From henkdebruijn at wanadoo.nl Sun Oct 1 10:04:59 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Sun Oct 1 10:03:32 2006 Subject: Can not download "GnuPG 1.4.5 compiled for Microsoft Windows" In-Reply-To: <000001c6e4cc$593a6ba0$0f02a8c0@D800> References: <000001c6e4cc$593a6ba0$0f02a8c0@D800> Message-ID: <538750277.20061001100459@wanadoo.nl> On Sat, 30 Sep 2006 13:09:33 -0700GMT (30-9-2006, 22:09 +0200, where I live), Daniel Lipkie wrote: DL> I've tried clicking on "FTP" on page DL> http://www.gnupg.org/(en)/download/index.html from both FireFox and DL> IExplorer. I've tried opening a cmd window and doing ftp to ftp.gnupg.org DL> and can't get a connection. Ping ftp.gnupg.org responds with 217.69.76.44. DL> I have no problems opening ftp connection to other places on the web. DL> What am I overlooking and doing wrong? It has been a long time since I DL> downloaded GnuPG (i.e.. I'm using v 1.2.3 and would like to upgrade to DL> 1.4.5). DL> DL> Daniel Lipkie DL> mailto: DanielLipkie@lipkie.com DL> _______________________________________________ DL> Gnupg-users mailing list DL> Gnupg-users@gnupg.org DL> http://lists.gnupg.org/mailman/listinfo/gnupg-users Confirmed, still is not working. -- Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System version 3.85.03 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust From henkdebruijn at wanadoo.nl Sun Oct 1 10:39:50 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Sun Oct 1 10:37:53 2006 Subject: Can not download "GnuPG 1.4.5 compiled for Microsoft Windows" In-Reply-To: References: <000001c6e4cc$593a6ba0$0f02a8c0@D800> <538750277.20061001100459@wanadoo.nl> Message-ID: <9110198359.20061001103950@wanadoo.nl> On Sun, 1 Oct 2006 01:19:26 -0700GMT (1-10-2006, 10:19 +0200, where I live), Hideki Saito wrote: HS> You can still download via HTTP. HS> The following worked for me. HS> http://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.5.exe Thank you. -- Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System version 3.85.03 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust From hidekis at gmail.com Sun Oct 1 10:19:26 2006 From: hidekis at gmail.com (Hideki Saito) Date: Sun Oct 1 11:14:49 2006 Subject: Can not download "GnuPG 1.4.5 compiled for Microsoft Windows" In-Reply-To: <538750277.20061001100459@wanadoo.nl> References: <000001c6e4cc$593a6ba0$0f02a8c0@D800> <538750277.20061001100459@wanadoo.nl> Message-ID: You can still download via HTTP. The following worked for me. http://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.5.exe 2006/10/1, Henk M. de Bruijn : > On Sat, 30 Sep 2006 13:09:33 -0700GMT (30-9-2006, 22:09 +0200, where I > live), Daniel Lipkie wrote: > > DL> I've tried clicking on "FTP" on page > DL> http://www.gnupg.org/(en)/download/index.html from both FireFox and > DL> IExplorer. I've tried opening a cmd window and doing ftp to ftp.gnupg.org > DL> and can't get a connection. Ping ftp.gnupg.org responds with 217.69.76.44. > > DL> I have no problems opening ftp connection to other places on the web. > > DL> What am I overlooking and doing wrong? It has been a long time since I > DL> downloaded GnuPG (i.e.. I'm using v 1.2.3 and would like to upgrade to > DL> 1.4.5). > DL> > DL> Daniel Lipkie > DL> mailto: DanielLipkie@lipkie.com > > > > DL> _______________________________________________ > DL> Gnupg-users mailing list > DL> Gnupg-users@gnupg.org > DL> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > Confirmed, still is not working. > > -- > Henk M. de Bruijn > ______________________________________________________________________ > The Bat! Natural E-Mail System version 3.85.03 Pro on Windows XP SP2 > Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B > Gossamer Spider Web of Trust http://www.gswot.org > A progressive and innovative Web of Trust > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Hideki Saito From DanielLipkie at lipkie.com Sun Oct 1 15:00:14 2006 From: DanielLipkie at lipkie.com (Daniel Lipkie) Date: Sun Oct 1 14:58:39 2006 Subject: Can not download "GnuPG 1.4.5 compiled for Microsoft Windows" In-Reply-To: Message-ID: <008701c6e559$89e40530$0f02a8c0@D800> Thank you ... Solved the problem. Daniel -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Hideki Saito Sent: Sunday, October 01, 2006 1:19 AM To: Henk M. de Bruijn Cc: gnupg-users@gnupg.org; Daniel Lipkie Subject: Re: Can not download "GnuPG 1.4.5 compiled for Microsoft Windows" You can still download via HTTP. The following worked for me. http://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.5.exe 2006/10/1, Henk M. de Bruijn : > On Sat, 30 Sep 2006 13:09:33 -0700GMT (30-9-2006, 22:09 +0200, where I > live), Daniel Lipkie wrote: > > DL> I've tried clicking on "FTP" on page > DL> http://www.gnupg.org/(en)/download/index.html from both FireFox and > DL> IExplorer. I've tried opening a cmd window and doing ftp to ftp.gnupg.org > DL> and can't get a connection. Ping ftp.gnupg.org responds with 217.69.76.44. > > DL> I have no problems opening ftp connection to other places on the web. > > DL> What am I overlooking and doing wrong? It has been a long time since I > DL> downloaded GnuPG (i.e.. I'm using v 1.2.3 and would like to upgrade to > DL> 1.4.5). > DL> > DL> Daniel Lipkie > DL> mailto: DanielLipkie@lipkie.com > > > > DL> _______________________________________________ > DL> Gnupg-users mailing list > DL> Gnupg-users@gnupg.org > DL> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > Confirmed, still is not working. > > -- > Henk M. de Bruijn > ______________________________________________________________________ > The Bat! Natural E-Mail System version 3.85.03 Pro on Windows XP SP2 > Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B > Gossamer Spider Web of Trust http://www.gswot.org > A progressive and innovative Web of Trust > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Hideki Saito _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From DanielLipkie at lipkie.com Sun Oct 1 16:22:03 2006 From: DanielLipkie at lipkie.com (Daniel Lipkie) Date: Sun Oct 1 16:20:23 2006 Subject: How do I read man pages on Win? In-Reply-To: <008b01c6e55b$d63bb660$0f02a8c0@D800> Message-ID: <00a101c6e564$f7f97950$0f02a8c0@D800> It appears just opening in NotePad/Wordpad works. Daniel -----Original Message----- From: Daniel Lipkie [mailto:DanielLipkie@lipkie.com] Sent: Sunday, October 01, 2006 6:17 AM To: gnupg-users@gnupg.org Cc: Daniel Lipkie Subject: How do I read man pages on Win? I'm rather new to gnu and just installed gpg 1.4.5. How do I read *.man pages in Windows XP? What do I have to install? I could not find this information in the FAQ and a Google search seemed to indicate installing emacs was the solution. Also. ...is there a way to search the archives for this group to find such information so I don't re-ask the obvious? Daniel Lipkie mailto: DanielLipkie@lipkie.com http://www.lipkie.com http://www.lipkie.com/glass - wound glass beads http://www.lipkie.com/humor - items of possible interest From sam at robots.org.uk Sun Oct 1 16:42:52 2006 From: sam at robots.org.uk (Sam Morris) Date: Sun Oct 1 16:41:19 2006 Subject: Unattended sign and encrypt a file using a script References: <451b7162.ee.1f88.1311689353@ifgf.org> Message-ID: On Wed, 27 Sep 2006 22:53:22 -0800, dtt wrote: > A newbie question: > My bank asked me to upload a file signed and encrypted. > When I do > gpg --armor --sign -r -o -e > it always ask for a passphrase. > Since I am going to upload this file daily, how can I do the > signing unattendedly thru a script ? I think you will have to remove the passphrase on your secret key. > I created a signature file mysignature.sig using gpg > --detach-sign, how can I use it in the signing process > without gpg prompting me to enter a passphrase ? That's not what detached signatures are for... they are for saving a signature into a separate file that can be used to verify the original file (instead of having the signature inline in the original file). > Thanks > David T -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 From alphasigmax at gmail.com Sun Oct 1 17:00:59 2006 From: alphasigmax at gmail.com (Alphax) Date: Sun Oct 1 16:59:52 2006 Subject: Create a key without subkey? In-Reply-To: <42c7f83c0609250959n3819597ah1011c49d57b37ff0@mail.gmail.com> References: <42c7f83c0609250959n3819597ah1011c49d57b37ff0@mail.gmail.com> Message-ID: <451FD82B.5070304@gmail.com> Eike Herzbach wrote: > Hi, > > How do I generate an encryption key with gnupg? I tried some options > but it always generates me a sign-only key with an encryption subkey. > I need to receive encrypted financial data from a system that uses > PGP5. When I send in my key to that system it outputs me the > following: > > ----[PGP Ausgabeprotokoll]---- > Adding keys: > Key ring: 'eike@example.com' > Type Bits KeyID Created Expires Algorithm Use > pub 1024 0xAF7B19C4 2006-09-25 ---------- DSS Sign only > sub 2048 0x508FA9D7 2006-09-25 ---------- Diffie-Hellman > uid Eike Herzbach > > Later when the system tries to send me an encrypted message it fails > and says that it can't encrypt with a Sign-only key. (I guess it is > not able to use the subkey and only sees the 'outer' key) > > Is there a way to fix this in GnuPG? Or do I have to get PGP5 to > generate such a key? > Questions, questions... What version of GPG are you using? What options did you try? What do you want this key to be able to do? What does GPG tell you about the key? You probably want "gpg --expert --gen-key", select "(7) RSA (set your own capabilities)", and to set "Sign, encrypt, certify". -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061002/27817d8e/signature.pgp From sds at gnu.org Sun Oct 1 21:44:39 2006 From: sds at gnu.org (Sam Steingold) Date: Sun Oct 1 21:48:26 2006 Subject: ssh-add analogue Message-ID: Hi, I was told that gpg-agent works like ssh-agent, so where is gpg-add? I run "gpg-agent -s --daemon", so when I do "gpg -use-agent" for the first time, I am asked for my passphrase. Is there a way to "unlock" my keys before the first use, like with ssh-add? thanks. -- Sam Steingold (http://www.podval.org/~sds) on Fedora Core release 5 (Bordeaux) http://dhimmi.com http://memri.org http://mideasttruth.com http://pmw.org.il http://israelunderattack.slide.com http://ffii.org http://iris.org.il Why use Windows, when there are Doors? From dshaw at jabberwocky.com Mon Oct 2 02:35:41 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Oct 2 02:34:09 2006 Subject: Create a key without subkey? In-Reply-To: <42c7f83c0609250959n3819597ah1011c49d57b37ff0@mail.gmail.com> References: <42c7f83c0609250959n3819597ah1011c49d57b37ff0@mail.gmail.com> Message-ID: <20061002003541.GA4672@jabberwocky.com> On Mon, Sep 25, 2006 at 06:59:46PM +0200, Eike Herzbach wrote: > Hi, > > How do I generate an encryption key with gnupg? I tried some options > but it always generates me a sign-only key with an encryption subkey. > I need to receive encrypted financial data from a system that uses > PGP5. When I send in my key to that system it outputs me the > following: > > ----[PGP Ausgabeprotokoll]---- > Adding keys: > Key ring: 'eike@example.com' > Type Bits KeyID Created Expires Algorithm Use > pub 1024 0xAF7B19C4 2006-09-25 ---------- DSS Sign only > sub 2048 0x508FA9D7 2006-09-25 ---------- Diffie-Hellman > uid Eike Herzbach > > Later when the system tries to send me an encrypted message it fails > and says that it can't encrypt with a Sign-only key. (I guess it is > not able to use the subkey and only sees the 'outer' key) This is a problem in PGP 5. PGP 5 is extremely old and does not work well at this point. If you are being forced to use PGP 5 by a financial company, this does not say good things about the company. David From JPClizbe at comcast.net Mon Oct 2 07:39:21 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Mon Oct 2 07:49:20 2006 Subject: help needed In-Reply-To: <451C0AD3.3090802@gmail.com> References: <451C0AD3.3090802@gmail.com> Message-ID: <4520A609.3090908@comcast.net> naani wrote: > respected sir/madam, > > recently i have downloaded enigmail for thunderbird 1.5.0.7. > i am clueless regarding version to be downloaded. > i have come to know that version has to be downloaded according to the > operating system. > my system configuration is > windows xp professional version 5.1.2600 > system type : x86-based pc. > > please help me to decide about the file to be downloaded. > please specify the name precisely and any other files to be downloaded. From http://enigmail.mozdev.org/download.html, you need http://www.mozilla-enigmail.org/downloads/enigmail-0.94.1-tb15-win32.xpi Its signature file is: http://www.mozilla-enigmail.org/downloads/enigmail-0.94.1-tb15-win32.xpi.asc Download the XPI to your computer and use the Extension Manager in Thunderbird to install it (Tools --> Extensions). Before installing Enigmail in Thunderbird, you should have an operational install of GnuPG. Because we found ourselves answering Windows questions the most, there is a step-by-step installation and configuration page at http://enigmail.mozdev.org/gpgconf.html There is an Enigmail mailing list at Enigmail@mozdev.org Subscription info at http://mozdev.org/mailman/listinfo/enigmail There is not a requirement to subscribe, but you'll have to wait for the list moderators if not subscribed. There is also the newsgroup at news://news.mozdev.org/public.mozdev.enigmail, details at http://enigmail.mozdev.org/newsgroup.html -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061002/a1eb154f/signature.pgp From hidekis at gmail.com Mon Oct 2 08:42:11 2006 From: hidekis at gmail.com (Hideki Saito) Date: Mon Oct 2 08:40:29 2006 Subject: How do I read man pages on Win? In-Reply-To: <00a101c6e564$f7f97950$0f02a8c0@D800> References: <008b01c6e55b$d63bb660$0f02a8c0@D800> <00a101c6e564$f7f97950$0f02a8c0@D800> Message-ID: You can use Cygwin version of man command. I have PDF versions of those man pages made available on my website as well. http://hp.vector.co.jp/authors/VA019487/gpg.pdf http://hp.vector.co.jp/authors/VA019487/gpgv.pdf 2006/10/1, Daniel Lipkie : > It appears just opening in NotePad/Wordpad works. > > Daniel > > -----Original Message----- > From: Daniel Lipkie [mailto:DanielLipkie@lipkie.com] > Sent: Sunday, October 01, 2006 6:17 AM > To: gnupg-users@gnupg.org > Cc: Daniel Lipkie > Subject: How do I read man pages on Win? > > I'm rather new to gnu and just installed gpg 1.4.5. > > How do I read *.man pages in Windows XP? What do I have to install? I could > not find this information in the FAQ and a Google search seemed to indicate > installing emacs was the solution. > > Also. ...is there a way to search the archives for this group to find such > information so I don't re-ask the obvious? > > Daniel Lipkie > mailto: DanielLipkie@lipkie.com > http://www.lipkie.com > http://www.lipkie.com/glass - wound glass > beads > http://www.lipkie.com/humor - items of possible interest > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Hideki Saito From robert.wyatt at mail.utexas.edu Mon Oct 2 14:35:09 2006 From: robert.wyatt at mail.utexas.edu (Robert T Wyatt) Date: Mon Oct 2 15:18:38 2006 Subject: winpt still active? Message-ID: <4521077D.6010507@mail.utexas.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've seen several (old) references to winpt as the GUI for Windows. Before I download and install it, I would like to ask whether it is still maintained and whether it is still the proper choice of a GUI for that platform. Mind you, I have a working installation, but I wanted to see what I could see as long as it is currently maintained software. Thanks for any pointers, Robert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFFIQd5sFMntyigSLMRApP2AJjUyP/PRzXhIpPdJ4zaaQpHygZjAJ4rbpJF 2bxdd9NLCB1CfEhf1FO3NA== =Y/SZ -----END PGP SIGNATURE----- From wk at gnupg.org Mon Oct 2 15:37:59 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 2 15:42:27 2006 Subject: Logo suggestions Message-ID: <87psdaltxk.fsf@wheatstone.g10code.de> Hi, Soon after the announcement of the logo contest I received two suggestions. See below. As of now we have 4 logo submissions and collected 65 Euro. Shalom-Salam, Werner -------------- next part -------------- Skipped content of type multipart/digest From robert.wyatt at mail.utexas.edu Mon Oct 2 16:04:18 2006 From: robert.wyatt at mail.utexas.edu (Robert T Wyatt) Date: Mon Oct 2 16:02:28 2006 Subject: Logo suggestions In-Reply-To: <87psdaltxk.fsf@wheatstone.g10code.de> References: <87psdaltxk.fsf@wheatstone.g10code.de> Message-ID: <45211C62.9080708@mail.utexas.edu> I like the idea of the lock in the gnu's nose. What about a big, bright chain around the gnu's neck with a gnupg lock on it? Sort of like 'bling' as they say. IANAA (I'm not an artist) or I'd sketch it. Robert From wk at gnupg.org Mon Oct 2 17:35:50 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 2 17:42:34 2006 Subject: Logo suggestions In-Reply-To: <45211C62.9080708@mail.utexas.edu> (Robert T. Wyatt's message of "Mon, 02 Oct 2006 09:04:18 -0500") References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> Message-ID: <878xjyloh5.fsf@wheatstone.g10code.de> Hi! Just one remark: A logo should not be a picture. It shall be a clean and simple design without detailed artistic stuff. In this sense the current GnuPG logo as well as the usual GNU don't work well as logos. Salam-Shalom, Werner From wk at gnupg.org Mon Oct 2 17:36:50 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 2 17:42:42 2006 Subject: winpt still active? In-Reply-To: <4521077D.6010507@mail.utexas.edu> (Robert T. Wyatt's message of "Mon, 02 Oct 2006 07:35:09 -0500") References: <4521077D.6010507@mail.utexas.edu> Message-ID: <874pumlofh.fsf@wheatstone.g10code.de> On Mon, 2 Oct 2006 14:35, Robert T Wyatt said: > I've seen several (old) references to winpt as the GUI for Windows. > Before I download and install it, I would like to ask whether it is > still maintained and whether it is still the proper choice of a GUI for > that platform. Mind you, I have a working installation, but I wanted to > see what I could see as long as it is currently maintained software. Yes, it is. I suggest that you use the version whoich comes with www.gpg4win.org . Shalom-Salam, Werner From wk at gnupg.org Mon Oct 2 19:24:30 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 2 19:27:20 2006 Subject: Web site for Logo suggestions Message-ID: <87r6xqk4vl.fsf@wheatstone.g10code.de> Hi, I received yet another logo suggestion and thus I decided to setup a web page to show them all: http://logo-contest.gnupg.org/ Shalom-Salam, Werner From robert.wyatt at mail.utexas.edu Mon Oct 2 20:31:10 2006 From: robert.wyatt at mail.utexas.edu (Robert T Wyatt) Date: Mon Oct 2 20:29:18 2006 Subject: winpt still active? In-Reply-To: <874pumlofh.fsf@wheatstone.g10code.de> References: <4521077D.6010507@mail.utexas.edu> <874pumlofh.fsf@wheatstone.g10code.de> Message-ID: <45215AEE.2020803@mail.utexas.edu> Fantastic! Thanks! --robert Werner Koch wrote: > On Mon, 2 Oct 2006 14:35, Robert T Wyatt said: > >> I've seen several (old) references to winpt as the GUI for Windows. >> Before I download and install it, I would like to ask whether it is >> still maintained and whether it is still the proper choice of a GUI for >> that platform. Mind you, I have a working installation, but I wanted to >> see what I could see as long as it is currently maintained software. > > Yes, it is. I suggest that you use the version whoich comes with > www.gpg4win.org . > > > Shalom-Salam, > > Werner From z.himsel at gmail.com Tue Oct 3 05:40:57 2006 From: z.himsel at gmail.com (Zach Himsel) Date: Tue Oct 3 07:21:28 2006 Subject: Logo suggestions In-Reply-To: <878xjyloh5.fsf@wheatstone.g10code.de> References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> <878xjyloh5.fsf@wheatstone.g10code.de> Message-ID: <8d5f78b30610022040n7b2af876iff6c28a52ec547dc@mail.gmail.com> I think i'll work on something.... Keeping the lock/nose and lock/bling ideas in mind (as they are awesome. I'll keep you guys posted. On 10/2/06, Werner Koch wrote: > Hi! > > Just one remark: A logo should not be a picture. It shall be a clean > and simple design without detailed artistic stuff. In this sense the > current GnuPG logo as well as the usual GNU don't work well as logos. > > > Salam-Shalom, > > Werner > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Zach Himsel ================================= OpenPGP Public Key ID: 0xD1093592 http://zach-himsel.is.dreaming.org ================================= () ASCII Ribbon - Against HTML mail /\ Campaign - & vCard Signatures From mwood at IUPUI.Edu Tue Oct 3 15:19:53 2006 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Tue Oct 3 17:21:29 2006 Subject: Logo suggestions In-Reply-To: <878xjyloh5.fsf@wheatstone.g10code.de> References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> <878xjyloh5.fsf@wheatstone.g10code.de> Message-ID: <20061003131953.GB20033@IUPUI.Edu> Crossed spears on a recatngular field of 1s and 0s? -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Typically when a software vendor says that a product is "intuitive" he means the exact opposite. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20061003/a90740ee/attachment.pgp From jbloss at tampabay.rr.com Tue Oct 3 19:58:29 2006 From: jbloss at tampabay.rr.com (Jeffrey F. Bloss) Date: Tue Oct 3 21:21:33 2006 Subject: Logo suggestions In-Reply-To: <878xjyloh5.fsf@wheatstone.g10code.de> References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> <878xjyloh5.fsf@wheatstone.g10code.de> Message-ID: <20061003135829.193c1f12@localhost.localdomain> Werner Koch wrote: > Hi! > > Just one remark: A logo should not be a picture. It shall be a clean > and simple design without detailed artistic stuff. In this sense the > current GnuPG logo as well as the usual GNU don't work well as logos. Here's something I did for my own use that's so woefully inadequate it can't be called an official submission, but it certainly meets the criteria of being simple. Maybe it will spark an idea. http://wrench.yi.org/pubkeys.html I was thinking the "fade to binary" theme was symbolic of what GnuPG does. I know, that's real corny. Maybe the GnuPG part without the other text, superimposed over something like a simple graphical key or what the like??? A GIMP 2.2 generated .xcf is here if anyone cares to build, play, mutilate, etc... http://wrench.yi.org/images/GnuPG-Logo.xcf -- Hand crafted on 3 October, 2006 at 13:54:55 EDT Do not meddle in the affairs of dragons, for you are crunchy and good with ketchup. