). Is this a bug? There must be some way for gpg to tell the length of a packet. :pubkey enc packet: version 3, algo 16, keyid xx data: [2047 bits] data: [2046 bits] :encrypted data packet: length: unknown mdc_method: 2 :onepass_sig packet: keyid xx version 3, sigclass 00, digest 2, pubkey 17, last=1 :literal data packet: mode b (62), created 1145516298, name="xxxx", raw data: unknown length From unknown_kev_cat at hotmail.com Sat May 13 08:34:00 2006 From: unknown_kev_cat at hotmail.com (Joe Smith) Date: Sat May 13 08:31:17 2006 Subject: Rijndael usage References: <5155685DF4FC004297C9F5D769CBF51C02B61051@KASHMIR.extenza-turpin.com> Message-ID: "David Gray" wrote in message news:5155685DF4FC004297C9F5D769CBF51C02B61051@KASHMIR.extenza-turpin.com... > Hi David, > Thanks for the info, even if it's not what I wanted to hear. :-) > > What do you mean by "raw Rijndael"? > > The C# code that the software house are using is shown below, even if > I clone this program am I likely to be able to decrypt without them > sending > me a key in ASCII format? > > Thanks > David. If you are still needing assistance on this issue you may be in luck. Mono is a Unix implementation of Microsoft's .Net platform, and it implements everything needed by your program. If you have a Linux or Solaris system then implementation of a simple filter program is trivial. You may not know C#, but I do, and it is a nice language. A wrapper around that function would take no more than 10 lines. There is no OpenVMS port of Mono, but the nessisary portions should in theory compile fine under OpenVMS's POSIX subsystem. Also, because .net is actually very well documented, I mey be able to act as a conctractor. In that event, I would provide C source to compile and link against a standard crypto library. Such a program should have no problems running under OpenVMS, although as I'm not familair with that OS, you would need to be able to compile the program, which should be trivial. So if you still need some form of assistance with this, please feel free to contact me off-list. From qed at tiscali.it Sat May 13 22:46:49 2006 From: qed at tiscali.it (Qed) Date: Sat May 13 22:48:11 2006 Subject: gpg --list-packets strange behaviour In-Reply-To: <4464D249.2000402@tiscali.it> References: <4464D249.2000402@tiscali.it> Message-ID: <446645B9.1070703@tiscali.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 05/12/2006 08:22 PM, I wrote: [..snip..] > I simply don't understand. Why list-packets reports these spurios(?) > certification signature packets(they must be cross certifications since > 39795DA7 is a signing subkey) This hypothesis has been made on a dated version of OpenPGP standard, RFC2440bis-draft16 states: > 0x19 Primary Key Binding Signature > This signature is a statement by a signing subkey, indicating > that it is owned by the primary key and subkey. This signature > is calculated the same way as a 0x18 signature: directly on the > primary key and subkey, and not on any User ID or other packets. OK, these misterious packets are surely cross certifications. They are obviously non existent, since there is no reason for their presence in a public key encrypted message. - -- Q.E.D. ICQ UIN: 301825501 OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEZkW5H+Dh0Dl5XacRA6PeAJ0Y0H3NfLGLs7yXOsTtG3PqIrrbbwCeMc+s nnzfX0qvwK1Szo0eRLxSsYk= =E5YV -----END PGP SIGNATURE----- From wk at gnupg.org Sun May 14 13:14:22 2006 From: wk at gnupg.org (Werner Koch) Date: Sun May 14 13:16:50 2006 Subject: gpg --list-packets strange behaviour In-Reply-To: <4464D249.2000402@tiscali.it> (qed@tiscali.it's message of "Fri, 12 May 2006 20:22:01 +0200") References: <4464D249.2000402@tiscali.it> Message-ID: <87ejywhn8x.fsf@wheatstone.g10code.de> Qed writes: > I simply don't understand. Why list-packets reports these spurios(?) > certification signature packets(they must be cross certifications since --list-packets is actually a listing output while parsing messages and under some circumstances also of the keyring. Thus it is not reliable and the signature you notice is from your keyring. Salam-Shalom, Werner From wk at gnupg.org Sun May 14 13:15:33 2006 From: wk at gnupg.org (Werner Koch) Date: Sun May 14 13:21:15 2006 Subject: list-packets: raw data: unknown length In-Reply-To: (feitao@msn.com's message of "Fri, 12 May 2006 21:29:17 -0400") References: Message-ID: <87ac9khn6y.fsf@wheatstone.g10code.de> "feitao" writes: > "literal data packet: raw data: unknown length" and does not show any > information of the next packet (signature packet). Is this a bug? There must > be some way for gpg to tell the length of a packet. This is a known limitatation of the --list-packet code. Shalom-Salam, Werner From marji22 at yahoo.com Mon May 15 00:38:16 2006 From: marji22 at yahoo.com (CHRISTINA MARJI) Date: Mon May 15 02:26:06 2006 Subject: Porting source code Message-ID: <20060514223816.97594.qmail@web31103.mail.mud.yahoo.com> Hi, I have been working on GnuPG 1.4.2.1 under cygwin. I have downloaded, configured, compiled, and installed it under cygwin. I have made some modifications to the source code and successfully compiled and installed the modified source code in cygwin. My problem is porting the source code to linux. I have configured the modified source code in linux. The cofiguration completes successfully with no error messages. However, when I run 'make', I get a number of undefined reference errors. Listed below are some of the errors: undefined reference to `mpihelp_addmul_1' undefined reference to `mpihelp_sub_n' undefined reference to `mpihelp_sub_n' Can someone explain these errors? How can fix it? Any help is appreciated. Regards Christina Michael __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From gordon at yourmarketing.co.uk Sun May 7 13:57:20 2006 From: gordon at yourmarketing.co.uk (Gordon McNevin) Date: Mon May 15 10:28:31 2006 Subject: clearsign a variable? Message-ID: Hi, Just wondering how do you clear sign a variable please on the command line? I'm running this in a php script... $emailbody = "reg-city:Ely\n"; $emailbody .= "reg-postcode:CB6 1RA\n"; $emailbody .= "reg-country:GB\n"; $cmd = "echo $passphrase | $gpg --passphrase-fd 0 --no-tty -u $key --force-v3-sigs --no-secmem-warning --clearsign $emailbody" . "" . " &> /tmp/error "; $encrypted_message = shell_exec($cmd); But it's simply not working. Does anyone know how I can clearsign a variable without all this file interaction please? Many thanks, Gordon From masteradi at gmx.ch Sat May 13 10:32:24 2006 From: masteradi at gmx.ch (Adrian Friedli) Date: Mon May 15 10:28:41 2006 Subject: card inactive In-Reply-To: <871wvcmis5.fsf@wheatstone.g10code.de> References: <200604301608.16577.adi-lists@koalatux.ch> <871wvcmis5.fsf@wheatstone.g10code.de> Message-ID: <200605131032.32488.masteradi@gmx.ch> Hi Am Dienstag, 2. Mai 2006 19:35 schrieb Werner Koch: > It is likely that the card is indeed broken. Yes the card was broken. I got a new one and it works. Thanks for your help Adrian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: not available Url : /pipermail/attachments/20060513/41dcee92/attachment.pgp From wk at gnupg.org Mon May 15 10:36:11 2006 From: wk at gnupg.org (Werner Koch) Date: Mon May 15 10:41:17 2006 Subject: Porting source code In-Reply-To: <20060514223816.97594.qmail@web31103.mail.mud.yahoo.com> (CHRISTINA MARJI's message of "Sun, 14 May 2006 15:38:16 -0700 (PDT)") References: <20060514223816.97594.qmail@web31103.mail.mud.yahoo.com> Message-ID: <87wtcnfzwk.fsf@wheatstone.g10code.de> CHRISTINA MARJI writes: > undefined reference to `mpihelp_addmul_1' > undefined reference to `mpihelp_sub_n' > undefined reference to `mpihelp_sub_n' The symlinks are not correctly setup. Run "make distclean" and then "./configure" again. Shalom-Salam, Werner From a24061 at yahoo.com Mon May 15 11:04:37 2006 From: a24061 at yahoo.com (Adam Funk) Date: Mon May 15 11:08:08 2006 Subject: Getting KMail to let me encrypt to an unsigned key? Message-ID: <5qslj3-bph.ln1@news.ducksburg.com> (Two apologies: this is slightly off-topic, and I've also posted the same question to the debian-user list.) I'm running the Debian kmail 3.3.2-3 package and gpg 1.4.3 compiled from the source. As far as I can tell, it flatly refuses to let me encrypt a message to any key that doesn't have a signature chain back to a trusted key. I can see the usefulness of a warning about doing this, but I've accidentally sent a message unencrypted while trying to find a way around the problem. Is there any way to override this restriction? From vedaal at hush.com Mon May 15 22:29:15 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Mon May 15 22:28:29 2006 Subject: feature request // option during decryption of 'hidden recipient' encryptions Message-ID: <20060515202916.3578EDA835@mailserver7.hushmail.com> currently, (1.4.3), for decryption of a message done with the throw-keyids, or hidden- recipient options, gnupg asks for one passphrase, and then tries all the secret keys with the same passphrase, and if the passphrase is the correct one for one of the keys, but not for the 'real' hidden recipient key, gnupg gives a 'failed decryption' message, but without giving the user a chance to try another passphrase for another key without starting all over again could there be an option for trying each secret key individually? i.e. gnupg would prompt with the first key in the secret keyring, and if that were the real hidden recipient, and the passphrase were correct, then gnupg would decrypt, otherwise gnupg would give an error message of : 'cannot decrypt using this key, trying next key in the secret ring' enter passphrase: (also, when prompting for the passphrase of a key, can gnupg list both the keyid and the username, instead of just the keyid currently, gnupg does the following: gpg: public key is 00000000 gpg: anonymous recipient; trying secret key (key id ) ... Enter passphrase: (n.b. this is already being done this way by the winpt front end (0.12.0) winpt prompts for each secret key in sucession, and does so with both the keyid and the user name) just thought it would be much quicker and more convenient if the same were possible from the command line ... TIA, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From ml at mareichelt.de Mon May 15 22:59:40 2006 From: ml at mareichelt.de (markus reichelt) Date: Mon May 15 22:58:35 2006 Subject: feature request // option during decryption of 'hidden recipient' encryptions In-Reply-To: <20060515202916.3578EDA835@mailserver7.hushmail.com> References: <20060515202916.3578EDA835@mailserver7.hushmail.com> Message-ID: <20060515205940.GA32613@dantooine> * vedaal@hush.com wrote: > just thought it would be much quicker and more convenient if the > same were possible from the command line ... I agree. -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060515/396bac9e/attachment.pgp From kloecker at kde.org Mon May 15 23:37:11 2006 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Tue May 16 00:55:57 2006 Subject: Getting KMail to let me encrypt to an unsigned key? In-Reply-To: <5qslj3-bph.ln1@news.ducksburg.com> References: <5qslj3-bph.ln1@news.ducksburg.com> Message-ID: <200605152337.11939@erwin.ingo-kloecker.de> On Monday 15 May 2006 11:04, Adam Funk wrote: > (Two apologies: this is slightly off-topic, and I've also posted the > same question to the debian-user list.) You should have tried kdepim-users@kde.org. :-) > I'm running the Debian kmail 3.3.2-3 package and gpg 1.4.3 compiled > from the source. > > As far as I can tell, it flatly refuses to let me encrypt a message > to any key that doesn't have a signature chain back to a trusted key. > I can see the usefulness of a warning about doing this, but I've > accidentally sent a message unencrypted while trying to find a way > around the problem. > > Is there any way to override this restriction? No, but there's a corresponding (and already very old) wish in KDE's bug tracking system (bugs.kde.org). Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060515/14414053/attachment.pgp From johanw at vulcan.xs4all.nl Tue May 16 00:59:52 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue May 16 00:58:29 2006 Subject: GPG4Palm In-Reply-To: <87wtcu9rd3.fsf@wheatstone.g10code.de> Message-ID: <200605152259.k4FMxqO8008820@vulcan.xs4all.nl> Werner Koch wrote: >I have only looked at the Nokia 770 recently but frankly did not found >the time to figure out good entropy sources for random numbers. User input (the pgp 2.x way)? Further, where does gpg use random numbers? Creating the key on a "real" computer but being able to use it on a pda or smartphone would be a usable solution to most pda/smartphone users I think. Can't wait ubtil gsm is phased out and speech becomes a tcp/ip stream over umts. Then full encryption can finally be made massively available. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From a24061 at yahoo.com Tue May 16 10:35:10 2006 From: a24061 at yahoo.com (Adam Funk) Date: Tue May 16 10:43:40 2006 Subject: Getting KMail to let me encrypt to an unsigned key? References: <5qslj3-bph.ln1@news.ducksburg.com> <200605152337.11939__29928.6273810596$1147734404$gmane$org@erwin.ingo-kloecker.de> Message-ID: On 2006-05-15, Ingo Kl?cker wrote: >> (Two apologies: this is slightly off-topic, and I've also posted the >> same question to the debian-user list.) > > You should have tried kdepim-users@kde.org. :-) I'll try that next, thanks! >> I'm running the Debian kmail 3.3.2-3 package and gpg 1.4.3 compiled >> from the source. >> >> As far as I can tell, it flatly refuses to let me encrypt a message >> to any key that doesn't have a signature chain back to a trusted key. >> I can see the usefulness of a warning about doing this, but I've >> accidentally sent a message unencrypted while trying to find a way >> around the problem. >> >> Is there any way to override this restriction? > > No, but there's a corresponding (and already very old) wish in KDE's bug=20 > tracking system (bugs.kde.org). Would lsign-ing the key circumvent the problem? Would it cause any other problems? From wk at gnupg.org Tue May 16 10:50:55 2006 From: wk at gnupg.org (Werner Koch) Date: Tue May 16 10:56:18 2006 Subject: GPG4Palm In-Reply-To: <200605152259.k4FMxqO8008820@vulcan.xs4all.nl> (Johan Wevers's message of "Tue, 16 May 2006 00:59:52 +0200 (MET DST)") References: <200605152259.k4FMxqO8008820@vulcan.xs4all.nl> Message-ID: <87ac9ifj4g.fsf@wheatstone.g10code.de> Johan Wevers writes: > User input (the pgp 2.x way)? Further, where does gpg use random numbers? The problem is that under a real OS you have no clean way to to keystroke timings. Random is for example required for session keys. Shalom-Salam, Werner From wk at gnupg.org Tue May 16 10:53:10 2006 From: wk at gnupg.org (Werner Koch) Date: Tue May 16 10:56:31 2006 Subject: Getting KMail to let me encrypt to an unsigned key? In-Reply-To: <5qslj3-bph.ln1@news.ducksburg.com> (Adam Funk's message of "Mon, 15 May 2006 10:04:37 +0100") References: <5qslj3-bph.ln1@news.ducksburg.com> Message-ID: <873bfafj0p.fsf@wheatstone.g10code.de> Adam Funk writes: > Is there any way to override this restriction? It is not a restriction but a requirement. If you know that you have the correct key, you only need to locally sign this key. ("lsign" in gpg --edit-key). Salam-Shalom, Werner From alphasigmax at gmail.com Tue May 16 11:00:05 2006 From: alphasigmax at gmail.com (Alphax) Date: Tue May 16 11:00:56 2006 Subject: Getting KMail to let me encrypt to an unsigned key? In-Reply-To: References: <5qslj3-bph.ln1@news.ducksburg.com> <200605152337.11939__29928.6273810596$1147734404$gmane$org@erwin.ingo-kloecker.de> Message-ID: <44699495.3080603@gmail.com> Adam Funk wrote: > On 2006-05-15, Ingo Kl?cker wrote: > >>> I'm running the Debian kmail 3.3.2-3 package and gpg 1.4.3 compiled >>> from the source. >>> >>> As far as I can tell, it flatly refuses to let me encrypt a message >>> to any key that doesn't have a signature chain back to a trusted key. >>> I can see the usefulness of a warning about doing this, but I've >>> accidentally sent a message unencrypted while trying to find a way >>> around the problem. >>> >>> Is there any way to override this restriction? >>> >> >> No, but there's a corresponding (and already very old) wish in KDE's bug=20 >> tracking system (bugs.kde.org). > > Would lsign-ing the key circumvent the problem? Yes. > Would it cause any other problems? > You will be asked to set an ownertrust value... It might be worth trying to find an actual trust path using Wotsap (http://www.lysator.liu.se/~jc/wotsap/) or similar as well as lsigning the key, but YMMV. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060516/70cc08c0/signature.pgp From a24061 at yahoo.com Tue May 16 11:12:27 2006 From: a24061 at yahoo.com (Adam Funk) Date: Tue May 16 11:19:28 2006 Subject: Getting KMail to let me encrypt to an unsigned key? References: <5qslj3-bph.ln1@news.ducksburg.com> <873bfafj0p.fsf__5934.22190654582$1147770053$gmane$org@wheatstone.g10code.de> Message-ID: On 2006-05-16, Werner Koch wrote: > Adam Funk writes: > >> Is there any way to override this restriction? > > It is not a restriction but a requirement. I'm not sure what you mean. Thunderbird (for example) lets the user designate unsigned keys for recipients in the address book and encrypt to them. > If you know that you have the correct key, you only need to locally > sign this key. ("lsign" in gpg --edit-key). Thanks. Will it be possible later either to un-lsign the key or to sign it properly (for export)? From wk at gnupg.org Tue May 16 12:47:30 2006 From: wk at gnupg.org (Werner Koch) Date: Tue May 16 12:51:21 2006 Subject: Getting KMail to let me encrypt to an unsigned key? In-Reply-To: (Adam Funk's message of "Tue, 16 May 2006 10:12:27 +0100") References: <5qslj3-bph.ln1@news.ducksburg.com> <873bfafj0p.fsf__5934.22190654582$1147770053$gmane$org@wheatstone.g10code.de> Message-ID: <877j4mdz5p.fsf@wheatstone.g10code.de> Adam Funk writes: > I'm not sure what you mean. Thunderbird (for example) lets the user > designate unsigned keys for recipients in the address book and encrypt > to them. It is up to the MUA on how to handle this. The generic solution is to use a local-key signature. > Thanks. Will it be possible later either to un-lsign the key or to > sign it properly (for export)? Given that it is a local signature you may simply delete it. Changing this to an exportable signature is possible simply by "sign"ing it. gpg will warn you then: Do you want to promote it to a full exportable signature? (y/N) Shalom-Salam, Werner From johnmoore3rd at joimail.com Tue May 16 13:19:42 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Tue May 16 13:18:42 2006 Subject: Getting KMail to let me encrypt to an unsigned key? In-Reply-To: References: <5qslj3-bph.ln1@news.ducksburg.com> <873bfafj0p.fsf__5934.22190654582$1147770053$gmane$org@wheatstone.g10code.de> Message-ID: <4469B54E.6060101@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Adam Funk wrote: > Thanks. Will it be possible later either to un-lsign the key or to > sign it properly (for export)? Er.....Ahem.....Re-Signing the Key _with_ an 'Exportable' Signature does this. This *is* an available feature via Enigmail and either way you will be Prompted for your passphrase. The 're-signing' of the Key will automatically override the Local Sig. JOHN :) Timestamp: Tuesday 16 May 2006, 07:18 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4132: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCgAGBQJEabVJAAoJEBCGy9eAtCsPUyMH/1pTEdr2PNCVFjYEY2qGu+jH yjYxdtLAk7k4qST8FkEyZn4Kh88PF2+EIQ0DH876TLu6awF6BBFGyNIYJmh9UNRy kAXUfK8NN9doMnKtIEiMKHYDC2857c5ZWWyUeygUbT9TjWQx6NJaUdkBJNb0jMC2 GZcXY2WTfe3uoeqDirsCwb3fcjTv4PFl0uHFwbxGzU2eKEMiOVzVY6fA06EV/wgU XSXlfpuA06jNAM9qROACnKPLex9ZwTJ/40bFI/DRn5dUd04IghRCJqijWflO1OPU Tak6+lTH14InE5vtYz2wyPr5+r04/neMW8nU9SP0O1HZ7gl7kWgaVgvh8LIvPJs= =KWev -----END PGP SIGNATURE----- From a24061 at yahoo.com Tue May 16 13:16:48 2006 From: a24061 at yahoo.com (Adam Funk) Date: Tue May 16 13:19:35 2006 Subject: Getting KMail to let me encrypt to an unsigned key? References: <5qslj3-bph.ln1@news.ducksburg.com> <873bfafj0p.fsf__5934.22190654582$1147770053$gmane$org@wheatstone.g10code.de> <877j4mdz5p.fsf__33914.3385332592$1147777019$gmane$org@wheatstone.g10code.de> Message-ID: <0uooj3-gkv.ln1@news.ducksburg.com> On 2006-05-16, Werner Koch wrote: > Adam Funk writes: > >> I'm not sure what you mean. Thunderbird (for example) lets the user >> designate unsigned keys for recipients in the address book and encrypt >> to them. > > It is up to the MUA on how to handle this. The generic solution is to > use a local-key signature. > >> Thanks. Will it be possible later either to un-lsign the key or to >> sign it properly (for export)? > > Given that it is a local signature you may simply delete it. Changing > this to an exportable signature is possible simply by "sign"ing it. > gpg will warn you then: > > Do you want to promote it to a full exportable signature? (y/N) Thanks! From johanw at vulcan.xs4all.nl Tue May 16 19:32:56 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue May 16 19:35:51 2006 Subject: Upgrading from 1.2.1 to 1.4.4 In-Reply-To: <20060510213945.GA4462@dantooine> Message-ID: <200605161732.k4GHWu13003703@vulcan.xs4all.nl> markus reichelt wrote: >What about the executable(s)? They are installed under /usr/local/lib/gnupg/bin, etc. I delete language files since I don't use them. The only thing to do is to build GnuPG with configure --prefix=/usr/local/lib/gnupg (or some other directory). -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dany_list at natzo.com Wed May 17 07:52:47 2006 From: dany_list at natzo.com (Dany) Date: Wed May 17 09:26:15 2006 Subject: smart card + gpg only root In-Reply-To: <1121874588.2816.85.camel@lello.munet.org> References: <1121770936.2814.16.camel@lello.munet.org> <87sly9q2dg.fsf@wheatstone.g10code.de> <1121857979.2816.11.camel@lello.munet.org> <87pstdocja.fsf@wheatstone.g10code.de> <1121869623.2816.48.camel@lello.munet.org> <877jflo7c4.fsf@wheatstone.g10code.de> <1121874588.2816.85.camel@lello.munet.org> Message-ID: <446ABA2F.4050703@natzo.com> Hello, I'm trying to get regular users to use smart card readers under Ubuntu (dapper). As far as I know Ubuntu uses udev rather than hotplug so I followed the instructions found at : http://www.fsfe.org/en/card/howto/card_reader_howto_udev It works if I do sudo gpg --card-status. Unfortunately, when I do a card-status using a regular user I get : gpg: DBG: ccid-driver: usb_claim_interface failed: -1 I tried : - To follow the instructions and use the two files found in the how-to : gnupg-ccid.rules & gnupg-ccid - to change group ownership (root -> scard) of the files found in /proc/bus/usb/001/.. From: -rw-r--r-- 1 root root 001 -rw-r--r-- 1 root root 025 To: -rw-rw-r-- 1 root scard 001 -rw-rw-r-- 1 root scard 025 - to add 0x in front of the numbers found in gnupg-ccid.rules (except for the 0660 mode) - to use the script-less option found in the comments Also in the how-to it looks like to me that there are three steps described in the following sentence but I only see two commands after : "You will now create a group scard, give this group permission to access the smart card reader, and include the users who should have access to the card reader to this group" # addgroup scard # addgroup yourusername scard (change for the right username) Where is the "give this group permission to access the smart card reader" done ? Sorry for asking all those questions. I'm trying to convince myself to migrate from SID to Ubuntu and this requires OpenPGP card support under Ubuntu. Thank you in advance Dany Federico Munerotto wrote: > Il mer, 2005-07-20 alle 16:55, Werner Koch ha scritto: > >> On Wed, 20 Jul 2005 16:27:04 +0200, Federico Munerotto said: >> >> >>> if the device is unplugged and then plugged again, belongs again to the >>> root group and isn't writable again (change its location). I need to set >>> up hotplug to >>> 1. chgrp to the proper group >>> 2. chmod +rw scard >>> the file that is created. >>> >> You needs to debug the hotplug script. Here are the scripts I am >> using: >> >> >> ______________________________________________________________________ >> # The entries below are used to detect CCID devices and run a script >> # >> # USB_MATCH_VENDOR 0x0001 >> # USB_MATCH_PRODUCT 0x0002 >> # USB_MATCH_DEV_LO 0x0004 >> # USB_MATCH_DEV_HI 0x0008 >> # USB_MATCH_DEV_CLASS 0x0010 >> # USB_MATCH_DEV_SUBCLASS 0x0020 >> # USB_MATCH_DEV_PROTOCOL 0x0040 >> # USB_MATCH_INT_CLASS 0x0080 >> # USB_MATCH_INT_SUBCLASS 0x0100 >> # USB_MATCH_INT_PROTOCOL 0x0200 >> # >> # script match_flags idVendor idProduct bcdDevice_lo bcdDevice_hi >> # bDeviceClass bDeviceSubClass bDeviceProtocol >> # bInterfaceClass bInterfaceSubClass bInterfaceProtocol driver_info >> # >> # flags V P Bl Bh Clas Sub Prot Clas Sub Prot Info >> gnupg-ccid 0x0080 0x0 0x0 0x0 0x0 0x00 0x00 0x00 0x0B 0x00 0x00 0x00000000 >> # SPR532 is CCID but without the proper CCID class >> gnupg-ccid 0x0003 0x04e6 0xe003 0x0 0x0 0x00 0x00 0x00 0x0B 0x00 0x00 0x00000000 >> >> >> ______________________________________________________________________ >> $ ls -l /etc/hotplug/usb/gnupg* >> -rwxr-xr-x 1 root root 724 Sep 22 2004 /etc/hotplug/usb/gnupg-ccid >> -rw-r--r-- 1 root root 865 Mar 16 16:08 /etc/hotplug/usb/gnupg-ccid.usermap >> >> Remember to chmod +x gnupg-ccid. I use the group wk instead of scard, >> so you need to change that. >> >> Does this help? >> > > Yep > > Finally it worked, many thanks! > > I copied your gnupg-ccid.usermap in /etc/hotplug/usb . > > My reader is HUSBSCR by Hamlet: > http://www.hamletcom.com/ProductDetails.aspx?sid=35b7b4c44d114e50969195359871a380&ProductId=3437 > Thay declare it is win comp but two months ago, when I bought it, there > was a penguin logo, too. > > Now, I'll move my key from $HOME/.gnupg to the card and I'll tell to > Evolution to read there the key to sign my e-mails. > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From michael at vorlon.ping.de Wed May 17 15:45:29 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Wed May 17 15:44:43 2006 Subject: smart card + gpg only root In-Reply-To: <446ABA2F.4050703@natzo.com> References: <1121770936.2814.16.camel@lello.munet.org> <87sly9q2dg.fsf@wheatstone.g10code.de> <1121857979.2816.11.camel@lello.munet.org> <87pstdocja.fsf@wheatstone.g10code.de> <1121869623.2816.48.camel@lello.munet.org> <877jflo7c4.fsf@wheatstone.g10code.de> <1121874588.2816.85.camel@lello.munet.org> <446ABA2F.4050703@natzo.com> Message-ID: <20060517134529.GA2358@vorlon.ping.de> On 2006-05-17 07:52:47 +0200, Dany wrote: > Hello, Hello, > I'm trying to get regular users to use smart card readers under Ubuntu > (dapper). As far as I know Ubuntu uses udev rather than hotplug so I > followed the instructions found at : > http://www.fsfe.org/en/card/howto/card_reader_howto_udev I'm successfully using my smart card reader (a SPR 532) under Ubuntu dapper as a user. I've created the group "scard" and added my user to it (don't forget to re-login). Then I created a udev rules file suitable for the udev version in dapper: ,----[ gnupg-ccid.rules ]- | # udev rules for card reader | | SUBSYSTEM!="usb_device", GOTO="gnupg-ccid_rules_end" | | SYSFS{idVendor}=="04e6", SYSFS{idProduct}=="e003", GROUP="scard", MODE="0660" | | LABEL="gnupg-ccid_rules_end" `---- You have to change the idVendor and idProduct as suited for your card reader. It is placed in /etc/udev/rules.d. To test if it works restart udevd. Michael From michael at vorlon.ping.de Wed May 17 16:07:30 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Wed May 17 16:09:04 2006 Subject: Problems decrypting a mail with my openpgp card Message-ID: <20060517140730.GB2358@vorlon.ping.de> Hello, I've received an encrypted mail which I now have problems to decrypt it with my key on a openpgp card. The mail was encrypted for two recipients but I assume this has nothing to do with my problem. The output is (stripped the output about the second recipient): ,---- | $ gpg --use-agent --verbose --decrypt test-mail | gpg: armor header: Version: PGPfreeware 6.5.3 for non-commercial use | gpg: public key is 0DCB0431 | gpg: public key is 02CC2588 | gpg: using subkey 02CC2588 instead of primary key 968BD587 | gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.18 | gpg: using subkey 02CC2588 instead of primary key 968BD587 | gpg: encrypted with 1024-bit RSA key, ID 02CC2588, created 2006-03-13 | "Michael Bienia " | gpg: public key decryption failed: general error `---- Doit the same without gnupg-agent (again without the output for the second recipient): ,---- | $ gpg --no-use-agent --verbose --decrypt test-mail | gpg: armor header: Version: PGPfreeware 6.5.3 for non-commercial use | gpg: public key is 0DCB0431 | gpg: public key is 02CC2588 | gpg: using subkey 02CC2588 instead of primary key 968BD587 | gpg: detected reader `SCM SPR 532 00 00' | gpg: reader slot 0: active protocol: T1 | gpg: slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 | gpg: AID: D2 76 00 01 24 01 01 01 00 01 00 00 08 55 00 00 | gpg: using subkey 02CC2588 instead of primary key 968BD587 | gpg: encrypted with 1024-bit RSA key, ID 02CC2588, created 2006-03-13 | "Michael Bienia " | gpg: public key decryption failed: wrong secret key used `---- gpg --card-status lists the subkey 02CC2588 as my authentication key. I created the keys in the order recommended by the subkey_howto on www.fsfe.org: auth, sign, encrypt. How get I this mail decrypted? Thanks, Michael From dshaw at jabberwocky.com Wed May 17 16:46:32 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed May 17 16:45:43 2006 Subject: Problems decrypting a mail with my openpgp card In-Reply-To: <20060517140730.GB2358@vorlon.ping.de> References: <20060517140730.GB2358@vorlon.ping.de> Message-ID: <20060517144632.GA3498@jabberwocky.com> On Wed, May 17, 2006 at 04:07:30PM +0200, Michael Bienia wrote: > gpg --card-status lists the subkey 02CC2588 as my authentication key. I > created the keys in the order recommended by the subkey_howto on > www.fsfe.org: auth, sign, encrypt. > > How get I this mail decrypted? You basically can't, unless you have a copy of your authentication key outside of the smartcard in which case you can modify it into an encryption key and decrypt. This is a bug in PGP, where it will encrypt to keys that are not marked for encryption. It was fixed recently (in 8.something, if I recall), but as you have seen, there are many old copies of PGP out there. David From zvrba at globalnet.hr Wed May 17 19:48:36 2006 From: zvrba at globalnet.hr (zvrba@globalnet.hr) Date: Wed May 17 19:55:58 2006 Subject: Problems decrypting a mail with my openpgp card In-Reply-To: <20060517144632.GA3498@jabberwocky.com> References: <20060517140730.GB2358@vorlon.ping.de> <20060517144632.GA3498@jabberwocky.com> Message-ID: <20060517174836.GD5509@zax.ifi.uio.no> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Wed, May 17, 2006 at 10:46:32AM -0400, David Shaw wrote: > > You basically can't, unless you have a copy of your authentication key > Why not? Authentication is the same as encryption with private key which amounts to decryption of the original content ;) (modulo padding.) I think that it should be possible to hack some program which would use authentication key with given prefabricated blob of data, in effect decrypting what is needed... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEa2HzFtofFpCIfhMRA0auAJ0VO0PeAIj5Zjp+4MMcnRy2QTdigwCff7p3 tiYLLJnZON+MH7U5xylp7Z8= =Pnf+ -----END PGP SIGNATURE----- From dany_list at natzo.com Wed May 17 22:00:53 2006 From: dany_list at natzo.com (Dany) Date: Wed May 17 22:00:27 2006 Subject: smart card + gpg only root In-Reply-To: <20060517134529.GA2358@vorlon.ping.de> References: <1121770936.2814.16.camel@lello.munet.org> <87sly9q2dg.fsf@wheatstone.g10code.de> <1121857979.2816.11.camel@lello.munet.org> <87pstdocja.fsf@wheatstone.g10code.de> <1121869623.2816.48.camel@lello.munet.org> <877jflo7c4.fsf@wheatstone.g10code.de> <1121874588.2816.85.camel@lello.munet.org> <446ABA2F.4050703@natzo.com> <20060517134529.GA2358@vorlon.ping.de> Message-ID: <446B80F5.5030508@natzo.com> Many many thanks. It worked. I'll try to get the how-to found on fsfe.org fixe. Dany Michael Bienia wrote: > On 2006-05-17 07:52:47 +0200, Dany wrote: > >> Hello, >> > Hello, > > >> I'm trying to get regular users to use smart card readers under Ubuntu >> (dapper). As far as I know Ubuntu uses udev rather than hotplug so I >> followed the instructions found at : >> http://www.fsfe.org/en/card/howto/card_reader_howto_udev >> > > I'm successfully using my smart card reader (a SPR 532) under Ubuntu > dapper as a user. > > I've created the group "scard" and added my user to it (don't forget to > re-login). Then I created a udev rules file suitable for the udev > version in dapper: > ,----[ gnupg-ccid.rules ]- > | # udev rules for card reader > | > | SUBSYSTEM!="usb_device", GOTO="gnupg-ccid_rules_end" > | > | SYSFS{idVendor}=="04e6", SYSFS{idProduct}=="e003", GROUP="scard", MODE="0660" > | > | LABEL="gnupg-ccid_rules_end" > `---- > You have to change the idVendor and idProduct as suited for your card > reader. It is placed in /etc/udev/rules.d. To test if it works restart > udevd. > > Michael > From wk at gnupg.org Thu May 18 09:27:10 2006 From: wk at gnupg.org (Werner Koch) Date: Thu May 18 09:31:29 2006 Subject: Problems decrypting a mail with my openpgp card In-Reply-To: <20060517174836.GD5509@zax.ifi.uio.no> (zvrba@globalnet.hr's message of "Wed, 17 May 2006 19:48:36 +0200") References: <20060517140730.GB2358@vorlon.ping.de> <20060517144632.GA3498@jabberwocky.com> <20060517174836.GD5509@zax.ifi.uio.no> Message-ID: <87odxvdc8h.fsf@wheatstone.g10code.de> zvrba@globalnet.hr writes: > Why not? Authentication is the same as encryption with private key which > amounts to decryption of the original content ;) (modulo padding.) I think > that it should be possible to hack some program which would use I can't remember whether the card checks for correct padding in internal_authenticate. If it does not, you may indeed use it to decrypt a message. Salam-Shalom, Werner From george.danezis at esat.kuleuven.be Tue May 16 18:37:02 2006 From: george.danezis at esat.kuleuven.be (George Danezis) Date: Thu May 18 13:21:15 2006 Subject: PET 2006: Call for Participation Message-ID: <4469FFAE.30709@esat.kuleuven.be> Call for Participation 6th Workshop on Privacy Enhancing Technologies (PET 2006) Robinson College, Cambridge, United Kingdom June 28 - June 30, 2006 http://petworkshop.org/2006/ Special Events: * Keynote speaker: Susan Landau, Sun Microsystems Laboratories on "The Missing Link", (Abstract at the end of the email.) * PET Award 2006 ceremony and reception at Microsoft Research, http://petworkshop.org/2006/award.html Co-located with: * The Fifth Workshop on the Economics of Information Security (WEIS 2006), 26-28 June, http://weis2006.econinfosec.org/ * IAVoSS Workshop On Trustworthy Elections (WOTE 2006) 29-30 June, http://www.win.tue.nl/~berry/wote2006/ Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior, and restricting the ability to publish or retrieve documents. Approaches to not only protecting individuals and groups, but also companies and governments, from such profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 6th workshop addresses the design and realization of such privacy and anti-censorship services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Early registration by May 12 at: http://petworkshop.org/2006/petRegister.html Further local information on accommodation and travel is available on the PET workshop website (book accommodation early!): http://petworkshop.org/2006/petTravel.html Program Chairs: * Philippe Golle, PARC (Philippe.Golle at parc com) * George Danezis, K.U.Leuven (George.Danezis at esat kuleuven be) General Chair: * Richard Clayton, University of Cambridge (Richard.Clayton at cl cam ac uk) Research Program: (also at http://petworkshop.org/2006/program.html) Privacy and the real world * One Big File Is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique Simson Garfinkel and David Malan * Protecting Privacy with the MPEG-21 IPMP Framework Nicholas Paul Sheppard and Reihaneh Safavi-Naini * Privacy for Public Transportation Thomas S. Heydt-Benjamin, Hee-Jin Chae, Benessa Defend, and Kevin Fu * Privacy Rights Management - Taming Cellphone Cameras Mina Deng, Lothar Fritsch and Klaus Kursawe * Ignoring the Great Firewall of China Richard Clayton, Steven J. Murdoch and Robert N. M. Watson * I Know What You Did Last Summer: Self-Awareness, Imagined Communities,and Information Sharing in an Online Social Network Alessandro Acquisti and Ralph Gross Privacy policies * Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks Mansour Alsaleh and Carlisle Adams * Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management Anna C. Squicciarini, Abhilasha Bhargav-Spantzel, Alexei Czeskis and Elisa Bertino * Privacy Injector - Automated Privacy Enforcement through Aspects Chris Vanden Berghe and Matthias Schunter * A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises Marco Casassa Mont and Robert Thyne Anonymous communications * Improving Sender Anonymity in a Structured Overlay with Imprecise Routing Giuseppe Ciaccio * Selectively Traceable Anonymity Luis von Ahn, Andrew Bortz, Nicholas Hopper and Kevin O'Neill * Valet Services: Improving Hidden Servers with a Personal Touch Lasse ?verlier and Paul Syverson * Blending different latency traffic with alpha-mixing Roger Dingledine, Andrei Serjantov and Paul Syverson Attacks: Traffic and Location analysis * Breaking the Collusion Detection Mechanism of MorphMix Parisa Tabriz and Nikita Borisov * Linking Anonymous Transactions: The Consistent View Attack Andreas Pashalidis and Bernd Meyer * Preserving User Location Privacy in Mobile Data Management Infrastructures Reynold Cheng, Yu Zhang, Elisa Bertino and Sunil Prabhakar * Location Access Effects on Trail Re-identification Bradley Malin and Edoardo Airoldi Private muti-party computation, authentication, and cryptography * Private Resource Pairing Joseph A. Calandrino and Alfred C. Weaver * On the Security of the Tor Authentication Protocol Ian Goldberg * Honest-Verifier Private Disjointness Testing without Random Oracles Susan Hohenberger and Stephen A. Weis * A Flexible Framework for Secret Handshakes Gene Tsudik and Shouhuai Xu * Optimal Key-Trees for Tree-Based Private Authentication Levente Buttyan, Tamas Holczer and Istvan Vajda * Simple and Flexible Private Revocation Checking John Solis and Gene Tsudik Keynote speaker: The Missing Link Susan Landau In recent decades, we have seen significant progress in the development of tools to protect privacy. We have similarly seen various policy developments, e.g., the 1980 OECD Guidelines on Privacy Protection and 1997 application to the Internet. But Between the conception And the creation Between the emotion And the response Falls the Shadow. (T.S. Eliot, "The Hollow Men.") One shadow is that while privacy policies abound, when data is collected, there are few or no rules governing its security (which is a crucial requirement for data privacy). A current instance of this concerns the recent requirement for data retention by the European Union. This talk discusses what is needed to get to: Between the conception And the creation Between the emotion And the response Falls the Action. Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm From jas at extundo.com Thu May 18 14:32:24 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu May 18 14:31:35 2006 Subject: auto-key-locate In-Reply-To: <87lkum26xw.fsf__30672.1998415471$1144067936$gmane$org@wheatstone.g10code.de> (Werner Koch's message of "Mon, 03 Apr 2006 14:13:15 +0200") References: <87lkum26xw.fsf__30672.1998415471$1144067936$gmane$org@wheatstone.g10code.de> Message-ID: <87r72rh5t3.fsf@latte.josefsson.org> Werner Koch writes: > * New auto-key-locate option that takes an ordered list of methods > to locate a key if it is not available at encryption time (-r or > --recipient). Possible methods include "cert" (use DNS CERT as > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP > server for the domain in question), "keyserver" (use the > currently defined keyserver), as well as arbitrary keyserver > URIs that will be contacted for the key. I'm having trouble getting hkp keyservers to work with auto-key-locate. gpg do appear to retrieve the key successfully, but then it complains that it can't use it. Ideas? ~/.gnupg/gpg.conf contains: auto-key-locate x-hkp://subkeys.pgp.net jas@latte:~/src/gnupg$ gpg -a -e -r dshaw@jabberwocky.com gpg: searching for names from hkp server subkeys.pgp.net gpg: key 99242560: public key "David M. Shaw " imported gpg: key 3CB3B415: public key "David M. Shaw " imported gpg: key D46DCCC5: "David M. Shaw (High Security) " not changed gpg: key DFF20E79: public key "David M. Shaw " imported gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model gpg: depth: 0 valid: 4 signed: 21 trust: 0-, 0q, 0n, 0m, 0f, 4u gpg: depth: 1 valid: 21 signed: 43 trust: 1-, 0q, 0n, 1m, 19f, 0u gpg: depth: 2 valid: 29 signed: 223 trust: 24-, 0q, 0n, 0m, 5f, 0u gpg: depth: 3 valid: 24 signed: 158 trust: 24-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2006-07-10 gpg: Total number processed: 4 gpg: imported: 3 (RSA: 3) gpg: unchanged: 1 gpg: automatically retrieved `dshaw@jabberwocky.com' via x-hkp://subkeys.pgp.net gpg: dshaw@jabberwocky.com: skipped: unusable public key gpg: [stdin]: encryption failed: unusable public key jas@latte:~/src/gnupg$ gpg -a -e -r dshaw@jabberwocky.com gpg: 1643B926: There is no assurance this key belongs to the named user pub 2048g/1643B926 2002-01-28 David M. Shaw Primary key fingerprint: 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 Subkey fingerprint: F0EC 51D9 2ED0 C183 8977 DDD0 AE28 27D1 1643 B926 It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) Btw, DNS CERT retrieval work fine, see: foo@latte:~$ gpg -a -e -r simon@josefsson.org gpg: key B565716F: public key "Simon Josefsson " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: no ultimately trusted keys found gpg: automatically retrieved `simon@josefsson.org' via DNS CERT gpg: A14C401A: There is no assurance this key belongs to the named user pub 1024R/A14C401A 2006-03-18 Simon Josefsson Primary key fingerprint: 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F Subkey fingerprint: 9FB3 8B75 7032 6114 34B5 649E C0C3 8BF5 A14C 401A It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) Thanks, Simon From alphasigmax at gmail.com Thu May 18 15:38:32 2006 From: alphasigmax at gmail.com (Alphax) Date: Thu May 18 15:40:05 2006 Subject: auto-key-locate In-Reply-To: <87r72rh5t3.fsf@latte.josefsson.org> References: <87lkum26xw.fsf__30672.1998415471$1144067936$gmane$org@wheatstone.g10code.de> <87r72rh5t3.fsf@latte.josefsson.org> Message-ID: <446C78D8.7030105@gmail.com> Simon Josefsson wrote: > Werner Koch writes: > >> * New auto-key-locate option that takes an ordered list of methods >> to locate a key if it is not available at encryption time (-r or >> --recipient). Possible methods include "cert" (use DNS CERT as >> per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP >> server for the domain in question), "keyserver" (use the >> currently defined keyserver), as well as arbitrary keyserver >> URIs that will be contacted for the key. > > I'm having trouble getting hkp keyservers to work with > auto-key-locate. gpg do appear to retrieve the key successfully, but > then it complains that it can't use it. Ideas? > > ~/.gnupg/gpg.conf contains: > > auto-key-locate x-hkp://subkeys.pgp.net > > jas@latte:~/src/gnupg$ gpg -a -e -r dshaw@jabberwocky.com > gpg: searching for names from hkp server subkeys.pgp.net > gpg: key 99242560: public key "David M. Shaw " imported > gpg: key 3CB3B415: public key "David M. Shaw " imported > gpg: key D46DCCC5: "David M. Shaw (High Security) " not changed > gpg: key DFF20E79: public key "David M. Shaw " imported > gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model > gpg: depth: 0 valid: 4 signed: 21 trust: 0-, 0q, 0n, 0m, 0f, 4u > gpg: depth: 1 valid: 21 signed: 43 trust: 1-, 0q, 0n, 1m, 19f, 0u > gpg: depth: 2 valid: 29 signed: 223 trust: 24-, 0q, 0n, 0m, 5f, 0u > gpg: depth: 3 valid: 24 signed: 158 trust: 24-, 0q, 0n, 0m, 0f, 0u > gpg: next trustdb check due at 2006-07-10 > gpg: Total number processed: 4 > gpg: imported: 3 (RSA: 3) > gpg: unchanged: 1 > gpg: automatically retrieved `dshaw@jabberwocky.com' via x-hkp://subkeys.pgp.net > gpg: dshaw@jabberwocky.com: skipped: unusable public key > gpg: [stdin]: encryption failed: unusable public key > jas@latte:~/src/gnupg$ gpg -a -e -r dshaw@jabberwocky.com > gpg: 1643B926: There is no assurance this key belongs to the named user > > pub 2048g/1643B926 2002-01-28 David M. Shaw > Primary key fingerprint: 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 > Subkey fingerprint: F0EC 51D9 2ED0 C183 8977 DDD0 AE28 27D1 1643 B926 > > It is NOT certain that the key belongs to the person named > in the user ID. If you *really* know what you are doing, > you may answer the next question with yes. > > Use this key anyway? (y/N) > Have you tried it with trust-model always in your gpg.conf? The key you're trying to encyrpt to probably isn't within your trust path. > Btw, DNS CERT retrieval work fine, see: > Oh yes, congrats on RFC 4398. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060518/dadd5bcc/signature.pgp From jas at extundo.com Thu May 18 16:10:03 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu May 18 16:09:08 2006 Subject: auto-key-locate In-Reply-To: <446C78D8.7030105@gmail.com> (Alphax's message of "Thu, 18 May 2006 23:08:32 +0930") References: <87lkum26xw.fsf__30672.1998415471$1144067936$gmane$org@wheatstone.g10code.de> <87r72rh5t3.fsf@latte.josefsson.org> <446C78D8.7030105@gmail.com> Message-ID: <87odxvfmpw.fsf@latte.josefsson.org> Alphax writes: >> gpg: dshaw@jabberwocky.com: skipped: unusable public key >> gpg: [stdin]: encryption failed: unusable public key >> jas@latte:~/src/gnupg$ gpg -a -e -r dshaw@jabberwocky.com >> gpg: 1643B926: There is no assurance this key belongs to the named user >> >> pub 2048g/1643B926 2002-01-28 David M. Shaw >> Primary key fingerprint: 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 >> Subkey fingerprint: F0EC 51D9 2ED0 C183 8977 DDD0 AE28 27D1 1643 B926 >> >> It is NOT certain that the key belongs to the person named >> in the user ID. If you *really* know what you are doing, >> you may answer the next question with yes. >> >> Use this key anyway? (y/N) >> > > Have you tried it with > > trust-model always > > in your gpg.conf? The key you're trying to encyrpt to probably isn't > within your trust path. No, that only removes the question on the second invocation of gpg. It doesn't make the first one succeed. The key appear to be found and imported successfully, but gpg doesn't seem to be able to use it immediately. >> Btw, DNS CERT retrieval work fine, see: > > Oh yes, congrats on RFC 4398. Thanks! From ama at inmedias.it Thu May 18 16:00:01 2006 From: ama at inmedias.it (Andreas Martin) Date: Thu May 18 16:26:00 2006 Subject: Fedora Core 5 and SCR335 Message-ID: <446C7DE1.2040106@inmedias.it> Hi all. I have some trouble to set up my cardreader (SCM SCR335, USB) properly under Fedora Cor 5 (with udev). The cardreader itself and the OpenPGP-card work fine on my notebook (Debian Sarge, with hotplug), so it is not a hardware problem. Furthermore, i can use the cardreader with the gnupg ccid-driver as user "root", but not as user "andi" (member of the group "scard"). In my opinion, the permissions in /proc/bus/usb/001/005 (or wherever the cardreader comes up) are set correctly: # ls -l /proc/bus/usb/001 -rw-rw---- 1 root scard 111 18. Mai 13:32 005 As user "andi" i get the following result: # gpg --card-status --debug-ccid-driver gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:X:0) gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0416 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 1 5.0V gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4000 gpg: DBG: ccid-driver: dwMaxiumumClock 12000 gpg: DBG: ccid-driver: bNumClockSupported 0 gpg: DBG: ccid-driver: dwDataRate 9600 bps gpg: DBG: ccid-driver: dwMaxDataRate 115200 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 0 gpg: DBG: ccid-driver: dwMaxIFSD 252 gpg: DBG: ccid-driver: dwSyncProtocols 00000000 gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000100BA gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto voltage selection gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: TPDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 263 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: enabling workaround for buggy SCM readers gpg: DBG: ccid-driver: usb_claim_interface failed: -1 gpg: apdu_open_reader: failed to open driver `libpcsclite.so': libpcsclite.so: Kann die Shared-Object-Datei nicht ?ffnen: Datei oder Verzeichnis nicht gefunden gpg: card reader not available gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler As user "root" i get: # gpg --card-status --debug-ccid-driver gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:5040506C:0) gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0416 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 1 5.0V gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4000 gpg: DBG: ccid-driver: dwMaxiumumClock 12000 gpg: DBG: ccid-driver: bNumClockSupported 0 gpg: DBG: ccid-driver: dwDataRate 9600 bps gpg: DBG: ccid-driver: dwMaxDataRate 115200 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 0 gpg: DBG: ccid-driver: dwMaxIFSD 252 gpg: DBG: ccid-driver: dwSyncProtocols 00000000 gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000100BA gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto voltage selection gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: TPDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 263 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: enabling workaround for buggy SCM readers gpg: DBG: ccid-driver: usb_bulk_read error: Die Ressource ist zur Zeit nicht verf?gbar gpg: DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT gpg: DBG: ccid-driver: usb_bulk_read error: Die Ressource ist zur Zeit nicht verf?gbar gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN gpg: DBG: ccid-driver: usb_bulk_read error: Die Ressource ist zur Zeit nicht verf?gbar gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 gpg: DBG: ccid-driver: sending 61 07 00 00 00 00 05 01 00 00 01 10 00 41 00 FE 00 [...] So I think it is a permission issue, but I can't figure out where to fix it. Does anyone have any idea? Any comments are appreciated! Thanks Andreas From ama at inmedias.it Thu May 18 14:28:35 2006 From: ama at inmedias.it (Andreas Martin) Date: Thu May 18 16:26:09 2006 Subject: Fedora Core 5 and SCR335 Message-ID: <446C6873.9060005@inmedias.it> Hi all. I have some trouble to set up my cardreader (SCM SCR335, USB) properly under Fedora Cor 5 (with udev). The cardreader itself an the OpenPGP-card work fine on my notebook (Debian Sarge, with hotplug), so it is not a hardware problem. Furthermore, i can use the cardreader with the gnupg ccid-driver as user "root", but not as user "andi" (member of the group "scard"). In my opinion, the permissions in /proc/bus/usb/001/005 (or wherever the cardreader comes up) are set correctly: # ls -l /proc/bus/usb/001 -rw-rw---- 1 root scard 111 18. Mai 13:32 005 As user "andi" i get the following result: # gpg --card-status --debug-ccid-driver gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:X:0) gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0416 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 1 5.0V gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4000 gpg: DBG: ccid-driver: dwMaxiumumClock 12000 gpg: DBG: ccid-driver: bNumClockSupported 0 gpg: DBG: ccid-driver: dwDataRate 9600 bps gpg: DBG: ccid-driver: dwMaxDataRate 115200 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 0 gpg: DBG: ccid-driver: dwMaxIFSD 252 gpg: DBG: ccid-driver: dwSyncProtocols 00000000 gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000100BA gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto voltage selection gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: TPDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 263 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: enabling workaround for buggy SCM readers gpg: DBG: ccid-driver: usb_claim_interface failed: -1 gpg: apdu_open_reader: failed to open driver `libpcsclite.so': libpcsclite.so: Kann die Shared-Object-Datei nicht ?ffnen: Datei oder Verzeichnis nicht gefunden gpg: card reader not available gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler As user "root" i get: # gpg --card-status --debug-ccid-driver gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:5040506C:0) gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0416 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 1 5.0V gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4000 gpg: DBG: ccid-driver: dwMaxiumumClock 12000 gpg: DBG: ccid-driver: bNumClockSupported 0 gpg: DBG: ccid-driver: dwDataRate 9600 bps gpg: DBG: ccid-driver: dwMaxDataRate 115200 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 0 gpg: DBG: ccid-driver: dwMaxIFSD 252 gpg: DBG: ccid-driver: dwSyncProtocols 00000000 gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000100BA gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto voltage selection gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: TPDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 263 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: enabling workaround for buggy SCM readers gpg: DBG: ccid-driver: usb_bulk_read error: Die Ressource ist zur Zeit nicht verf?gbar gpg: DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT gpg: DBG: ccid-driver: usb_bulk_read error: Die Ressource ist zur Zeit nicht verf?gbar gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN gpg: DBG: ccid-driver: usb_bulk_read error: Die Ressource ist zur Zeit nicht verf?gbar gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 gpg: DBG: ccid-driver: sending 61 07 00 00 00 00 05 01 00 00 01 10 00 41 00 FE 00 [...] So I think it is a permission issue, but I can't figure out where. Does anyone have any idea? Any comments are appreciated! Thanks Andreas From zvrba at globalnet.hr Thu May 18 17:12:17 2006 From: zvrba at globalnet.hr (zvrba@globalnet.hr) Date: Thu May 18 17:12:10 2006 Subject: Problems decrypting a mail with my openpgp card In-Reply-To: <87odxvdc8h.fsf@wheatstone.g10code.de> References: <20060517140730.GB2358@vorlon.ping.de> <20060517144632.GA3498@jabberwocky.com> <20060517174836.GD5509@zax.ifi.uio.no> <87odxvdc8h.fsf@wheatstone.g10code.de> Message-ID: <20060518151217.GA5509@zax.ifi.uio.no> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Thu, May 18, 2006 at 09:27:10AM +0200, Werner Koch wrote: > > I can't remember whether the card checks for correct padding in > internal_authenticate. If it does not, you may indeed use it to > decrypt a message. > ok, i've just checked the v1.1 spec for internal authenticate. it says that: "the input data shall be a DSI compliant to PKCS#1. the card does an internally padding and calculates a signature with the corresponding secret key for authentication". The List of abbreviations does not mention "DSI", neither is it mentioned in PKCS#1v2. Interpretation, please? :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEbI7RUIHQih3H6ZQRA/pZAJ0VjCFWPXot9WYBRp18OlHzyJXb4ACePeQF sQz5QWtmvhVEdAoOA91em1M= =19+l -----END PGP SIGNATURE----- From wk at gnupg.org Thu May 18 19:42:55 2006 From: wk at gnupg.org (Werner Koch) Date: Thu May 18 19:46:34 2006 Subject: clearsign a variable? In-Reply-To: (Gordon McNevin's message of "Sun, 7 May 2006 12:57:20 +0100") References: Message-ID: <87u07nrzz4.fsf@wheatstone.g10code.de> "Gordon McNevin" writes: > $cmd = "echo $passphrase | $gpg --passphrase-fd 0 --no-tty -u $cmd = "(echo "$passphrase"; echo "$variable") \ | $gpg --passphrase-fd 0 --clearsign - The trick here is that the passphrase is only read up to and including the first linefeed. Then the rest is fed into gpg as regular input. BTW, it is easier and equal save to remove the passphrase from the key so that you don't need the --passphrase-fd at all. Shalom-Salam, Werner From wk at gnupg.org Thu May 18 19:49:33 2006 From: wk at gnupg.org (Werner Koch) Date: Thu May 18 19:51:24 2006 Subject: Fedora Core 5 and SCR335 In-Reply-To: <446C6873.9060005@inmedias.it> (Andreas Martin's message of "Thu, 18 May 2006 14:28:35 +0200") References: <446C6873.9060005@inmedias.it> Message-ID: <87psibrzo2.fsf@wheatstone.g10code.de> Andreas Martin writes: > # ls -l /proc/bus/usb/001 > -rw-rw---- 1 root scard 111 18. Mai 13:32 005 Check with fuser or lsof that no other process is using this file. Try something like echo XXXXXXXXX >/proc/bus/usb/0001 && hd /proc/bus/usb/0001 to see whether you can write and read at all to the device. Are you using 1.4.3? Salam-Shalom, Werner From c-blair at uiuc.edu Thu May 18 18:29:06 2006 From: c-blair at uiuc.edu (Charles Blair) Date: Thu May 18 20:26:01 2006 Subject: unable to verify gpg 1.4.3 tar file Message-ID: <809d2b5d.ba6e9b93.86c4300@expms6.cites.uiuc.edu> I have been trying to verify the source for gpg 1.4.3 using a previously installed gpg 1.4.1. Thanks for any help! When I type gpg --verify gnupg-1.4.3.tar.gz.sig I get: > Signature made Mon 03 Apr 2006 05:42:26 AM CDT > using RSA key ID 1CE0C630 > Can't check signature: public key not found I tried gpg --import samplekeys.asc and then gpg --list-keys "Koch" gives: pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31)] uid Werner Koch (gnupg sig) pub 1024D/621CC013 1998-07-07 [expired: 2002-11-01)] uid Werner Koch pub 768R/0C9857A5 1995-09-30 uid Werner Koch (mein alter key) pub 1024D/5B0358A2 1999-03-15 [expires: 2009-07-11] uid Werner Koch uid Werner Koch uid Werner Koch sub 1024D/010A57ED 2004-03-21 [expires: 2007-12-31] From shavital at mac.com Thu May 18 21:40:32 2006 From: shavital at mac.com (Charly Avital) Date: Thu May 18 21:40:03 2006 Subject: unable to verify gpg 1.4.3 tar file In-Reply-To: <809d2b5d.ba6e9b93.86c4300@expms6.cites.uiuc.edu> References: <809d2b5d.ba6e9b93.86c4300@expms6.cites.uiuc.edu> Message-ID: <446CCDB0.4020708@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Charles Blair wrote the following on 5/18/06 12:29 PM: > I have been trying to verify the source for gpg 1.4.3 > using a previously installed gpg 1.4.1. Thanks for any help! > > When I type gpg --verify gnupg-1.4.3.tar.gz.sig I get: > >> Signature made Mon 03 Apr 2006 05:42:26 AM CDT >> using RSA key ID 1CE0C630 >> Can't check signature: public key not found Which means that public key 1CE0C630 corresponding to the secret signing key is not in your public keyring. 