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 892 bytes Desc: not available Url : /pipermail/attachments/20061003/201b0584/signature.pgp From z.himsel at gmail.com Tue Oct 3 23:25:58 2006 From: z.himsel at gmail.com (Zach Himsel) Date: Tue Oct 3 23:24:15 2006 Subject: Logo suggestions In-Reply-To: <20061003135829.193c1f12@localhost.localdomain> References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> <878xjyloh5.fsf@wheatstone.g10code.de> <20061003135829.193c1f12@localhost.localdomain> Message-ID: <8d5f78b30610031425w299c1c06uf91ecf21fb04eaf4@mail.gmail.com> Maybe I can encorporate the "fade to binary" into the GnuPG logo. Along with the lock in the gnu's nose. I was also thinking that I could do something with the gnu with the lock as an earring. I'll do one draft with the nose idea and another with the earring to see which looks better. Also, one question. Should the icon be detailed enough to be big (like the gmail logo: http://mail.google.com/mail/help/images/logo1.gif)? Or should it be smaller and less detailed (for use as a program icon or small logo (like the small gmail logo, which is the "m" in the gmail logo by itself)? I was thinking do two versions, maybe have one big and one small (like the big "Gmail"/small "m"; or the abiword logo which has "Abiword" with the special "A" which can be used as a logo itself). Maybe have the gnu with the lock in a bigger logo (for the website, etc.) and then do a smaller, less detailed one with the gnu/lock geared more towards program icons (like 16x16 or 32x32 or 64x64). On 10/3/06, Jeffrey F. Bloss wrote: > Werner Koch wrote: > > > Hi! > > > > Just one remark: A logo should not be a picture. It shall be a clean > > and simple design without detailed artistic stuff. In this sense the > > current GnuPG logo as well as the usual GNU don't work well as logos. > > Here's something I did for my own use that's so woefully inadequate it > can't be called an official submission, but it certainly meets the > criteria of being simple. Maybe it will spark an idea. > > http://wrench.yi.org/pubkeys.html > > I was thinking the "fade to binary" theme was symbolic of what GnuPG > does. I know, that's real corny. Maybe the GnuPG part without the other > text, superimposed over something like a simple graphical key or what > the like??? > > A GIMP 2.2 generated .xcf is here if anyone cares to build, play, > mutilate, etc... > > http://wrench.yi.org/images/GnuPG-Logo.xcf > > -- > Hand crafted on 3 October, 2006 at 13:54:55 EDT > > Do not meddle in the affairs of dragons, for you > are crunchy and good with ketchup. > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > -- Zach Himsel ================================= OpenPGP Public Key ID: 0xD1093592 http://zach-himsel.is.dreaming.org ================================= () ASCII Ribbon - Against HTML mail /\ Campaign - & vCard Signatures From j.lysdal at gmail.com Tue Oct 3 23:27:00 2006 From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=) Date: Tue Oct 3 23:25:09 2006 Subject: Logo suggestions In-Reply-To: <20061003135829.193c1f12@localhost.localdomain> References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> <878xjyloh5.fsf@wheatstone.g10code.de> <20061003135829.193c1f12@localhost.localdomain> Message-ID: <9afe34fe0610031427n2bb996b9v410e4c0c978f0b80@mail.gmail.com> Here?s what i made: http://img430.imageshack.us/img430/2433/logomm8.jpg based on: http://www.gnu.org/graphics/slickgnu.html It could look cool in white on a black tshirt. -- Jorgen Lysdal From alphasigmax at gmail.com Wed Oct 4 02:29:38 2006 From: alphasigmax at gmail.com (Alphax) Date: Wed Oct 4 02:28:39 2006 Subject: Logo suggestions In-Reply-To: <8d5f78b30610031425w299c1c06uf91ecf21fb04eaf4@mail.gmail.com> References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> <878xjyloh5.fsf@wheatstone.g10code.de> <20061003135829.193c1f12@localhost.localdomain> <8d5f78b30610031425w299c1c06uf91ecf21fb04eaf4@mail.gmail.com> Message-ID: <45230072.1060108@gmail.com> Zach Himsel wrote: > Also, one question. Should the icon be detailed enough to be big > (like the gmail logo: > http://mail.google.com/mail/help/images/logo1.gif)? Or should it be > smaller and less detailed (for use as a program icon or small logo > (like the small gmail logo, which is the "m" in the gmail logo by > itself)? > > I was thinking do two versions, maybe have one big and one small > (like the big "Gmail"/small "m"; or the abiword logo which has > "Abiword" with the special "A" which can be used as a logo itself). > Maybe have the gnu with the lock in a bigger logo (for the website, > etc.) and then do a smaller, less detailed one with the gnu/lock > geared more towards program icons (like 16x16 or 32x32 or 64x64). > > Good question. Here's something that came up on another list: > Two days before the start of , in the organizers' office. > is layouting the press kit, searching for highresolution > versions of all project logos. The logo was available > only as . > > Scaled to print resolution, it was 10x12 mm which looked a bit small > on an DIN A4 page. > > had redrawn the logo for a convention, > unfortunately the file was lost on a broken hard disk. No problem, > let's just take a digital camera, take a photo from the printout he > still had, do a little bit of filtering in gimp... So we used a photo > of a bitmap graphic and, at least for my part, are using it till > today. > > Shall I tell you the story of the t-shirt producer, too, who wanted > to print the logo as a serigraph? > > And all this because nobody thought - when the logos were chosen - > that logos are not just for the upper left corner of but > are needed in suitable versions for print as well. So yes, logos should be available at high resolutions. One easy way to ensure this is to create them in vector form, eg. as an SVG file. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061004/459527ec/signature.pgp From wk at gnupg.org Wed Oct 4 09:59:48 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 4 10:03:26 2006 Subject: Logo suggestions In-Reply-To: <8d5f78b30610031425w299c1c06uf91ecf21fb04eaf4@mail.gmail.com> (Zach Himsel's message of "Tue, 3 Oct 2006 17:25:58 -0400") References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> <878xjyloh5.fsf@wheatstone.g10code.de> <20061003135829.193c1f12@localhost.localdomain> <8d5f78b30610031425w299c1c06uf91ecf21fb04eaf4@mail.gmail.com> Message-ID: <871wpojytn.fsf@wheatstone.g10code.de> On Tue, 3 Oct 2006 23:25, Zach Himsel said: > the gmail logo: http://mail.google.com/mail/help/images/logo1.gif)? Or > should it be smaller and less detailed (for use as a program icon or > small logo (like the small gmail logo, which is the "m" in the gmail An icon for a program is not for what the logo will be used. Such an icon maybe derived from it but icons have a different purpose. Salam-Shalom, Werner From z.himsel at gmail.com Wed Oct 4 18:17:13 2006 From: z.himsel at gmail.com (Zach Himsel) Date: Wed Oct 4 18:15:33 2006 Subject: Logo suggestions In-Reply-To: <871wpojytn.fsf@wheatstone.g10code.de> References: <87psdaltxk.fsf@wheatstone.g10code.de> <45211C62.9080708@mail.utexas.edu> <878xjyloh5.fsf@wheatstone.g10code.de> <20061003135829.193c1f12@localhost.localdomain> <8d5f78b30610031425w299c1c06uf91ecf21fb04eaf4@mail.gmail.com> <871wpojytn.fsf@wheatstone.g10code.de> Message-ID: <8d5f78b30610040917i11aad15dscbe726e1e76060a3@mail.gmail.com> On 10/4/06, Werner Koch wrote: > An icon for a program is not for what the logo will be used. What I can do is focus on making a hi-res logo for the website (which is what you are looking for, as stated above) as first priority. > Such an icon maybe derived from it but icons have a different purpose. I can, after I finish the hi-res, convert it into a small icon. -- Zach Himsel ================================= OpenPGP Public Key ID: 0xD1093592 http://zach-himsel.is.dreaming.org ================================= () ASCII Ribbon - Against HTML mail /\ Campaign - & vCard Signatures From wk at gnupg.org Wed Oct 4 19:15:20 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 4 19:22:43 2006 Subject: GnuPG 1.9.91 released Message-ID: <87k63ggfyv.fsf@wheatstone.g10code.de> Hi, just a brief note, that version 1.9.91 of GnuPG has been released. To build it, you also need to get the latest libassuan (0.9.2). ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.91.bz2 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.91.bz2.sig ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.90-1.9.91.diff.bz2 (Note that the diff file is smaller than usual because it does not include diffs for the po files.) ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/libassuan-0.9.2.bz2 ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/libassuan-0.9.2.bz2.sig Salam-Shalom, Werner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20061004/c74adb5b/attachment.pgp From npcole at yahoo.co.uk Wed Oct 4 20:25:13 2006 From: npcole at yahoo.co.uk (Nicholas Cole) Date: Wed Oct 4 21:23:58 2006 Subject: Web site for Logo suggestions In-Reply-To: <87r6xqk4vl.fsf@wheatstone.g10code.de> Message-ID: <20061004182513.45087.qmail@web26714.mail.ukl.yahoo.com> --- Werner Koch wrote: > Hi, > > I received yet another logo suggestion and thus I > decided to setup a > web page to show them all: > > http://logo-contest.gnupg.org/ My vote, such as it is, is for the one on the far right by Simon Josefsson. I don't have the artistic skills to pull it off, but what about the Gnu head on the front of a padlock dial? Best wishes, N ___________________________________________________________ All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html From widhalmt at unix.sbg.ac.at Thu Oct 5 21:13:48 2006 From: widhalmt at unix.sbg.ac.at (Thomas Widhalm) Date: Fri Oct 6 03:51:27 2006 Subject: Expiry Date of Key used for signatures? Message-ID: <4525596C.4060300@unix.sbg.ac.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Just one simple question: I put a expiry date on my key and I get a signature. If I change the expiry date to a later date, will the signature expire at the first date or will it stay valid? Looking at my keyring I assume that if I sign a key with an expiry date, my signature expires at the expiry date of the key. Most signatures have the same expiry date as the key itself. Regards, Thomas - -- ***************************************************************** * Thomas Widhalm Unix Administrator * * University of Salzburg ITServices (ITS) * * Systems Management Unix Systems * * Hellbrunnerstr. 34 5020 Salzburg, Austria * * widhalmt@unix.sbg.ac.at +43/662/8044-6774 * * gpg: 6265BAE6 http://www.users.sbg.ac.at/~widhalmt * ***************************************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFJVlskbjs3GJluuYRAspAAKCU0Z79+scOQn7kcTDHCct5/ITaDACeJNh7 MwlqzA5dd9OYMe8Irt7xFB8= =JPpn -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Oct 6 04:47:18 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Oct 6 04:45:37 2006 Subject: Expiry Date of Key used for signatures? In-Reply-To: <4525596C.4060300@unix.sbg.ac.at> References: <4525596C.4060300@unix.sbg.ac.at> Message-ID: <20061006024718.GA14247@jabberwocky.com> On Thu, Oct 05, 2006 at 09:13:48PM +0200, Thomas Widhalm wrote: > Hi, > > Just one simple question: > > I put a expiry date on my key and I get a signature. If I change the > expiry date to a later date, will the signature expire at the first date > or will it stay valid? It's up to the person who gives you the signature. > Looking at my keyring I assume that if I sign a key with an expiry date, > my signature expires at the expiry date of the key. Most signatures have > the same expiry date as the key itself. This is the default behavior, but you can have your signature expire at a different time if you choose to. David From chengli1 at verizon.net Fri Oct 6 06:39:00 2006 From: chengli1 at verizon.net (Charli Li) Date: Fri Oct 6 06:43:24 2006 Subject: gpg hangs when decrypting/verifying signatures Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please note that this may or may not have something to do with all of the newsgroups/mailing lists above in the header. Cygwin provides the DLL so gpg can run; enigmail utilizes gpg to do its thing in emails; and gpg is the backbone of this. After updating my Thunderbird nightly (2.0b1) for a couple of days, something went strange with gpg and enigmail. Thunderbird kept hanging forever just because it was trying to decrypt/verify a signature by using a hung gpg process. I know this from looking in Sysinternals Process Explorer, because there was a gpg process in the tree of thunderbird.exe. In order to get away from this problem, I have to kill gpg one or more times, since it might just pop back up again. Fortunately, though, I can still sign and encrypt messages, just like this one. As mentioned above, this message/thread may have something to do with all of the above (mail header), so please send any replies to the newsgroups/mailing lists above. (Cygwinners, please don't send email to my *other* email address!) - -- Charli - --- "Sheesh, where'd you get all this stuff?" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFJd3jKGyf4JaPChgRArhJAJwJFkHzkb2hF9V7hTHIgkoMg9dkiQCeLdOO 8A21UuTd9LhfcgKq0NTbBdE= =t9ob -----END PGP SIGNATURE----- From pmadams at gmail.com Fri Oct 6 17:00:05 2006 From: pmadams at gmail.com (Paul Adams) Date: Fri Oct 6 19:38:00 2006 Subject: Decrypted files are missing their extension Message-ID: I'm looking through the man pages and docs and not seeing a switch option to check. If I receive a file call it Bob.pgp and decrypt it using my gui based PGP 8 client it decrypts to Bob.txt but if I do it from the commandline using GnuPG I get a file named Bob with no extension. Is there a way to make it look at the real file name inside the archive? I will work around it if need be as I really need the command line functionality more then I need the naming to be correct but I'm guessing that I'm missing something stupid to make it work. Thanks for any pointers! Paul Adams ___________________________________________________________ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. From vinod.jacob at gmail.com Sat Oct 7 06:54:08 2006 From: vinod.jacob at gmail.com (Vinod Jacob) Date: Sat Oct 7 06:52:26 2006 Subject: Problem with Padding Message-ID: <8a4271520610062154k79ddc5c9g1636cebfa10c690a@mail.gmail.com> Hi, I am trying to write some code to make the libgcrypt handle the pkcs1. for this to achieve, do i need to use the s-expression interface ? I am using sexp_data_to_mpi() with pkcs1 flag , which sets the MSBs to 0x00. But when its 'gcy_mpi_scan'ed, the MSB 0x00x are ignored due to mpi_normalize(). Any Pointers how to go about this and what is missing here? Thanks in advance, Vinod From wk at gnupg.org Sat Oct 7 12:25:58 2006 From: wk at gnupg.org (Werner Koch) Date: Sat Oct 7 12:32:32 2006 Subject: Decrypted files are missing their extension In-Reply-To: (Paul Adams's message of "Fri, 6 Oct 2006 11:00:05 -0400") References: Message-ID: <87zmc8a0cp.fsf@wheatstone.g10code.de> On Fri, 6 Oct 2006 17:00, Paul Adams said: > I'm looking through the man pages and docs and not seeing a switch > option to check. If I receive a file call it Bob.pgp and decrypt it @item --use-embedded-filename @itemx --no-use-embedded-filename Try to create a file with a name as embedded in the data. This can be a dangerous option as it allows to overwrite files. Defaults to no. Salam-Shalom, Werner From johanw at vulcan.xs4all.nl Sat Oct 7 13:53:32 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sat Oct 7 13:51:26 2006 Subject: Decrypted files are missing their extension In-Reply-To: Message-ID: <200610071153.k97BrW7N003588@vulcan.xs4all.nl> Paul Adams wrote: >using my gui based PGP 8 client it decrypts to Bob.txt but if I do it >from the commandline using GnuPG I get a file named Bob with no >extension. Put this line in your gpg.conf: no-mangle-dos-filenames This behavious is from the time that DOS didn't support double extensions (actually, since the "dot" was never stored in the filesystem, it didn't support a dot in a filename). Since GnuPG never ran on plain MS-DOS I'm not sure why they programmed this default. I believe some very old win95 versions also had problems with it. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wk at gnupg.org Sat Oct 7 15:57:56 2006 From: wk at gnupg.org (Werner Koch) Date: Sat Oct 7 16:02:40 2006 Subject: Decrypted files are missing their extension In-Reply-To: <200610071153.k97BrW7N003588@vulcan.xs4all.nl> (Johan Wevers's message of "Sat, 7 Oct 2006 13:53:32 +0200 (MET DST)") References: <200610071153.k97BrW7N003588@vulcan.xs4all.nl> Message-ID: <87ejtk9qjf.fsf@wheatstone.g10code.de> On Sat, 7 Oct 2006 13:53, Johan Wevers said: > Since GnuPG never ran on plain MS-DOS I'm not sure why they programmed this > default. I believe some very old win95 versions also had problems with it. Yes, even Windows ME has this problem (iirc, only when using a FAT fs). And that is the version I used at that time. Shalom-Salam, Werner From avbidder at fortytwo.ch Thu Oct 5 10:56:29 2006 From: avbidder at fortytwo.ch (Adrian von Bidder) Date: Mon Oct 9 10:49:24 2006 Subject: gnupg subkeys HOWTO: looking for a kind soul Message-ID: <200610051056.35914.avbidder@fortytwo.ch> Yodel! A long long time ago, I wrote the GnuPG Subkeys mini-HOWTO at . I have received a lot of positive feedback over the time, and the page still gets quite a few hits. But over the last few years, I've not kept up with gnupg developments (though I'm still a regular user), and especially I have no idea about compatibility issues between various versions of GnuPG and possibly other OpenPGP implementations. So - anybody wants to officially take over maintenance of this mini-HOWTO? Access to my host for publication can be arranged if necessary, but I'd prefer if the document moved, and I'd just place a redirect to the new location. Please cc: me on replies. Thank you & all the best Adrian von Bidder -- Maintenance-free: When it breaks, it can't be fixed... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 390 bytes Desc: not available Url : /pipermail/attachments/20061005/8dd9439e/attachment.pgp From carenas2 at alumni.gs.columbia.edu Sat Oct 7 04:21:36 2006 From: carenas2 at alumni.gs.columbia.edu (Carlos Arenas =?ISO-8859-1?Q?C=F3rdoba?=) Date: Mon Oct 9 10:49:30 2006 Subject: Cannot refresh my own key Message-ID: <1160187696.1515.9.camel@localhost> hello all. several months ago, i imported my key to canonical's (company behind ubuntu distribution) launchpad. since then i cannot refresh my key: $ gpg --refresh-keys 0xe0de64c5 gpg: requesting key E0DE64C5 from http server keyserver.ubuntu.com gpgkeys: key DE46B91FBD9FE4532CB077094D40B8A2E0DE64C5 not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0 for some reason, gpgkeys is using my fingerprint as my keyid. how can i correct this? thanks in advance. (please reply directly because i am not a subscriber to your list). -- carlos a. arenas carenas2 + alumni.gs.columbia.edu pgp/gpg key id: 0xE0DE64C5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 245 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20061006/7e66d650/attachment.pgp From michael at vorlon.ping.de Mon Oct 9 12:11:20 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Mon Oct 9 13:51:29 2006 Subject: Howto add ssh keys to .gnupg/sshcontrol? Message-ID: <20061009101120.GA7527@vorlon.ping.de> Hello, I'm having trouble to add my ssh key to a running gpg-agent (started with --enable-ssh-support). The comments in .gnupg/sshcontrol suggests you can do it with ssh-add or manually. When I try it with ssh-add I'm asked about my passphrase but afterwards ssh-add -l doesn't list it and it also doesn't show up in sshcontrol. The comment also mentions that one can add it manually by adding a keygrip of 40 hex digits. How do I get this keygrip from my ssh key to add it manually? Thanks, Michael From dshaw at jabberwocky.com Mon Oct 9 14:53:06 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Oct 9 14:51:25 2006 Subject: Cannot refresh my own key In-Reply-To: <1160187696.1515.9.camel@localhost> References: <1160187696.1515.9.camel@localhost> Message-ID: <20061009125306.GA20010@jabberwocky.com> On Fri, Oct 06, 2006 at 10:21:36PM -0400, Carlos Arenas C?rdoba wrote: > hello all. > > several months ago, i imported my key to canonical's (company behind > ubuntu distribution) launchpad. since then i cannot refresh my key: > > > $ gpg --refresh-keys 0xe0de64c5 > gpg: requesting key E0DE64C5 from http server keyserver.ubuntu.com > gpgkeys: key DE46B91FBD9FE4532CB077094D40B8A2E0DE64C5 not found on > keyserver > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > > > for some reason, gpgkeys is using my fingerprint as my keyid. > > how can i correct this? thanks in advance. You have a mistaken assumption. The fingerprint is not relevant here. It looks like you have a preferred keyserver set pointing to the wrong place. Add "--keyserver-options verbose verbose verbose" to your command and see where you're actually looking. David From alphasigmax at gmail.com Mon Oct 9 15:13:34 2006 From: alphasigmax at gmail.com (Alphax) Date: Mon Oct 9 15:12:17 2006 Subject: Howto add ssh keys to .gnupg/sshcontrol? In-Reply-To: <20061009101120.GA7527@vorlon.ping.de> References: <20061009101120.GA7527@vorlon.ping.de> Message-ID: <452A4AFE.3090904@gmail.com> Michael Bienia wrote: > Hello, > > I'm having trouble to add my ssh key to a running gpg-agent (started > with --enable-ssh-support). > > The comments in .gnupg/sshcontrol suggests you can do it with ssh-add or > manually. When I try it with ssh-add I'm asked about my passphrase but > afterwards ssh-add -l doesn't list it and it also doesn't show up in > sshcontrol. > The comment also mentions that one can add it manually by adding a > keygrip of 40 hex digits. How do I get this keygrip from my ssh key to > add it manually? > I assume you mean fingerprint? ssh-keygen -l [-f input_keyfile] -l Show fingerprint of specified public key file. Private RSA1 keys are also supported. For RSA and DSA keys ssh-keygen tries to find the matching public key file and prints its fingerprint. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061009/91fab130/signature.pgp From michael at vorlon.ping.de Mon Oct 9 15:37:07 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Mon Oct 9 15:35:25 2006 Subject: Howto add ssh keys to .gnupg/sshcontrol? In-Reply-To: <452A4AFE.3090904@gmail.com> References: <20061009101120.GA7527@vorlon.ping.de> <452A4AFE.3090904@gmail.com> Message-ID: <20061009133707.GA11315@vorlon.ping.de> On 2006-10-09 22:43:34 +0930, Alphax wrote: > Michael Bienia wrote: > > Hello, > > > > I'm having trouble to add my ssh key to a running gpg-agent (started > > with --enable-ssh-support). > > > > The comments in .gnupg/sshcontrol suggests you can do it with ssh-add or > > manually. When I try it with ssh-add I'm asked about my passphrase but > > afterwards ssh-add -l doesn't list it and it also doesn't show up in > > sshcontrol. > > The comment also mentions that one can add it manually by adding a > > keygrip of 40 hex digits. How do I get this keygrip from my ssh key to > > add it manually? > > > > I assume you mean fingerprint? No, from .gnupg/sshcontrol: # [...] A # non-comment line starts with optional white spaces, followed by the # keygrip of the key given as 40 hex digits, [...] The fingerprint returned by ssh-keygen -l is only 32 hex digits long. Michael From wk at gnupg.org Mon Oct 9 19:48:48 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 9 19:52:37 2006 Subject: Howto add ssh keys to .gnupg/sshcontrol? In-Reply-To: <20061009101120.GA7527@vorlon.ping.de> (Michael Bienia's message of "Mon, 9 Oct 2006 12:11:20 +0200") References: <20061009101120.GA7527@vorlon.ping.de> Message-ID: <87k6397533.fsf@wheatstone.g10code.de> On Mon, 9 Oct 2006 12:11, Michael Bienia said: > The comment also mentions that one can add it manually by adding a > keygrip of 40 hex digits. How do I get this keygrip from my ssh key to > add it manually? Is this for a key from an OpenPGP card? I see that we need a tool to display the keygrip. What you can do now is to use this workaround $ echo scd learn --force | gpg-connect-agent | grep KEYPAIRINFO S KEYPAIRINFO AB820B6FB3CB34AEF54429140D0810190132738D OPENPGP.1 S KEYPAIRINFO 6033BB648CA5EA607457880D899A587C9EEB0B9F OPENPGP.2 S KEYPAIRINFO BDA5176784C7A7CE8F15AE629E3F6203E3CA42BF OPENPGP.3 What you want is the keygrip from the OPENPG.3 line. Unfortunately this works only with the latest gpg-agent from gnupg 1.9.91. Another way of looking at the keygrip is when using an X.509 key: "gpgsm --dump-key " also shows the keygrip. If you want to use an existing ssh key with gpg-agent, it is far easier: ssh-add and gpg-agent will popup a window to ask you for a new passphrase to protect an existing ssh- key under gpg-agent. gpg-agent then creates a copy of the private key in its own key storage (~/.gnupg/private-keys-v1.d/) and adds an entry to sshcontrol. If you use "ssh-add -l" or -L the key will get listed. BTW, the keygrip is the name of the file as storred in the private-keys directory. To print this file in a non-binary format, you may use "gpg-protect-tool " Shalom-Salam, Werner From michael at vorlon.ping.de Mon Oct 9 21:37:17 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Mon Oct 9 21:35:48 2006 Subject: Howto add ssh keys to .gnupg/sshcontrol? In-Reply-To: <87k6397533.fsf@wheatstone.g10code.de> References: <20061009101120.GA7527@vorlon.ping.de> <87k6397533.fsf@wheatstone.g10code.de> Message-ID: <20061009193717.GA3479@vorlon.ping.de> On 2006-10-09 19:48:48 +0200, Werner Koch wrote: > On Mon, 9 Oct 2006 12:11, Michael Bienia said: > > > The comment also mentions that one can add it manually by adding a > > keygrip of 40 hex digits. How do I get this keygrip from my ssh key to > > add it manually? > > Is this for a key from an OpenPGP card? It's an existing ssh key. > If you want to use an existing ssh key with gpg-agent, it is far > easier: > > ssh-add I tried it but it didn't work as expected: $ ssh-add .ssh/id_dsa Enter passphrase for .ssh/id_dsa: Identity added: .ssh/id_dsa (.ssh/id_dsa) But ssh-add -l didn't list it. Through further testing I found out it was a problem with my ssh key: $ ssh-keygen -l -f .ssh/id_dsa.pub 2048 [fingerprint] .ssh/id_dsa.pub Don't ask me how I generated this key. As I can use this key with ssh I didn't suspect it as the problem. I now generated a new 2048 bit RSA key and it works now. Thanks for your help, Michael From wk at gnupg.org Tue Oct 10 16:05:08 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 10 16:13:00 2006 Subject: Howto add ssh keys to .gnupg/sshcontrol? In-Reply-To: <20061009193717.GA3479@vorlon.ping.de> (Michael Bienia's message of "Mon, 9 Oct 2006 21:37:17 +0200") References: <20061009101120.GA7527@vorlon.ping.de> <87k6397533.fsf@wheatstone.g10code.de> <20061009193717.GA3479@vorlon.ping.de> Message-ID: <87k6385krv.fsf@wheatstone.g10code.de> On Mon, 9 Oct 2006 21:37, Michael Bienia said: > $ ssh-keygen -l -f .ssh/id_dsa.pub > 2048 [fingerprint] .ssh/id_dsa.pub 2048 bit DSA is not yet supported by libgcrypt (it's too new). There should be a error message, though. Salam-Shalom, Werner From wk at gnupg.org Wed Oct 11 12:18:15 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 11 12:41:38 2006 Subject: [Announce] GnuPG 1.9.92 released Message-ID: <87mz832m1k.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From wk at gnupg.org Thu Oct 12 17:26:45 2006 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 12 17:32:55 2006 Subject: Howto add ssh keys to .gnupg/sshcontrol? In-Reply-To: <87k6385krv.fsf@wheatstone.g10code.de> (Werner Koch's message of "Tue, 10 Oct 2006 16:05:08 +0200") References: <20061009101120.GA7527@vorlon.ping.de> <87k6397533.fsf@wheatstone.g10code.de> <20061009193717.GA3479@vorlon.ping.de> <87k6385krv.fsf@wheatstone.g10code.de> Message-ID: <87fydtzhai.fsf@wheatstone.g10code.de> On Tue, 10 Oct 2006 16:05, Werner Koch said: > 2048 bit DSA is not yet supported by libgcrypt (it's too new). There > should be a error message, though. I have been wrong. It works for me. See https://bugs.gnupg.org/710 . Salam-Shalom, Werner From caryrw at usa.net Thu Oct 12 16:47:40 2006 From: caryrw at usa.net (Cary Wagner) Date: Thu Oct 12 18:51:18 2006 Subject: GPG Outlook Plug-In and Signatures Message-ID: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> When I try to digitally sign an email in Outlook, it changes my messages from HTML to Plain Text. The messages are starting out as HTML when I am typing, but I am guessing that as soon as I sign it, the message is being converted to text. Is there a way to correct this? Or, is the expected behavior? Thanks! Cary From zvrba at globalnet.hr Thu Oct 12 16:57:56 2006 From: zvrba at globalnet.hr (Zeljko Vrba) Date: Thu Oct 12 18:51:38 2006 Subject: [Announce] PKCS#11 support for GnuPG Message-ID: <87d58xy423.fsf@globalnet.hr> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 We[1] are pleased to announce the availability of PKCS#11 support for gpg2. The first release that we deem decent enough to be publicly released can be found at the following link: http://gnupg-pkcs11.sourceforge.net/ [1] Me and Alon Bar-Lev are current developers. The programs works (hopefully) as a drop-in replacement for "scd" distributed with GnuPG. It has been tested with some PKCS#11 providers (including IBM's OpenCryptoki softtoken), and card learning, signing as well as encryption are working. You are welcome to test it and report any problems via sourceforge. Creating this "fork" of scd for was neccessary because of Werner Koch's view upon PKCS#11 (which we don't agree with at all), and consequent refusal to integrate PKCS#11 support with regular GnuPG distribution. More information on the website is coming soon. Documentation and setup instructions are included in the source distribution. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFLlf6FtofFpCIfhMRAybHAJ9vubalzEvFFO6JLh0rhxb2Hl533QCfWakb twjIhyPJpalSKD503d9gq6s= =yWxd -----END PGP SIGNATURE----- From claudio at iannotta.ch Thu Oct 12 20:12:27 2006 From: claudio at iannotta.ch (Claudio Iannotta) Date: Thu Oct 12 21:51:24 2006 Subject: gpg --gen-key fails Message-ID: <1160676747.452e858b8bace@www.mail2web.ch> Hi, I'm trying to generate a gpg key with Code: gpg --gen-key but i receive a message like (transtation): writable public keyring not found : eof what i'm supposed to do? tnx From claudio at iannotta.ch Thu Oct 12 23:49:49 2006 From: claudio at iannotta.ch (Claudio Iannotta) Date: Fri Oct 13 00:36:48 2006 Subject: gpg --gen-key fails In-Reply-To: <452EAF0D.7090100@unob.cz> References: <1160676747.452e858b8bace@www.mail2web.ch> <452EAF0D.7090100@unob.cz> Message-ID: <1160689789.15739.2.camel@localhost> Il giorno gio, 12/10/2006 alle 23.09 +0200, Ladislav Hagara ha scritto: > > Hi, > > I'm trying to generate a gpg key with > > Code: > > gpg --gen-key > > but i receive a message like (transtation): > > writable public keyring not found : eof > > what i'm supposed to do? > > Just trying: > > $ mkdir .gnupg already exists > $ chmod 555 .gnupg/ done, also with 777 but same error > $ gpg --gen-key > ... > *gpg: no writable public keyring found: eof* > Key generation failed: eof > gpg: can't create `/home/user01/.gnupg/random_seed': Permission denied > > Seems something with permissions. > What operating systems (Unix like, Windows)? > Linux ubuntu amd64 From ladislav.hagara at unob.cz Fri Oct 13 00:00:59 2006 From: ladislav.hagara at unob.cz (Ladislav Hagara) Date: Fri Oct 13 00:51:16 2006 Subject: gpg --gen-key fails In-Reply-To: <1160689789.15739.2.camel@localhost> References: <1160676747.452e858b8bace@www.mail2web.ch> <452EAF0D.7090100@unob.cz> <1160689789.15739.2.camel@localhost> Message-ID: <452EBB1B.3000108@unob.cz> > Linux ubuntu amd64 Try: $ ls -ld ~ ~/.gnupg/ What are your permissions? Do you have rwx for .gnupg? drwx------ 164 hgr hgr 12288 Oct 12 23:45 /home/hgr drwx------ 3 hgr hgr 4096 Oct 12 15:26 /home/hgr/.gnupg/ -- Ladislav Hagara From ladislav.hagara at unob.cz Thu Oct 12 23:09:33 2006 From: ladislav.hagara at unob.cz (Ladislav Hagara) Date: Fri Oct 13 00:51:39 2006 Subject: gpg --gen-key fails In-Reply-To: <1160676747.452e858b8bace@www.mail2web.ch> References: <1160676747.452e858b8bace@www.mail2web.ch> Message-ID: <452EAF0D.7090100@unob.cz> > Hi, > I'm trying to generate a gpg key with > Code: > gpg --gen-key > but i receive a message like (transtation): > writable public keyring not found : eof > what i'm supposed to do? Just trying: $ mkdir .gnupg $ chmod 555 .gnupg/ $ gpg --gen-key ... *gpg: no writable public keyring found: eof* Key generation failed: eof gpg: can't create `/home/user01/.gnupg/random_seed': Permission denied Seems something with permissions. What operating systems (Unix like, Windows)? -- Ladislav Hagara From ladislav.hagara at unob.cz Fri Oct 13 02:14:23 2006 From: ladislav.hagara at unob.cz (Ladislav Hagara) Date: Fri Oct 13 02:13:00 2006 Subject: gpg --gen-key fails In-Reply-To: <1160697745.15739.43.camel@localhost> References: <1160676747.452e858b8bace@www.mail2web.ch> <452EAF0D.7090100@unob.cz> <1160689789.15739.2.camel@localhost> <452EBB1B.3000108@unob.cz> <1160694959.15739.40.camel@localhost> <452ED40A.6000506@unob.cz> <1160697745.15739.43.camel@localhost> Message-ID: <452EDA5F.7010706@unob.cz> > Interesting, > I've deleted the folder and other keys as well and now it works > tnx >> Have you ever used gpg? >> Do you have some key already (gpg --list-key)? >> If no, try: >> >> $ rm -rf ~/.gnupg >> $ mkdir ~/.gnupg >> $ chmod 700 ~/.gnupg >> $ gpg --gen-key Great, you are welcome. :-) -- Ladislav Hagara From hhhobbit at securemecca.net Fri Oct 13 02:44:40 2006 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Fri Oct 13 03:21:34 2006 Subject: gpg --gen-key fails In-Reply-To: <0MKpiB-1GY9T33wqU-00012t@mx.perfora.net> References: <0MKpiB-1GY9T33wqU-00012t@mx.perfora.net> Message-ID: <452EE178.9060604@securemecca.net> Others wrote: >> Try: >> $ ls -ld ~ ~/.gnupg/ >> What are your permissions? Do you have rwx for .gnupg? >> drwx------ 164 hgr hgr 12288 Oct 12 23:45 /home/hgr >> drwx------ 3 hgr hgr 4096 Oct 12 15:26 /home/hgr/.gnupg/ Okay. That looks okay. Try the following: $ cd ; cd .gnupg # if that doesn't work you may have something like SELinux that can # be causing the problem. If you make it into .gnupg type: $ ls -al # if that works type: $ touch empty_file $ ls -al $ rm -f empty_file $ chmod 600 *.gpg* $ chmod 600 random_seed $ ls -al $ umask # if all of that that works (your umask should be 077 or 0077), type: $ which gpg # change to the directory (usually either /usr/bin or /usr/local/bin) # where gpg is at and then type ls -l gpg* Here is what I have: $ ls -l gpg* -rwsr-xr-x 1 root root 742760 Apr 16 03:45 gpg -rwsr-xr-x 1 root root 31068 Apr 16 03:46 gpgsplit -rwsr-xr-x 1 root root 265548 Apr 16 03:45 gpgv -rwxr-xr-x 1 root root 3374 Apr 16 03:44 gpg-zip Please, no snickers about it being so old. You get the mode of the files that way by either sudo'ing it or su'ing to root and typing: # cd to where the files are at. chmod 4755 gpg* If you have gone through all of this with no problems, it is NOT a file system problem. What I am doing is isolating away the gpg and looking at the file system itself. Even if your default umask is 027 (0027), you should set it to 077 when working with encryption. HHH From alphasigmax at gmail.com Fri Oct 13 04:16:49 2006 From: alphasigmax at gmail.com (Alphax) Date: Fri Oct 13 04:15:55 2006 Subject: GPG Outlook Plug-In and Signatures In-Reply-To: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> Message-ID: <452EF711.5020708@gmail.com> Cary Wagner wrote: > When I try to digitally sign an email in Outlook, it changes my messages from > HTML to Plain Text. The messages are starting out as HTML when I am typing, > but I am guessing that as soon as I sign it, the message is being converted to > text. Is there a way to correct this? Or, is the expected behavior? > HTML + OpenPGP = FAIL. In English: HTML screws up OpenPGP. You don't want it. There are other reasons why you don't want HTML anyway but I won't go into them here. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061013/c8e22104/signature.pgp From johannes.schmid at gmx.de Fri Oct 13 10:30:52 2006 From: johannes.schmid at gmx.de (Johannes Schmid) Date: Fri Oct 13 12:21:46 2006 Subject: Key problem Message-ID: <452F4EBC.9040306@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! I have the problem that I cannot longer export my gnupg key as I always get the following error message # gpg --armor --export .gnupg/secring.gpg gpg: [don't know]: invalid packet (ctb=20) gpg: WARNING: nothing exported gpg: key export failed: invalid packet # gpg --list-keys /home/jhs/.gnupg/pubring.gpg - ---------------------------- pub 1024D/6E5BFD6B 2004-09-21 uid Johannes Schmid sub 1024g/35A90063 2004-09-21 gpg: mpi too large for this implementation (28015 bits) gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring Encryption and decryption work fine. Would be nice if anyone could give me a hint how to rescue my key. Thanks, Johannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFL0687Dsf+G5b/WsRAhB2AJ9J1pAn3S+QSFV0ZzfET79qJrNlmwCgoDaq rrCUmKSOaZq1qZVSp+Q/Pmc= =FgPB -----END PGP SIGNATURE----- From sturthe at web.de Mon Oct 9 15:49:39 2006 From: sturthe at web.de (sturthe) Date: Fri Oct 13 13:09:01 2006 Subject: iconv.dll via load-extension Message-ID: <6717926.post@talk.nabble.com> Hi, just tried to enable iconv.dll and idea.dll in the optionsfile (gpg.conf). Note: Both files are in a folder called lib! load-extension lib\iconv.dll load-extension lib\idea.dll Using the --version command I recognize that idea.dll was found, but there's the nasty "iconv.dll missing error". So I used a file monitoring program (FileMon from SysInternals) and found, that (after execution) gpg.exe looks first for iconv.dll, and then for gpg.conf. I can't believe that this was intended, because in an earlier version (1.4.3) there was no such a behaviour. Maybe somebody can confirm this? Thanks PS: Using GnuPG 1.4.5 on Windows XP -- View this message in context: http://www.nabble.com/iconv.dll-via-load-extension-tf2410147.html#a6717926 Sent from the GnuPG - User mailing list archive at Nabble.com. From carenas2 at alumni.gs.columbia.edu Tue Oct 10 05:28:09 2006 From: carenas2 at alumni.gs.columbia.edu (Carlos Arenas =?ISO-8859-1?Q?C=F3rdoba?=) Date: Fri Oct 13 13:09:05 2006 Subject: Cannot refresh my own key In-Reply-To: <20061009125306.GA20010@jabberwocky.com> References: <1160187696.1515.9.camel@localhost> <20061009125306.GA20010@jabberwocky.com> Message-ID: <1160450889.6331.3.camel@localhost> On Mon, 2006-10-09 at 08:53 -0400, David Shaw wrote: > On Fri, Oct 06, 2006 at 10:21:36PM -0400, Carlos Arenas C?rdoba wrote: > > hello all. > > > > several months ago, i imported my key to canonical's (company behind > > ubuntu distribution) launchpad. since then i cannot refresh my key: > > > > > > $ gpg --refresh-keys 0xe0de64c5 > > gpg: requesting key E0DE64C5 from http server keyserver.ubuntu.com > > gpgkeys: key DE46B91FBD9FE4532CB077094D40B8A2E0DE64C5 not found on > > keyserver > > gpg: no valid OpenPGP data found. > > gpg: Total number processed: 0 > > > > > > for some reason, gpgkeys is using my fingerprint as my keyid. > > > > how can i correct this? thanks in advance. > > You have a mistaken assumption. The fingerprint is not relevant here. > It looks like you have a preferred keyserver set pointing to the wrong > place. Add "--keyserver-options verbose verbose verbose" to your > command and see where you're actually looking. > > David I tried that without success (nothing different happened). But then I changed the preferred keyserver for my key from http://keyserver.ubuntu.com to hkp://subkeys.pgp.net, and then it did work. Not sure why that made the difference, but I will figure that out on my own. Thanks for the tip! :-) ca. -- carlos a. arenas carenas2 + alumni.gs.columbia.edu pgp/gpg key id: 0xE0DE64C5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 245 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20061009/4847ddc8/attachment.pgp From laurent.jumet at skynet.be Fri Oct 13 14:10:04 2006 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri Oct 13 14:46:01 2006 Subject: iconv.dll via load-extension In-Reply-To: <6717926.post@talk.nabble.com> Message-ID: Hello sturthe ! sturthe wrote: > just tried to enable iconv.dll and idea.dll in the optionsfile (gpg.conf). > Note: Both files are in a folder called lib! > load-extension lib\iconv.dll > load-extension lib\idea.dll > Using the --version command I recognize that idea.dll was found, but there's > the nasty "iconv.dll missing error". So I used a file monitoring program > (FileMon from SysInternals) and found, that (after execution) gpg.exe looks > first for iconv.dll, and then for gpg.conf. I can't believe that this was > intended, because in an earlier version (1.4.3) there was no such a > behaviour. > Maybe somebody can confirm this? Iconv.dll is not able to figure in --load-extension Only idea.dll Try with only idea.dll and look what --version says; this: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH means that idea.dll is loaded; otherwise you'd get: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH -- Laurent Jumet KeyID: 0xCFAF704C From wk at gnupg.org Fri Oct 13 15:01:58 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 13 15:07:44 2006 Subject: Key problem In-Reply-To: <452F4EBC.9040306@gmx.de> (Johannes Schmid's message of "Fri, 13 Oct 2006 10:30:52 +0200") References: <452F4EBC.9040306@gmx.de> Message-ID: <874pu8xtbt.fsf@wheatstone.g10code.de> On Fri, 13 Oct 2006 10:30, Johannes Schmid said: > # gpg --armor --export .gnupg/secring.gpg You are trying to export a key with the name ".gnupg/secring.gpg". I dount that this is want you want. > gpg: [don't know]: invalid packet (ctb=20) Did you ever something like gpg --armor --export > .gnupg/pubring.gpg That would be an explanation to see the avove error message. Anyway, restore from your backup. Salam-Shalom, Werner From wk at gnupg.org Fri Oct 13 15:05:38 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 13 15:12:44 2006 Subject: iconv.dll via load-extension In-Reply-To: <6717926.post@talk.nabble.com> (sturthe@web.de's message of "Mon, 9 Oct 2006 06:49:39 -0700 (PDT)") References: <6717926.post@talk.nabble.com> Message-ID: <87zmc0wel9.fsf@wheatstone.g10code.de> On Mon, 9 Oct 2006 15:49, sturthe said: > load-extension lib\iconv.dll That won't work. iconv.dll is a usual dll and not an extension. If it is missing you need to install it (best into the same directory as gpg.exe). For convenience reasons we don't stop if iconv.dll was not found. > PS: Using GnuPG 1.4.5 on Windows XP You better move to gpg4win, this installer makes sure that iconv.dll gets properly installed. 1.0.7 has just been released. Shalom-Salam, Werner From johannes.schmid at gmx.de Fri Oct 13 15:56:48 2006 From: johannes.schmid at gmx.de (Johannes Schmid) Date: Fri Oct 13 15:55:31 2006 Subject: Key problem In-Reply-To: <874pu8xtbt.fsf@wheatstone.g10code.de> References: <452F4EBC.9040306@gmx.de> <874pu8xtbt.fsf@wheatstone.g10code.de> Message-ID: <452F9B20.4060802@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! OK, I think I misunderstood something. Anyway, 'gpg --armor --export johannes.schmid@gmx.de' which should do the right the thing ends up with exactly the same error message. And it seems like I have no really good backup availible, the error is in all backups... Thanks, Johannes Werner Koch wrote: > On Fri, 13 Oct 2006 10:30, Johannes Schmid said: > >> # gpg --armor --export .gnupg/secring.gpg > > You are trying to export a key with the name ".gnupg/secring.gpg". I > dount that this is want you want. > >> gpg: [don't know]: invalid packet (ctb=20) > > Did you ever something like > > gpg --armor --export > .gnupg/pubring.gpg > > That would be an explanation to see the avove error message. Anyway, > restore from your backup. > > > Salam-Shalom, > > Werner > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFL5sg7Dsf+G5b/WsRAkG9AKCtuqXPjXX2AuhEPFjkhO3PT+mptgCgtClC 6kuWD4kPKXundeI9/Cq0YH0= =ToI/ -----END PGP SIGNATURE----- From ryan at malayter.com Fri Oct 13 16:33:19 2006 From: ryan at malayter.com (Ryan Malayter) Date: Fri Oct 13 17:34:10 2006 Subject: GPG Outlook Plug-In and Signatures In-Reply-To: <452EF711.5020708@gmail.com> References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> <452EF711.5020708@gmail.com> Message-ID: <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> > > HTML + OpenPGP = FAIL. > > In English: HTML screws up OpenPGP. You don't want it. There are other > reasons why you don't want HTML anyway but I won't go into them here. Actually, when I sign an HTML email with GPGOL, and send it to my Gmail account, I seem to get this on the receiving end: 1) A plain text version of the message, signed in-line. 2) An attachment of .HTML type, which contains the original unaltered HTML message. 3) A second attachment, which is seems to be an ASCII detached signature of the first attached HTML file. Does any other OpenPGP client handle this "attachment" result? Or do you need to save the attachments and manually verify the detached signature? GPGOL itself doesn't seem to read this "exploded" format, even though it creates it. GPGOL only verifies the plain text version. From alphasigmax at gmail.com Sat Oct 14 05:24:45 2006 From: alphasigmax at gmail.com (Alphax) Date: Sat Oct 14 05:23:54 2006 Subject: GPG Outlook Plug-In and Signatures In-Reply-To: <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> <452EF711.5020708@gmail.com> <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> Message-ID: <4530587D.5000307@gmail.com> Ryan Malayter wrote: >> >> HTML + OpenPGP = FAIL. >> >> In English: HTML screws up OpenPGP. You don't want it. There are other >> reasons why you don't want HTML anyway but I won't go into them here. > > > Actually, when I sign an HTML email with GPGOL, and send it to my > Gmail account, I seem to get this on the receiving end: > > 1) A plain text version of the message, signed in-line. > > 2) An attachment of .HTML type, which contains the original unaltered > HTML message. > > 3) A second attachment, which is seems to be an ASCII detached > signature of the first attached HTML file. > You just discovered the second reason why HTML email is evil: it sends everything TWICE. For people still on 33.6kb/s dialup that is a major inconvenience. > Does any other OpenPGP client handle this "attachment" result? Or do > you need to save the attachments and manually verify the detached > signature? GPGOL itself doesn't seem to read this "exploded" format, > even though it creates it. GPGOL only verifies the plain text version. > PGP/MIME capable mail clients /may/ handle it, but you'd have to actually try it to be certain. Such a test should be conducted off-list in order to avoid flames for an HTML posting. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061014/31815b3a/signature.pgp From alphasigmax at gmail.com Sat Oct 14 05:33:02 2006 From: alphasigmax at gmail.com (Alphax) Date: Sat Oct 14 05:31:44 2006 Subject: Key problem In-Reply-To: <452F9B20.4060802@gmx.de> References: <452F4EBC.9040306@gmx.de> <874pu8xtbt.fsf@wheatstone.g10code.de> <452F9B20.4060802@gmx.de> Message-ID: <45305A6E.4060706@gmail.com> Johannes Schmid wrote: > Hi! > > OK, I think I misunderstood something. > > Anyway, 'gpg --armor --export johannes.schmid@gmx.de' which should do > the right the thing ends up with exactly the same error message. > > And it seems like I have no really good backup availible, the error is > in all backups... > What version of GPG/PGP did you create your key/backups with? Try using that version to recover your key. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061014/1af238e5/signature.pgp From jmoore3rd at bellsouth.net Sat Oct 14 05:36:43 2006 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat Oct 14 06:52:31 2006 Subject: GPG Outlook Plug-In and Signatures In-Reply-To: <4530587D.5000307@gmail.com> References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> <452EF711.5020708@gmail.com> <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> <4530587D.5000307@gmail.com> Message-ID: <45305B4B.5050704@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Alphax wrote: > PGP/MIME capable mail clients /may/ handle it, but you'd have to > actually try it to be certain. Such a test should be conducted off-list > in order to avoid flames for an HTML posting. I can't imagine anyone 'Flaming' an honest mistake. JOHN ;) Timestamp: Friday 13 Oct 2006, 23:36 --400 (Eastern Daylight Time) - -- "The PROPER way to handle HTML postings is to cancel the article, then hire a hitman to kill the poster, his wife and kids, and screw his dog and smash his computer into little bits. Anything more is just extremism." -- Paul Tomblin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn4293: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCgAGBQJFMFtHAAoJEBCGy9eAtCsPftkH/0+scl+re0cKgINBiNl0BBD5 3ANBw/1JgyuVvJPL6XUE7uAxfm+5mYuuQhIEXrOk++N5FW/5PWBTmK6PsDJQdJDl o/lv8t8V8DS3y8qdeubPS4lYzonfhoS2CbRfWgCHde1hl+5+xp85F86bHSYH9hSi DwbYqBLLP1ysMJDU+Q5xZp65tYbJGGG/sFm1QNZxluhykXSanPvMYKhk9xiaQ6xw z9CHvCGl22vLnICVl3mJx/TEAbho9E1fhDaJs0/MBwb4utN5urgG1u8YCXR73InS cUxNhH7x1uRiNDqUWfKXWBqzS2S+LESFwUivB37VdiwChckv9Cm9L80CDdusMXQ= =eq1m -----END PGP SIGNATURE----- From hhhobbit at securemecca.net Sat Oct 14 08:43:51 2006 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Sat Oct 14 08:42:20 2006 Subject: Key problem In-Reply-To: <0MKqFD-1GYNZ10Yud-00019m@mx.perfora.net> References: <0MKqFD-1GYNZ10Yud-00019m@mx.perfora.net> Message-ID: <1160808231.21759.253.camel@sirius.brigham.net> Johannes Schmid wrote: > > Hi! > > I have the problem that I cannot longer export my gnupg key as I always > get the following error message > > # gpg --armor --export .gnupg/secring.gpg > gpg: [don't know]: invalid packet (ctb=20) > gpg: WARNING: nothing exported > gpg: key export failed: invalid packet > > # gpg --list-keys > /home/jhs/.gnupg/pubring.gpg > - ---------------------------- > pub 1024D/6E5BFD6B 2004-09-21 > uid Johannes Schmid > sub 1024g/35A90063 2004-09-21 > > gpg: mpi too large for this implementation (28015 bits) > gpg: keyring_get_keyblock: read error: invalid packet > gpg: keydb_get_keyblock failed: invalid keyring > > > Encryption and decryption work fine. Would be nice if anyone could give > me a hint how to rescue my key. > > Thanks, > Johannes [1] Your command IS wrong. It should NOT be done this way: $ gpg --armor --export .gnupg/secring.gpg > secret-keys.gpg It SHOULD be done this way: $ cd $ umask 077 $ gpg --export-secret-keys > secret-keys.gpg # you don't need --armor for the way I am doing it. If this fails or even gives a warning, GO NO FARTHER! I hope your keys had an expiration date if you put them on the key servers. If you didn't set an expiration they will be there in limbo forever. If the second one works, let us know and I will give you all of the steps. It is just that Werner and others have tried so hard in cases like these to correct the situation and most or all of them failed that you will probably have to start over. By the second one working I mean you will get NO warnings at all. Btw, here is my result of executing your command (YES, MY FILES WERE BACKED UP BEFORE I DID IT) with a GOOD set of files: [hhhobbit@bogus ~]$ gpg --armor --export .gnupg/secring.gpg \ > secret-keys.gpg gpg: WARNING: nothing exported [hhhobbit@bogus ~]$ ls -l secret-keys.gpg -rw------- 1 hhhobbit hhhobbit 0 Oct 14 00:31 secret-keys.gpg hhhobbit@bogus ~]$ rm -f secret-keys.gpg [hhhobbit@bogus ~]$ gpg --export-secret-keys > secret-keys.gpg [hhhobbit@bogus ~]$ ls -l secret-keys.gpg -rw------- 1 hhhobbit hhhobbit 1857 Oct 14 00:33 secret-keys.gpg [hhhobbit@bogus ~]$ srm secret-keys.gpg I think what Werner didn't like were the: "gpg: [don't know]: invalid packet (ctb=20)" "gpg: key export failed: invalid packet" Usually that means the kiss of death and you will probably still get them doing the command the right way. I may give you the rest of the steps anyway, so you can do it like an experiment. I think you are going to be starting over ... Ciao Henry Hertz Hobbit PS BACK UP YOUR KEYS AND GIVE THEM AN EXPIRE DATE! From qed at tiscali.it Sat Oct 14 09:59:47 2006 From: qed at tiscali.it (Qed) Date: Sat Oct 14 09:58:12 2006 Subject: Key problem In-Reply-To: <1160808231.21759.253.camel@sirius.brigham.net> References: <0MKqFD-1GYNZ10Yud-00019m@mx.perfora.net> <1160808231.21759.253.camel@sirius.brigham.net> Message-ID: <453098F3.2040005@tiscali.it> On 10/14/2006 08:43 AM, Henry Hertz Hobbit wrote: > I hope your keys had an expiration date if you put them on the key > servers. If you didn't set an expiration they will be there in limbo > forever. [..snip..] > PS BACK UP YOUR KEYS AND GIVE THEM AN EXPIRE DATE! Or generate a revocation certificate immediately after the key and keep it in a safe place. -- Q.E.D. War is Peace Freedom is Slavery Ignorance is Strength ICQ UIN: 301825501 OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! From hhhobbit at securemecca.net Sat Oct 14 11:21:42 2006 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Sat Oct 14 11:20:08 2006 Subject: Disaster Key Recovery - Unix In-Reply-To: <0MKqFD-1GYNZ10Yud-00019m@mx.perfora.net> References: <0MKqFD-1GYNZ10Yud-00019m@mx.perfora.net> Message-ID: <1160817702.21759.276.camel@sirius.brigham.net> ============================ DISASTER RECOVERY 101 (Unix) ---------------------------- SAVING YOUR KEY AND REBUILDING THE DATABASE =========================================== If you are having trouble with your gpg commands but can still see your OWN key (pub, all subs and all uids) contents and can still send / receive both signed and encrypted email to somebody else these steps MAY get you back to a sane condition. THERE IS NO GUARANTEE IT WILL DO IT THOUGH! If you can't send or receive either encrypted or signed messages, you are most likely hosed and should start over. You can do the following as an experiment because you will learn something by doing it. When I say trouble, I mean you are getting warning messages like these (there are more of them) when you execute gpg commands: gpg: [don't know]: invalid packet (ctb=20) gpg: key export failed: invalid packet In all of the following, something after a "$" is a command you should type. Something after a "#" is a comment. If it is a "Command> ", that is inside gpg and is also something you should type. The instructions assume you are using a bash, a sh, or a ksh shell. If you are using csh, switch to one of these other shells by typing "bash", "ksh" or "sh" before doing Step 2 via Method Two. All other instructions should work okay in csh or tcsh. [1] EXPORT your secret keys $ cd $ umask 077 $ gpg --export-secret-keys > secret-keys.gpg $ ls -l secret-keys.gpg # you should have SOMETHING in the file. $ gpg --list-keys | more # write down your pub and sub keyid numbers. You must have SOMETHING in the secret-keys.gpg file. If it's size is zero, skip to step 3 and do those commands, and then start over. Just because you have something in the file does NOT mean it is going to work. [2] BACK UP what you have in either of the following two ways (or do it another way if you prefer to do it another way): Method One: ----------- $ cd $ umask 077 $ tar -c ./.gnupg | gzip -9 > gnupg.tar.gz # you get this back with: # $ rm -fr .gnupg # $ gzip -dc gnupg.tar.gz | tar -xvf - # now you know how to go back to what you had. Method Two: (requires bash, sh, or ksh) ----------- $ cd $ umask 077 $ mkdir savgnupg $ cd .gnupg $ for FILE in pubring* random* secring* trustdb*; do \ cp -fp ../savgnupg; done # To get them back you would type: # $ cd ; cd savgnupg # $ for FILE in pubring* random* secring* trustdb*; do \ # cp -fp ../.gnupg; done # now you know how to go back to what you had. [3] REMOVE all of your keys, trust data base and the random seed: $ cd ; cd .gnupg $ rm -f pubring* secring* trustdb* random* # do NOT remove your gpg.conf file [4] CREATE a new temporary (bogus) signing key: $ cd $ gpg --gen-key # Pick either DSA or RSA sign only, real name foobar, # and email name of foobar@bogus.com with no comment. # give it an expire date of 1 month or less. Play Mahjongg # tiles or do something else as it creates the key. $ gpg --list-keys # If this doesn't work you will have to reinstall GnuPG # or your Operating System! [5] REIMPORT your previous keys: $ gpg --import secret-keys.gpg $ gpg --list-keys # you should have your previous key and the signing key # compare the key numbers with what you wrote down in # step number 1. They should match. If they don't you # are through. Do step 3 and start over. [7] DELETE the bogus key and your file now: $ gpg --list-secret-keys # find the key number for foobar after the 1024D/ or # 1024R/, for example lets say it is BC072EED. $ gpg --delete-secret-keys BC072EED Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y $ gpg --list-secret-keys # you should now have only your original secret key. The # secret side of foobar should be gone. $ gpg --list-keys # again, you should see the public side of foobar $ gpg --delete-key BC072EED pub 1024D/BC072EED 2006-10-14 foobar Delete this key from the keyring? (y/N) y $ gpg --list-keys $ gpg --list-secret-keys # you should have only your original key. # if you are okay do the next step $ rm -f secret-keys.gpg [8] IMPORT somebody ELSE'S key and sign it; Werner's signing key for example. $ cd $TO_WHERE_WERNERS_PUB_KEY_IS $ sha1sum WernerKoch.asc c151479c9231455f18bccd09e3423679683a9ba9 WernerKoch.asc # It matches what I have off the computer. Hopefully # somebody hasn't taken advantage of the SHA1 weakness. $ gpg -a --import WernerKoch.asc $ gpg --list-keys # some output omitted pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31] uid Werner Koch (gnupg sig) pub 1024R/1CE0C630 2006-01-01 [expires: 2008-12-31] uid Werner Koch (dist sig) $ gpg --delete-key 57548DCD $ gpg --edit-key 1CE0C630 Command> # SIGN TO THE LEVEL YOU KNOW THIS KEY IS REALLY HIS # beats me if it really is his key - others seem to think it # is and it verifies GnuPg as valid. Command> save $ gpg --list-secret-keys $ gpg --list-keys If everything looks okay after step 8, then import somebody's key that you regularly send encrypted and or signed email to. Then do the usual tests of both of you sending: a. Signed email b. Encrypted email c. Signed & encrypted email If all of them work fine both ways, then you are probably okay. NOW DO STEP 2 AGAIN AND STORE IT IN A SAFE PLACE. DO IT OFTEN! BACK UP, BACK UP, BACK UP, BACK UP, BACK UP, BACK UP, BACK UP! Henry Hertz Hobbit From blueness at gmx.net Sat Oct 14 12:53:12 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Sat Oct 14 12:53:47 2006 Subject: GPG Outlook Plug-In and Signatures In-Reply-To: <45305B4B.5050704@bellsouth.net> References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> <452EF711.5020708@gmail.com> <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> <4530587D.5000307@gmail.com> <45305B4B.5050704@bellsouth.net> Message-ID: <196040233.20061014125312@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Fri, 13 Oct 2006, at 23:36:43 -0400, when John wrote: > Alphax wrote: >> PGP/MIME capable mail clients /may/ handle it, but you'd have to >> actually try it to be certain. Such a test should be conducted off-list >> in order to avoid flames for an HTML posting. > I can't imagine anyone 'Flaming' an honest mistake. But the real world exists in terms beyond imagination. - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ The race is not always to the swift, but to those who keep running. Two examples are marathons and if the swift fella gets shot. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4217 <>o<> tiger192 i686 (Cygwin/MinGW32) iQEVAwUBRTDBl7SpHvHEUtv8AQgYkAf/bi4YtWTw45B5amT3AZPAsK50uSavxPUl 6htGJ8gk5CahzdUihtG4VMd+xPiG20dS4N5QaAwzsglbGo4U6AgpPq3vF/ftjH/D aqBtsi1qo1ZLUxdtqDSPbUL5sTtZtsAU5Y/QB1fxF+5dUwToo0HvPoDeFHOnQNsz U6WqUIxm5Lpa1dNX1SfpEvJbCH+zYroha+uckd9YPoeu/n/poa5nA0M2oZGl6Z29 N1qs/maepow3BK/I+xCq+0pNA+II2u3Vlsb58n6e4d47BoZd2ZI6EAOOVZgdRiYY +AWuJJyASDji8bdQly64I+GJs9o+G5L0MbiN2expX2q45NXLRfLbig== =/3gA -----END PGP SIGNATURE----- From jkaye at celerasystems.com Sat Oct 14 13:03:27 2006 From: jkaye at celerasystems.com (Jack Kaye) Date: Sat Oct 14 13:02:05 2006 Subject: GPG Outlook Plug-In and Signatures Message-ID: <894316653@mail.celerasystems.com> I will be out of the office on Friday October 13th. If you need immedate assistance, please contact one of the following... Kevin Klein: kklein@celerasystems.com (262) 834-0080 x203 Gary Maradik: gmaradik@celerasystems.com x201 Tim Kannenberg: tkannenb@celerasystems.com x207 Mike Giunta: mgiunta@celerasystems.com x202 Thanks, - Jack Kaye Celera Systems LLC From michael at vorlon.ping.de Sat Oct 14 13:07:03 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Sat Oct 14 13:05:25 2006 Subject: Howto add ssh keys to .gnupg/sshcontrol? In-Reply-To: <87fydtzhai.fsf@wheatstone.g10code.de> References: <20061009101120.GA7527@vorlon.ping.de> <87k6397533.fsf@wheatstone.g10code.de> <20061009193717.GA3479@vorlon.ping.de> <87k6385krv.fsf@wheatstone.g10code.de> <87fydtzhai.fsf@wheatstone.g10code.de> Message-ID: <20061014110703.GA7513@vorlon.ping.de> On 2006-10-12 17:26:45 +0200, Werner Koch wrote: > On Tue, 10 Oct 2006 16:05, Werner Koch said: > > > 2048 bit DSA is not yet supported by libgcrypt (it's too new). There > > should be a error message, though. > > I have been wrong. It works for me. See https://bugs.gnupg.org/710 . I assume gpg-agent shipped in Ubuntu edgy isn't recent enough to support it. I've switched to a 2k RSA ssh key for now. Thanks. Michael From wk at gnupg.org Sat Oct 14 13:52:18 2006 From: wk at gnupg.org (Werner Koch) Date: Sat Oct 14 14:05:40 2006 Subject: GPG Outlook Plug-In and Signatures In-Reply-To: <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> (Ryan Malayter's message of "Fri, 13 Oct 2006 09:33:19 -0500") References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> <452EF711.5020708@gmail.com> <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> Message-ID: <87irinunbh.fsf@wheatstone.g10code.de> On Fri, 13 Oct 2006 16:33, Ryan Malayter said: > Does any other OpenPGP client handle this "attachment" result? Or do This is actually the de-facto standard as used by PGP. > you need to save the attachments and manually verify the detached > signature? GPGOL itself doesn't seem to read this "exploded" format, No we don't consider the HTML part unless you enable it with "Show HTML view if possible" in the options dialog. Anyway, HTML mails are evil. Shalom-Salam, Werner From iulia_das at yahoo.com Sat Oct 14 20:26:32 2006 From: iulia_das at yahoo.com (Julia Dashkevich) Date: Sat Oct 14 22:21:29 2006 Subject: A problem with winpt encrypting the current window Message-ID: <20061014182632.7452.qmail@web51310.mail.yahoo.com> Hi all, There is a problem here with winpt refusing to encrypt the message composition window, whenever i try to use this feature, it tries to encrypt the main window of the MUA. Tried the same thing with gpgshell, and it worked fine. Do you think it is a bug? It would be good to get any insights on using winpt. It seems to be more of a _Graphic_ user interface than gpgshell, althgough the latter is certainly more functional from my own (very limited) experience. Using gpg 1.4.5, winpt 1.0.0 and gpgshell 3.52 on WinXP sp2 Thanks!! Julia __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From hhhobbit at securemecca.net Sat Oct 14 23:21:41 2006 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Sat Oct 14 23:20:27 2006 Subject: Disaster Key Recovery - Unix In-Reply-To: <0MKpqR-1GYhC630rh-00013m@mx.perfora.net> References: <0MKpqR-1GYhC630rh-00013m@mx.perfora.net> Message-ID: <1160860901.25407.15.camel@sirius.brigham.net> On Sat, 2006-10-14 at 03:21 -0600, hhhobbit@securemecca.net wrote: > [8] IMPORT somebody ELSE'S key and sign it; Werner's signing > Command> # SIGN TO THE LEVEL YOU KNOW THIS KEY IS REALLY HIS > # beats me if it really is his key - others seem to think it > # is and it verifies GnuPg as valid. GnuPG - sorry. > Command> save > $ gpg --list-secret-keys > $ gpg --list-keys > > If everything looks okay after step 8, then import somebody's > key that you regularly send encrypted and or signed email to. > Then do the usual tests of both of you sending: > > a. Signed email > b. Encrypted email > c. Signed & encrypted email > > If all of them work fine both ways, then you are probably okay. > NOW DO STEP 2 AGAIN AND STORE IT IN A SAFE PLACE. DO IT OFTEN! > BACK UP, BACK UP, BACK UP, BACK UP, BACK UP, BACK UP, BACK UP! I should add that if the person on the other end is using the Evolution MUA and you are using Thunderbird or some other MUA that has both PGP-Inline and PGP/MIME to make sure you that you select PGP/MIME. Evolution does not understand PGP-Inline, and Outlook and Outlook Express with WinPT don't understand PGP/MIME: http://privacy.movingsucks.org/ Johannes Schmid's keys have been resurrected. Sorry about not remembering that tidbit about Evolution Johannes. Your keys are fine. You could probably have done it without creating the bogus signing key but that is just one extra thing to make sure all is well. Case closed. Ciao HHH From twoaday at gmx.net Sun Oct 15 14:42:43 2006 From: twoaday at gmx.net (Timo Schulz) Date: Sun Oct 15 16:51:35 2006 Subject: A problem with winpt encrypting the current window In-Reply-To: <20061014182632.7452.qmail@web51310.mail.yahoo.com> References: <20061014182632.7452.qmail@web51310.mail.yahoo.com> Message-ID: <45322CC3.9070502@gmx.net> Julia Dashkevich wrote: > the MUA. Tried the same thing with gpgshell, and it > worked fine. Do you think it is a bug? When the feature does not work with _any_ window on your system, the answer is yes. Otherwise no. The current window mode should work for almost every window but in reality it doesn't work for some windows. There is, IMHO, nothing I can do about it. But it is a good idea always to use the newest WinPT version (1.0.1) because each new release contains bug fixes and possible improvment of existing features. Timo From iulia_das at yahoo.com Sun Oct 15 19:42:27 2006 From: iulia_das at yahoo.com (Julia Dashkevich) Date: Sun Oct 15 19:41:16 2006 Subject: A problem with winpt encrypting the current window In-Reply-To: <45322CC3.9070502@gmx.net> Message-ID: <20061015174227.89503.qmail@web51302.mail.yahoo.com> --- Timo Schulz wrote: Thanks for your insights, Timo. Following your advice, i have downloaded winpt v.1.0.1, but i don't know how to install it: there is no tool for uninstalling my current version separately from gpg4win. What are the steps for updating winpt to the newer version and can it be done without affecting the current gpg installation? > When the feature does not work with _any_ window on > your system, the answer is yes. Otherwise no. The > current window mode should work for almost every > window > but in reality it doesn't work for some windows. > There > is, IMHO, nothing I can do about it. Trying to use this feature with different windows now: IE - no luck, but i guess it should not be ever needed:) TB compose window, triggered by clicking 'mail' in IE - it works. I wonder, why it should not work in _the_same_ kind of compose window, but triggered by TB itself (!!!) Notepad - the same error message it gave when trying to encrypt from TB. When the compose window triggered by IE was still open, it tried to encrypt that instead, although the current window was notepad. MS Word - does not work either I can't think of anything else that i might want/need to use it with. Well, using IE each time i want to encrypt the current compose window does not seem like a valid option to me. Although, the clipboard encryption option works fine. Looking forward to any further insights, Julia > But it is a good idea always to use the newest > WinPT version (1.0.1) because each new release > contains bug fixes and possible improvment of > existing features. > > > Timo > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From sk-online at maxi-dsl.de Sun Oct 15 18:53:53 2006 From: sk-online at maxi-dsl.de (Sebastian) Date: Sun Oct 15 20:21:22 2006 Subject: pgp.sig as an attachment Message-ID: <285AD964-BD09-4664-91B6-18A8455B07ED@maxi-dsl.de> Hello, I am using GnuPG with Apple Mail and the GPGMail plugin. When I sign a message, the mail is sent with the attached file pgp.sig. However, I would prefer to have the signature inside the message and not in an attachment. How would I do this? Thanks Sebastian From tmz at pobox.com Sun Oct 15 20:48:16 2006 From: tmz at pobox.com (Todd Zullinger) Date: Sun Oct 15 21:18:57 2006 Subject: pgp.sig as an attachment In-Reply-To: <285AD964-BD09-4664-91B6-18A8455B07ED@maxi-dsl.de> References: <285AD964-BD09-4664-91B6-18A8455B07ED@maxi-dsl.de> Message-ID: <20061015184816.GB9772@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sebastian wrote: > I am using GnuPG with Apple Mail and the GPGMail plugin. > > When I sign a message, the mail is sent with the attached file > pgp.sig. However, I would prefer to have the signature inside the > message and not in an attachment. > > How would I do this? You need to tell GPGMail not to use PGP/MIME. You can disable that by default (in the prefs on the Composing tab). Check the GPGMail docs for details on this. The GPGMail mailing list might be able to offer more insights if you need them. - -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== Outside of a dog, a book is a man's best friend. Inside of a dog, it's too dark to read. -- Groucho Marx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQFDBAEBAgAtBQJFMoJwJhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90 bXouYXNjAAoJEEMlk4u+rwzjnqAIAJpYIVOH6Oc0a95ufeT80Tj8SK4bWm3I8CDd P1dH1Fcp5hF5XiMZd/J8GKw6nqSjGja8pVfyCfP2k7kMlaojYw/ZSaWlkGAyAcri K8WaFIDMJ6Ih6MrP2Qau9TG34WK4AEBC5Nq0A7c+OPovO0AYUQqiKXU5Cn6kNL/3 ksJL/HTXSpy3JzN8wSBD69ggPf3mhrsm2kHTILxMK9+Zq19/LuZoJnO9E7nruN+c 246QMC5Rz5rxekSGQc+NxP0WpuPQaL55Lz8wz72WfoHwAxRVQ9srbCY70HyZEWwS wp3Zor2DagpGKexsJnmFNWByZyYJq4Qz5sttoFWT46pYP46ZY7s= =lEy/ -----END PGP SIGNATURE----- From ryan at malayter.com Mon Oct 16 05:27:36 2006 From: ryan at malayter.com (Ryan Malayter) Date: Mon Oct 16 06:23:07 2006 Subject: GPG Outlook Plug-In and Signatures In-Reply-To: <87irinunbh.fsf@wheatstone.g10code.de> References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> <452EF711.5020708@gmail.com> <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> <87irinunbh.fsf@wheatstone.g10code.de> Message-ID: <5d7f07420610152027v1c893569he846f305b662afb6@mail.gmail.com> On 10/14/06, Werner Koch wrote: > Anyway, HTML mails are evil. But unfortunately they're here to stay. RFC 2557 is now listed as "standards track". I used to rail against HTML mail myself, but all my reasoning was soundly rebuffed by the CEO, CFO, my Mom, my sister, and really just about everybody else. They want their "pretty fonts and pictures" in their email. Security, legibility, and compatibility be damned. Now, well, I gave up fighting that battle. I still write mostly plain-text email, but reply in HTML when sent it. But even I originate an HTML email or two when a bulleted list or table is needed. It can add value to the content of a message when used judiciously. -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From robbat2 at orbis-terrarum.net Sun Oct 15 00:24:41 2006 From: robbat2 at orbis-terrarum.net (Robin H. Johnson) Date: Mon Oct 16 12:10:43 2006 Subject: Disaster Key Recovery - Unix In-Reply-To: <1160817702.21759.276.camel@sirius.brigham.net> References: <0MKqFD-1GYNZ10Yud-00019m@mx.perfora.net> <1160817702.21759.276.camel@sirius.brigham.net> Message-ID: <20061014222441.GD30749@curie-int.orbis-terrarum.net> On Sat, Oct 14, 2006 at 03:21:42AM -0600, Henry Hertz Hobbit wrote: > [8] IMPORT somebody ELSE'S key and sign it; Werner's signing > key for example. > $ cd $TO_WHERE_WERNERS_PUB_KEY_IS > $ sha1sum WernerKoch.asc > c151479c9231455f18bccd09e3423679683a9ba9 WernerKoch.asc > # It matches what I have off the computer. Hopefully > # somebody hasn't taken advantage of the SHA1 weakness. > $ gpg -a --import WernerKoch.asc > $ gpg --list-keys > # some output omitted > pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31] > uid Werner Koch (gnupg sig) > > pub 1024R/1CE0C630 2006-01-01 [expires: 2008-12-31] > uid Werner Koch (dist sig) > > $ gpg --delete-key 57548DCD > $ gpg --edit-key 1CE0C630 > Command> # SIGN TO THE LEVEL YOU KNOW THIS KEY IS REALLY HIS > # beats me if it really is his key - others seem to think it > # is and it verifies GnuPg as valid. > Command> save > $ gpg --list-secret-keys > $ gpg --list-keys If you've met Werner and exchanged identities with him, then signing his key exportably is ok, but in general, people should be using non-exportable signatures here, with lsign, to not pollute the web of trust unnecessarily. -- Robin Hugh Johnson E-Mail : robbat2@orbis-terrarum.net Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 ICQ# : 30269588 or 41961639 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : /pipermail/attachments/20061014/e110dd6c/attachment-0001.pgp From sturthe at web.de Sun Oct 15 10:24:22 2006 From: sturthe at web.de (sturthe) Date: Mon Oct 16 12:10:51 2006 Subject: iconv.dll via load-extension In-Reply-To: <6717926.post@talk.nabble.com> References: <6717926.post@talk.nabble.com> Message-ID: <6818531.post@talk.nabble.com> Hi, first of all thanks for your answers. I gave up my lib-directory for the dll's and copied them to the root of gpg.exe. But honestly I'm still confused, because it worked using version 1.4.3. That's why I thought it could be a bug in the new version. Bye -- View this message in context: http://www.nabble.com/iconv.dll-via-load-extension-tf2410147.html#a6818531 Sent from the GnuPG - User mailing list archive at Nabble.com. From twoaday at gmx.net Mon Oct 16 09:34:12 2006 From: twoaday at gmx.net (Timo Schulz) Date: Mon Oct 16 15:32:11 2006 Subject: A problem with winpt encrypting the current window In-Reply-To: <20061015174227.89503.qmail@web51302.mail.yahoo.com> References: <20061015174227.89503.qmail@web51302.mail.yahoo.com> Message-ID: <453335F4.6010703@gmx.net> Julia Dashkevich wrote: > no tool for uninstalling my current version separately > from gpg4win. What are the steps for updating winpt > to the newer version and can it be done without > affecting the current gpg installation? Just unzip the ZIP archive and overwrite the ptd.dll and the winpt.dll. That's it. > TB compose window, triggered by clicking 'mail' in IE > - it works. I wonder, why it should not work in > _the_same_ kind of compose window, but triggered by TB The current window mode can be strange. But from what I've heard, it works on most machines with most windows. > Well, using IE each time i want to encrypt the current > compose window does not seem like a valid option to Use the hotkeys instead. With them you can focus the window you want to extract data from. Use the hotkey and it will be encrypted and pasted back to this window. Timo From blueness at gmx.net Mon Oct 16 16:59:36 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Mon Oct 16 17:40:24 2006 Subject: RFCs, standards, pink bunnies and flower patterns was -- Re: GPG Outlook Plug-In and Signatures In-Reply-To: <5d7f07420610152027v1c893569he846f305b662afb6@mail.gmail.com> References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> <452EF711.5020708@gmail.com> <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> <87irinunbh.fsf@wheatstone.g10code.de> <5d7f07420610152027v1c893569he846f305b662afb6@mail.gmail.com> Message-ID: <1310028294.20061016165936@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Sun, 15 Oct 2006, at 22:27:36 -0500, when Ryan wrote: > On 10/14/06, Werner Koch wrote: >> Anyway, HTML mails are evil. > But unfortunately they're here to stay. RFC 2557 is now listed as > "standards track". RFCs are not any "standards" nor they are by (their own) definition supposed to be. They are just collection of less or more recommended routines, and often also nothing but the lists of (most usual/mass) _habits_. In order to define a _real_ standards, quite another criterions are needed, created after essential _sense_ of a given act/procedure. In this sense HTML definitely does not satisfy elementary needs to be included in a crypto scheme (due to the very HTML's technical characteristics). * Of course that it doesn't mean that HTML should be banished completely from the 'lectronic mail world, but it has its essential limitations as for the cryptographic routines. Once the grannies, moms, sisters, some presidents of some countries and other particoloured fancy mail lovers are concerned with a possibly needed encrypted/signed e-mail, and once they get wish to put their letters in such a 'lectronic envelope they will grasp themselves why this difference is important. Until them let them play with their pink bunnies and flower patterns. - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ There are hackers and hack-uppers. (Hammer Von Troll) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4217 <>o<> tiger192 i686 (MSYS/MinGW32) iQEVAwUBRTOeV7SpHvHEUtv8AQiZngf+NyRqIiIi5olZHBCfcryABwes/czdyw8k jJgEnEkIJaISejpTZ0sdFpeDKAsyo14xQIlgRtMo/sVxdN4TZ/5Fj0JnYstUff/A ElqWkd673sVVW/2uvgx5MiD4p5KVNZZAU7Oz3c+GsJV7mH5YlTn/d0QpxE6I8efK 1Irc0y3vw0A8zn9/7IQKl3g0wNEd1+Ia4NST6lRyXe6XCMzaFVxiyeOjamdDWXCV 3ltFtQpyJU6rlqImK2TzYePuP3zOYq+ZorYRf46db0NPyMtxoT5IBy9teg3IOwp8 pP6zG0JvQTbMFevmoksJ1s7fvWc2s2mrWVwGKFS/IMSVFT2aFqLe4Q== =uYMX -----END PGP SIGNATURE----- From peter at digitalbrains.com Mon Oct 16 17:56:49 2006 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon Oct 16 19:21:21 2006 Subject: OpenPGP Card implementation Message-ID: <4533ABC1.3050903@digitalbrains.