1CE0C630 is the key you should search and download from a keyserver. I don't know which keyserver settings you have enabled in your gpg.conf. You might want to try: gpg --keyserver subkeys.pgp.net --recv-key 1CE0C630 or, instead of subkeys.pgp.net any other keyserver that you prefer. [...] Charly Using gpg-agent thanks to Benjamin Donnachie http://www.py-soft.co.uk/~benjamin/download/mac-gpg/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRGzNp83GMi2FW4PvAQhosgf+PUWKgLkhJoMa88Ug0qch+AP0FyvlP5QL MkwHiiT75rt6ARtQi8C4qNPCLggVuuxVFFT2o0vjIu7R9tf6dEC2vPAHg68/816F 9jKDHovpoIpeKSpBrawZ3mLvf/VlywovAjKI+cUB0MwCLF1YndiKNJd+giX/yMsY jmU1B7+X91GN/1KmvexR97mhhXm2LHK/3z9+fu2/XEtyyrJ/Z/2EG5yexpNNyGJk GFCyJPGQIhg0uh4FwbTtQQpmUoXPakWfp1SONIlTmST2j84oyFWQW5tVum5HGIYw U7MHjD/9EtCVcyR6OKo6q6AblSiGKEI+xRM0o52E7yxnjZbo3zfzEQ== =mnsn -----END PGP SIGNATURE----- From mk1972 at blueyonder.co.uk Thu May 18 20:14:33 2006 From: mk1972 at blueyonder.co.uk (mk1972) Date: Fri May 19 04:56:05 2006 Subject: My email Address Message-ID: <446CB989.5080201@blueyonder.co.uk> mk1972@blueyonder.co.uk From ama at inmedias.it Fri May 19 10:51:43 2006 From: ama at inmedias.it (Andreas Martin) Date: Fri May 19 10:50:52 2006 Subject: Fedora Core 5 and SCR335 In-Reply-To: <87psibrzo2.fsf@wheatstone.g10code.de> References: <446C6873.9060005@inmedias.it> <87psibrzo2.fsf@wheatstone.g10code.de> Message-ID: <446D871F.2030307@inmedias.it> Hi Werner. Thanks for your answer. Werner Koch schrieb: > Andreas Martin writes: > >> # ls -l /proc/bus/usb/001 >> -rw-rw---- 1 root scard 111 18. Mai 13:32 005 > > Check with fuser or lsof that no other process is using this file. fuser an lsof don't tell anything about other processes using this file. > Try something like > echo XXXXXXXXX >/proc/bus/usb/0001 && hd /proc/bus/usb/0001 > to see whether you can write and read at all to the device. Writing with echo to the device returns an error (for both, "andi" and "root"): # echo XXXXXXXX >/proc/bus/usb/002/003 bash: echo: write error: Das Argument ist ung?ltig But redirecting less works fine (for both users): # less gnupg-ccid >/proc/bus/usb/002/003 # > Are you using 1.4.3? I tried v1.4.3 that comes with Fedora Core 5 and I downloaded v1.4.3 and v1.4.2 from gnupg.org compiled an installed it (libusb and libusb-devel are installed). I even tried --enable-selinux-support with configure, enabled and disabled SElinux, but nothing happened :-( The other way round: Does anybody know, that the combination of Fedora Core 5, SCM SCR335 USB and GnuPG is working? Changing the distribution would be an alternative... Kind regards Andreas From michael at vorlon.ping.de Fri May 19 23:16:11 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Fri May 19 23:15:19 2006 Subject: Fedora Core 5 and SCR335 In-Reply-To: <446C6873.9060005@inmedias.it> References: <446C6873.9060005@inmedias.it> Message-ID: <20060519211611.GB19467@vorlon.ping.de> On 2006-05-18 14:28:35 +0200, Andreas Martin wrote: > In my opinion, the permissions in /proc/bus/usb/001/005 (or wherever the > cardreader comes up) are set correctly: > > # ls -l /proc/bus/usb/001 > -rw-rw---- 1 root scard 111 18. Mai 13:32 005 [...] > So I think it is a permission issue, but I can't figure out where. > Does anyone have any idea? I don't know if this also applies to FC5 but in Debian (and Ubuntu) libusb (recent versions) checks /dev/bus/usb before /proc/bus/usb. To get my card reader usable as an user I had to change the permissions in /dev/bus/usb. HTH, Michael From c-blair at uiuc.edu Sat May 20 04:05:51 2006 From: c-blair at uiuc.edu (Charles Blair) Date: Sat May 20 04:05:03 2006 Subject: tar file for version 1.4.3--- bad signature? Message-ID: I am unable to verify the gpg 1.4.3 tar file. Can somebody tell me what I am doing wrong? I have downloaded the files: -rw-r--r-- 4354218 Apr 26 17:54 gnupg-1.4.3.tar.gz -rw-r--r-- 158 May 1 19:13 gnupg-1.4.3.tar.gz.sig When I tried gpg --verify gnupg-1.4.3.tar.gz.sig using version 1.4.1, I got: gpg: Signature made Mon 03 Apr 2006 05:42:26 AM CDT using RSA key ID 1CE0C630 gpg: BAD signature from "Werner Koch (dist sig) " The key was downloaded from the MIT keyserver: pub 1024R/1CE0C630 2006-01-01 [expires: 2008-12-31] Key fingerprint = 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 uid Werner Koch (dist sig) From alphasigmax at gmail.com Sat May 20 05:19:05 2006 From: alphasigmax at gmail.com (Alphax) Date: Sat May 20 05:20:26 2006 Subject: tar file for version 1.4.3--- bad signature? In-Reply-To: References: Message-ID: <446E8AA9.7090406@gmail.com> Charles Blair wrote: > I am unable to verify the gpg 1.4.3 tar file. Can > somebody tell me what I am doing wrong? > > I have downloaded the files: > > -rw-r--r-- 4354218 Apr 26 17:54 gnupg-1.4.3.tar.gz > -rw-r--r-- 158 May 1 19:13 gnupg-1.4.3.tar.gz.sig > > When I tried gpg --verify gnupg-1.4.3.tar.gz.sig > using version 1.4.1, I got: > > gpg: Signature made Mon 03 Apr 2006 05:42:26 AM CDT > using RSA key ID 1CE0C630 > gpg: BAD signature from > "Werner Koch (dist sig) " > > The key was downloaded from the MIT keyserver: > > pub 1024R/1CE0C630 2006-01-01 [expires: 2008-12-31] > Key fingerprint = > 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 > uid Werner Koch (dist sig) > > Try the .bz2 version - at my end it has checksums of: MD5 = D2 37 D8 FE 1C 4A FA 37 9F 56 DB DA 0E 0B 40 E4 SHA1 = 9E96 B36E 4F4D 1E8B C502 8C99 FAC6 7448 2CBD B370 RMD160 = F6D3 2878 5F41 B74F 97D2 5305 C6FE 95AD 45BB 70A5 Of course, you should check the detached sig for that one rather than trust me on it... :) -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060520/8f9f5767/signature.pgp From ama at inmedias.it Sat May 20 16:37:47 2006 From: ama at inmedias.it (ama@inmedias.it) Date: Sat May 20 16:36:55 2006 Subject: Fedora Core 5 and SCR335 In-Reply-To: <20060519211611.GB19467@vorlon.ping.de> References: <446C6873.9060005@inmedias.it> <20060519211611.GB19467@vorlon.ping.de> Message-ID: <63263.84.142.135.170.1148135867.squirrel@mail.inmedias.it> Hi Michael. > On 2006-05-18 14:28:35 +0200, Andreas Martin wrote: >> In my opinion, the permissions in /proc/bus/usb/001/005 (or wherever the >> cardreader comes up) are set correctly: >> >> # ls -l /proc/bus/usb/001 >> -rw-rw---- 1 root scard 111 18. Mai 13:32 005 > > [...] >> So I think it is a permission issue, but I can't figure out where. >> Does anyone have any idea? > > I don't know if this also applies to FC5 but in Debian (and Ubuntu) > libusb (recent versions) checks /dev/bus/usb before /proc/bus/usb. To > get my card reader usable as an user I had to change the permissions in > /dev/bus/usb. You hit the mark! When I change the permissions in /dev/bus/usb/001/005, GnuPG works fine with my cardreader - even as normal user. Do you have incidentally gnupg-ccid.rules and/or gnupg-ccid scripts which do the job? The ones I have change the permissions in /proc/bus/usb Thanks a lot for your tip (I googled some days and found nothing appropriate). Andreas From michael at vorlon.ping.de Sat May 20 21:09:58 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Sat May 20 21:09:14 2006 Subject: Fedora Core 5 and SCR335 In-Reply-To: <63263.84.142.135.170.1148135867.squirrel@mail.inmedias.it> References: <446C6873.9060005@inmedias.it> <20060519211611.GB19467@vorlon.ping.de> <63263.84.142.135.170.1148135867.squirrel@mail.inmedias.it> Message-ID: <20060520190958.GA7257@vorlon.ping.de> On 2006-05-20 16:37:47 +0200, ama@inmedias.it wrote: > Hi Michael. Hi Andreas, > You hit the mark! When I change the permissions in /dev/bus/usb/001/005, > GnuPG works fine with my cardreader - even as normal user. > > Do you have incidentally gnupg-ccid.rules and/or gnupg-ccid scripts which > do the job? The ones I have change the permissions in /proc/bus/usb Here is my rules file for udev (version 079): ,----[ gnupg-ccid.rules ]- | # udev rules for card reader | | SUBSYSTEM!="usb_device", GOTO="gnupg-ccid_rules_end" | | SYSFS{idVendor}=="04e6", SYSFS{idProduct}=="e003", GROUP="scard", MODE="0660" | | LABEL="gnupg-ccid_rules_end" `---- It is placed in /etc/udev/rules.d and don't forget to replace idVendor and idProduct with the values for your card reader. Michael From jharris at widomaker.com Mon May 22 00:55:07 2006 From: jharris at widomaker.com (Jason Harris) Date: Mon May 22 00:54:43 2006 Subject: new (2006-05-14) keyanalyze results (+sigcheck) Message-ID: <20060521225506.GA2426@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-05-14/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 44dbf609c299d1fe2146659c6dd72de13162a423 13694148 preprocess.keys 6c2a1eb54e1eee960143cc504fc5b672184193db 8160569 othersets.txt a2b18cfaceba527e2173269fbc1dce0d0dd8a951 3336420 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html 70cbd1c5e5af5c761eef9a72ca850e01e3f7bf33 2291 keyring_stats c600753e41078d32f321110f33c3b4987f6ce59f 1310528 msd-sorted.txt.bz2 946de464f9e4058e4153edff59eb2a151a9ddfe0 26 other.txt 31ecaef58572e108ec4bbf637fe42a10afa1a64d 1766759 othersets.txt.bz2 62f7477c91d2670c64db98f5dca0ff8d21a30ead 5552581 preprocess.keys.bz2 853c061e457d61d1bf71cb3689308fe0dcd45ca9 13863 status.txt 37a50fbb8244bd44345d90abe8bef55f8ac357e1 209708 top1000table.html 2a8d8035e179ceab45aeb901c69003bd60890940 29938 top1000table.html.gz 0bf2d12670f813def17ff312799a80dfa42556b2 10789 top50table.html b560f460ec3350b76234b5b8267ff1e008ba76b0 2544 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20060521/62589652/attachment-0001.pgp From ama at inmedias.it Mon May 22 09:31:36 2006 From: ama at inmedias.it (Andreas Martin) Date: Mon May 22 09:30:37 2006 Subject: Fedora Core 5 and SCR335 In-Reply-To: <20060520190958.GA7257@vorlon.ping.de> References: <446C6873.9060005@inmedias.it> <20060519211611.GB19467@vorlon.ping.de> <63263.84.142.135.170.1148135867.squirrel@mail.inmedias.it> <20060520190958.GA7257@vorlon.ping.de> Message-ID: <447168D8.50801@inmedias.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Michael. Michael Bienia schrieb: > On 2006-05-20 16:37:47 +0200, ama@inmedias.it wrote: >> Hi Michael. > Hi Andreas, > >> You hit the mark! When I change the permissions in /dev/bus/usb/001/005, >> GnuPG works fine with my cardreader - even as normal user. >> >> Do you have incidentally gnupg-ccid.rules and/or gnupg-ccid scripts which >> do the job? The ones I have change the permissions in /proc/bus/usb > > Here is my rules file for udev (version 079): > ,----[ gnupg-ccid.rules ]- > | # udev rules for card reader > | > | SUBSYSTEM!="usb_device", GOTO="gnupg-ccid_rules_end" > | > | SYSFS{idVendor}=="04e6", SYSFS{idProduct}=="e003", GROUP="scard", MODE="0660" > | > | LABEL="gnupg-ccid_rules_end" > `---- > It is placed in /etc/udev/rules.d and don't forget to replace idVendor > and idProduct with the values for your card reader. > I modified your script to match my SCM SCR335: ,----[ /etc/udev/rules.d/65-gnupg-ccid.rules ]- | # USB SmartCard Reader support | ## SCM SCR335 | SUBSYSTEM!="usb_device", GOTO="/etc/udev/scripts/gnupg-ccid" | SYSFS{idVendor}=="04e6", SYSFS{idProduct}=="5115", GROUP="scard", MODE="0660" | LABEL="gnupg-ccid" `---- Now it works :-) Thanks to you and Werner for your help! Kind regards, Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iQCVAwUBRHFo1Of8mJnBT5ROAQKqYAP/QedDMVqCyqHRSbxuvEDOotQUuiQh8RKh sVKPcrJX5QZYFtqlRJE7ogLFDUyWsAJNsj1MZpNCD6Gk4qcCQRKpfY3fWGB0AD9t i55d9bkvpWmmCwcnABIjT+vx4uo5E9suugxIBv2yRUnUVopJttGT4XHM27A7zOYf pBGCDxzzCL0= =eRCX -----END PGP SIGNATURE----- From mnkid90 at arvig.net Fri May 19 16:55:21 2006 From: mnkid90 at arvig.net (C. Petersen) Date: Mon May 22 10:30:46 2006 Subject: can some one help me please Message-ID: Hello, I am new to GnuPg and I have installed it on my VPS site. Now I can not find where the binaries were installed. I know that the server is a Red Hat Enterprise 3.*. I have been doing a lot of reading but I am so confused right now I don't know what to do. I do not know much about the SSH/Telnet commands and that is what's confusing me so much. What I want to do is use this for a online business (shopping cart) that will send out email orders that I can process manually. I would like to know if some one could help me with finding the binary and install path or to do a reinstall. Thank you From dnsmythe at yahoo.com Fri May 19 20:29:09 2006 From: dnsmythe at yahoo.com (Dan Smythe) Date: Mon May 22 10:30:53 2006 Subject: Cipher Question Message-ID: <20060519182909.10450.qmail@web30307.mail.mud.yahoo.com> If I use Twofish or Blowfish as my cipher of choice, what key length does the gpg use? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From kennerly at comcast.net Sat May 20 08:17:26 2006 From: kennerly at comcast.net (kennerly@comcast.net) Date: Mon May 22 10:30:59 2006 Subject: Lost passphrase Message-ID: <052020060617.5736.446EB4760005BD8200001668220702157397049D0A02020A05@comcast.net> It appears I've forgotten my passphrase. I've still got the secret key, the revocation certificate and I remember the first 5 characters of the passphrase. I know the rest is just alphanumeric upper and lowercase. Does anyone know of a perl script or some other utility that could bruteforce the rest of it? I'd rather not have to revoke this key. Thanks From svein.h at lvor.halvorsen.cc Sun May 21 12:03:15 2006 From: svein.h at lvor.halvorsen.cc (Svein Halvor Halvorsen) Date: Mon May 22 10:31:03 2006 Subject: Delete uid from keyserver Message-ID: Hi! If an uid is no longer in use, but the key itself is. Eg. I've updated the key by removing an uid, and later added a new one. What is the best practice when it comes to reflect the cahnges on the keyservers? Should I just upload my new key, merging the new uids with the old, and leave it at that? Or should I revoke the entire key, then upload the new one (which is practically the same, only with an updated uid list)? Would having lots of unused uids in your key be a problem? Svein Halvor From peter at palfrader.org Mon May 22 12:12:42 2006 From: peter at palfrader.org (Peter Palfrader) Date: Mon May 22 12:31:45 2006 Subject: Delete uid from keyserver In-Reply-To: References: Message-ID: <20060522101242.GY23559@asteria.noreply.org> On Sun, 21 May 2006, Svein Halvor Halvorsen wrote: > Hi! > > If an uid is no longer in use, but the key itself is. Eg. I've updated > the key by removing an uid, and later added a new one. What is the > best practice when it comes to reflect the cahnges on the keyservers? > > Should I just upload my new key, merging the new uids with the old, > and leave it at that? Or should I revoke the entire key, then upload > the new one (which is practically the same, only with an updated uid > list)? You can revoke uids (gpg --edit, then select the uid with its number, then revuid). This won't make them disappear from the keyservers, but it will mark the UID as no longer being a valid UID for that key in GnuPG and other OpenPGP implementations. As you might have noticed, you cannot remove uids, or anything for that matter, from keyservers. Peter -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ From peter at palfrader.org Mon May 22 12:13:35 2006 From: peter at palfrader.org (Peter Palfrader) Date: Mon May 22 12:31:49 2006 Subject: Cipher Question In-Reply-To: <20060519182909.10450.qmail@web30307.mail.mud.yahoo.com> References: <20060519182909.10450.qmail@web30307.mail.mud.yahoo.com> Message-ID: <20060522101335.GZ23559@asteria.noreply.org> On Fri, 19 May 2006, Dan Smythe wrote: > If I use Twofish or Blowfish as my cipher of choice, > what key length does the gpg use? See section 9.2 of http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-18.txt Peter -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ From ml at mareichelt.de Mon May 22 15:18:03 2006 From: ml at mareichelt.de (markus reichelt) Date: Mon May 22 15:17:13 2006 Subject: Lost passphrase In-Reply-To: <052020060617.5736.446EB4760005BD8200001668220702157397049D0A02020A05@comcast.net> References: <052020060617.5736.446EB4760005BD8200001668220702157397049D0A02020A05@comcast.net> Message-ID: <20060522131803.GA15478@dantooine> * kennerly@comcast.net wrote: > Does anyone know of a perl script or some other utility that could > bruteforce the rest of it? I'd rather not have to revoke this key. Have a look at http://www.vanheusden.com/nasty/ -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060522/7eaea9a0/attachment.pgp From dshaw at jabberwocky.com Mon May 22 18:20:58 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon May 22 18:20:14 2006 Subject: auto-key-locate In-Reply-To: <87r72rh5t3.fsf@latte.josefsson.org> References: <87lkum26xw.fsf__30672.1998415471$1144067936$gmane$org@wheatstone.g10code.de> <87r72rh5t3.fsf@latte.josefsson.org> Message-ID: <20060522162058.GA6940@jabberwocky.com> On Thu, May 18, 2006 at 02:32:24PM +0200, Simon Josefsson wrote: > Werner Koch writes: > > > * New auto-key-locate option that takes an ordered list of methods > > to locate a key if it is not available at encryption time (-r or > > --recipient). Possible methods include "cert" (use DNS CERT as > > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP > > server for the domain in question), "keyserver" (use the > > currently defined keyserver), as well as arbitrary keyserver > > URIs that will be contacted for the key. > > I'm having trouble getting hkp keyservers to work with > auto-key-locate. gpg do appear to retrieve the key successfully, but > then it complains that it can't use it. Ideas? It's not HKP keyservers, exactly. It's any keyserver that returns more than one key, when the last key that is returned is not valid. Here's a patch. David -------------- next part -------------- Index: getkey.c =================================================================== --- getkey.c (revision 4137) +++ getkey.c (working copy) @@ -934,7 +934,7 @@ for(akl=opt.auto_key_locate;akl;akl=akl->next) { - unsigned char *fpr; + unsigned char *fpr=NULL; size_t fpr_len; switch(akl->type) Index: import.c =================================================================== --- import.c (revision 4137) +++ import.c (working copy) @@ -696,9 +696,6 @@ pk = node->pkt->pkt.public_key; - if(fpr) - *fpr=fingerprint_from_pk(pk,NULL,fpr_len); - keyid_from_pk( pk, keyid ); uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); @@ -981,6 +978,17 @@ } else if(new_key) { + if(fpr && stats->imported==1) + { + xfree(*fpr); + *fpr=fingerprint_from_pk(pk,NULL,fpr_len); + } + else + { + xfree(*fpr); + *fpr=NULL; + } + revocation_present(keyblock); if(seckey_available(keyid)==0) check_prefs(keyblock); From zmuwqyh02 at sneakemail.com Mon May 22 21:30:36 2006 From: zmuwqyh02 at sneakemail.com (zmuwqyh02@sneakemail.com) Date: Mon May 22 21:30:31 2006 Subject: How to use PKA Message-ID: Can someone provide a clear example of what I need to do to allow others to use pka-lookup to verify my email address? I've tried invoking variations of what I interpret to be instructions from http://lists.gnupg.org/pipermail/gnupg-devel/2005-August/022254.html but I can't seem to get my GnuPG to use pka-lookup even though it is in my verify-options. ADVthanksANCE -- Mike Daigle http://www.mikedaigle.ca My PGP Key Send email with subject=pgpkey-request Gossamer Spider Web of Trust http://www.gswot.org From jon at jrock.us Tue May 23 14:31:42 2006 From: jon at jrock.us (Jonathan T. Rockway) Date: Tue May 23 16:26:12 2006 Subject: How to use PKA In-Reply-To: References: Message-ID: <447300AE.7010907@jrock.