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is the implementation of the current OpenPGP Card open source? If so, how can I obtain the source? I'm just interested in seeing how it is done, I don't plan to use it for any practical purposes. Thanks, Peter Lebbing. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRTOrwPqr/97I5g4/AQJW0QP/Qij0D1OZ/pm1droJDPHrmBy8R5vJP6qr 7dYmnkA5hiIXlUiTUXmhzfuPGVxkS3UM89vsG21qRL3jMNXa4V1aWrfvnAOj1ksx ePa6tonEhG3JBpCetzZYIypuQHczU9ftsUNXJxcY9CyEopbqAEnEJ6f+2Q0L1Tep ZmlOmfcAekM= =rhNi -----END PGP SIGNATURE----- From wk at gnupg.org Mon Oct 16 19:48:37 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 16 19:52:45 2006 Subject: OpenPGP Card implementation In-Reply-To: <4533ABC1.3050903@digitalbrains.com> (Peter Lebbing's message of "Mon\, 16 Oct 2006 17\:56\:49 +0200") References: <4533ABC1.3050903@digitalbrains.com> Message-ID: <87wt705eyy.fsf@wheatstone.g10code.de> On Mon, 16 Oct 2006 17:56, Peter Lebbing said: > Is the implementation of the current OpenPGP Card open source? If so, > how can I obtain the source? Sorry, that is not possible due to the strict NDAs you have to sign with the chip vendors. Unless we can impleemnt it on a free and reasonable priced chip it does not make sense to care much about it. You need to trust the chip vendor anyway. Shalom-Salam, Werner From ryan at malayter.com Mon Oct 16 20:50:12 2006 From: ryan at malayter.com (Ryan Malayter) Date: Mon Oct 16 20:48:31 2006 Subject: RFCs, standards, pink bunnies and flower patterns was -- Re: GPG Outlook Plug-In and Signatures In-Reply-To: <1310028294.20061016165936@gmx.net> References: <347kJLoUO3886S11.1160664460@cmsweb11.cms.usa.net> <452EF711.5020708@gmail.com> <5d7f07420610130733l7245cccducbe2694a7ebc09bb@mail.gmail.com> <87irinunbh.fsf@wheatstone.g10code.de> <5d7f07420610152027v1c893569he846f305b662afb6@mail.gmail.com> <1310028294.20061016165936@gmx.net> Message-ID: <5d7f07420610161150h4854a144p11156754a0f59d3d@mail.gmail.com> On 10/16/06, Mica Mijatovic wrote: > RFCs are not any "standards" nor they are by (their own) definition > supposed to be. > > They are just collection of less or more recommended routines, and often > also nothing but the lists of (most usual/mass) _habits_. Many RFCs *are* standards. Those that are not are identified as "informational". Even the IETF thinks so, identifying them as the basis for "the Internet Standards Process". See: http://www.ietf.org/IETF-Standards-Process.html The only reason you can read this message is because RFC 2822 is universally recognized as the *standard* protocol for email. > In order to define a _real_ standards, quite another criterions are > needed, created after essential _sense_ of a given act/procedure. > > In this sense HTML definitely does not satisfy elementary needs to be > included in a crypto scheme (due to the very HTML's technical > characteristics). This statement makes no sense to me. Surely you are not suggesting that HTML is incompatible with cryptography? That's like saying apples are incompatible with cooking. Not only is it untrue, but you're not even really comparing similar entities. > Of course that it doesn't mean that HTML should be banished completely > from the 'lectronic mail world, but it has its essential limitations as > for the cryptographic routines. Again I must state that one has little to do with the other. MHTML's MIME format may not play nice with PGP/MIME's encapsultation format, but it didn't *have* to be that way. S/MIME, for example, seems to make provisions for playing nicely with other MIME structures such as MHTML, as well as arbitrary attachments. -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From npcole at yahoo.co.uk Tue Oct 17 16:34:39 2006 From: npcole at yahoo.co.uk (Nicholas Cole) Date: Tue Oct 17 16:33:16 2006 Subject: RFCs, standards, pink bunnies and flower patterns was -- Re: GPG Outlook Plug-In and Signatures In-Reply-To: <1310028294.20061016165936@gmx.net> Message-ID: <20061017143439.30888.qmail@web26715.mail.ukl.yahoo.com> > Of course that it doesn't mean that HTML should be > banished completely > from the 'lectronic mail world, but it has its > essential limitations as > for the cryptographic routines. Mica, Thank you for your email. It made me reflect. I had been ignoring this discussion. HTML emails are here to stay, and may users of the internet rely on them. Indeed, text only emails can look horrid on many Outlook setups, a fact I was long unaware of since I haven't used it in about 7 years. It's hard enough getting people to use encrypted email as it is - telling them they can't use what is to many people a very standard tool doesn't seem to me a good way forward. It seemed to me that PGP/MIME provides an excellent way to handle HTML email. But your email did make me think about that a bit more. Obviously, its ability to load external images might make the signature in practice meaningless (though the signature on the source code would still be correct, which makes it an interesting philosophical point). Is there anything else about an HTML email that raises a red flag from a security point of view? Best, N. Send instant messages to your online friends http://uk.messenger.yahoo.com From npcole at yahoo.co.uk Tue Oct 17 16:39:54 2006 From: npcole at yahoo.co.uk (Nicholas Cole) Date: Tue Oct 17 16:38:26 2006 Subject: RFCs, standards, pink bunnies and flower patterns was -- Re: GPG Outlook Plug-In and Signatures In-Reply-To: <5d7f07420610161150h4854a144p11156754a0f59d3d@mail.gmail.com> Message-ID: <20061017143954.60521.qmail@web26711.mail.ukl.yahoo.com> --- Ryan Malayter wrote: > Again I must state that one has little to do with > the other. MHTML's > MIME format may not play nice with PGP/MIME's > encapsultation format, > but it didn't *have* to be that way. S/MIME, for > example, seems to > make provisions for playing nicely with other MIME > structures such as > MHTML, as well as arbitrary attachments. What is it about the PGP/MIME spec that makes it not play nicely with HTML email? Or vice versa? I've always assumed that lack of HTML support said more about the crypto crowd's preference for text email than some technical problem, but perhaps I was wrong... N Send instant messages to your online friends http://uk.messenger.yahoo.com From ryan at malayter.com Tue Oct 17 17:11:17 2006 From: ryan at malayter.com (Ryan Malayter) Date: Tue Oct 17 17:16:25 2006 Subject: RFCs, standards, pink bunnies and flower patterns was -- Re: GPG Outlook Plug-In and Signatures In-Reply-To: <20061017143954.60521.qmail@web26711.mail.ukl.yahoo.com> References: <5d7f07420610161150h4854a144p11156754a0f59d3d@mail.gmail.com> <20061017143954.60521.qmail@web26711.mail.ukl.yahoo.com> Message-ID: <5d7f07420610170811t1a83b417we84f66a725907438@mail.gmail.com> On 10/17/06, Nicholas Cole wrote: > > --- Ryan Malayter wrote: > > > Again I must state that one has little to do with > > the other. MHTML's > > MIME format may not play nice with PGP/MIME's > > encapsultation format, > > but it didn't *have* to be that way. S/MIME, for > > example, seems to > > make provisions for playing nicely with other MIME > > structures such as > > MHTML, as well as arbitrary attachments. > > What is it about the PGP/MIME spec that makes it not > play nicely with HTML email? Or vice versa? I'm not sure, but it seems no MUA or plug-in I have tried handles it correctly. > I've always assumed that lack of HTML support said > more about the crypto crowd's preference for text > email than some technical problem, but perhaps I was > wrong... This very well may be the case; it could just be an implementation issue. PGP/MIME seems to be based on RFC1847, which states: ...The first body part may contain any valid MIME content type, labeled accordingly... So, it would seem the "first body part" could be of type multipart/alternative (HTML). But I am unsure; as multipart/alternative is needed in the message header of an HTML email. RFC 1847 requires "multipart/signed" or "multipart/encrytped" in the message header. I think that may be what causes the troubles. Whatever the case, I always seem to have issues with attachments and HTML messages using PGP, but not with S/MIME. Although that may be a result of the limited selection of MUAs and software I use at my company. (Thuderbird, Outlook+GPGOL and Outlook plus the commercial PGP Desktop v9). -- RPM From npcole at yahoo.co.uk Tue Oct 17 18:42:54 2006 From: npcole at yahoo.co.uk (Nicholas Cole) Date: Tue Oct 17 18:41:37 2006 Subject: RFCs, standards, pink bunnies and flower patterns was -- Re: GPG Outlook Plug-In and Signatures In-Reply-To: <4534FB21.4010100@sixdemonbag.org> Message-ID: <20061017164254.70107.qmail@web26704.mail.ukl.yahoo.com> > Nicholas Cole wrote: > > Is there anything else about an HTML email that > raises a red flag > > from a security point of view? > > Define 'HTML email', please. If you're talking > about simple XML, the > security concerns are different than if you're > talking about putting > Javascript + Flash + ActiveX + > EveryOtherPossibleThing in your emails. > > The phrase 'HTML email' covers a lot of ground. > Narrowing the phrasing > may lead to more useful answers. Well, of course, I suppose you are right. But context is everything - I was using the term in the sense I understood others in the thread were using it, that is to say the HTML emails generated by popular email clients. That is what people most often seem to miss when they move to encrypted email, and is what prompts the FAQ on this on other lists. In any case, my question still stands. I don't see why anyone would wish to send this stuff - but given that they do is there a way to let them do it securely?[*] I want to understand the technical problems that others have alluded to better. [*] Securely here can only mean with the kind of integrity that gpg provides - ie. knowing that you are seeing the message that the sender intended. If HTML email opens up other security problems, that's not the job of gpg to prevent. Best, N. ___________________________________________________________ All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html From blueness at gmx.net Tue Oct 17 19:20:54 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Tue Oct 17 19:42:49 2006 Subject: RFCs, standards, pink bunnies and flower patterns In-Reply-To: <20061017143439.30888.qmail@web26715.mail.ukl.yahoo.com> References: <1310028294.20061016165936@gmx.net> <20061017143439.30888.qmail@web26715.mail.ukl.yahoo.com> Message-ID: <11010586468.20061017192054@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Tue, 17 Oct 2006, at 15:34:39 +0100 (BST), when Nicholas wrote: >> Of course that it doesn't mean that HTML should be banished >> completely from the 'lectronic mail world, but it has its essential >> limitations as for the cryptographic routines. > Mica, > Thank you for your email. It made me reflect. I had been ignoring this > discussion. HTML emails are here to stay, and may users of the > internet rely on them. Indeed, text only emails can look horrid on > many Outlook setups, a fact I was long unaware of since I haven't used > it in about 7 years. > It's hard enough getting people to use encrypted email as it is - > telling them they can't use what is to many people a very standard > tool doesn't seem to me a good way forward. > It seemed to me that PGP/MIME provides an excellent way to handle HTML > email. But your email did make me think about that a bit more. > Obviously, its ability to load external images might make the > signature in practice meaningless (though the signature on the source > code would still be correct, which makes it an interesting > philosophical point). Is there anything else about an HTML email that > raises a red flag from a security point of view? I recall now a movie with Eddie Murphy playing a somewhat irregular priest explaining to the crowd what is evil and what is not. Whatever he says, now this and then that, the crowd says "Yeah!" So, it is basically a matter of anthropology (and sometimes more specifically of neurology, when the psychedel[ir]ic kitsch element is particularly stressed in an HTML...creation)[1]. But if we put aside the matters of aesthetics (which is not just "a matter of taste" but indeed of the work of subtle health of undamaged neurones as well, which is an objective category), we can see that we have at disposal two main aspects we can observe and analyze the HTML case in the context (and it is a model for all the other ones of the same and similar type)... 1) technical characteristics of such a document 2) the ways subjects _react_ on it, the document ...where the first aspect tells us about the essential proprieties (what it is, does, can etc.) and the other one describes _habits_, as a conditional behavior conditioned by various and idio...matic ways some particular group of a given population adopts its models of behavior.[2] Now, these models of _behavior_ can exist entirely independently of the real value of the objects/things (in this case HTML mail), and if these models we take to be criterions for estimation of the real value, then we get the known mess where just mere habits are taken to be a standards. It is an evasive finer distinction that seems rarely who is able to perceive and to keep attention on it enough long to get a clear thought of it. Since it is a global/general phenomenon, it encompasses the (human) mental activities involved in creating something as the RFCs are as well. This is generally result of the taking _habits_ to be criterion of standards, and not the technical facts of the phenomenon that is object of these habits. RFCs are anyway good, generally speaking, since they have a basic intention (to try if nothing else) to introduce an order and thus to prevent an incredible mess, which would result in ultimate dysfunctionality. It means thus that they, RFCs, are not gods nor priests, and that they should be taken "with a grain of salt", not for granted thus, with a healthy reason and not by "common sense".[3] We have thus to think (to a certain needed degree) as well, not just to merely react, and everything becomes better then, we get much better solutions, and better solutions bring more enjoyment. When the organ of pleasure disciplines itself, it produces and gives much more pleasure. *** Generally, HTMLanguage is for instance a pretty powerful language, it is not naive at all, and with it many actions can be performed and triggered, everywhere on your hard disk and "peripherals". These codes you can't see/perceive on the surface, since they are not rendered by a browser/mailer's HTML reader, although they are performed anyway. Not good for a mail, definitely. "It's evil." (-: For now. As for the "horrid look of text only mail", Courier is not only fixed width font. I myself like it since it resembles the old typewriters which is quite fine to me. Of others Lucida Console comes to mind, for Windows, and many other ones for Linux. _____________________ [1] But again, might be that those people simply have not enough for a better weed or simply a hammer/mazzuola, so is not nice to laugh at someone's poverty. We also shouldn't forget that Oscar Wild gave his life fighting against kitschy wallpapers. His last words were: "Or they or me". [2] See Pavlovian reflexes, how they are created and function. [3] What is "common sense" in mental hospital for instance, or in some collective insanity, or in an insanity in two... A "common" is not enough to make a "standard". It resembles, it resembles it, indeed, but it is not enough. - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ "One tartar beef steak, please" - Nietzsche -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4217 <>o<> tiger192 i686 * (Cygwin/MinGW32) iQEVAwUBRTUQ9bSpHvHEUtv8AQjVLAgArVE3eREsxRsLGKPDyKOkrFxq/BNeeANQ F/jyu7CTnYCp+cpVpLtZ2wAftYdhGch3X8yOLvE+39xKtM/9pNwe4eY+7UXlDxJD exOwyGAWp2qlXoCyQ2gfks9QUU6KfW1H/OhTTj8e5WpQi38oDIrXs3BMPM7ZMeRa +yh0PAX5Efgppw8q9x5XrNJJ0iUWhgHu3IrYbvoby8P7HZWYdC8ACraRs87wU1Uy duqB4oYMRB+oqHp6JBFtiHdfJbygcrIY8JUE9hJYb0/kHAeUenyTGFT/2wZX9/Ce p3E7QCZTJ+V1DT9v/8TInnxZ3GgDPZM8RtzPng4BzMaTRmmXge/U8w== =ju9G -----END PGP SIGNATURE----- From conan.purves at yto.greenpeace.org Tue Oct 17 19:09:21 2006 From: conan.purves at yto.greenpeace.org (Conan Purves) Date: Tue Oct 17 20:52:02 2006 Subject: GPG and PGP Compatibility Message-ID: <45350E41.9090400@yto.ca.gl3> Hello everybody, I am the office manager here and trying to set up a compatible PGP for some of the employees. I am looking for an open-source, free non-corporate version of the software and have thus found Gnupg using the gpg4win front end, running through the Enigmail extension on Thunderbird. We are using Windows boxes here. I have succeeded in installing it and getting it to work. However, there have been many little details that prevent me from rolling this out to the other employees. My last problem, I believe, is attachments. I have installed gpgee which encodes and decodes attachments (as there seems to be no function to do this in Engimail or win4gpg. When I encode attachments, it gives them a .gpg suffix. My colleagues who are using PGP Desktop cannot decode those files. Though I can decode their files, either using the gpgee contextual menu or automatically through enigmail. Practically speaking, is there a solution for this? My colleagues are most likely going to want to continue using PGP Desktop. Theoretically speaking, what is the difference between PGP and GPG? Is it just a different management tool handling the same encryption algorithm or is there some further translation between the two? Why does my Enigmail menu on Thunderbird say OpenPGP, but it is using the GnuGPG engine? Thank you! From ryan at malayter.com Tue Oct 17 23:18:18 2006 From: ryan at malayter.com (Ryan Malayter) Date: Tue Oct 17 23:16:25 2006 Subject: GPG and PGP Compatibility In-Reply-To: <45350E41.9090400@yto.ca.gl3> References: <45350E41.9090400@yto.ca.gl3> Message-ID: <5d7f07420610171418k68abe3f2tb26c659f3951830@mail.gmail.com> On 10/17/06, Conan Purves wrote: > Theoretically speaking, what is the difference between PGP and GPG? Is > it just a different management tool handling the same encryption > algorithm or is there some further translation between the two? Why > does my Enigmail menu on Thunderbird say OpenPGP, but it is using the > GnuGPG engine? GnuPG, as well as recent versions of the commercial PGP-branded products from PGP Corporation, implement the OpenPGP standard. They are in almost all cases able to read each other's data, and decrypt-verify that data. We use both implementations at my company. I have tested sending signed and encrypted email from a PGP desktop user to a GPG4Win user, and vice-versa, and was able to verify at least plain-text messages, as well as .sigs on attachments. One small difficulty arises in that GnuPG tends to use.gpg as its main file extension for encrypted files, whereas PGP Corp.'s products use .pgp. But that can be overcome with configuration settings, either in one of the programs, or by telling Windows what programs to associate with which file extensions. -- RPM From michael.kallas at web.de Tue Oct 17 21:53:05 2006 From: michael.kallas at web.de (Michael Kallas) Date: Tue Oct 17 23:26:32 2006 Subject: GPG and PGP Compatibility In-Reply-To: <45350E41.9090400@yto.ca.gl3> References: <45350E41.9090400@yto.ca.gl3> Message-ID: <453534A1.3030902@web.de> Hi, Conan Purves schrieb: > Hello everybody, > > I am the office manager here and trying to set up a compatible PGP for > some of the employees. I am looking for an open-source, free > non-corporate version of the software and have thus found Gnupg using > the gpg4win front end, running through the Enigmail extension on > Thunderbird. We are using Windows boxes here. > > I have succeeded in installing it and getting it to work. However, > there have been many little details that prevent me from rolling this > out to the other employees. My last problem, I believe, is attachments. > I have installed gpgee which encodes and decodes attachments (as > there seems to be no function to do this in Engimail or win4gpg. It is possible to do so if you check "Always use PGP/MIME" in the OpenPGP Preferences of Enigmail, section PGP/MIME. How much this is compatible to PGP, I don't know. Best wishes Michael -- Nobody can save your freedom but YOU - become a fellow of the FSF Europe! http://www.fsfe.org/en -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 374 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061017/a12cf500/signature.pgp From michael.kallas at web.de Tue Oct 17 22:17:45 2006 From: michael.kallas at web.de (Michael Kallas) Date: Tue Oct 17 23:26:49 2006 Subject: OpenPGP vs. GnuPG (was: GPG and PGP Compatibility) In-Reply-To: <45350E41.9090400@yto.ca.gl3> References: <45350E41.9090400@yto.ca.gl3> Message-ID: <45353A69.3030103@web.de> Hi, Conan Purves schrieb: > Theoretically speaking, what is the difference between PGP and GPG? Is > it just a different management tool handling the same encryption > algorithm or is there some further translation between the two? They are two tools sharing the principles of public-key encryption. PGP was implemented first. Sadly being