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Can someone provide a clear example of what I need to do to allow others > to use pka-lookup to verify my email address? My understanding of those instructions is as follows: As the administrator of "yourdomain.com", you can attest to the fact that "you@yourdomain.com" has a certain public key. To do this: Create a TXT record in "yourdomain.com" for you._pka.yourdomain.com. "you" is the part before the at sign, and "yourdomain.com" is your domain. the _pka part isn't really a host on your network, it's simply the convention that was decided upon for this. The value of that TXT record is a colon-separated list of key=value pairs, where the keys and values are: (ignore everything after #, obviously) v=pkal; # meaning that this is a pkal record fpr=; uri=; When concatenated together, you TXT record should look something like: "v=pkal\;fpr=95FF88C5277C2282973FB90AD0197853DD25E42F\;uri=http://www.jrock.us/jon.key" Which is incidentally what my PKA record looks like. I actually just set this up and haven't tested it yet, though. If it doesn't work, I'll post a correction :) > I've tried invoking variations of what I interpret to be instructions > from > http://lists.gnupg.org/pipermail/gnupg-devel/2005-August/022254.html but > I can't seem to get my GnuPG to use pka-lookup even though it is in my > verify-options. What version of gpg are you using? The instructions indicate that you need to check out the subversion ("CVS") tree. It's experimental in nature, so it hasn't trickled down to stable versions yet. I need to try a newer version today anyway, so I'll try this out and let you know what version works. Regards, Jonathan Rockway -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRHMAq9AZeFPdJeQvAQKNSgQArIaHRx1q4M0uf8VoaPFc9/rYQe/sZr9f czDgjhZO7h7Z1FRwnccpj3XeUVoMGIoDeHNc/SCgsTgrWaXN1+FKGTxZPrOLp2U5 cXIXc/XWcunFmuf0iUeVp64yd5yjmcddh+8Mf5Tko0CbeIcWhBLJ87RIrzX20HR9 i5IGrhTrPX0= =9YfM -----END PGP SIGNATURE----- From daswellons at gmail.com Wed May 24 07:09:35 2006 From: daswellons at gmail.com (Jonathan Wellons) Date: Wed May 24 08:55:59 2006 Subject: preferred compression types with multiple recipients Message-ID: <65e04d9842977e0eca1b7327af4eb0e0@gmail.com> Good day everyone, How does gpg reconcile conflicting preferred compression types? I've switched mine to bzip2 to save space, but it occurs to me that it may not be of much effect until a significant number of other people I communicate with also switch from zlib. My understanding of encrypted mail to multiple recipients is that * a session key is generated * the message is encrypted symmetrically with the session key * the session key is encrypted asymmetrically with each recipient's public key. It seems that a message is only compressed once. Thanks, Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20060523/bbdffb54/PGP.pgp From dshaw at jabberwocky.com Wed May 24 14:01:07 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed May 24 14:00:21 2006 Subject: preferred compression types with multiple recipients In-Reply-To: <65e04d9842977e0eca1b7327af4eb0e0@gmail.com> References: <65e04d9842977e0eca1b7327af4eb0e0@gmail.com> Message-ID: <20060524120107.GB17558@jabberwocky.com> On Tue, May 23, 2006 at 10:09:35PM -0700, Jonathan Wellons wrote: > Good day everyone, > > How does gpg reconcile conflicting preferred compression types? I've > switched mine to bzip2 to save space, but it occurs to me that it may > not be of much effect until a significant number of other people I > communicate with also switch from zlib. Not switch from zlib, necessarily, but at least advertise they have the ability to handle bzip2 also. > My understanding of encrypted mail to multiple recipients is that > * a session key is generated > * the message is encrypted symmetrically with the session key > * the session key is encrypted asymmetrically with each recipient's > public key. > > It seems that a message is only compressed once. That is correct. Conflicting compression algorithms are handled the same way conflicting cipher algorithms are: 1) Make a list of all compression algorithms supported by all recipients. 2) Add "uncompressed" to the list even if nobody requested it (by definition, all OpenPGP implementations can handle uncompressed data). 3) We now have a list of algorithms, any of which are usable (i.e. compatible with everyone). If --personal-compress-preferences is set, try those algorithms in order. If it isn't set, walk the list supplied by the last user. 4) If we still don't have an algorithm, use "uncompressed". The cipher selection algorithm is essentially the same if you substitute "3DES" for "uncompressed". David From zmuwqyh02 at sneakemail.com Wed May 24 20:41:22 2006 From: zmuwqyh02 at sneakemail.com (zmuwqyh02@sneakemail.com) Date: Wed May 24 20:40:19 2006 Subject: How to use PKA In-Reply-To: <447300AE.7010907__41069.0655735836$1148395300$gmane$org@jrock.us> References: <447300AE.7010907__41069.0655735836$1148395300$gmane$org@jrock.us> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 In reply to Jonathan T. Rockway's message sent 2006-05-23 08:31: > The value of that TXT record is a colon-separated list of key=value > pairs, where the keys and values are: (ignore everything after #, > obviously) That part was easy enough to understand. My entry is: $ORIGIN mikedaigle.ca. md._pka TXT "v=pka1;fpr=DBB9D34B89BBD64B9D8588B036E71C2A5A932E53;uri=http://www.mikedaigle.ca/keys/0x5A932E53.asc" > When concatenated together, you TXT record should look something like: > > "v=pkal\;fpr=95FF88C5277C2282973FB90AD0197853DD25E42F\;uri=http://www.jrock.us/jon.key" Hmmm... do I need the backslash after the first two values (and not the third)? > What version of gpg are you using? The instructions indicate that you > need to check out the subversion ("CVS") tree. It's experimental in > nature, so it hasn't trickled down to stable versions yet. I'm using 1.4.3. The PKA lookup options appear in the man page, and using them doesn't choke GnuPG (invalid options always choke GnuPG). I've included the pka-lookup verify option, yet nothing happens. I then must presume that my notation syntax is incorrect (assuming pka-lookup only 'activates' when verifying a signature containing the correct notation data). > I need to try a newer version today anyway, so I'll try this out and > let you know what version works. Please do. You can figure out my email address from my TXT RR quoted above. You can also find contact info on my website (see tag). A direct reply is welcome. - -- Mike Daigle http://www.mikedaigle.ca My PGP Key Send email with subject=pgpkey-request Gossamer Spider Web of Trust http://www.gswot.org -----BEGIN PGP SIGNATURE----- Comment: GSWoT:CA1 Gossamer Spider Web of Trust www.gswot.org iEYEAREDAAYFAkR0qNAACgkQTvHh4CsVTmL1kgCfVxvj+jfljvjC+6sH8ZEhKnZG QZYAniB1anBQL7aVFcEGWnMaVGfGOidM =sIoH -----END PGP SIGNATURE----- From tcurdt at vafer.org Thu May 25 15:42:10 2006 From: tcurdt at vafer.org (Torsten Curdt) Date: Thu May 25 17:25:55 2006 Subject: mpi larger than indicated length Message-ID: <98e4f1cd0605250642y36220003tccbea43b96e9dc1c@mail.gmail.com> Is there any chance this might have been fixed with the 1.4.3 release? http://marc.theaimsgroup.com/?l=gnupg-devel&m=114694741924376&w=2 At the moment I don't really know how to otherwise fix my keyring. Any thoughts? cheers -- Torsten From henkdebruijn at wanadoo.nl Thu May 25 19:59:30 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Thu May 25 19:58:21 2006 Subject: question about compiling gpg with cygwin Message-ID: <627864824.20060525195930@wanadoo.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Is it allowed to ask this question here or?? - -- Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.80.06 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn-4148-HdB (MingW32) iQEVAwUBRHXwehHuy+60ZN0PAQh3PAf/YEvfUtIFoXrtbxati3uGdC/ItfePB+GF qph5vKlu6isX5pUjLe6dCEOYeL1WbYT7Sovrz11YgmQ6cUgyn30PqfVSgR/Tgw13 ooAhWkWPir36LqBoA2me6dWVIFucond2ioPLeJ9Ovivi6rt81cL9jwKAXzAi4gFS EOQRC02wsWxPAct2I2N+HANyYbt/fCh5p0Xf/od0MxIe6q/92ikBsYoJ+DTYQJaw B/Dvj88ytasf/8l/ICRLqfKHTALLoClXuwrSP9DZ+/Ud9SpfUTTrLPxr9xWvfG+k zKg9XRYi/I9MqLftHIVGCaThkD15IO2R52JgtJ3lmIf8rlCQg7lGWA== =hzpZ -----END PGP SIGNATURE----- From unknown_kev_cat at hotmail.com Fri May 26 05:17:46 2006 From: unknown_kev_cat at hotmail.com (Joe Smith) Date: Fri May 26 05:17:08 2006 Subject: question about compiling gpg with cygwin References: <627864824.20060525195930@wanadoo.nl> Message-ID: "Henk M. de Bruijn" wrote in message news:627864824.20060525195930@wanadoo.nl... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Is it allowed to ask this question here or?? Don't bother to ask if you are allowed to ask, simply ask. If you are having a problem, and it is due to GPG then this is the place to ask. If the problem is really a cygwin problem, then you will be pointed to the correct list. From david.gray at turpin-distribution.com Fri May 26 13:20:13 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Fri May 26 13:17:09 2006 Subject: question about compiling gpg with cygwin Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B61175@KASHMIR.extenza-turpin.com> Hi all, Just starting a project where one of our customers will be sending encrypted data files from their windows based servers to be decrytpted on our VMS servers. They have not yet decided which product they will use for for encryption but I'm hoping to steer them down the GnuPG path as I've done a quick test and it works perfectly between those two operating systems. One question they have asked which I'm not sure of the answer is that can GnuPG handle the AES256 alogorithm? The gpg --version on my VMS system shows... $ gpg --version gpg (GnuPG) 1.2.3 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: /SYS$LOGIN/gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB AES256 is listed as a cipher but not a public key? What is the The difference? I was hoping to use asymmetric keys with me Giving the public key to the customer. As mentioned before this all Works fine but I'm not sure which alogorithm I'm using when encrypting. So after all that my question really is, how do I set the alogorithm to AES256 in windows so I can test decrypts on VMS? Thanks in advance Dave From gnupg at raphael.poss.name Fri May 26 13:32:35 2006 From: gnupg at raphael.poss.name (=?ISO-8859-15?Q?Rapha=EBl_Poss?=) Date: Fri May 26 13:31:36 2006 Subject: question about compiling gpg with cygwin In-Reply-To: <5155685DF4FC004297C9F5D769CBF51C02B61175@KASHMIR.extenza-turpin.com> References: <5155685DF4FC004297C9F5D769CBF51C02B61175@KASHMIR.extenza-turpin.com> Message-ID: <4476E753.7030002@raphael.poss.name> Hi David, David Gray schreef: [...] > > AES256 is listed as a cipher but not a public key? What is the > The difference? I was hoping to use asymmetric keys with me > Giving the public key to the customer. As mentioned before this all > Works fine but I'm not sure which alogorithm I'm using when encrypting. > Note that AES256 is a symmetric cipher. Basically, when using GnuPG to crypt data, first a symmetric key is generated to encrypt the data using the symmetric cipher (AES256) in your case, then the symmetric key is encrypted using the public key of the recipient and bundled with the message. That is, whenever you encrypt data with public keys in GnuPG you are using two algorithms: one assymetric cipher to encrypt the key of the symmetric cipher which crypts the data. Then you have to decide which asymetric cipher you want to use (DSA, RSA, ...) The option you are looking for is probably --cipher-algo, however you may be better served by the so-called "algorithm preference" list attached to the public/private key pairs you are using. Regards, -- Raphael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060526/323d8790/signature-0001.pgp From henkdebruijn at wanadoo.nl Fri May 26 13:39:35 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Fri May 26 13:38:25 2006 Subject: question about compiling gpg with cygwin In-Reply-To: References: <627864824.20060525195930@wanadoo.nl> Message-ID: <931167228.20060526133935@wanadoo.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, 25 May 2006 23:17:46 -0400GMT (26-5-2006, 5:17 +0200, where I live), Joe Smith wrote: > "Henk M. de Bruijn" wrote in message > news:627864824.20060525195930@wanadoo.nl... >> Is it allowed to ask this question here or?? > Don't bother to ask if you are allowed to ask, simply ask. > If you are having a problem, and it is due to GPG then this is the place to > ask. > If the problem is really a cygwin problem, then you will be pointed to the > correct > list. It has more to do with cygwin. And I also asked on Gnupg-devel@gnupg.org I succeeded in compiling svn4146 and svn4147 with msys. With cygwin however I get at the end op compiling prep.sh: configure: creating ./config.status config.status: creating .infig.status: error: cannot find input file: After installing cygwin I succeeded in compiling 1.4.3. but compiling cvs-builds keep on giving this errormessage. Looking for an answer... - -- Henk ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.80.06 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn-4149-HdB (MingW32) iQEVAwUBRHbo6hHuy+60ZN0PAQg0cwf/fVjhhEGwk3Vq1jOQCuhwDEcyTilPvvLe wf8lOxsy17yc/IqLhC7Z9MeRpgAWsxnLmLtLlMIaXB75ppDwWv7h4E7trYdOmVle c7/alDvYwnQ1fAihzWp19Spwyd8VWyPhgPiUyBqE+/KeNpP1WFDLUkr9MQ2e2OBl hFbmwTPwBZxvkEBeum6c3d8ob+ZGStLo/adsYgrLJTDui7CUss+KdCMVx39NloWS j8lcq0l4JoTV56SaOIgCMwAdl4BZx2dumjUaKcDLAE4XNH2b2T2YmBRQoebCvvK0 T49GmaC9DZrIG/vg+lwlf9Y8G3lpOOcVjCzGGhZF0O2CniqeXiFI5A== =77r+ -----END PGP SIGNATURE----- From vedaal at hush.com Fri May 26 17:06:59 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Fri May 26 17:06:16 2006 Subject: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted message Message-ID: <200605261506.k4QF6xKO004140@mailserver3.hushmail.com> have come across a problem with gnupg 1.4.3 having trouble decrypting a pgp2.6.3 message that was symmetrically encrypted 1.4.3 has no problems decrypting the pgp2.6.3 message when it is encrypted to a key, the problem happens only with symmetric encryption (i apologize in advance, but am using IDEA for the example below, fwiw, even newer versions of PGP also *cannot* decrypt the pgp2.6.3 symmetrically encrypted message when the cipher algo is set to anything else besides IDEA in Disastry's version, and 1.4.3 also cannot, and 'assumes' IDEA is used, and upon decryption, displays only a 32 character session key and adds a 1: if this is of any interest to anyone, will post an example done using twofish ;-) ) here is the symmetrically encrypted file using IDEA: -----BEGIN PGP MESSAGE----- Version: PGP 2.6.3ia-multi06 comment: passphrase: s pgAAAB+a+HnEKkzsF/+y00oriwbmje5J4K69h2RHG6R+mxZT =f1sN -----END PGP MESSAGE----- here is the gnupg output (using 1.4.3 in cygwin on win2k pro): $ gpg v:\123.asc gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Version: PGP 2.6.3ia-multi06 gpg: armor header: comment: passphrase: s :encrypted data packet: length: 31 gpg: assuming IDEA encrypted data Enter passphrase: gpg: [don't know]: invalid packet (ctb=10) gpg: decryption okay gpg: WARNING: message was not integrity protected gpg: session key: `1:043A718774C572BD8A25ADBEB1BFCD5C' gpg: packet(6) with unknown version 251 i don't seem to remember this problem happening with earlier versions of gnupg also, i used Disastry's version in default mode, with the pgp2.6.3 option of no compression can someone using an 'ordinary' pgp 2.6.x version, also try and confirm if this happens in gnupg, or is it only a 'Disastry version' problem, in something he might have overlooked when he was expanding the symmetric algorithms for 2.6.3 Thanks! vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From david.gray at turpin-distribution.com Fri May 26 18:20:04 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Fri May 26 18:17:45 2006 Subject: Cipher v public key. Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B6117F@KASHMIR.extenza-turpin.com> Hi all, Just starting a project where one of our customers will be sending encrypted data files from their windows based servers to be decrytpted on our VMS servers. They have not yet decided which product they will use for for encryption but I'm hoping to steer them down the GnuPG path as I've done a quick test and it works perfectly between those two operating systems. One question they have asked which I'm not sure of the answer is that can GnuPG handle the AES256 alogorithm? The gpg --version on my VMS system shows... $ gpg --version gpg (GnuPG) 1.2.3 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: /SYS$LOGIN/gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB AES256 is listed as a cipher but not a public key? What is the The difference? I was hoping to use asymmetric keys with me Giving the public key to the customer. As mentioned before this all Works fine but I'm not sure which alogorithm I'm using when encrypting. So after all that my question really is, how do I set the alogorithm to AES256 in windows so I can test decrypts on VMS? Thanks in advance Dave From dshaw at jabberwocky.com Fri May 26 18:32:04 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri May 26 18:31:08 2006 Subject: Cipher v public key. In-Reply-To: <5155685DF4FC004297C9F5D769CBF51C02B6117F@KASHMIR.extenza-turpin.com> References: <5155685DF4FC004297C9F5D769CBF51C02B6117F@KASHMIR.extenza-turpin.com> Message-ID: <20060526163204.GD19437@jabberwocky.com> On Fri, May 26, 2006 at 05:20:04PM +0100, David Gray wrote: > Hi all, > > Just starting a project where one of our customers will be sending > encrypted data files from their windows based servers to be > decrytpted on our VMS servers. > > They have not yet decided which product they will use for for encryption > but I'm hoping to steer them down the GnuPG path as I've done a quick > test and it works perfectly between those two operating systems. > > One question they have asked which I'm not sure of the answer is that can > GnuPG handle the AES256 alogorithm? The gpg --version on my VMS system > shows... > > $ gpg --version > gpg (GnuPG) 1.2.3 > Copyright (C) 2003 Free Software Foundation, Inc. > This program comes with ABSOLUTELY NO WARRANTY. > This is free software, and you are welcome to redistribute it under certain > conditions. See the file COPYING for details. > > Home: /SYS$LOGIN/gnupg > Supported algorithms: > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Hash: MD5, SHA1, RIPEMD160, SHA256 > Compression: Uncompressed, ZIP, ZLIB Yes, this can handle AES256. It's listed, so it can be handled. > AES256 is listed as a cipher but not a public key? What is the > The difference? I was hoping to use asymmetric keys with me > Giving the public key to the customer. As mentioned before this all > Works fine but I'm not sure which alogorithm I'm using when encrypting. You're using both an asymmetric key (RSA, DSA, ELG-E), and symmetric key (AES, CAST5, TWOFISH, etc) when you encrypt. > So after all that my question really is, how do I set the alogorithm > to AES256 in windows so I can test decrypts on VMS? It's possible you're already using AES256. Add a "-v" to your gpg command line when you encrypt to see which cipher it is using. David From abhalerao at apple.com Wed May 24 23:55:56 2006 From: abhalerao at apple.com (amit bhalerao) Date: Fri May 26 18:38:00 2006 Subject: Issue in Importing a PGP signature key Message-ID: Hi , Our upstream system is using a PGP to encrypt the file . We have a GPG installed on our system . However when i try to import the PGP signature key into our system , I am getting following error message. ***** tosk[etrut]:/ngs/app/etrut $ gpg --import HTST126A.pass.asc gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: no valid OpenPGP data found. gpg: Total number processed: 0 ***** Any idea why? -Amit From dshaw at jabberwocky.com Fri May 26 18:49:47 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri May 26 18:48:44 2006 Subject: Issue in Importing a PGP signature key In-Reply-To: References: Message-ID: <20060526164947.GE19437@jabberwocky.com> On Wed, May 24, 2006 at 02:55:56PM -0700, amit bhalerao wrote: > Hi , > > Our upstream system is using a PGP to encrypt the file . We have a > GPG installed on our system . However when i try to import the PGP > signature key into our system , I am getting following error message. > ***** > tosk[etrut]:/ngs/app/etrut $ gpg --import HTST126A.pass.asc > gpg: WARNING: using insecure memory! > gpg: please see http://www.gnupg.org/faq.html for more information > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > > ***** > Any idea why? "no valid OpenPGP data found" means pretty much what it says: GPG looked for a key in the file and didn't find one. If it does not reveal something that shouldn't be revealed, post here or send me the HTST126A.pass.asc file and I'll take a look at it. David From unknown_kev_cat at hotmail.com Fri May 26 21:21:50 2006 From: unknown_kev_cat at hotmail.com (Joe Smith) Date: Fri May 26 21:21:08 2006 Subject: question about compiling gpg with cygwin References: <627864824.20060525195930@wanadoo.nl> <931167228.20060526133935@wanadoo.nl> Message-ID: "Henk M. de Bruijn" wrote in message news:931167228.20060526133935@wanadoo.nl... > > On Thu, 25 May 2006 23:17:46 -0400GMT (26-5-2006, 5:17 +0200, where I > live), Joe Smith wrote: > >> "Henk M. de Bruijn" wrote in message >> news:627864824.20060525195930@wanadoo.nl... > >>> Is it allowed to ask this question here or?? > >> Don't bother to ask if you are allowed to ask, simply ask. >> If you are having a problem, and it is due to GPG then this is the place >> to >> ask. >> If the problem is really a cygwin problem, then you will be pointed to >> the >> correct >> list. > > It has more to do with cygwin. And I also asked on > Gnupg-devel@gnupg.org > > I succeeded in compiling svn4146 and svn4147 with msys. > With cygwin however I get at the end op compiling prep.sh: > > configure: creating ./config.status > config.status: creating > .infig.status: error: cannot find input file: > ".infig.status" ? That looks like a problem. Anyway, what is this prep.sh? I had no problem configuring the latest version of 1.9 on cygwin. I used "./autogen.sh && ./configure --enable-maintainer-mode" OT: libgcrypt fails to compile under cygwin because of files differing by case: "mpih-add1.S" vs. "mpih-add1.s" Please fix this. From henkdebruijn at wanadoo.nl Fri May 26 21:39:13 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Fri May 26 21:38:03 2006 Subject: question about compiling gpg with cygwin In-Reply-To: References: <627864824.20060525195930@wanadoo.nl> <931167228.20060526133935@wanadoo.nl> Message-ID: <184470867.20060526213913@wanadoo.nl> On Fri, 26 May 2006 15:21:50 -0400GMT (26-5-2006, 21:21 +0200, where I live), Joe Smith wrote: > "Henk M. de Bruijn" wrote in message > news:931167228.20060526133935@wanadoo.nl... >> I succeeded in compiling svn4146 and svn4147 with msys. >> With cygwin however I get at the end op compiling prep.sh: >> configure: creating ./config.status >> config.status: creating >> .infig.status: error: cannot find input file: > ".infig.status" ? That looks like a problem. > Anyway, what is this prep.sh? > I had no problem configuring the latest version of 1.9 on cygwin. > I used "./autogen.sh && ./configure --enable-maintainer-mode" Hi, I get exactly the same errormessage after this: configure: creating ./config.status config.status: creating .infig.status: error: cannot find input file: -- ciao, Henk ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.80.06 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust From surgpub at telkomsa.net Fri May 26 22:28:23 2006 From: surgpub at telkomsa.net (Paul Surgeon) Date: Sat May 27 00:26:05 2006 Subject: zlib inflate problem Message-ID: <200605262228.23714.surgpub@telkomsa.net> Big problem for me : paul@kubuntu: gpg bigfile.pgp gpg: fatal: zlib inflate problem: invalid block type secmem usage: 1920/3872 bytes I've seen this problem mentioned several times on the lists but never seen a working solution. I have 28GB of data sitting in GPG encrypted archives (4GB each). I can't some of the archives and I can't get hold of the original data either. I'm running gpg (GnuPG) 1.4.1 with zlib 1.2.3 on a Kubuntu Breezy system. The system that encrypted the data was running gpg (GnuPG) 1.4.1 with zlib 1.2.2 on Debian Sarge. My questions are : 1. Was the bug on the encrypting side or decrypting side? 2. Is there any way to recover the data I have sitting in the archives or did gpg/zlib screw up my data good and proper? Must I kiss the data goodbye? One slightly pissed off first time user who would like to get his data back. Paul From ml at mareichelt.de Sat May 27 02:21:56 2006 From: ml at mareichelt.de (markus reichelt) Date: Sat May 27 02:21:04 2006 Subject: zlib inflate problem In-Reply-To: <200605262228.23714.surgpub@telkomsa.net> References: <200605262228.23714.surgpub@telkomsa.net> Message-ID: <20060527002156.GA9944@dantooine> * Paul Surgeon wrote: > paul@kubuntu: gpg bigfile.pgp > gpg: fatal: zlib inflate problem: invalid block type > secmem usage: 1920/3872 bytes Have you tried redirection? gpg < bigfile.pgp > bigfile Using redirection is the correct way of handling large files regarding both de- and encryption. I haven't seen this error myself in connection with large files though. > I'm running gpg (GnuPG) 1.4.1 with zlib 1.2.3 on a Kubuntu Breezy > system. The system that encrypted the data was running gpg (GnuPG) > 1.4.1 with zlib 1.2.2 on Debian Sarge. If you can, try decrypting on the same system the data was encrypted. Looks like you switched to Kubuntu though... Maybe someone else will come up with some magic that'll help you. As a last resort, a fresh compile might help using the exact programme versions you used on the system your data was encrypted on. > One slightly pissed off first time user who would like to get his > data back. I hope you have additional backups. Always test such critical things extensively on each system affected (I know it's a pain). -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060527/0586e183/attachment.pgp From surgpub at telkomsa.net Sat May 27 11:53:36 2006 From: surgpub at telkomsa.net (Paul Surgeon) Date: Sat May 27 11:52:17 2006 Subject: zlib inflate problem In-Reply-To: <20060527002156.GA9944@dantooine> References: <200605262228.23714.surgpub@telkomsa.net> <20060527002156.GA9944@dantooine> Message-ID: <200605271153.37564.surgpub@telkomsa.net> On Saturday 27 May 2006 02:21, markus reichelt wrote: > > paul@kubuntu: gpg bigfile.pgp > > gpg: fatal: zlib inflate problem: invalid block type > > secmem usage: 1920/3872 bytes > > Have you tried redirection? > > gpg < bigfile.pgp > bigfile > > Using redirection is the correct way of handling large files > regarding both de- and encryption. Decryption works like a charm now! Thank you so much for that tip - I really didn't think that redirection would be the cure. Paul From johanw at vulcan.xs4all.nl Sat May 27 15:02:45 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sat May 27 15:00:48 2006 Subject: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted In-Reply-To: <200605261506.k4QF6xKO004140@mailserver3.hushmail.com> Message-ID: <200605271302.k4RD2jcU009435@vulcan.xs4all.nl> vedaal@hush.com wrote: >symmetrically encrypted message when the cipher algo is set to >anything else besides IDEA in Disastry's version, >and 1.4.3 also cannot, and 'assumes' IDEA is used, and upon >decryption, I'll try to test this. You'll have to explicitly state the encryption algo used since the pgp 2 file format doesn't specify it anywhere (and assumes just IDEA). >here is the symmetrically encrypted file using IDEA: I have no problems decrypting it with gpg (self compiled version on Linux). >here is the gnupg output (using 1.4.3 in cygwin on win2k pro): Perhaps the Cygwin version is the problem? I heve had problems before when I successfully compiled gpg with Cygwin (although that was some time ago, with version 1.0.7 or 1.2). >can someone using an 'ordinary' pgp 2.6.x version, also try and >confirm if this happens in gnupg, Messages symmetrically encrypted with my (also self compiled) version 2.6.3ia can be decrypted with gpg 1.4.3 without any problem. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From henkdebruijn at wanadoo.nl Sat May 27 20:27:44 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Sat May 27 20:26:40 2006 Subject: question about compiling gpg with cygwin In-Reply-To: References: <627864824.20060525195930@wanadoo.nl> <931167228.20060526133935@wanadoo.nl> Message-ID: <1534297460.20060527202744@wanadoo.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 26 May 2006 15:21:50 -0400GMT (26-5-2006, 21:21 +0200, where I live), Joe Smith wrote: >> configure: creating ./config.status >> config.status: creating >> .infig.status: error: cannot find input file: > ".infig.status" ? That looks like a problem. > Anyway, what is this prep.sh? #!/bin/sh # reset.sh brings everything back to CVS state ( bare bones ) ./reset.sh ./scripts/autogen.sh ./configure LDFLAGS='-s' --enable-maintainer-mode > I had no problem configuring the latest version of 1.9 on cygwin. > I used "./autogen.sh && ./configure --enable-maintainer-mode" - -- Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.80.06 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn-4151-HdB-MSYS (MSYS/MingW32) iQEVAwUBRHiaGRHuy+60ZN0PAQiouQf/eXKmMY6WDHuT2t6nIve78Gz6IyBKEMRH H/WJwahs7W5YWuF5VHI/fe7/rniA6rymftDBP3iCfjXQK4rRioJ+K4IbVL0HHUiV Iy9OWFpnkApn6YlJi4QLgo03jvSTaRD4789vQow4ly5g0abjl+D1DtEYeJN7Q83G 1d9JL4rNjDxEq/1WbECUHBQWNimLKURW5LNfPzK7mvI6y0DirKYVIHNaskg0gUxc vO3hntsUHxTep0pSmTcIIGEMk8u1rHZDIRBhsSajkL23R3WG4kcbPXkzLmfuXyD7 Ur8KCtBPfGMsiLEdkRKk7BiaKwgKiVUDcKHlVG+zulaYeX4rskUUKw== =iBl3 -----END PGP SIGNATURE----- From blueness at gmx.net Sat May 27 21:13:15 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Sat May 27 21:13:45 2006 Subject: question about compiling gpg with cygwin In-Reply-To: <1534297460.20060527202744@wanadoo.nl> References: <627864824.20060525195930@wanadoo.nl> <931167228.20060526133935@wanadoo.nl> <1534297460.20060527202744@wanadoo.nl> Message-ID: <492323904.20060527211315@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Was Sat, 27 May 2006, at 20:27:44 +0200, when Henk wrote: > On Fri, 26 May 2006 15:21:50 -0400GMT (26-5-2006, 21:21 +0200, where I > live), Joe Smith wrote: >>> configure: creating ./config.status >>> config.status: creating >>> .infig.status: error: cannot find input file: >> ".infig.status" ? That looks like a problem. >> Anyway, what is this prep.sh? > #!/bin/sh > # reset.sh brings everything back to CVS state ( bare bones ) > ./reset.sh > ./scripts/autogen.sh > ./configure LDFLAGS='-s' --enable-maintainer-mode This is the script for MSYS, not for Cygwin. - -- Mica PGP keys nestled at: http://blueness.port5.com/pgpkeys/ ~~~ For personal mail please use my address as it is *exactly* given in my "From|Reply To" field(s). ~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn-4136 <>o<> tiger192 (Cygwin/MingW32) iQEVAwUBRHikvLSpHvHEUtv8AQPq4AgArwyAXsb/VWLWHiLNbcEAJjF6po5XohYs bBJDzChOeboMPYvvcjGk/xqi7y/ol2zUJ4xQHuwYhUK1fGt1xl1dQ9+SMCfP7veU Qp7+X/t9/lQuN88S8+KpfWvsDtU2iHmObbvHnVGs5Uk7hPlCoLjmAp7HqKOu72Pm VjVi0hTWa2AITHLy8PMXs8ULWwqzZzgqVlMXl7u9C6Scl3MOLFppDh/szJ5zyRYl TMWZr0gA6DGY2/d9QENbrb3ymixoo8DGUUkGUU/NKu9tbHzRE3y/OCGSaH9APuXz GmeD0pDlj7v4GoRJTdP/OfBVl5GJPdi50jWwzwWEvJSIJNN9Urrigg== =jUYB -----END PGP SIGNATURE----- From henkdebruijn at wanadoo.nl Sat May 27 21:41:04 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Sat May 27 21:39:53 2006 Subject: question about compiling gpg with cygwin In-Reply-To: <492323904.20060527211315@gmx.net> References: <627864824.20060525195930@wanadoo.nl> <931167228.20060526133935@wanadoo.nl> <1534297460.20060527202744@wanadoo.nl> <492323904.20060527211315@gmx.net> Message-ID: <1219026823.20060527214104@wanadoo.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sat, 27 May 2006 21:13:15 +0200GMT (27-5-2006, 21:13 +0200, where I live), Mica Mijatovic wrote: >>> Anyway, what is this prep.sh? >> #!/bin/sh >> # reset.sh brings everything back to CVS state ( bare bones ) >> ./reset.sh >> ./scripts/autogen.sh >> ./configure LDFLAGS='-s' --enable-maintainer-mode > This is the script for MSYS, not for Cygwin. According to what I have read I think it can be used like this for both ;-) There are some lines like export CC="gcc -mno-cygwin" export RANLIB="ranlib" export usrl="--host=i686-pc-mingw32 --with-bzip2=/usr/local/ - --with-readline=/usr/local/ --with-libcurl=/usr/local/" But I have those in my build_gpg.sh - -- Henk ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.80.06 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn-4151-HdB-MSYS (MSYS/MingW32) iQEVAwUBRHirSBHuy+60ZN0PAQh3PAgAiWc3tNptwAaFeX7u/JlfyO/jldxhRvju N4cBNvNuMyPuKJQ7GVVDiCY2NE9qb+fPuGQss0BoswmpntPmOIv2RJvSIfW8U6g6 XZKSf5koZguElHa/86y9IVe5XePpt0QyiC2aqi+P/0R37UfTCTtCmqLoMPtDZQ9E A+LS/9fHij7LGy/HEYgWIwgAzFKWyMxfaMogjP7E6tlQVmQlYFXPAy5QC+bxlDZe 9wI3EjGScXO6p830RuGrOz6WCpMrnsqIKmKI6axkbDWAqqzM6I2ro64H/e9TghG1 W7Z3qr6i64m550oz6kCVHN6QkpRVj0LSxg0owPdzLnswGF9F2rEiZQ== =dP2C -----END PGP SIGNATURE----- From j.lysdal at gmail.com Sat May 27 19:55:19 2006 From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=) Date: Sat May 27 21:55:59 2006 Subject: some questions.. Message-ID: <9afe34fe0605271055g30ebca91p1a0f0074988ae9c0@mail.gmail.com> Hello fellow gpg users.. I have a revoker on my key that i would like to remove, but i cant find a way to do this. Can anyone help? another question. When i sign a key, is there any way i can set an expiration time for the signature? When i use the --list-sig command, is there any way i can see the expiration date for signatures? From blueness at gmx.net Sat May 27 22:26:20 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Sat May 27 22:24:26 2006 Subject: question about compiling gpg with cygwin In-Reply-To: <1219026823.20060527214104@wanadoo.nl> References: <627864824.20060525195930@wanadoo.nl> <931167228.20060526133935@wanadoo.nl> <1534297460.20060527202744@wanadoo.nl> <492323904.20060527211315@gmx.net> <1219026823.20060527214104@wanadoo.nl> Message-ID: <1654237067.20060527222620@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Was Sat, 27 May 2006, at 21:41:04 +0200, when Henk wrote: > On Sat, 27 May 2006 21:13:15 +0200GMT (27-5-2006, 21:13 +0200, where I > live), Mica Mijatovic wrote: >>>> Anyway, what is this prep.sh? >>> #!/bin/sh >>> # reset.sh brings everything back to CVS state ( bare bones ) >>> ./reset.sh >>> ./scripts/autogen.sh >>> ./configure LDFLAGS='-s' --enable-maintainer-mode >> This is the script for MSYS, not for Cygwin. > According to what I have read I think it can be used like this for > both ;-) Hmm...nope. You haven't read attentively and have made a mess jolly much. You have mixed up not only scripts but lists too. (-; Precise instructions are given on another list; so you would have to get back to the beginning and read them carefully, anew, and apply orderly, and attentively, step by step. There's no other way, sorry. > There are some lines like > export CC="gcc -mno-cygwin" > export RANLIB="ranlib" These lines "like" go right after... #!/bin/sh ...and this line... ./configure LDFLAGS='-s -static' --enable-maintainer-mode --host=i686-pc-mingw32 ...is only in the script (prep.sh) for Cygwin. > export usrl="--host=i686-pc-mingw32 --with-bzip2=/usr/local/ > - --with-readline=/usr/local/ --with-libcurl=/usr/local/" > But I have those in my build_gpg.sh - -- Mica PGP keys nestled at: http://blueness.port5.com/pgpkeys/ ~~~ For personal mail please use my address as it is *exactly* given in my "From|Reply To" field(s). ~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn-4136 <>o<> tiger192 (Cygwin/MingW32) iQEVAwUBRHi14rSpHvHEUtv8AQNczgf+Ka3da4N93YGxGzs8Ugk6CRzyXIA1rYt0 U+c2g3Rvz6vhanQUBhUnbMc0mgwciWh19ue3iWxXwdMKqubS6xY1wAI3Yk6p6r41 q0uhoYxykaF+2F16TvLgZsbviPJR9BH3b/VAP2R5505bNIOChIVZHVAThjcFUUfz tO6+ICfQwk41znwD/p4r2zaz2cD87dcgY/NUgJx7F8DIlmYN3ljdmK0x/p5DdjG8 hEIxxmR91uBfaYarhZrCcFxt0OVfIrce3Ds2yfeEZuD7jOdVTjni9Gx5IH4Fx2Vx uT6r1fpAMUsAyLjQ9sQvIZ7/HyTwmnGvQaGqAfc4E3MSXprXZNbR8w== =vfDF -----END PGP SIGNATURE----- From qed at tiscali.it Sat May 27 22:02:15 2006 From: qed at tiscali.it (Qed) Date: Sat May 27 22:27:23 2006 Subject: SHA2 compatibility Message-ID: <4478B047.4060308@tiscali.it> I was investigating the possibility to use a RSA master key with SHA256 or SHA512 as certification digest algorithm. The problem is, as usual, compatibility. I don't know anything about the diffusion of the various PGP versions and their capabilities. I've found a PGP compatibility table, written by Eric L. Howes, where PGP 8.0 is reported to support none of SHA2 hashes, but it is quite outdated(latest GnuPG version reported is 1.2.1). David Shaw in a recent message <20060526161325.GC19437@jabberwocky.com> about DSA2 said: > 3) Allowing truncation of a bigger hash to fit into the however many > bits the key allows. > > As far as I can tell at the moment, PGP 8 allows only #3. That is, > if you have a regular DSA key (1024 bits, 160-bit hash), you can use > a larger hash like SHA-256 with it. Of course, you still only get > 160 bits of strength (you just can't fit 256 bits into a 160 bit > field). gpg manpage says about --pgp8 option: > Set up all options to be as PGP 8 compliant as posssible. > PGP 8 is a lot closer to the OpenPGP standard than previous > versions of PGP, so all this does is disable --throw-keyids > and set --escape-from-lines. > All algorithms are allowed except for the SHA384 and SHA512 digests. A quick look at the source code confirms that --pgp8 allows SHA256 but not SHA[224|384|512]. Any definitive response about PGP 8.0 *real* capabilities? Additional considerations/advices/warnings? -- Q.E.D. ICQ UIN: 301825501 OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! From dshaw at jabberwocky.com Sun May 28 00:03:27 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun May 28 00:02:28 2006 Subject: SHA2 compatibility In-Reply-To: <4478B047.4060308@tiscali.it> References: <4478B047.4060308@tiscali.it> Message-ID: <20060527220327.GA23671@jabberwocky.com> On Sat, May 27, 2006 at 10:02:15PM +0200, Qed wrote: > I was investigating the possibility to use a RSA master key with SHA256 > or SHA512 as certification digest algorithm. > The problem is, as usual, compatibility. > > I don't know anything about the diffusion of the various PGP versions > and their capabilities. > > I've found a PGP compatibility table, written by Eric L. Howes, where > PGP 8.0 is reported to support none of SHA2 hashes, but it is quite > outdated(latest GnuPG version reported is 1.2.1). > > David Shaw in a recent message <20060526161325.GC19437@jabberwocky.com> > about DSA2 said: > > 3) Allowing truncation of a bigger hash to fit into the however many > > bits the key allows. > > > > As far as I can tell at the moment, PGP 8 allows only #3. That is, > > if you have a regular DSA key (1024 bits, 160-bit hash), you can use > > a larger hash like SHA-256 with it. Of course, you still only get > > 160 bits of strength (you just can't fit 256 bits into a 160 bit > > field). This is a true statement, but not relevant to your question. I was discussing DSA keys, and you're asking about RSA. You can use any hash with RSA that you like. There are no restrictions in size or otherwise. The only thing you have to worry about is whether your recipient can handle that hash or not. > A quick look at the source code confirms that --pgp8 allows SHA256 but > not SHA[224|384|512]. > > Any definitive response about PGP 8.0 *real* capabilities? Exactly what --pgp8 allows. SHA256 alone. David From qed at tiscali.it Sun May 28 09:10:53 2006 From: qed at tiscali.it (Qed) Date: Sun May 28 09:10:48 2006 Subject: SHA2 compatibility In-Reply-To: <20060527220327.GA23671@jabberwocky.com> References: <4478B047.4060308@tiscali.it> <20060527220327.GA23671@jabberwocky.com> Message-ID: <44794CFD.40604@tiscali.it> On 05/28/2006 12:03 AM, David Shaw wrote: [..snip..] >> David Shaw in a recent message <20060526161325.GC19437@jabberwocky.com> >> about DSA2 said: >>> 3) Allowing truncation of a bigger hash to fit into the however many >>> bits the key allows. >>> >>> As far as I can tell at the moment, PGP 8 allows only #3. That is, >>> if you have a regular DSA key (1024 bits, 160-bit hash), you can use >>> a larger hash like SHA-256 with it. Of course, you still only get >>> 160 bits of strength (you just can't fit 256 bits into a 160 bit >>> field). > > This is a true statement, but not relevant to your question. I was > discussing DSA keys, and you're asking about RSA. I'm asking about hash functions support in general; if a particular piece of sw supports HASH-X in DSA it is reasonable to suppose that the same is with RSA. > You can use any > hash with RSA that you like. There are no restrictions in size or > otherwise. The only thing you have to worry about is whether your > recipient can handle that hash or not. That was the point of message. Asserting that with PGP 8 you can use a larger hash /like/ SHA-256 doesn't necessarily mean that you you are limited to it, someone could understand "you can use larger hashes, like sha256, like sha224, sha384, like sha512, so PGP 8 supports them even if with DSA it uses a truncated result due to the obvious limitations imposed by q". However, you have cleared all my doubts. -- Q.E.D. ICQ UIN: 301825501 OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! From henkdebruijn at wanadoo.nl Sun May 28 11:36:06 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Sun May 28 11:35:00 2006 Subject: question about compiling gpg with cygwin In-Reply-To: <1654237067.20060527222620@gmx.net> References: <627864824.20060525195930@wanadoo.nl> <931167228.20060526133935@wanadoo.nl> <1534297460.20060527202744@wanadoo.nl> <492323904.20060527211315@gmx.net> <1219026823.20060527214104@wanadoo.nl> <1654237067.20060527222620@gmx.net> Message-ID: <1951409428.20060528113606@wanadoo.