non-free, many people considered it not usable for security tasks. Thus, a Free Software implementation was started, that's GnuPG. Further, a standard [1] was drafted so other tools could be created which share the same principles. Or maybe this is nonsense and someone can correct me. ;) > Why does my Enigmail menu on Thunderbird say OpenPGP, but it is using the > GnuGPG engine? Should be answered above. :) [1] http://www.ietf.org/rfc/rfc2440.txt Best wishes Michael -- Nobody can save your freedom but YOU - become a fellow of the FSF Europe! http://www.fsfe.org/en -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 374 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061017/6f42657e/signature.pgp From CaryRW at usa.net Tue Oct 17 23:31:34 2006 From: CaryRW at usa.net (Cary Wagner) Date: Tue Oct 17 23:30:32 2006 Subject: RFCs, standards, pink bunnies and flower patterns In-Reply-To: <11010586468.20061017192054@gmx.net> Message-ID: <000901c6f233$9fdca810$6801a8c0@corp.hds.com> Mica, While your comments are whimsical and, in some case very true, the point is HTML mail is here to stay. You or I will not stop it. I think the point of this thread was simply to state that point. This being accepted, what can be done to ensure GPG, PGP, etc., can all work under it's construct? We are not going to solve the worlds (or the internets) problems with GPG not supporting the HTML email format. The bottom line is CAN GPG and others be made to play nicely with HTML. All our rants about the evil perpetrated on this world by HTML email is not going to make it go away. Heck, Beta was a better format then VHS, but we all know the outcome of that one. Either GPG and the likes begin to work with HTML OR someone needs to step up and prevent those applications from trying to apply digital signatures and encryption on emails formatted in HTML. Personally, I use HTML email in my daily work to embed images that make the flow of my emails work better. I'd love to be able to digitally sign and/or encrypt my emails without the intervention of Outlook (S/MIME) and use something generally more accepted (GPG, PGP). But, if it just won't work OR the complexities of making it work aren't feasible, then I will revert to TXT and then sign. Either way, the GPG community just needs to take a stand one way or the other. Make it work or make it not work... Cary -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Mica Mijatovic Sent: Tuesday, October 17, 2006 10:21 To: Nicholas Cole Subject: Re: RFCs, standards, pink bunnies and flower patterns -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Tue, 17 Oct 2006, at 15:34:39 +0100 (BST), when Nicholas wrote: >> Of course that it doesn't mean that HTML should be banished >> completely from the 'lectronic mail world, but it has its essential >> limitations as for the cryptographic routines. > Mica, > Thank you for your email. It made me reflect. I had been ignoring this > discussion. HTML emails are here to stay, and may users of the > internet rely on them. Indeed, text only emails can look horrid on > many Outlook setups, a fact I was long unaware of since I haven't used > it in about 7 years. > It's hard enough getting people to use encrypted email as it is - > telling them they can't use what is to many people a very standard > tool doesn't seem to me a good way forward. > It seemed to me that PGP/MIME provides an excellent way to handle HTML > email. But your email did make me think about that a bit more. > Obviously, its ability to load external images might make the > signature in practice meaningless (though the signature on the source > code would still be correct, which makes it an interesting > philosophical point). Is there anything else about an HTML email that > raises a red flag from a security point of view? I recall now a movie with Eddie Murphy playing a somewhat irregular priest explaining to the crowd what is evil and what is not. Whatever he says, now this and then that, the crowd says "Yeah!" So, it is basically a matter of anthropology (and sometimes more specifically of neurology, when the psychedel[ir]ic kitsch element is particularly stressed in an HTML...creation)[1]. But if we put aside the matters of aesthetics (which is not just "a matter of taste" but indeed of the work of subtle health of undamaged neurones as well, which is an objective category), we can see that we have at disposal two main aspects we can observe and analyze the HTML case in the context (and it is a model for all the other ones of the same and similar type)... 1) technical characteristics of such a document 2) the ways subjects _react_ on it, the document ...where the first aspect tells us about the essential proprieties (what it is, does, can etc.) and the other one describes _habits_, as a conditional behavior conditioned by various and idio...matic ways some particular group of a given population adopts its models of behavior.[2] Now, these models of _behavior_ can exist entirely independently of the real value of the objects/things (in this case HTML mail), and if these models we take to be criterions for estimation of the real value, then we get the known mess where just mere habits are taken to be a standards. It is an evasive finer distinction that seems rarely who is able to perceive and to keep attention on it enough long to get a clear thought of it. Since it is a global/general phenomenon, it encompasses the (human) mental activities involved in creating something as the RFCs are as well. This is generally result of the taking _habits_ to be criterion of standards, and not the technical facts of the phenomenon that is object of these habits. RFCs are anyway good, generally speaking, since they have a basic intention (to try if nothing else) to introduce an order and thus to prevent an incredible mess, which would result in ultimate dysfunctionality. It means thus that they, RFCs, are not gods nor priests, and that they should be taken "with a grain of salt", not for granted thus, with a healthy reason and not by "common sense".[3] We have thus to think (to a certain needed degree) as well, not just to merely react, and everything becomes better then, we get much better solutions, and better solutions bring more enjoyment. When the organ of pleasure disciplines itself, it produces and gives much more pleasure. *** Generally, HTMLanguage is for instance a pretty powerful language, it is not naive at all, and with it many actions can be performed and triggered, everywhere on your hard disk and "peripherals". These codes you can't see/perceive on the surface, since they are not rendered by a browser/mailer's HTML reader, although they are performed anyway. Not good for a mail, definitely. "It's evil." (-: For now. As for the "horrid look of text only mail", Courier is not only fixed width font. I myself like it since it resembles the old typewriters which is quite fine to me. Of others Lucida Console comes to mind, for Windows, and many other ones for Linux. _____________________ [1] But again, might be that those people simply have not enough for a better weed or simply a hammer/mazzuola, so is not nice to laugh at someone's poverty. We also shouldn't forget that Oscar Wild gave his life fighting against kitschy wallpapers. His last words were: "Or they or me". [2] See Pavlovian reflexes, how they are created and function. [3] What is "common sense" in mental hospital for instance, or in some collective insanity, or in an insanity in two... A "common" is not enough to make a "standard". It resembles, it resembles it, indeed, but it is not enough. - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ "One tartar beef steak, please" - Nietzsche -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4217 <>o<> tiger192 i686 * (Cygwin/MinGW32) iQEVAwUBRTUQ9bSpHvHEUtv8AQjVLAgArVE3eREsxRsLGKPDyKOkrFxq/BNeeANQ F/jyu7CTnYCp+cpVpLtZ2wAftYdhGch3X8yOLvE+39xKtM/9pNwe4eY+7UXlDxJD exOwyGAWp2qlXoCyQ2gfks9QUU6KfW1H/OhTTj8e5WpQi38oDIrXs3BMPM7ZMeRa +yh0PAX5Efgppw8q9x5XrNJJ0iUWhgHu3IrYbvoby8P7HZWYdC8ACraRs87wU1Uy duqB4oYMRB+oqHp6JBFtiHdfJbygcrIY8JUE9hJYb0/kHAeUenyTGFT/2wZX9/Ce p3E7QCZTJ+V1DT9v/8TInnxZ3GgDPZM8RtzPng4BzMaTRmmXge/U8w== =ju9G -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From Werner.Dittmann at t-online.de Tue Oct 17 20:07:15 2006 From: Werner.Dittmann at t-online.de (Werner Dittmann) Date: Wed Oct 18 01:51:27 2006 Subject: Problem generating keys on FSFE card Message-ID: <45351BD3.9020708@t-online.de> All, during generation of keys on the FSFE card I have some problems. I'm using the how-to on the FSFE site to generate keys (refer to the Using your Card with subkeys only (recommended) how-to). The first time it worked as described. Because I wanted to change some parameters (key validity dates) I tried it once again. During this second time I got the following error message after some time during key generation gpg: Bitte warten, der Schl?ssel wird erzeugt ... gpg: pcsc_transmit failed: not transacted (0x80100016) gpg: apdu_send_simple(0) failed: card I/O error gpg: Schl?sselerzeugung fehlgeschlagen gpg: key generation failed: Allgemeiner Fehler Schl?sselerzeugung fehlgeschlagen: Allgemeiner Fehler I'm using gpg (GnuPG) 1.4.2. What I can report on top of this: during the second time the order of the PIN entry was revered. When doing it the first time gpg asked for the ADMIN PIN first, then for the normal PIN. During second (and all subsequent tries) it first asked the normal PIN, then the ADMIN PIN. Because I was curious I tried to generated some keys using the --card-edit / admin/ generate sequence. Same error message are quite some while. I disconnected the card reader to force a reset, did reboot to clear any "hanging" software - and always "pkill" the pgp-agent. Nothing helped. Any ideas? Need to "reset" the card? Regards, Werner From alphasigmax at gmail.com Wed Oct 18 03:07:21 2006 From: alphasigmax at gmail.com (Alphax) Date: Wed Oct 18 03:06:33 2006 Subject: GPG and PGP Compatibility In-Reply-To: <45350E41.9090400@yto.ca.gl3> References: <45350E41.9090400@yto.ca.gl3> Message-ID: <45357E49.7000201@gmail.com> Conan Purves wrote: > Hello everybody, > When I encode attachments, it gives them a .gpg suffix. My colleagues > who are using PGP Desktop cannot decode those files. Though I can > decode their files, either using the gpgee contextual menu or > automatically through enigmail. > > Practically speaking, is there a solution for this? My colleagues are > most likely going to want to continue using PGP Desktop. > Although it's only freeware and not open source, GPGShell will give you explorer and system tray integration, and let you use a .pgp extension. I've filed an RFE at . -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061018/41f8df9a/signature.pgp From blueness at gmx.net Wed Oct 18 03:27:23 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Wed Oct 18 03:53:41 2006 Subject: RFCs, standards, pink bunnies and flower patterns In-Reply-To: <000901c6f233$9fdca810$6801a8c0@corp.hds.com> References: <11010586468.20061017192054@gmx.net> <000901c6f233$9fdca810$6801a8c0@corp.hds.com> Message-ID: <1417750633.20061018032723@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: TIGER192 Was Tue, 17 Oct 2006, at 14:31:34 -0700, when Cary wrote: > Mica, > While your comments are whimsical and, in some case very true, the point is > HTML mail is here to stay. You or I will not stop it. I think the point of > this thread was simply to state that point. This being accepted, what can > be done to ensure GPG, PGP, etc., can all work under it's construct? We are > not going to solve the worlds (or the internets) problems with GPG not > supporting the HTML email format. The bottom line is CAN GPG and others be > made to play nicely with HTML. > All our rants about the evil perpetrated on this world by HTML email is not > going to make it go away. Heck, Beta was a better format then VHS, but we > all know the outcome of that one. Either GPG and the likes begin to work > with HTML OR someone needs to step up and prevent those applications from > trying to apply digital signatures and encryption on emails formatted in > HTML. Personally, I use HTML email in my daily work to embed images that > make the flow of my emails work better. I'd love to be able to digitally > sign and/or encrypt my emails without the intervention of Outlook (S/MIME) > and use something generally more accepted (GPG, PGP). But, if it just won't > work OR the complexities of making it work aren't feasible, then I will > revert to TXT and then sign. > Either way, the GPG community just needs to take a stand one way or the > other. Make it work or make it not work... Cary, all your questions are already answered in the previous message. Please read it again. Otherwise, and apropos of some other things and side effects, and a possible "collateral damage"... There is no any whimsicality in it (the previous message and wider) and the answers/observations are given quite sternly and with a quite fine necessary precision. This however that to someone now and then it _looks_ like some whimsicality is right the effect of exactly the expectations that come with already developed said habit(s), in the moment when these expectations are not fulfilled. -- We are surprised and feel as someone is kidding us then. But is not so. The following sentence is/was crucial for understanding it... "It is an evasive finer distinction that seems rarely who is able to perceive and to keep attention on it enough long to get a clear thought of it." ...so we need our perception and cognitive processes _disciplined_, and thus stabilized, or they will not give the needed results. Gnu Privacy Guard is one of the rare software/conceptions which absolutely needs disciplined and clear thinking and perception, or otherwise there is no much use of it. Some people are able for this, being disciplined and watchful, are educated, drilled and trained for it, and some are not. This all defines then the quality of understanding, of ability to follow the matter/action and to partake in it. Those who are disciplined (the way described) can follow all my texts perfectly well, and it is visible and documented. Besides, they are amused decently much as well, which is good since it is a "hard" matter and a side sporadic relaxation is quite welcome then. (; Those though who are not in possession of such noble qualities constantly fall into the traps scattered (spontaneously and on the fly) all around. (; For them such texts are like a poison (some even get angry or even undergo serial nervous breakdowns[1]), while for the other ones it is a pure nectar. I personally enjoy in watching the both groups. (: We _have_ to be patient, disciplined and awake, watchful. Without it we cannot make anything special, and we'll be just pathetic losers. Besides, there is no freedom which is possible without these properties (since any{one|thing} can fool us then quite easily -- hint, hint! -- for the fighters for freedom/FSF on the gallery; (-: Just carefully, and attentively, and the success is guaranteed; the freedom is sweetest thingie in this...modality of existence, for no jerk can molest you and since you are what you are then[2]; it would be pity to lose such a gem just because of inattentiveness). I wish you all well and HTML mail is Evil. Still. _____________________ [1] Am I the one responsible for that then? Of course not. They are simply handling the matter ineptly. [2] Or how the British movie star says nicely: "I like to have lots of money because I can then say to any jerk to...fly off." (-: - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ "Can you hear this...?" -- Schumann -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4217 <>o<> tiger192 i686 * (Cygwin/MinGW32) iQEVAwUBRTWC+bSpHvHEUtv8AQazEQf/XKLzY3E7gYkU5ov+ldiw3dZacuqLi2rS DAyUnP4KfLJEg5/agvu4RtMMSIYj98m3seKx9IfQAK05hLCtgQ7Qmd3EuZ1UaH9H xKmPFFGKYujZMG+ljYcXlvnsAiZFKdhJ3ISFUX6T+2VnjRlIBttW8Z7vUfnnVeGc 24rcHEl+cx2bswRrudCfAak7TXLrEbk0H4yO86SqcAySTVfzYk5HUBioHKJb2XHQ AYuGZbXn/S2qxSo0hr3ZaLrpwEcK8r0QBzu78DOUUNPr/iN/HpTMSLYrOI5gE83C rRZLtWuYZc8iiINyfydnjk+9+3cfswgqSQkBWeGRv4+6GtqDuiehng== =FFvn -----END PGP SIGNATURE----- From ryan at malayter.com Wed Oct 18 05:07:03 2006 From: ryan at malayter.com (Ryan Malayter) Date: Wed Oct 18 05:05:20 2006 Subject: RFCs, standards, pink bunnies and flower patterns In-Reply-To: <1417750633.20061018032723@gmx.net> References: <11010586468.20061017192054@gmx.net> <000901c6f233$9fdca810$6801a8c0@corp.hds.com> <1417750633.20061018032723@gmx.net> Message-ID: <5d7f07420610172007o74bbdb94t8d37a098fc6c1db@mail.gmail.com> On 10/17/06, Mica Mijatovic wrote: > ... > There is no any whimsicality in it (the previous message and wider) and > the answers/observations are given quite sternly and with a quite fine > necessary precision. > ... It's like reading Ulysses, but as a day in the life of Richard Stallman rather than Leopold Bloom. Featuring, of course, just marginally more frequent punctuation, sentence structure, and coherent thought. At this point, I am inclined to say: UNCLE! -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From CaryRW at usa.net Wed Oct 18 05:26:16 2006 From: CaryRW at usa.net (Cary Wagner) Date: Wed Oct 18 05:25:02 2006 Subject: RFCs, standards, pink bunnies and flower patterns In-Reply-To: <5d7f07420610172007o74bbdb94t8d37a098fc6c1db@mail.gmail.com> Message-ID: <000f01c6f265$2d18b350$6801a8c0@corp.hds.com> Ryan, I think I am with you. Or, to explain in language made much more complex then is necessary for human consumption, but to impress those with average IQ's. You extricated the unspoken verbiage from my oral orifice. ;-) Cheers... Cary -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Ryan Malayter Sent: Tuesday, October 17, 2006 20:07 To: Mica Mijatovic Subject: Re: RFCs, standards, pink bunnies and flower patterns On 10/17/06, Mica Mijatovic wrote: > ... > There is no any whimsicality in it (the previous message and wider) > and the answers/observations are given quite sternly and with a quite > fine necessary precision. > ... It's like reading Ulysses, but as a day in the life of Richard Stallman rather than Leopold Bloom. Featuring, of course, just marginally more frequent punctuation, sentence structure, and coherent thought. At this point, I am inclined to say: UNCLE! -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From henry.bremridge at xobie.com Wed Oct 18 07:05:29 2006 From: henry.bremridge at xobie.com (Henry Bremridge) Date: Wed Oct 18 08:21:46 2006 Subject: Problem generating keys on FSFE card In-Reply-To: <45351BD3.9020708@t-online.de> References: <45351BD3.9020708@t-online.de> Message-ID: <200610180506.k9I563g8001228@rs26.luxsci.com> On Tue, Oct 17, 2006 at 08:07:15PM +0200, Werner Dittmann wrote: > All, > > during generation of keys on the FSFE card I have some problems. > I'm using the how-to on the FSFE site to generate keys > (refer to the Using your Card with subkeys only (recommended) how-to). > > The first time it worked as described. Because I wanted to change > some parameters (key validity dates) I tried it once again. During > this second time I got the following error message after some time > during key generation > > > gpg: Bitte warten, der Schl?ssel wird erzeugt ... > gpg: pcsc_transmit failed: not transacted (0x80100016) > gpg: apdu_send_simple(0) failed: card I/O error > gpg: Schl?sselerzeugung fehlgeschlagen > gpg: key generation failed: Allgemeiner Fehler > Schl?sselerzeugung fehlgeschlagen: Allgemeiner Fehler > > I'm using gpg (GnuPG) 1.4.2. > > What I can report on top of this: during the second time > the order of the PIN entry was revered. When doing it the > first time gpg asked for the ADMIN PIN first, then for > the normal PIN. During second (and all subsequent tries) > it first asked the normal PIN, then the ADMIN PIN. > > Because I was curious I tried to generated some keys using > the --card-edit / admin/ generate sequence. Same error message > are quite some while. > > I disconnected the card reader to force a reset, did reboot > to clear any "hanging" software - and always "pkill" the pgp-agent. > Nothing helped. > > Any ideas? Need to "reset" the card? I have been having similar problems with gpg 1.4.5 on debian etch. With me: - When trying to generate keys for the card the problem (to me) seemed that I was using a 2048 bit key for encryption. I therefore deleted that sub-key and tried again. This worked in that my card got populated but now I cannot decrypt old emails - In restoring my secring, I still cannot decrypt old email, and cannot generate new sub-keys for the card. When I do I get similar message to the above I am trying to find a way to remove all my existing key data from the card so I can start again -- Henry Wed Oct 18 06:05:19 BST 2006 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20061018/5c937a96/attachment.pgp From wk at gnupg.org Wed Oct 18 09:48:37 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 18 09:52:45 2006 Subject: RFCs, standards, pink bunnies and flower patterns In-Reply-To: <000901c6f233$9fdca810$6801a8c0@corp.hds.com> (Cary Wagner's message of "Tue\, 17 Oct 2006 14\:31\:34 -0700") References: <000901c6f233$9fdca810$6801a8c0@corp.hds.com> Message-ID: <874pu23vze.fsf@wheatstone.g10code.de> Hi! I have not followed the discussion, so just a short comment. On Tue, 17 Oct 2006 23:31, Cary Wagner said: > supporting the HTML email format. The bottom line is CAN GPG and others be > made to play nicely with HTML. gpg is unaware of the content. Thus you can sign or encrypt whatever you like. For signing or encrypting HTML mails, PGP/MIME (rfc3156) is the way to go. Both, PGP/MIME and S/MIME are based on the rfc1847 and allow to process arbitrary MIME objects. Some mailers fully support this (iirc: Mutt, KMail, Sylpheed, ... ) Whether external bodys and such are handled in a sensitive way is a matter of the mailer. Even without encryption or signing references to external data proses a privacy problem because reading a mail can be tracked by the sender. Good mailers should ask whether such external references should be inlines and also warn if they are part of a signature. It is not an OpenPGP specific problem. S/MIME has exactly the same properties. Salam-Shalom, Werner From wk at gnupg.org Wed Oct 18 10:02:33 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 18 10:08:40 2006 Subject: Problem generating keys on FSFE card In-Reply-To: <45351BD3.9020708@t-online.de> (Werner Dittmann's message of "Tue\, 17 Oct 2006 20\:07\:15 +0200") References: <45351BD3.9020708@t-online.de> Message-ID: <87zmbu2grq.fsf@wheatstone.g10code.de> On Tue, 17 Oct 2006 20:07, Werner Dittmann said: > gpg: Bitte warten, der Schl?ssel wird erzeugt ... > gpg: pcsc_transmit failed: not transacted (0x80100016) "Not transacted" is in most cases a catch-all error return for the card driver. This happens with many PC/SC drivers when issuing a command to generate a key on the card. I have had not the time to fully debug this but it seems to be a problem in processing the waittime extension request. If you use a CCID based reader, you should try to use gpg's internal ccid driver instead of PC/SC. To make this work you might need stop stop the pcscd first. Shalom-Salam, Werner From wk at gnupg.org Wed Oct 18 10:04:21 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 18 10:09:01 2006 Subject: Problem generating keys on FSFE card In-Reply-To: <200610180506.k9I563g8001228@rs26.luxsci.com> (Henry Bremridge's message of "Wed\, 18 Oct 2006 06\:05\:29 +0100") References: <45351BD3.9020708@t-online.de> <200610180506.k9I563g8001228@rs26.luxsci.com> Message-ID: <87vemi2goq.fsf@wheatstone.g10code.de> On Wed, 18 Oct 2006 07:05, Henry Bremridge said: > I am trying to find a way to remove all my existing key data from the > card so I can start again Just issue the generate command and existing keys will be overwritten. You will see an extra prompt to make sure that you really want to overwrite an existing key. Salam-Shalom, Werner From wk at gnupg.org Wed Oct 18 10:10:11 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 18 10:17:45 2006 Subject: GPG and PGP Compatibility In-Reply-To: <5d7f07420610171418k68abe3f2tb26c659f3951830@mail.gmail.com> (Ryan Malayter's message of "Tue\, 17 Oct 2006 16\:18\:18 -0500") References: <45350E41.9090400@yto.ca.gl3> <5d7f07420610171418k68abe3f2tb26c659f3951830@mail.gmail.com> Message-ID: <87r6x62gf0.fsf@wheatstone.g10code.de> On Tue, 17 Oct 2006 23:18, Ryan Malayter said: > file extension for encrypted files, whereas PGP Corp.'s products use > .pgp. But that can be overcome with configuration settings, either in > one of the programs, or by telling Windows what programs to associate > with which file extensions. An easy solution would be to have Enigmail map .gpg suffixes to .gpg when sending attachments. Shalom-Salam, Werner From alphasigmax at gmail.com Wed Oct 18 14:42:58 2006 From: alphasigmax at gmail.com (Alphax) Date: Wed Oct 18 14:41:53 2006 Subject: GPG and PGP Compatibility In-Reply-To: <45357E49.7000201@gmail.com> References: <45350E41.9090400@yto.ca.gl3> <45357E49.7000201@gmail.com> Message-ID: <45362152.7000102@gmail.com> Alphax wrote: > I've filed an RFE at > . > Well, apparantly it's already doable: > You can set this with the following two preferences in about:config (or in > Thunderbird via Preferences/Advanced/Config Editor): > > extensions.enigmail.inlineAttachExt > extensions.enigmail.inlineSigAttachExt Hope that helps, -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061018/c22c2208/signature.pgp From patrick at mozilla-enigmail.org Wed Oct 18 13:32:11 2006 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Wed Oct 18 15:21:37 2006 Subject: GPG and PGP Compatibility In-Reply-To: <45357E49.7000201__13487.3456474908$1161134022$gmane$org@gmail.com> References: <45350E41.9090400@yto.ca.gl3> <45357E49.7000201__13487.3456474908$1161134022$gmane$org@gmail.com> Message-ID: <453610BB.8050808@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alphax wrote: > Conan Purves wrote: >> Hello everybody, > >> When I encode attachments, it gives them a .gpg suffix. My colleagues >> who are using PGP Desktop cannot decode those files. Though I can >> decode their files, either using the gpgee contextual menu or >> automatically through enigmail. >> >> Practically speaking, is there a solution for this? My colleagues are >> most likely going to want to continue using PGP Desktop. >> > > Although it's only freeware and not open source, GPGShell > will give you explorer and > system tray integration, and let you use a .pgp extension. I've filed an > RFE at . There's no need for an RFE against Enigmail. There are preferences available that allow to modify the default .pgp to something else (the prefs are not available via GUI). - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.92 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRTYQuXcOpHodsOiwAQJB4Qf/TVOxH8gJ0e8IqfRQA2pdboSm74gHmZvM W2GEX0jfwn9A10MQN82VFJoNLswRQOZpnNzkfsupEkpSe+GHRKsJXQOBRAQvPE9w amJ/i7wr7qDv8hoZGMxlriV2WzAACLyUMzfwFXF7ENx8XNPq07n36DJ/P83O3iRd Y5Oc/iktfFGynQeGHEle0R7QRJRfDEab7+B+9WVbRO6LT2N1g3j4mvCFwdgXdvUU x2fgw59NX/jof/RJMRQcAEQTsbw2Jc1kiq+6TWKNK3TkySuEG2UARmc0PTK5nlYe lfCyE4/o2XqTZA+6pltOQ0oX49xGV/jIhIIuyM8Wlzxy1U4uQAwUEQ== =OEvK -----END PGP SIGNATURE----- From mwood at IUPUI.Edu Wed Oct 18 15:41:59 2006 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Wed Oct 18 15:40:04 2006 Subject: RFCs, standards, pink bunnies and flower patterns In-Reply-To: <874pu23vze.fsf@wheatstone.g10code.de> References: <000901c6f233$9fdca810$6801a8c0@corp.hds.com> <874pu23vze.fsf@wheatstone.g10code.de> Message-ID: <20061018134159.GA17450@IUPUI.Edu> Precisely. Once MIME enters the picture, the user agent must be looked at as a collection of subsystems driven by the MIME structure of the message. None of the subsystems (other than the MIME parser) *ever* deals with a whole message; the user agent is presented with an assembly of bodyparts and deals each part out to the subsystem best equipped to interpret it. There was a previous comment asserting that various applicable standards require certain content-types in the *message header*. Any such standard is broken, because the thing with which it deals may be nested within a hierarchy of other things (with other content-types) of any depth. What *should* happen is that a multipart/signed or multipart/encrypted bodypart is detected *somewhere* within a message; it is given to gnupg or pgp or 'openssl smime' or whatever to interpret; the interpreted content is given back to the MIME interpreter; the content is seen to be a multipart/alternative bodypart; the user agent (for reasons I will never understand :-) selects the text/html bodypart; that bodypart is given to an HTML interpreter, and as text/html is terminal w.r.t. MIME the process is complete (up to the node at which the multipart/whatever bodypart resides). External references from text/html bodyparts are the concern of the HTML interpreter; the OpenPGP interpreter has already done its job. If they are to be secured, HTTP specifies mechanisms for doing that. It sounds like some user agents are continuing the grand tradition of implementing MIME poorly where they bother to do so at all. I suspect that the sign/encrypt community's role here will be limited to repeating, "if you would follow the specifications then it would Just Work" until the clue is accepted. -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Typically when a software vendor says that a product is "intuitive" he means the exact opposite. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20061018/9c21774d/attachment.pgp From vedaal at hush.com Wed Oct 18 16:30:54 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Oct 18 16:29:22 2006 Subject: GPG and PGP Compatibility (Conan Purves) Message-ID: <20061018143054.F043DDA84B@mailserver8.hushmail.com> >Date: Tue, 17 Oct 2006 13:09:21 -0400 >From: Conan Purves >Subject: GPG and PGP Compatibility >have thus found Gnupg using the gpg4win front end, >running through the Enigmail extension on Thunderbird. .... > My last problem, I believe, is attachments. using gpg4win, there is a workaround to avoid attachments altogether, but still sign the file and send it as part of the the inline message, and it works for any file type: [1]use windows explorer to find the file you wish to send as an attachment, and right-click on the file [2]click on 'gpgee' and then on 'sign' [3]in the gpgee signing window, (a) in the left pane, (entitled 'Signature Options'), click 'Attached' (b) in the right pane, (entitled 'Misc. Options'), click on 'Text Output(ASCII Armor)' [4]select your signing key and sign the file, gpgee produces an ascii armored output 'file.asc' and saves it in the same directory as the original file [5] use notepad to open the file, but make sure that in the notepad bottom box entitled 'File Type', 'All Files' are checked, (the default is 'Text documents', and notepad will list only .txt files and not 'see' anything else) [6] copy the armored text and paste it into the body of the message, with an instruction for the receiver to save it as 'file.asc' [7] open file.asc using winpt's file manager, it will verify the signature and save the original file type (do 'not' try to verify it from the 'current window', as it will only verify the signature but not recover the file) [8] the same will happen in all pgp versions through 8.x, if they save the file as file.asc, and verify it using 'PGP Tools' or 'PGPMail' (i haven't tried PGP 9.x since the first time it came out, so you might need someone to test it for you using the current 9.x) this works with any type of e-mail client, and the entire message can be sent as signed and encrypted, without any indication that an attachment is included (although people might guess because of the message size ;-) ) vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From vedaal at hush.com Wed Oct 18 17:13:19 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Oct 18 17:11:19 2006 Subject: GPG and PGP Compatibility (vedaal) Message-ID: <20061018151320.88896DA84E@mailserver8.hushmail.com> On Wed, 18 Oct 2006 05:04:14 -0400 gnupg-users-request@gnupg.org wrote: >Send Gnupg-users mailing list submissions to >[7] open file.asc using winpt's file manager, forgot to mention, it can also be done using gpgee, and the signature will be verified, and the file saved vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From blueness at gmx.net Wed Oct 18 17:47:31 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Wed Oct 18 17:54:49 2006 Subject: RFCs, standards, pink bunnies and flower patterns In-Reply-To: <5d7f07420610172007o74bbdb94t8d37a098fc6c1db@mail.gmail.com> References: <11010586468.20061017192054@gmx.net> <000901c6f233$9fdca810$6801a8c0@corp.hds.com> <1417750633.20061018032723@gmx.net> <5d7f07420610172007o74bbdb94t8d37a098fc6c1db@mail.gmail.com> Message-ID: <1657791952.20061018174731@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Tue, 17 Oct 2006, at 22:07:03 -0500, when Ryan wrote: > On 10/17/06, Mica Mijatovic wrote: >> ... >> There is no any whimsicality in it (the previous message and wider) and >> the answers/observations are given quite sternly and with a quite fine >> necessary precision. >> ... > It's like reading Ulysses, but as a day in the life of Richard > Stallman rather than Leopold Bloom. Featuring, of course, just > marginally more frequent punctuation, sentence structure, and coherent > thought. > At this point, I am inclined to say: > UNCLE! Never give up. IQ, as Cary hints, has on the contrary nothing special with it, while the approach has a lot and is crucial. Besides, right very recently a huge amount of data has just been unleashed by NSA, marked now as declassified and with lots of that related to cryptology. Among other documents there are those with titles as "Extraterrestrial Intelligence", "Key to the Extraterrestrial Messages", "Communication with Extraterrestrial Intelligence", "NSA: How Much Do We Really Know about the Software Capability of Our Contractors?", "Obscenities in COMINT: A Need for Cognitive Knowledge", "The Arithmetic of a Generation Principle for an Electronic Key Generator", "A Cryptologic Fairy Tale", "Upgrading Selected US Codes and Ciphers with a Cover and Deception Capability", "Why Some Projects Fail" and so on. Here is the URL to these NSA Bibliographies: . - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ "See ya" - Ray Charles -----BEGIN PGP SIGNATURE----- iQEVAwUBRTZMkbSpHvHEUtv8AQhQ9AgAkGO/eEKf98rQzcKQGd4tT+Aw7Z1opAqS 42UsvVAVDKHFsYOY+EHepPmQNeB0ThFSKy7Zl8X/uGUbMv0oAqvagFIYzNWHWEqY YK9xiTLz3FypwXmX9n19g+fHUmjHzGv4z/K6cCYMU/SGYKZjtLGIguuVk7jdrQ2K kqwl0JbAE9obhNKOH5c9549ZwaHQtBPjG8r5zMHuzAMbPmj7mCNmnkEtMsW+yO6C +tCWWXxzAdCqvechPKmKOA6JNt/eHbzXTzs0PLHyl9pVaH325+IQT0f/0vTp8tkR nETNijEctR4ZILo9jTSs+PsZe+gvxMXmNfebUJYn0hCxhIGuFkiN3g== =R9RK -----END PGP SIGNATURE----- From wk at gnupg.org Wed Oct 18 19:18:09 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 18 19:21:22 2006 Subject: [Announce] GnuPG 1.9.93 released Message-ID: <87k62x1r1q.fsf@wheatstone.g10code.de> Hi, as promised here is another release of GnuPG. This is mainly to fix bugs found in 1.9.92. Thanks to all testers. Noteworthy changes in version 1.9.93 (2006-10-18) ------------------------------------------------- * In --with-validation mode gpgsm will now also ask whether a root certificate should be trusted. * Link to Pth only if really necessary. * Fixed a pubring corruption bug in gpg2 occurring when importing signatures or keys with insane lengths. * Fixed v3 keyID calculation bug in gpg2. * More tweaks for certificates without extensions. Available at the usual place: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.93.tar.bz2 (3772k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.93.tar.bz2.sig or as a patch (without PO file updates): ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.92-1.9.93.diff.bz2 (30k) BTW, the logo-contest is still running and the submitters would probably like to see some more donations ;-). See www.gnupg.org/misc/logo-contest.html . Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20061018/541c8c2c/attachment-0001.pgp From Werner.Dittmann at t-online.de Wed Oct 18 20:33:04 2006 From: Werner.Dittmann at t-online.de (Werner Dittmann) Date: Wed Oct 18 20:31:35 2006 Subject: Problem generating keys on FSFE card In-Reply-To: <87zmbu2grq.fsf@wheatstone.g10code.de> References: <45351BD3.9020708@t-online.de> <87zmbu2grq.fsf@wheatstone.g10code.de> Message-ID: <45367360.6010108@t-online.de> Werner, thanks for the hint. The gpg internal CCID reader works and it seems it solved the problem. Just as an info for the other fellow list members: IMHO the gpg version included in SUSE 10.1 was not compiled with libusb support thus it requires the pcscd and the associated libraries. Therefore I downloaded the current version (1.4.5) and did the usual tripple-play ./configure; make; sudo make install Now I can access the smart card directly via CCID (after having done the preliminary steps to install the card reader in udev) BTW, the howto on the FSFE page "http://www.fsfe.org/en/card/howto/subkey_howto" states that after successful creation of the sub-keys I shall register the new encryption sub-key (stored on the card) with the key servers. What about the signature sub-key? Or shall I register the complete key, that is the keys created with "addcardkey" and the ElGamal encryption key, with the key server? Some advise appreciated. Regards, Werner D. Werner Koch wrote: > On Tue, 17 Oct 2006 20:07, Werner Dittmann said: > >> gpg: Bitte warten, der Schl?ssel wird erzeugt ... >> gpg: pcsc_transmit failed: not transacted (0x80100016) > > "Not transacted" is in most cases a catch-all error return for the > card driver. This happens with many PC/SC drivers when issuing a > command to generate a key on the card. I have had not the time to > fully debug this but it seems to be a problem in processing the > waittime extension request. > > If you use a CCID based reader, you should try to use gpg's internal > ccid driver instead of PC/SC. To make this work you might need stop > stop the pcscd first. > > > Shalom-Salam, > > Werner > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From blueness at gmx.net Thu Oct 19 01:23:51 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Thu Oct 19 01:45:47 2006 Subject: [Announce] GnuPG 1.9.93 released In-Reply-To: <87k62x1r1q.fsf@wheatstone.g10code.de> References: <87k62x1r1q.fsf@wheatstone.g10code.de> Message-ID: <1903913754.20061019012351@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Wed, 18 Oct 2006, at 19:18:09 +0200, when Werner wrote: > BTW, the logo-contest is still running and the submitters would > probably like to see some more donations ;-). See > www.gnupg.org/misc/logo-contest.html . Oh, Gee ... spot! I spotted not this part... Oh la la/OXO-XO/Oho-ho... -- I need my abacus. (-: I go to sleep and dream my new car... - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ "Cough, cough..." -- Chopin -----BEGIN PGP SIGNATURE----- iQEVAwUBRTa3brSpHvHEUtv8AQgXSAf+IRTdaMMnLu98UZSmVmuxPJAAHQknQBAm kNvTmbQYCNvNEFfh/5R0NnxU8w/nfPsNRfii+LVa8YTAgti+ad9yizIn18fWrowP Ndluia+O/vEwh+QVWHDEClxWsn4+g1JSqDd54krGqCiPo+oBvofuo8jWuIB5GXc9 C7mEzohRj1dFy2Nwv03kR87ITgI+bfX20WxQyARAfjjXSS+uvTOtuEVGW2q1PUZM BDwh0qk8yNM48NjOwPRDNniZmQmBwHBBqprIPJxtCvLmpQzMkpsLKFiD4GpEaDf1 2DVmq29Zp5nVP7LHO1odEBvJGfVsAmlC6ZZ4KhQ1IE7yvXo1j3EZ/w== =B5YY -----END PGP SIGNATURE----- From cwalters999 at comcast.net Fri Oct 20 06:02:13 2006 From: cwalters999 at comcast.net (Chris Walters) Date: Fri Oct 20 07:22:04 2006 Subject: A question regarding gnupg and passphrases... Message-ID: <45384A45.7060101@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, I have been lurking in this group for a while now, and have been using gnupg for a while, as well. My question is this: When I symmetrically encrypt something with "gpg -c" it will allow me to enter only one passphrase. However, when I decrypt the same thing, with the same passphrase, it has a line that says "Encrypted with 1 passphrase". This implies that it is possible to use more than one passphrase when encrypting. Does anyone know if this is true? Or if it is a future plan? If it is possible, could someone give me an idea of how to do it? By the way, I looked over all of the documentation on the site, and it does not seem to mention multiple passphrases, nor does the man page. Regards, Chris -----BEGIN PGP SIGNATURE----- iD8DBQFFOEpAxO3Y5yr0AtQRAr5/AJ0cd2v3iw3bJgRHJ88n/gUpRrQMswCeO70a Ggbutb14BxzGb9/LA532d7I= =Un6R -----END PGP SIGNATURE----- From wk at gnupg.org Fri Oct 20 10:43:52 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 20 10:47:54 2006 Subject: A question regarding gnupg and passphrases... In-Reply-To: <45384A45.7060101@comcast.net> (Chris Walters's message of "Fri\, 20 Oct 2006 00\:02\:13 -0400") References: <45384A45.7060101@comcast.net> Message-ID: <87bqo7xtpz.fsf@wheatstone.g10code.de> On Fri, 20 Oct 2006 06:02, Chris Walters said: > says "Encrypted with 1 passphrase". This implies that it is possible to > use more than one passphrase when encrypting. Does anyone know if this > is true? Or if it is a future plan? If it is possible, could someone > give me an idea of how to do it? That's right. The OpenPGP protocol allows for that and it allows even to encrypt with several passphrases and several public keys at the same time. You may then decrypt it with any of these keys. We don't yet support encrypting with several passphrases. This is mainly a user interface problem and well no demand for it. However, we allow to encrypt for a passphrase and several public keys. This is done by using "--symmetric --encrypt" (or short "-ce"). Note, that only newer PGP versions are able to decrypt such messages. > By the way, I looked over all of the documentation on the site, and it > does not seem to mention multiple passphrases, nor does the man page. Becuase it is not implemented on the encryption site ;-) Salam-Shalom, Werner From wk at gnupg.org Fri Oct 20 11:18:39 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 20 11:22:50 2006 Subject: Can't read belgium eID card using gpgsm In-Reply-To: <200609072221.27081.willems.luc@pandora.be> (Luc Willems's message of "Thu\, 7 Sep 2006 22\:21\:26 +0200") References: <200609022038.07550.willems.luc@pandora.be> <200609062106.20351.willems.luc@pandora.be> <87d5a8go8q.fsf@wheatstone.g10code.de> <200609072221.27081.willems.luc@pandora.be> Message-ID: <87vemfwdjk.fsf@wheatstone.g10code.de> On Thu, 7 Sep 2006 22:21, Luc Willems said: > after some testing , i disabled the beidbelgium.be-beidpcscd daemon. Don't ask > me what it is or do but it seems to block exclusive access to the card > reader. Well, that is the same as scdaemon does ;-) > after this step , gpgsm --learn-card worked. I tested it to sign a file and > used KMail to send mail that where signed by the Eid card. :-) Note also that you may use the card for ssh logins. We are also working on a pkcs#11 library to allow Mozilla using scdaemon. Right now I can use the OpenPGP card to login to web servers. I try to extend this to the your card but I have to see whether this will work out. Salam-Shalom, Werner From itsec.info at gmail.com Sat Oct 21 13:54:52 2006 From: itsec.info at gmail.com (itsec.info) Date: Sat Oct 21 15:24:22 2006 Subject: decrypt problem Message-ID: <200610211354.52642.itsec.info@gmail.com> Hi I have encrypted a large file (280MB) with gpg v1.4.2 on suse 10.0. By decrypting the file I get the following error message: gpg: Problem reading source (10429120 bytes remaining) gpg: handle plaintext failed: Dateilesefehler gpg: Warnung: Verschl?sselte Botschaft ist manipuliert worden! The last line is in German, basically it says that the text may be manipulated by a 3rd party. Can I handle such huge files with gpg at all? If so, what is the cause of this error because I am quite sure that the file had not been manipulated in the meantime. -- Any help is very much appreciated because this is a backup file. Thanks, Mike From alphasigmax at gmail.com Sat Oct 21 15:36:34 2006 From: alphasigmax at gmail.com (Alphax) Date: Sat Oct 21 15:36:46 2006 Subject: decrypt problem In-Reply-To: <200610211354.52642.itsec.info@gmail.com> References: <200610211354.52642.itsec.info@gmail.com> Message-ID: <453A2262.8000705@gmail.com> itsec.info wrote: > Hi > > I have encrypted a large file (280MB) with gpg v1.4.2 on suse 10.0. > By decrypting the file I get the following error message: > > gpg: Problem reading source (10429120 bytes remaining) > gpg: handle plaintext failed: Dateilesefehler > gpg: Warnung: Verschl?sselte Botschaft ist manipuliert worden! > > The last line is in German, basically it says that the text may be manipulated > by a 3rd party. > > Can I handle such huge files with gpg at all? > If so, what is the cause of this error because I am quite sure that the file > had not been manipulated in the meantime. > > Any help is very much appreciated because this is a backup file. > You could try the --ignore-mdc-error option and if it's an ASCII armored file the --ignore-crc-error option. No guarantees though... -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061021/e0ea6d28/signature.pgp From blueness at gmx.net Sat Oct 21 21:58:26 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Sat Oct 21 22:19:34 2006 Subject: decrypt problem In-Reply-To: <200610211354.52642.itsec.info@gmail.com> References: <200610211354.52642.itsec.info@gmail.com> Message-ID: <417314504.20061021215826@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Sat, 21 Oct 2006, at 13:54:52 +0200, when itsec.info wrote: > I have encrypted a large file (280MB) with gpg v1.4.2 on suse 10.0. > By decrypting the file I get the following error message: > gpg: Problem reading source (10429120 bytes remaining) > gpg: handle plaintext failed: Dateilesefehler > gpg: Warnung: Verschl?sselte Botschaft ist manipuliert worden! > The last line is in German, basically it says that the text may be manipulated > by a 3rd party. > Can I handle such huge files with gpg at all? > If so, what is the cause of this error because I am quite sure that the file > had not been manipulated in the meantime. I still don't dare to encrypt larger files with GnuPG (they could make a GPGDisk for such purposes, that would be ingenious move!). An other reason is that in the process of encryption the date/time of the file is changed (grrr...), exceptionally inconvenient for backups (or I simply don't know the magic trick/dance). Hence I rather use the zip with a longish nice password for such purposes, and am besides hoping that will catch some time to see how _TrueCrypt for Linux_ would do this work, using its encrypted container/"volume". Anyone here having any experience with this version of True Crypt yet? Any impressions? - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ checking whether the reason is present and sane... maybe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4298 <>o<> tiger192 (Cygwin/MinGW32) iQEVAwUBRTp74LSpHvHEUtv8AQik5Af7BnWM5AvgfyNIUUEtlW/kpi2JvW7TaeHp xIwo6I2moqyYL2LzkfABpcMQFY4w1AdnctZK0DXA06fUVuf/IVxzeMOhrRINMcvD MNrhMzDmV3fv+7t/DgxWEjmwqkH9Mh7VU78I40uuH4HtKhEBOC8cn+asN8Vr5OoD f28FFhbg8ocZGad0p/pvsDCPYCL/QJGXEmDcuxvfwLJLikdxmJHlmrIlbeItFWbJ SdjGJxafCIGRCwGvOOC7WkevepHQesh7RBISWID0ePBZYpMAkD1ULu/mZeoUuFmN oGtVxwnYN4DEIrDtKsNTzgGqVGYphTC3DZuyvAmASru/jg8rE0/DTw== =VotR -----END PGP SIGNATURE----- From blueness at gmx.net Sat Oct 21 22:19:07 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Sat Oct 21 22:19:39 2006 Subject: GPGDisk campaign Message-ID: <201387957.20061021221907@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Starting right now, with the fresh New Moon... GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk you're GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk falling GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk asleep GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk and GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk you're GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk feeling GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk great GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk you're GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk writing GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk the GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk codes GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk GPGDisk... - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ checking whether the reason is present and sane... piggy, piggy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4298 <>o<> tiger192 (Cygwin/MinGW32) iQEVAwUBRTqAubSpHvHEUtv8AQgE3Af+OrzHpGWzlolagWdIc1JO9ZOxlPtJin5u NkTiZzxqjxRQwpglSfG0Omfq6qTyL6ZafK+J9Lad+rxV2PhK65XKFIbH9+ZPz/8S zjN5glHK2WD0frrO59PAY3EPZpTEM4kdiGOQH3XY2vW7sefgn8m6ForEMnM6ryx6 1khdeQgj5jSUgZAifSsk+94CFzZT/8373LuGENBLh9CbOe9eF4tcRl7XCTx3qTKS SDmIX6NB1CBpLUrqI0aSv072cIlF//6aHhDhGWkiJa4ZR3ZlNHyr0YSzXNzQ0FOc G2RVNuWsZ8DMa4zfDgQjLUc/KT6TUvf2t3HcmVECpC1yxtSHuhuYiQ== =p6/+ -----END PGP SIGNATURE----- From mlisten at hammernoch.net Sat Oct 21 20:26:56 2006 From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Sat Oct 21 22:24:17 2006 Subject: decrypt problem In-Reply-To: <200610211354.52642.itsec.info@gmail.com> References: <200610211354.52642.itsec.info@gmail.com> Message-ID: <453A6670.8030802@hammernoch.