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sat, 27 May 2006 22:26:20 +0200GMT (27-5-2006, 22:26 +0200, where I live), Mica Mijatovic wrote: >> According to what I have read I think it can be used like this for >> both ;-) > Hmm...nope. You haven't read attentively and have made a mess jolly > much. You have mixed up not only scripts but lists too. (-; Precise > instructions are given on another list; so you would have to get back to > the beginning and read them carefully, anew, and apply orderly, and > attentively, step by step. There's no other way, sorry. Yes there is ;-) I changed the settings from my Notepad2 from Windows (CR LF) to Unix (LF) and that solved the problem. - -- Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.80.06 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn-4151-HdB (Cygwin/MingW32) iQEVAwUBRHlu4xHuy+60ZN0PAQhxZggAio24I6iLxK2EPpVzVLOgXg3MR0ZIquOj ouVF8SSzrU3AwsTRWT/9yXw5w4N6tmKdjFd3p5Pe6g4E2PO7rg8sx2BduP6XXd/U QBDEkMFMYH5Hv/RmRY4I0aS50ho/PmP+yn+Gx8t2Cyk1zh+ZGmFLLBeshkxCDRHg LWon3xa2KK9qY+cm2Zmr4c8CMATWn2MAgYrffQAV8iT5l3YTOaMPW7oCbWYail2x UPu4tQx4KzO+k1JKxhH2VjSj5x9kZs4HXbrY4jrGFArzg7eU93LVaj3Ze+fxr75b svjPsud/nbozEDcciBJdqFAz42x9HvDEGvP0tHqB7MrBcfX4repCCg== =K13S -----END PGP SIGNATURE----- From z.himsel at gmail.com Sun May 28 12:10:11 2006 From: z.himsel at gmail.com (eruistonuena) Date: Sun May 28 12:35:31 2006 Subject: gnupg plaintext encryption? Message-ID: <4597755.post@talk.nabble.com> I've been using gpg no for a while and I've always wondered why it says "go ahead and type your message" if you run gpg without any commands or options. does it encrypt text or something? -- View this message in context: http://www.nabble.com/gnupg+plaintext+encryption--t1694166.html#a4597755 Sent from the GnuPG - User forum at Nabble.com. From alphasigmax at gmail.com Sun May 28 12:47:23 2006 From: alphasigmax at gmail.com (Alphax) Date: Sun May 28 12:48:27 2006 Subject: gnupg plaintext encryption? In-Reply-To: <4597755.post@talk.nabble.com> References: <4597755.post@talk.nabble.com> Message-ID: <44797FBB.4040309@gmail.com> eruistonuena wrote: > I've been using gpg no for a while and I've always wondered why it says "go > ahead and type your message" if you run gpg without any commands or options. > > does it encrypt text or something? It waits for you to give it some sort of data. For example, if you were to do (on Windows): > $gpg > gpg: Go ahead and type your message ... > The quick brown fox jumps over the lazy dog. > ^Z It replies: > gpg: no valid OpenPGP data found. > gpg: processing message failed: eof But if you do something like: > $gpg > gpg: Go ahead and type your message ... > -----BEGIN PGP MESSAGE----- > Version: GnuPG v1.4.4-svn4147:IDEA-TIGER192-DSA2 (MingW32) > > owNCWmg2MUFZJlNZMOjPVwAAGt+EQBJAAQUABAAEAD////CACCAAUMMjAmmBMhia > MDGagAGRoNHpHhS4KdS4JwsGCri7t74sjMbZF0dHjGpIH+kEBMETOdUX5fxdyRTh > QkDDoz1c > =5OsL > -----END PGP MESSAGE----- > ^Z You get: > The quick brown fox jumps over the lazy dog. HTH, -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060528/8a4626f2/signature.pgp From alphasigmax at gmail.com Sun May 28 13:04:40 2006 From: alphasigmax at gmail.com (Alphax) Date: Sun May 28 13:05:14 2006 Subject: gnupg plaintext encryption? In-Reply-To: References: <4597755.post@talk.nabble.com> <44797FBB.4040309@gmail.com> Message-ID: <447983C8.9020405@gmail.com> Zach Himsel wrote: > ok... i got ya. how would i get the encrypted text in the first place. > because i know armored encryption can encrypt text files, but that wouldn't > work, would it? how could you encrypt text directly? > With something like: >> gpg -a -e -r 0x5B0358A2 -r 0xB1E06496 > The quick brown fox jumps over the lazy dog. > ^Z -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060528/76876caf/signature.pgp From blueness at gmx.net Sun May 28 14:40:20 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Sun May 28 14:37:35 2006 Subject: question about compiling gpg with cygwin In-Reply-To: <1951409428.20060528113606@wanadoo.nl> References: <627864824.20060525195930@wanadoo.nl> <931167228.20060526133935@wanadoo.nl> <1534297460.20060527202744@wanadoo.nl> <492323904.20060527211315@gmx.net> <1219026823.20060527214104@wanadoo.nl> <1654237067.20060527222620@gmx.net> <1951409428.20060528113606@wanadoo.nl> Message-ID: <1863938369.20060528144020@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Was Sun, 28 May 2006, at 11:36:06 +0200, when Henk wrote: > There's no other way, sorry. > Yes there is ;-) > I changed the settings from my Notepad2 from Windows (CR LF) to Unix > (LF) and that solved the problem. I apologize then. I knew that Notepad2 is pretty powerful editor but that is able to convert/morph a MSYS script into a Cygwin one, I didn't know. We learn every day. Thank you. (: - -- Mica PGP keys nestled at: http://blueness.port5.com/pgpkeys/ ~~~ For personal mail please use my address as it is *exactly* given in my "From|Reply To" field(s). ~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn-4136 <>o<> tiger192 (Cygwin/MingW32) iQEVAwUBRHmaM7SpHvHEUtv8AQN5Sgf+Nl98jkAdsdpXx+7J6QXd6UaslvE5sqOi JP28QplfD031mKFcmT0bh4liriH/cJ0WYgKf08qT6eIwX4g3w5VljpQ5LkGx/UZY xQVT10Pkq5Xm4r12D7ZTd00H7vzI7iCuRGZrdlNb2DLBgLlmXvjdzj1L76nEvNne FQEf53ZTzvz8daEQ/bKTwAjUBvqKaXfGNFvYKFxHK7LapTJk6pjsmWDpZ8jcPrqt DhjGqnzTDW4Jv7gp6rRt/Lu6pWEC0x/GgYmhSvsHFtDwryGueBnc4Cq+RvEp5YCz Bt5llHPkGv/ZbkxigUyWYVH0by+VVVraflNcLVDbPXrM/ohcsKnmFg== =8s9t -----END PGP SIGNATURE----- From david.topping at gnuemail.com Sat May 27 16:07:43 2006 From: david.topping at gnuemail.com (david.topping@gnuemail.com) Date: Sun May 28 16:56:37 2006 Subject: Usenet: Signing date problems - advice needed Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Im running on Windows XP SP2, latest IE and OE. GnuPG setup is WinPT with GPG. For security, I'm using ZoneAlarm Security Suite. In about 50%, when I sign and post to usenet, when anyone tries to verify the posting, an error 'Bad Signature...signed 01/01/1970' is returned. This happens regardless of how I post: with or without proxy (COTSE), signing directly via the 'window', or by copying and signing the clipboard content. The remainder of the time, the correct signing date is passed through to usenet. This issue does not occur with anything else. Any ideas about how I can rectify this, please? I have already tried unistalling, download and reinstalling the lastest softwar.e Many thanks - -- David Topping david.topping@gnuemail.com Tel: 08445 85 85 85 Mob: 07010 85 85 85 Fax: 07017 85 85 85 GnuPG Key: 0xC1550505 Available from: http://www.gnuemail.com/david.topping/ This message may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply email and delete this message and any attachments without retaining a copy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (MingW32) - WinPT 0.11.8 iD8DBQFEeF0kgni8FsFVBQURAkdiAKCUu+CS20g31DImUMCtZCNRDK6PvgCeOh9B wfn9UpFAiAeL4XBq/splW+8= =ewrW -----END PGP SIGNATURE----- From alphasigmax at gmail.com Sun May 28 17:31:08 2006 From: alphasigmax at gmail.com (Alphax) Date: Sun May 28 17:32:40 2006 Subject: Usenet: Signing date problems - advice needed In-Reply-To: References: Message-ID: <4479C23C.4080305@gmail.com> david.topping@gnuemail.com wrote: > Im running on Windows XP SP2, latest IE and OE. GnuPG setup is WinPT with > GPG. For security, I'm using ZoneAlarm Security Suite. > > In about 50%, when I sign and post to usenet, when anyone tries to verify > the posting, an error 'Bad Signature...signed 01/01/1970' is returned. > This happens regardless of how I post: with or without proxy (COTSE), > signing directly via the 'window', or by copying and signing the clipboard > content. The remainder of the time, the correct signing date is passed > through to usenet. > > This issue does not occur with anything else. > > Any ideas about how I can rectify this, please? I have already tried > unistalling, download and reinstalling the lastest softwar.e > Well, on that post I got: gpg: Signature made 05/27/06 23:37:32 gpg: using DSA key 0xC1550505 gpg: BAD signature from "David Topping " First, try upgrading to 1.4.3 - 1.4.2.1 and earlier have a bug wrt. non-detached signatures verifying signatures as "good" where non-signed data has been injected; more at . I couldn't find a user-agent string in your headers, but assuming you're using Outlook Express: have you looked at GPGOL ? It's possible that this is a word-wrapping issue, but since I neither use Outlook Express or Usenet, I can't really comment any further. HTH, -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060529/7512212e/signature-0001.pgp From volker at ixolution.de Sun May 28 20:24:14 2006 From: volker at ixolution.de (Volker Dormeyer) Date: Sun May 28 21:55:53 2006 Subject: GnuPG Smartcard and Authentication Key Message-ID: <7017.1148840654@paulchen.ixolution.net> Hello all, recently I received a message which is encrypted with my public authentication key instead of my encryption key. I wonder how this can happen, because I thought GnuPG does not use the authentication key as encryption key. Am I wrong? Further, I am not able to decrypt the message. I tried it manually with "--try-all-secrets", but it doesn't seem to work. Basically it should work. I mean, I have the authentication private key. Can somebody give me a hint? Thanks and regards, Volker -- Volker Dormeyer Join the Fellowship and protect your Freedom! (http://www.fsfe.org) From dshaw at jabberwocky.com Sun May 28 22:30:55 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun May 28 22:29:55 2006 Subject: GnuPG Smartcard and Authentication Key In-Reply-To: <7017.1148840654@paulchen.ixolution.net> References: <7017.1148840654@paulchen.ixolution.net> Message-ID: <20060528203055.GA14213@jabberwocky.com> On Sun, May 28, 2006 at 08:24:14PM +0200, Volker Dormeyer wrote: > Hello all, > > recently I received a message which is encrypted with my public > authentication key instead of my encryption key. > > I wonder how this can happen, because I thought GnuPG does not use the > authentication key as encryption key. Am I wrong? > > Further, I am not able to decrypt the message. I tried it manually with > "--try-all-secrets", but it doesn't seem to work. Basically it should > work. I mean, I have the authentication private key. This is unfortunately turning into a FAQ. Basically, you've run into an old PGP bug. It was recently fixed (I don't recall exactly in what version), but there are countless installations of PGP that predate the fix. OpenPGP keys have "key flags" that indicate what a key is to be used for (encryption, signing, or authentication). GnuPG honors these flags and will not encrypt to any key that isn't marked for encryption. The bug is that PGP is not properly looking at the key and will happily encrypt to a signing or authentication key. As to what you can do about it, your best bet is to contact the sender and ask for a retransmission encrypted to the proper key. It might be possible to write a program that can essentially trick the smartcard into decrypting the message by pretending it is a signature that needs to be verified but it depends on how exactly the card handles signatures. In any event, no such program exists today. David From volker at ixolution.de Sun May 28 23:12:34 2006 From: volker at ixolution.de (Volker Dormeyer) Date: Sun May 28 23:11:28 2006 Subject: GnuPG Smartcard and Authentication Key In-Reply-To: <20060528203055.GA14213@jabberwocky.com> References: <7017.1148840654@paulchen.ixolution.net> <20060528203055.GA14213@jabberwocky.com> Message-ID: <8531.1148850754@paulchen.ixolution.net> Hi David, thanks for the reply. * On Sun, 28 May 2006 16:30:55 -0400, * David Shaw wrote: > On Sun, May 28, 2006 at 08:24:14PM +0200, Volker Dormeyer wrote: >> Hello all, >> >> recently I received a message which is encrypted with my public >> authentication key instead of my encryption key. >> >> I wonder how this can happen, because I thought GnuPG does not use the >> authentication key as encryption key. Am I wrong? >> >> Further, I am not able to decrypt the message. I tried it manually with >> "--try-all-secrets", but it doesn't seem to work. Basically it should >> work. I mean, I have the authentication private key. > This is unfortunately turning into a FAQ. Basically, you've run into > an old PGP bug. It was recently fixed (I don't recall exactly in what > version), but there are countless installations of PGP that predate > the fix. This is what I read in the gnupg-users archive before I send the question. I have to admit, I do not understand exactly, because I know that the user who sent me the message is using GnuPG. It shows -----BEGIN PGP MESSAGE----- Version: GnuPG v1.2.5 (GNU/Linux) in the ASCII armored cipher text. > OpenPGP keys have "key flags" that indicate what a key is to be used > for (encryption, signing, or authentication). GnuPG honors these > flags and will not encrypt to any key that isn't marked for > encryption. The bug is that PGP is not properly looking at the key > and will happily encrypt to a signing or authentication key. I am aware of the different "key flags". This was the reason why I wondered how this could be happen. > As to what you can do about it, your best bet is to contact the sender > and ask for a retransmission encrypted to the proper key. It might be > possible to write a program that can essentially trick the smartcard > into decrypting the message by pretending it is a signature that needs > to be verified but it depends on how exactly the card handles > signatures. In any event, no such program exists today. Thanks, Volker -- Volker Dormeyer Join the Fellowship and protect your Freedom! (http://www.fsfe.org) From gpg-0 at ml.turing-complete.org Mon May 29 01:31:44 2006 From: gpg-0 at ml.turing-complete.org (Nicolas Rachinsky) Date: Mon May 29 03:26:01 2006 Subject: set owner trust from a script Message-ID: <20060528233144.GA25769@mid.pc5.i.0x5.de> Hallo, what is the best way to set the owner trust of a key from a script? Nicolas -- http://www.rachinsky.de/nicolas From alphasigmax at gmail.com Mon May 29 08:06:22 2006 From: alphasigmax at gmail.com (Alphax) Date: Mon May 29 08:07:19 2006 Subject: set owner trust from a script In-Reply-To: <20060528233144.GA25769@mid.pc5.i.0x5.de> References: <20060528233144.GA25769@mid.pc5.i.0x5.de> Message-ID: <447A8F5E.1010804@gmail.com> Nicolas Rachinsky wrote: > Hallo, > > what is the best way to set the owner trust of a key from a script? > I've actually played around with this... To do ownertrust stuff: gpg --list-keys --with-colons --with-fingerprint grep "^fpr" The fingerprint format is: fpr:::::::::(fingerprint): The ownertrust format is: (fingerprint):(trust): where trust is: 0: (not settable) 1: expired (not sure what this means) 2: undefined 3: none 4: marginal 5: full 6: ultimate 128: disabled If you want to set all valid keys with unspecified trust to marginal trust: gpg --list-keys --with-colons --with-fingerprint `gpg --list-keys \ --with-colons | grep "pub:f:.*:-:" | sed -r -e \ 's/pub:f:[0-9]+:[0-9]+:([A-F0-9]+):.*/0x\1/'` | grep "^fpr:" \ | sed -r -e 's/fpr:::::::::([0-9A-F]+):/\1:4:/' | gpg --import-ownertrust Note that this isn't entirely foolproof and may have unintended consequences - make backups of your keyring(s) and trustdb first. I've mainly used it semi-automatically where I check the status of some keys, run the script, and then re-check the status of the keys. HTH, -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060529/2f3b526e/signature.pgp From vedaal at hush.com Mon May 29 08:36:52 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Mon May 29 08:35:49 2006 Subject: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted (Johan Wevers) Message-ID: <200605290636.k4T6as42086526@mailserver3.hushmail.com> >Message: 3 >Date: Sat, 27 May 2006 15:02:45 +0200 (MET DST) >From: Johan Wevers >Subject: Re: 1.4.3 problem with decrypting pgp2.6.3 symmetrically > encrypted >vedaal@hush.com wrote: > >>symmetrically encrypted message when the cipher algo is set to >>anything else besides IDEA in Disastry's version, >>and 1.4.3 also cannot, and 'assumes' IDEA is used, and upon >>decryption, > >I'll try to test this. You'll have to explicitly state the >encryption algo >used since the pgp 2 file format doesn't specify it anywhere (and >assumes >just IDEA). > >>here is the symmetrically encrypted file using IDEA: > >I have no problems decrypting it with gpg (self compiled version >on Linux). ok, Thanks! this is very helpful, then the problem is not gnupg, only me ;-) (much easier for me to try to debug my setup ;-) ) >Perhaps the Cygwin version is the problem? no, tested on cygwin, and also from gnupg mingw32 pre-compiled binary at the windows command prompt results identical, but *did* find, and workaround the problem the problem was that my gpg.conf had these options: cipher-algo twofish digest-algo SHA256 s2k-cipher-algo twofish s2k-digest-algo SHA256 ( i put them in because i didn't want new keys to be self-signed with sha-1, and because i prefer twofish) once these were # commented out, the file decrypted perfectly with the following gnupg command: gpg --pgp2 --decrypt filename *but* when Disastry's build is configured intentionally to used twofish and sha-256 then there is nothing i can tweak in gnupg to get it to decrypt ;-(( here is the file: -----BEGIN PGP MESSAGE----- Version: 2.6.3ia-multi06 comment: (symmetric encryption, twofish) (passphrase: s) pgAAACf8AkWW05d5cxJZMREI8uZxtVsHq07rSnCLLYaRYGTBXAi6bw8HJSo= =Z5/z -----END PGP MESSAGE----- the pgp command to generate this was: pgp -cat filename -jtju if anyone has any ideas on how to decrypt this in gnupg, please post, Thanks! ( i don't consider this a 'problem' in gnupg, and, fwiw, it doesn't decrypt in pgp 9 either, or even in ckt builds, pgp 2.x users are quite happy to communicate only with other pgp 2.x users and don't really need gnupg to try to cover all possiblities to remain compatible (although it *is* compatible with 'ordinary' (classic) pgp 2.x as long as the above listed option types are not used during decryption attempts,) it is also of some interest ;-) that users of Disastry's version may have found a simple way to communicate symmetrically, so that even if someone 'overhears' the passphrase, they will still be unable to decrypt unless they use Disastry's version, and will more likely think, that they were 'misled' into thinking they had the correct passphrase ... vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From vedaal at hush.com Mon May 29 15:19:24 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Mon May 29 15:18:27 2006 Subject: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted Message-ID: <20060529131925.0824EDA82A@mailserver8.hushmail.com> >when Disastry's build is configured intentionally to used twofish >and sha-256 >then there is nothing i can tweak in gnupg to get it to decrypt ;- (( >here is the file: -----BEGIN PGP MESSAGE----- Version: 2.6.3ia-multi06 comment: (symmetric encryption, twofish) (passphrase: s) pgAAACf8AkWW05d5cxJZMREI8uZxtVsHq07rSnCLLYaRYGTBXAi6bw8HJSo= =Z5/z -----END PGP MESSAGE----- i must say, that the more i use gnupg, the more impressed i become, and think it is the *ultimate* crypto program! (Thanks to all involved in its development and maintenance !!!) so, starting with this strong feeling, that there just *must* be a way to do this in gnupg, have found it: when symmetric encryption is used in pgp, it uses the preferred hash, so all that is necessary in gnupg to decrypt it, is to run gpg --list-packets, find the symmetric algorithm and hash, and then put them as option is gpg.conf so, since sha-256 and twofish were used, i put these options back: cipher-algo twofish digest-algo SHA256 s2k-cipher-algo twofish s2k-digest-algo SHA256 then simply used the command: c:\gnupg>gpg --pgp2 e:\tftjtju.asc gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Version: 2.6.3ia-multi06 gpg: armor header: comment: (symmetric encryption, twofish) (passphrase: s) :encrypted data packet: length: 39 gpg: assuming TWOFISH encrypted data Enter passphrase: :literal data packet: mode t (74), created 0, name="tft.txt", raw data: 3 bytes gpg: original file name='tft.txt' gpg: decryption okay gpg: WARNING: message was not integrity protected gpg: session key: `10:03C7C0ACE395D80182DB07AE2C30F0343EC2A809CE5FFC324B96A03F81CCC1DF ' Thanks All, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From johanw at vulcan.xs4all.nl Mon May 29 20:57:40 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon May 29 20:55:50 2006 Subject: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted In-Reply-To: <200605271302.k4RD2jcU009435@vulcan.xs4all.nl> Message-ID: <200605291857.k4TIveGX016176@vulcan.xs4all.nl> Hmmm, it indeed fails: I wrote: >I'll try to test this. You'll have to explicitly state the encryption algo >used since the pgp 2 file format doesn't specify it anywhere (and assumes >just IDEA). Encryption: vulcan:~> pgp-2.6.3ia-multi6 -jd -c vraag.txt 3DES chosen for conventional encryption. Pretty Good Privacy(tm) 2.6.3ia-multi06 - Public-key encryption for the masses (c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 2002-04-22 International version - for use everywhere (including USA). Current time: 2006/05/29 18:53 GMT PGP is now using 3DES with MD5. You need a pass phrase to encrypt the file. Enter pass phrase: Enter same pass phrase again: Just a moment.... Ciphertext file: vraag.txt.pgp Decryption with gpg: vulcan:~> gpg --cipher-algo=3des vraag.txt.pgp gpg: assuming 3DES encrypted data gpg: [don't know]: invalid packet (ctb=2b) gpg: WARNING: message was not integrity protected gpg: [don't know]: invalid packet (ctb=45) -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From johanw at vulcan.xs4all.nl Mon May 29 21:05:44 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon May 29 21:03:25 2006 Subject: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted In-Reply-To: <200605291857.k4TIveGX016176@vulcan.xs4all.nl> Message-ID: <200605291905.k4TJ5jvf016433@vulcan.xs4all.nl> I wrote: >Hmmm, it indeed fails: Stupid me. I forgot the option --pgp2. When I add that, gpg decrypts fine. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From jharris at widomaker.com Mon May 29 22:35:05 2006 From: jharris at widomaker.com (Jason Harris) Date: Mon May 29 22:34:54 2006 Subject: new (2006-05-28) keyanalyze results (+sigcheck) Message-ID: <20060529203505.GA1647@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-05-28/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 76cbf193ff062432a3d7684523813559a541b45c 13788576 preprocess.keys e856d729f3510315c48dda89b24f13991910853c 8179022 othersets.txt 80fd83bb5f12417f03b845256027bdf51592d3b4 3346076 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html ed7bb4434aa2c33c451ef8886d10090484c3fd07 2291 keyring_stats 01fdc4a508e6474d037de0e40d24756eb30b3aa7 1315313 msd-sorted.txt.bz2 fbd556512f8e3dcdfa694a97264a681635fbb06c 26 other.txt a0c981ad3cc8cc4b1ff0f671fe6d5a8ab22c779c 1771858 othersets.txt.bz2 e5d0f8e9f0817b7ea58ae919811ac9a10f34d7c5 5588820 preprocess.keys.bz2 63d4e050fb3214cfa7c0969ea590604d49b1d9f7 14150 status.txt f1214558e1a308642741aa498813dc26b12ead23 209786 top1000table.html 75feab961dccdf1f89f498f1127cb24820d07e28 29972 top1000table.html.gz f8e6a492a33b28871730c6c61e51bf18cc556b0b 10799 top50table.html fa60f6104db7642535c289218499578ed2c3d0f1 2544 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20060529/20d24ac0/attachment.pgp From david.gray at turpin-distribution.com Tue May 30 16:08:24 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Tue May 30 16:05:15 2006 Subject: Cipher v public key. Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B61191@KASHMIR.extenza-turpin.com> Hi, Yes I've had a few people tell me that the version I'm using needs upgrading so I'm going to download the latest version from HP. I would like the exchange of encrypted data to be using asymmetric keys and this is the route I'm trying to steer the customer. They have said they want AES256 as the encryption algo but are open to advice on symmetric v asymmetric. A concern they have expressed is that if we use pubkey then the secret key needs to be generated by me. they don't seem too keen on this as they would like to have control over this and have the option to change the key twice a year. As I understand it this then means we have to look at secure options for them distributing the secret key to me. They are looking into a commerical method for key delivery right now. Whilst typing this message the download link has arrived for GPG from HP. The version they host is... GNUPG-1_2_3_AXP.EXE ! for Alpha GNUPG-1_2_3_VAX.EXE ! for VAX Anyone know if the later versions are available for VMS? Thanks Dave -----Original Message----- From: Robert J. Hansen [mailto:rjh@sixdemonbag.org] Sent: 26 May 2006 17:35 To: David Gray Cc: 'gnupg-users@gnupg.org' Subject: Re: Cipher v public key. David Gray wrote: > $ gpg --version > gpg (GnuPG) 1.2.3 This is an old version. You should probably consider upgrading to 1.4.3. > AES256 is listed as a cipher but not a public key? What is the > The difference? I was hoping to use asymmetric keys with me > Giving the public key to the customer. As mentioned before this all > Works fine but I'm not sure which alogorithm I'm using when encrypting. Asymmetric and symmetric algorithms are fundamentally different. They work in different ways and are used for different purposes. For that reason, the asymmetric algorithms ("pubkey") are listed separately from symmetric algorithms ("cipher"). The terminology is, admittedly, a bit confusing. > So after all that my question really is, how do I set the alogorithm > to AES256 in windows so I can test decrypts on VMS? First decide the kind of encryption you want. AES256 just says "I want AES256 to be part of the solution"; it doesn't declare what the solution is going to be. AES256 can be used as part of RFC2440 messages (OpenPGP). AES256 can be used as part of GnuPG symmetrically-encrypted messages, with no public keys involved. Or AES256 can be used as a raw algorithm in any of many different modes. From david.gray at turpin-distribution.com Tue May 30 16:43:35 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Tue May 30 16:40:14 2006 Subject: Cipher v public key. Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B61194@KASHMIR.extenza-turpin.com> On Fri, May 26, 2006 at 05:20:04PM +0100, David Gray wrote: >> AES256 is listed as a cipher but not a public key? What is the >> The difference? I was hoping to use asymmetric keys with me >> Giving the public key to the customer. As mentioned before this all >> Works fine but I'm not sure which alogorithm I'm using when encrypting. > You're using both an asymmetric key (RSA, DSA, ELG-E), and symmetric key (AES, CAST5, TWOFISH, etc) when you encrypt. Sorry I may be missing the point but why does it now show AES or AES256 as a pukey? Home: /SYS$LOGIN/gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB Cheers Dave From david.gray at turpin-distribution.com Tue May 30 19:47:19 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Tue May 30 19:44:01 2006 Subject: V1.4.3 for VMS Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B611A2@KASHMIR.extenza-turpin.com> Hi, Does anyone know if GnuPG v1.4.3 has been ported to VMS? I can't find it anywhere on the net and the version hosted by HP is v1.2.3 Dave. From jon at jrock.us Tue May 30 23:03:41 2006 From: jon at jrock.us (Jonathan T. Rockway) Date: Tue May 30 23:02:41 2006 Subject: Cipher v public key. In-Reply-To: <5155685DF4FC004297C9F5D769CBF51C02B61194@KASHMIR.extenza-turpin.com> References: <5155685DF4FC004297C9F5D769CBF51C02B61194@KASHMIR.extenza-turpin.com> Message-ID: <447CB32D.4040402@jrock.us> > Sorry I may be missing the point but why does it now show AES or AES256 as a > pukey? > I think you're misunderstanding how PGP public-key encryption works. When you send an encrypted message, the first thing that happens is a random number called a session key is generated. This session key is then used to encrypt the (compressed, possibly) original message with a symmetric cypher like AES256. Then, this session key is encrypted with the recipient's public key (RSA or ElGamal). When the message is received by the recipient, he uses his private key to decrypt the session key. Then he uses the session key to decrypt the original message. If you're just using symmetric keys, you use AES256 directly. The passphrase you type in is used as the session key, in this case (actually, there's a random number called "salt" appended to the passphrase to prevent certain attacks, but the idea is the same). With public key cryptography, the software (via the public key algorithms) handles the (difficult) task of giving the recipient the decryption key. With symmetric encryption, it's your responsibility to get the passphrase to the recipient. If you're still not clear on this, you should definitely read something like Applied Cryptography, so that you can talk intelligently to your client about cryptography. The biggest security problem with crypto is when it's misapplied (people think they're safe, but the crypto is merely obfuscating the message, not securing it). Another good way to learn about symmetric encryption is to write your own simple encryption program. http://ciphersaber.gurus.com/ will guide you through this. Feel free to ask us any questions, though :) Regards, Jonathan Rockway -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 370 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060530/b4ec8928/signature.pgp From ama at inmedias.it Wed May 31 09:08:26 2006 From: ama at inmedias.it (Andreas Martin) Date: Wed May 31 09:07:20 2006 Subject: Cipher v public key. In-Reply-To: <5155685DF4FC004297C9F5D769CBF51C02B61194@KASHMIR.extenza-turpin.com> References: <5155685DF4FC004297C9F5D769CBF51C02B61194@KASHMIR.extenza-turpin.com> Message-ID: <447D40EA.6050009@inmedias.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Gray wrote: >>> AES256 is listed as a cipher but not a public key? What is the >>> The difference? I was hoping to use asymmetric keys with me >>> Giving the public key to the customer. As mentioned before this all >>> Works fine but I'm not sure which alogorithm I'm using when encrypting. > >> You're using both an asymmetric key (RSA, DSA, ELG-E), and symmetric key > (AES, CAST5, TWOFISH, etc) when you encrypt. > > Sorry I may be missing the point but why does it now show AES or AES256 as a > pukey? Do you mean "does it _now_ show" or "does it _not_ show"? > Home: /SYS$LOGIN/gnupg > Supported algorithms: > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Hash: MD5, SHA1, RIPEMD160, SHA256 > Compression: Uncompressed, ZIP, ZLIB AES is listed as a cipher, because ist is an algorithm for symmetric encryption. It cannot be used as a public/secret-key algorithm (neither now, nor in future). Regards Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iQCVAwUBRH1A5+f8mJnBT5ROAQLQ/gP+MHwyEcrN/SiMvw44GJEdimqCwseCYjpj 8Ir0us0IbBth9q0yVc/eiLExlm7Wwvog/6eB5P8qZ5bmpm3aUTcqZi5vFL7/2jF8 pf9AdBHOToG9lFIck+6La8xfs+lL1oN/gi4eCuAWytfM9i2EGS4NtZ0PMDNV/d/v TwoPPIb21Do= =UlPy -----END PGP SIGNATURE----- From Laurent.Jumet at advalvas.be Wed May 31 10:30:42 2006 From: Laurent.Jumet at advalvas.be (Laurent Jumet) Date: Wed May 31 10:33:34 2006 Subject: GnuPG asks for confirmation... Message-ID: -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.3 (MingW32) owNCWmg2MUFZJlNZ4Z2JuQAAwf/3+nMgAmAHT5it/FeAv+//40NAwGDARoAEgFV8 CI6IMAEyRBqqf6iJ5Gp6JiMTTaTQ0xGmZCPSZqGTIyPSbQ1MCNPJk0GpoJhQyYU0 yepkAaDTQAZNDQAAZAaAGg40MmmmTQAMEAaDJoABk0AAAMmQDRE1RVa1+7VU/UdD MbWeAN1UaDZBbKaN8sm9Pfvik8anY5UA0w1urZgFsq/DYy5FPJtcSE2tzdUx6Fk5 DWJWSkvJmLgIu6JrJI28dY6omSlVVVViO6/OXWmJ2SZQ7bdmM5NPNyLLiXfn+jAy tofXEEiCgxDxbXR+x3nhMwiMPgV8TCtUKP8MHIICB6JPoSPkXCITBWA1MIIUzkiE C4QjLEXImzE8ko0h5TGoCz8iFxBxpAlECusSIQQI1g4ctIru1qig+s0oioZhrwUd c2ceElBNAORSlO1YwIztcCnFSno01hAcwyygUDyoMxt2MXGPhwcazRQRG8D4yQDZ zmhmI1mZ/tdRIE1PrtB3/G4mm9v469NcBzyTfvm3PbxdyRThQkOGdibk =WkQ/ -----END PGP MESSAGE----- From ama at inmedias.it Wed May 31 11:31:14 2006 From: ama at inmedias.it (Andreas Martin) Date: Wed May 31 11:30:10 2006 Subject: Signing vs. encrypting was: Cipher v public key. In-Reply-To: References: Message-ID: <447D6262.4090301@inmedias.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Laurent Jumet schrieb: > When sending a message like this one, signed, compressed but not crypted, > is there anything that goes bad, in security terms? > This is to avoid problems with line lenghth and charsets through internet > In security terms, lots of things can go bad when sending anything through the internet ;-) Encrypting protects against unauthorised reading of the plaintext, but not from manipulating the encrypted data. Signing protects against manipulation of the data, but not against unauthorised reading of the plaintext. (In fact it does not avoid the manipulation itself, but you are able to detect, that the data has been manipulated). Signing and encrypting are two totally different things (not to mention compressing). So if you want "save" transmissions you have to do both, signing and encrypting! Problems with line length and charset shouldn't occur during the transmission of your mails, because Mail Transport Agents don't take care of the mailbody (and the headers are not signed or encrypted). What exactly do you want? Regards Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iQCVAwUBRH1iX+f8mJnBT5ROAQJkTQP/YxiOftW6mNv2DntzOQp0KxACJmzW00Xu cqLQcaW9AKhGpovrwMIWfz0GoIa8wtPP4EEn6nKWpJ6qZo3ossmcVCuJo76nvIpO BH2Cx/p0w66rrB0tc9Qqx8nLIz9rNQJgRcN9z+PRaHihB75ulkHCQIACWnyeeQB2 9bWwUcB9Xmc= =0cYA -----END PGP SIGNATURE----- From david.gray at turpin-distribution.com Wed May 31 12:02:57 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Wed May 31 11:59:33 2006 Subject: Cipher v public key. Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B611A7@KASHMIR.extenza-turpin.com> > Sorry I may be missing the point but why does it now show AES or > AES256 as a pukey? >Do you mean "does it _now_ show" or "does it _not_ show"? I meant why does it not show AES256 and also meant pubkey not pukey. More speed less haste I think :-) > Home: /SYS$LOGIN/gnupg > Supported algorithms: > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Hash: MD5, SHA1, RIPEMD160, SHA256 > Compression: Uncompressed, ZIP, ZLIB AES is listed as a cipher, because ist is an algorithm for symmetric encryption. It cannot be used as a public/secret-key algorithm (neither now, nor in future). Ok, thanks for the clarification. Dave From david.gray at turpin-distribution.com Wed May 31 14:59:37 2006 From: david.gray at turpin-distribution.com (David Gray) Date: Wed May 31 14:56:19 2006 Subject: Signing vs. encrypting was: Cipher v public key. Message-ID: <5155685DF4FC004297C9F5D769CBF51C02B611AF@KASHMIR.extenza-turpin.com> Hi, Thanks to all who have responded to these questions. Getting my head around it Now. Will suggest to the customer that we use signed & encrypted transmissions. The only Issue we then have is that they wish to be custodians of the private key, they are Looking into commerical methods for secure key distribution. The other issue is the IT manager at the customer site is wary of Gnu software and is Going to look at commerical offering, PGP I assume. Apart from the lack Of cost are there any other good reason I can give for using GPG? Thanks Dave -----Original Message----- From: Andreas Martin [mailto:ama@inmedias.it] Sent: 31 May 2006 10:31 To: gnupg-users@gnupg.org Subject: Signing vs. encrypting was: Cipher v public key. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Laurent Jumet schrieb: > When sending a message like this one, signed, compressed but not crypted, > is there anything that goes bad, in security terms? > This is to avoid problems with line lenghth and charsets through > internet > In security terms, lots of things can go bad when sending anything through the internet ;-) Encrypting protects against unauthorised reading of the plaintext, but not from manipulating the encrypted data. Signing protects against manipulation of the data, but not against unauthorised reading of the plaintext. (In fact it does not avoid the manipulation itself, but you are able to detect, that the data has been manipulated). Signing and encrypting are two totally different things (not to mention compressing). So if you want "save" transmissions you have to do both, signing and encrypting! Problems with line length and charset shouldn't occur during the transmission of your mails, because Mail Transport Agents don't take care of the mailbody (and the headers are not signed or encrypted). What exactly do you want? Regards Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iQCVAwUBRH1iX+f8mJnBT5ROAQJkTQP/YxiOftW6mNv2DntzOQp0KxACJmzW00Xu cqLQcaW9AKhGpovrwMIWfz0GoIa8wtPP4EEn6nKWpJ6qZo3ossmcVCuJo76nvIpO BH2Cx/p0w66rrB0tc9Qqx8nLIz9rNQJgRcN9z+PRaHihB75ulkHCQIACWnyeeQB2 9bWwUcB9Xmc= =0cYA -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3501 bytes Desc: not available Url : /pipermail/attachments/20060531/a91a02ee/attachment.bin From Laurent.Jumet at advalvas.be Wed May 31 19:07:54 2006 From: Laurent.Jumet at advalvas.be (Laurent Jumet) Date: Wed May 31 20:04:12 2006 Subject: GnuPG asks for confirmation... In-Reply-To: <447DAFBF.3040402@mac.com> Message-ID: Hello ! Charly Avital wrote: > This is a bit strange. You mean that you cannot read compressed (not crypted) messages. -- Laurent Jumet KeyID: 0xCFAF704C From jrock at jfi.uchicago.edu Tue May 30 22:45:11 2006 From: jrock at jfi.uchicago.edu (Jonathan Rockway) Date: Wed Jun 7 10:43:55 2006 Subject: SHA2 compatibility In-Reply-To: <20060527220327.GA23671@jabberwocky.com> References: <4478B047.4060308@tiscali.it> <20060527220327.GA23671@jabberwocky.com> Message-ID: <447CAED7.1010008@jfi.uchicago.edu> > This is a true statement, but not relevant to your question. I was > discussing DSA keys, and you're asking about RSA. You can use any > hash with RSA that you like. There are no restrictions in size or > otherwise. The only thing you have to worry about is whether your > recipient can handle that hash or not. Interestingly, my OpenPGP smartcard (1024-bit RSA key) refuses to sign anything that's not 160 bits (i.e. SHA1 and RIPEMD-160 only). Is there any reason for this, or is this a bug? Regards, Jonathan Rockway -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 370 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060530/939841d8/signature.pgp