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, itsec.info wrote on 21.10.2006 13:54 Uhr: > Hi > > I have encrypted a large file (280MB) with gpg v1.4.2 on suse 10.0. > By decrypting the file I get the following error message: > > gpg: Problem reading source (10429120 bytes remaining) > gpg: handle plaintext failed: Dateilesefehler > gpg: Warnung: Verschl?sselte Botschaft ist manipuliert worden! > > The last line is in German, basically it says that the text may be manipulated > by a 3rd party. Issuing a german text seems to be a bug in gpg. > Can I handle such huge files with gpg at all? Yes. I regularly en- and decrypt files as large as 3 or 4 Gigabytes. > If so, what is the cause of this error because I am quite sure that the file > had not been manipulated in the meantime. > > -- > Any help is very much appreciated because this is a backup file. The message says "Dateilesefehler" which means "File read error". I would suspect a media or drive error. Gpg telling "manipulation of the encrypted message" is most probably due to wrong input data and a subsequent error message. It does not necessarily imply a 3rd party. A bad backup media can as well be the manipulator... :-(( Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRTpmcFYnpxVXVowdAQKiYAgAjSUk+Uzqu4qJGycGLOii9R2KNgAzexs1 Thq+A5Yg4jXtb62xdO1ry9c6d9eUhSm1BOqWyBrp0ujpgwAgRYpI1lBNyEUKWZid COn23aP/0TIjBClTCjGwImIb0iKVPuoEuQlsYNzx+VbIMneldY4E5zPa0+SrdttW /arAAd1MpHkEnOJOVBg+IYXDpUQIMfm8KTHMhGpt98olF6hJ0oSXLV+qc7RtfC7W wyN99SmIDi1R+44aYVBA0qV4KoyNRuFUQ3r5r9cD6M4EA8Ku8O8fV0K76NlrE94C q8O5PUQGZIblF8+gVAXzAgXilxge6tkLgAmcFiOSGFa080YYJ+ClAA== =vK8E -----END PGP SIGNATURE----- From j.lysdal at gmail.com Sun Oct 22 00:10:55 2006 From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=) Date: Sun Oct 22 00:09:01 2006 Subject: GPGDisk campaign In-Reply-To: <201387957.20061021221907@gmx.net> References: <201387957.20061021221907@gmx.net> Message-ID: <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> lol, very cool with the steganography thing... From rjh at sixdemonbag.org Sun Oct 22 00:36:40 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun Oct 22 01:28:26 2006 Subject: GPGDisk campaign In-Reply-To: <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> References: <201387957.20061021221907@gmx.net> <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> Message-ID: <453AA0F8.6070803@sixdemonbag.org> J?rgen Lysdal wrote: > lol, very cool with the steganography thing... I'll be the bad guy and rain on the parade, and give the reasons why this is very unlikely to come to pass. 0. It is not what GnuPG targets. GnuPG tracks conformance to RFC2440, the OpenPGP standard, and implements additional parts (smartcard drivers, etc.) as needed to give a good user experience for RFC2440 tasks. A cryptographic file system has no relation to RFC2440. Why should GnuPG support it? 1. There are no standards for cryptographic file systems. GnuPG has always focused on conformance to standards. The GnuPG developers probably do not want to come out with yet another incompatible file system. 2. There already exist strong Free Software implementations. On UNIX there are many different Free Software encrypted file systems, from encrypted loopback devices to plug-ins for the ReiserFS file system to TrueCrypt (Linux only) to... etcetera. On Windows, TrueCrypt offers good support for encrypted partitions, much in the same way PGPDisk does today. 3. The GnuPG developers may not find it sexy. Writing good software is work. It's a hell of a lot of work, in fact. The thing that gets most Free Software developers going is their affection for the subject matter. The GnuPG developers like getting their hands dirty with Internet wire protocols like OpenPGP. Do they like getting their hands dirty with filesystem drivers? I don't know, but my guess is no. ... And, of course, the short version of it is this: if you want it done that badly, then grab the source and hack it yourself. It's GPLed for exactly that reason. From smolinski at de.ibm.com Sun Oct 22 04:01:51 2006 From: smolinski at de.ibm.com (Holger Smolinski) Date: Sun Oct 22 03:59:03 2006 Subject: Holger Smolinski/Germany/IBM is on a cource until 10/23 Message-ID: I will be out of the office starting 20.10.2006 and will not return until 23.10.2006. I will respond when I have returned. In any urgent matter pls contact Steffen Thoss (thoss@de.ibm.com) or my Manager Bernd Blaes (blaess@de.ibm.com) From JPClizbe at comcast.net Sun Oct 22 06:07:11 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Sun Oct 22 06:26:56 2006 Subject: GPGDisk campaign In-Reply-To: <453AA0F8.6070803@sixdemonbag.org> References: <201387957.20061021221907@gmx.net> <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> <453AA0F8.6070803@sixdemonbag.org> Message-ID: <453AEE6F.4060708@comcast.net> In response to the GPGdisk rant, Robert J. Hansen wrote: > > I'll be the bad guy and rain on the parade, and give the reasons why > this is very unlikely to come to pass. > One more: 4. There is not much satisfaction to be gained writing F/OSS for projects for problems which have already been solved in so many numerous ways: F/OSS: http://www.thefreecountry.com/security/encryption.shtml#otfe Commercial: http://www.full-disk-encryption.net/Full_Disc_Encryption.html Though I'm sure, if you're /that committed/, Werner and the folks at g10code would be glad to discuss custom implementation costs with you. 8-}) -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061021/7b08e4e9/signature.pgp From rstoddard at voyager.net Sun Oct 22 08:43:25 2006 From: rstoddard at voyager.net (Richard H. Stoddard) Date: Sun Oct 22 10:24:33 2006 Subject: Signing/encrypting options using GPGShell Message-ID: <139253698.20061022114325@voyager.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm using gpgshell, and it gives me the option of signing or clear-signing messages. It also contains options for encrypt and encrypt/sign. When I try to "sign" it, it in fact seems to encrypt it. Is this "just the way it is" or is there a bug (or operator error)? Also, is there a way using PGPShell to cache the passphrase for a certain interval? I'm assuming likely not, but though I'd ask anyway. - -- Thanks, Rick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) - GPGshell v3.52 iEYEARECAAYFAkU7EwIACgkQDpWSSnADCvem8wCfV9BlLlTNk6aTPwTSgGMoVbSL NLYAnji3pD3D2DfsNfRzKrfHAtouSMPt =Ptnm -----END PGP SIGNATURE----- From blueness at gmx.net Sun Oct 22 14:02:42 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Sun Oct 22 14:01:12 2006 Subject: GPGDisk campaign In-Reply-To: <453AA0F8.6070803@sixdemonbag.org> References: <201387957.20061021221907@gmx.net> <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> <453AA0F8.6070803@sixdemonbag.org> Message-ID: <1165356437.20061022140242@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Sat, 21 Oct 2006, at 17:36:40 -0500, when Robert J. Hansen wrote: > J?rgen Lysdal wrote: >> lol, very cool with the steganography thing... > I'll be the bad guy and rain on the parade, and give the reasons why > this is very unlikely to come to pass. Oh, Mister Hansen! Greetings! Long time no bait. (-: How's your work on the new GnuPG graphic frontal face? My greetings to your cousin Katherine too. (: - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ "The human brain is like an enormous fish -- it is flat and slimy and has gills through which it can see." (Monty Python) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4298 <>o<> tiger192 (Cygwin/MinGW32) iQEVAwUBRTtd4LSpHvHEUtv8AQhX5Af9EoP6lb40b4R/OdzJRgSuDsHDzkILlN2P ecT7csMHVBxz2jUK7PKZp7kEbGn0ZlbEOSOTvnfkQ2AsPZxyQLAW1iN+4jyojq4E 9n/mXmLaLPdcuz8+6TSyOhdcGG2YBcDIF7gG811mTjbgLQYDanIdSvp5gjl+xRP1 tqkfRUN+C4hwomInrFYLfxGS/yGpNeM1d2MC8feoBZQ55uIcNpersSsTlwAEw8GH me42vBDEPf1aWFDdTTE70Xm2Fhq5kIf9hc2vpKcQzyEUT/U/bt767qyXcEG6iJp6 ddHoxRE3Jhu5QlTG/aO67kX6m7yU+qaQkG9J54qCl3EJQ8X3zV2rbw== =lsZu -----END PGP SIGNATURE----- From wk at gnupg.org Sun Oct 22 15:53:11 2006 From: wk at gnupg.org (Werner Koch) Date: Sun Oct 22 15:57:58 2006 Subject: GPGDisk campaign In-Reply-To: <453AEE6F.4060708@comcast.net> (John Clizbe's message of "Sat\, 21 Oct 2006 23\:07\:11 -0500") References: <201387957.20061021221907@gmx.net> <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> <453AA0F8.6070803@sixdemonbag.org> <453AEE6F.4060708@comcast.net> Message-ID: <87hcxwcv94.fsf@wheatstone.g10code.de> On Sun, 22 Oct 2006 06:07, John Clizbe said: > Commercial: > http://www.full-disk-encryption.net/Full_Disc_Encryption.html > > Though I'm sure, if you're /that committed/, Werner and the folks at g10code > would be glad to discuss custom implementation costs with you. 8-}) Frankly, we are not very keen to do that because with most commonly used OSes you need to dive deeply into that OS. After all it is a matter of paying ;-). It would be interesting to write an encrypted file system server for a modern OS design. However I doubt that there is yet enough commercial interest to cover the cost. BTW, using the term "commercial" as you did above is not a good way to distingusih between Free an proprietary software. For sure my company offers commercial software; that this software is available under a free license is merely a detail (although an important one). Shalom-Salam, Werner From wk at gnupg.org Sun Oct 22 15:58:09 2006 From: wk at gnupg.org (Werner Koch) Date: Sun Oct 22 16:02:55 2006 Subject: decrypt problem In-Reply-To: <453A6670.8030802@hammernoch.net> (Ludwig =?utf-8?Q?H=C3=BCge?= =?utf-8?Q?lsch=C3=A4fer's?= message of "Sat\, 21 Oct 2006 20\:26\:56 +0200") References: <200610211354.52642.itsec.info@gmail.com> <453A6670.8030802@hammernoch.net> Message-ID: <87d58kcv0u.fsf@wheatstone.g10code.de> On Sat, 21 Oct 2006 20:26, Ludwig H?gelsch?fer said: > Issuing a german text seems to be a bug in gpg. I hope that the translator for German (de.po) won't read this mail ;-) > The message says "Dateilesefehler" which means "File read error". I > would suspect a media or drive error. Gpg telling "manipulation of the > encrypted message" is most probably due to wrong input data and a The message uses a kind of checksum (the MDC) to detect corruption of the encrypted message. This message is a side effect of the read error. Salam-Shalom, Werner From j.lysdal at gmail.com Sun Oct 22 18:48:02 2006 From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=) Date: Sun Oct 22 18:46:47 2006 Subject: Signing/encrypting options using GPGShell In-Reply-To: <139253698.20061022114325@voyager.net> References: <139253698.20061022114325@voyager.net> Message-ID: <9afe34fe0610220948n2082ece1ybca4319b2c5d003e@mail.gmail.com> 2006/10/22, Richard H. Stoddard : > in fact seems to encrypt it. > Is this "just the way it is" or is there a bug (or operator error)? No, its not encryptet. My guess it is signed and compressed, am i right? > Also, is there a way using PGPShell to cache the passphrase for a > certain interval? I'm assuming likely not, but though I'd ask anyway. No, i dont think you can do that.. From iulia_das at yahoo.com Mon Oct 23 13:19:45 2006 From: iulia_das at yahoo.com (Julia Dashkevich) Date: Mon Oct 23 13:18:46 2006 Subject: Signing/encrypting options using GPGShell In-Reply-To: <139253698.20061022114325@voyager.net> Message-ID: <20061023111946.73455.qmail@web51306.mail.yahoo.com> Rick, Yeah, it doesn't look like you can set a certain time limit for caching passphrase in gpgshell. However, it appears to me that gpg itself has gpg passphrase agent, which can be set up to store passphrase for n seconds (correct me if i am wrong, please). However, using either of them makes your private key more vulnerable... The only place i found that describes how to configure it is this: www.debian-administration.org/articles/378 although i don't know if it applies to windows. Julia --- "Richard H. Stoddard" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'm using gpgshell, and it gives me the option of > signing or > clear-signing messages. It also contains options for > encrypt and > encrypt/sign. When I try to "sign" it, it in fact > seems to encrypt it. > Is this "just the way it is" or is there a bug (or > operator error)? > > Also, is there a way using PGPShell to cache the > passphrase for a > certain interval? I'm assuming likely not, but > though I'd ask anyway. > > - -- > Thanks, > Rick > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (MingW32) - GPGshell v3.52 > > iEYEARECAAYFAkU7EwIACgkQDpWSSnADCvem8wCfV9BlLlTNk6aTPwTSgGMoVbSL > NLYAnji3pD3D2DfsNfRzKrfHAtouSMPt > =Ptnm > -----END PGP SIGNATURE----- > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From jfmogollon at zitralia.com Mon Oct 23 15:24:14 2006 From: jfmogollon at zitralia.com (Juan Felipe =?ISO-8859-1?Q?Mogoll=F3n_Rodr=EDguez?=) Date: Mon Oct 23 18:24:20 2006 Subject: can't disable core dumps Message-ID: <1161609854.2978.11.camel@localhost.localdomain> Hello to everybody: I am trying to make a script to generate a sign configuration files via CGI and Perl and I have a problem when I call gpg to sign my generated files: Here is the sentence that gives me problems: $resultado=system("echo $FORM{'$passphrase'}| gpg --yes --no-batch --clearsign /var/www/files/file.txt"); when I execute that sentence I receive this output in my apache log. > [Mon Oct 23 09:13:59 2006] [error] [client 127.0.0.1] gpg: fatal: , referer: http://127.0.0.1/formulario.html > [Mon Oct 23 09:13:59 2006] [error] [client 127.0.0.1] can't disable core dumps: Permission denied, referer: http://127.0.0.1/formulario.html > [Mon Oct 23 09:13:59 2006] [error] [client 127.0.0.1] secmem usage: 0/0 bytes in 0/0 blocks of pool 0/0, referer: http://127.0.0.1/formulario.html > I know that it is not a good practice to send my passphrase in a pipe and that is the mistake. I have tried to work with various cpan perl modules but none of them work in my case. GnuGP::Iterface return me the same resulta as "normal" way and GnuGP tell me that gpg cant open shared memory. I hope anybody can help me. I am using Fedora Core 4 and perl 5.8.6 and gpg 1.4.5. Many thanks. From rmeden at yahoo.com Mon Oct 23 21:02:32 2006 From: rmeden at yahoo.com (Robert Eden) Date: Mon Oct 23 22:54:32 2006 Subject: Windows GUI recommendation for USB disk Message-ID: <20061023190232.55621.qmail@web52102.mail.yahoo.com> I'd like to place a static windows GUI executable on a USB disk to encourage folks to encrypt data while using snail-mail. I don't want windows shell extensions as that would require an installer (WinPT ). I'm thinking just a single EXE that provides a simple GUI and supports symmetric keys... I don't know if GPA does this, I've been having trouble getting it to compile on my cygwin install. (The README talks about a pre-built binary, but it doesn't exist) Any recommendations? Robert From JPClizbe at comcast.net Tue Oct 24 02:31:48 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Tue Oct 24 02:32:15 2006 Subject: Windows GUI recommendation for USB disk In-Reply-To: <20061023190232.55621.qmail@web52102.mail.yahoo.com> References: <20061023190232.55621.qmail@web52102.mail.yahoo.com> Message-ID: <453D5EF4.5000303@comcast.net> Robert Eden wrote: > I'd like to place a static windows GUI executable on a USB disk to > encourage folks to encrypt data while using snail-mail. > > I don't want windows shell extensions as that would require an installer > (WinPT ). > > I'm thinking just a single EXE that provides a simple GUI and supports > symmetric keys... > > I don't know if GPA does this, I've been having trouble getting it to > compile on my cygwin install. (The README talks about a pre-built > binary, but it doesn't exist) > > Any recommendations? I think there is a binary, possibly part of GPG4WIN. I'd try GPGshell. You might want to look at the GPG2GO project, I think they may have already solved this. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061023/34e22fdf/signature.pgp From twoaday at gmx.net Tue Oct 24 09:35:45 2006 From: twoaday at gmx.net (Timo Schulz) Date: Tue Oct 24 09:25:22 2006 Subject: Windows GUI recommendation for USB disk In-Reply-To: <20061023190232.55621.qmail@web52102.mail.yahoo.com> References: <20061023190232.55621.qmail@web52102.mail.yahoo.com> Message-ID: <453DC251.209@gmx.net> Robert Eden wrote: > I don't want windows shell extensions as that would require an > Installer (WinPT ). Actually WinPT does not install any shell extensions. (Windows Privacy Tray, not the obsolete SF.net project!) And furthermore, I currently work on WinPT Mobile which does not depend on any hardwired config and thus perfect for an USB stick. Indeed it does not use the Windows registry or create any files on the harddisk. As a result you may put all needed binaries on the stick, plus the keyrings and you can use WinPT on any machine. But I still need some time for tests. Timo From wk at gnupg.org Tue Oct 24 16:45:03 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 24 16:48:22 2006 Subject: [Announce] GnuPG 1.9.94 released Message-ID: <87hcxt7oy8.fsf@wheatstone.g10code.de> Hi, as promised here is another release of GnuPG. This is mainly to fix bugs found in 1.9.93. Thanks to all testers. Noteworthy changes in version 1.9.94 (2006-10-24) ------------------------------------------------- * Keys for gpgsm may now be specified using a keygrip. A keygrip is indicated by a prefixing it with an ampersand. * gpgconf now supports switching the CMS cipher algo (e.g. to AES). * New command --gpgconf-test for all major tools. This may be used to check whether the configuration file is sane. Available at the usual place: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.94.tar.bz2 (3780k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.94.tar.bz2.sig or as a patch (without PO file updates): ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.93-1.9.94.diff.bz2 (19k) If you have a smart card (either OpenPGP or the Belgian eID), you may want to play with the enhanced gpgsm-gencert.sh tool. BTW, 7 days to go for the logo-contest. You may however donate until we have finished the selection. http://logo-contest.gnupg.org/ Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available Url : /pipermail/attachments/20061024/703e9fa2/attachment.pgp From blueness at gmx.net Wed Oct 25 04:00:42 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Wed Oct 25 04:14:07 2006 Subject: GPGDisk campaign In-Reply-To: <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> References: <201387957.20061021221907@gmx.net> <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> Message-ID: <312587155.20061025040042@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Sun, 22 Oct 2006, at 00:10:55 +0200, when J?rgen Lysdal wrote: > lol, very cool with the steganography thing... Just checking environment. (-; Namely, on an other privacy/security related list, of a more general nature though, it happens that a purely technical question may trigger surprisingly emotional responses, and sometimes even in a form of a less or more serious nervous breakdowns (and I mean it, there is documentation about that). In a bit slighter cases, you could get just a rant instead of a precise technical answer / response, which again has its anthropological (and not rarely entertaining) value, that is quite interesting to investigate, in somewhat different (although still to a worthwhile extent related) context. But let's put this aspect aside now and here. The last time I posed such a "hot" question there, it was right about a possible, hypothetical, GPGDisk and its shorter technical specification. Since I got just few mediocre rants in response, well, as expected, and from usual sources, I thought it wouldn't be bad to try on a more serious and emotionally stable list (and lo I discover that few usual ranters are present here as well (-: ). Here I'll give the exact copy of the question I posed then there... // I wonder if that would be technically hard, and how much, to make a GPGDisk, an open source version of for instance the PGPDisk (following the Zimmermann's open source trail). How much work it would need, in terms of time, working in a `normal' (not a feverish and similar, allegro furioso twitchissimo and so) tempo? Would the number of coworkers lighten such a work? \\ The part "(following the Zimmermann's open source trail)" relates to Zimmermann's basic definition of Pretty Good Privacy, as it is given in his "Why I Wrote PGP", for instance, rather than a literal utilization of his source codes, of course. - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ ?ivot dakle HEJE vizija budale u koju si ti obavezan da se u?ivljavaw, te da ?iviw po pravilima ne?ijeg autogenog ko?mara i cerebralnog defekta. (Hammer von Troll, pog. "Doktrina trule daske" iz "Knjige radosti") -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4298 <>o<> tiger192 (Cygwin/MinGW32) iQEVAwUBRT7FSLSpHvHEUtv8AQiRXgf/X74uC/ZcIP84ttticlzzV5LlaPA/hwjW aoqo1EXJnv0soVjijir9wFnVrVleCz6/KAPq72dDWHzwfJrsmnNiaAKDO+Z6URRX ot0X3Ez9ZvPJxeF6K4gfvK7sH/ZGZQZAKd0ktPclRJXJ6RNWswt4QzzBa/YKg4LP VJKXDpd85KyDTnTWwYJe/9x6I55+CJyy7tgVAtrNmKd5Qkjh09vpTd0Fd9ZYCuCD 6Ki8qejw11KJBRTwQegLI14ZB4JGVnIsFPtM6UecOKKv8teyhoyXQWB+ghWbJRU2 Ef60t2vHWoBrjUHS3cRG3o08xifrn+i0qF0ltVR7un/aHyrABc/1KA== =mc0i -----END PGP SIGNATURE----- From blueness at gmx.net Wed Oct 25 04:13:45 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Wed Oct 25 04:14:26 2006 Subject: GPGDisk campaign In-Reply-To: <87hcxwcv94.fsf@wheatstone.g10code.de> References: <201387957.20061021221907@gmx.net> <9afe34fe0610211510u32df1eedv87697c649209da8a@mail.gmail.com> <453AA0F8.6070803@sixdemonbag.org> <453AEE6F.4060708@comcast.net> <87hcxwcv94.fsf@wheatstone.g10code.de> Message-ID: <191583736.20061025041345@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Sun, 22 Oct 2006, at 15:53:11 +0200, when Werner Koch wrote: > Frankly, we are not very keen to do that because with most commonly > used OSes you need to dive deeply into that OS. After all it is a > matter of paying ;-). Every work should be paid, after the merits, there is no any question about it. > It would be interesting to write an encrypted file system server for a > modern OS design. However I doubt that there is yet enough commercial > interest to cover the cost. Well, commercial interest obviously exists, otherwise the "modern" PGP wouldn't sell even a piece of their...product, no? Then, there are many variants of licences of the very same product, depending, for instance, on the types of users. More serious corporations, companies, governmental organizations and similar will surely rather pay for a GnuPG than for a modern PGP, particularly with the current tendency of elimination of proverbially insecure OSs from significant areas and replace them by more reliable, "transparent" and stable ones. Where would be a problem to have a GnuPG licence for them, and a GnuPG licence for a say "personal use" (as it is practised for instance by manufacturers of anti virus software - the entire, global, environment becomes safer and better, and including all sorts of commercial activities as well)? I have myself said on one occasion that if by a chance GnuPG were not freeware, I would indeed pay for it, some reasonable price of course, say errrmmm, $30, US ?-) rather than to use any other software in this category, even if they were not only freware but if they would pay me for this, seriously, and I meant it. As things stand, right in this moment, this is most quality software in this category, still, despite the recent discrete signs of tendency of giving up under the non-FSF subtle pressure. (-; Its huge advantage is, besides, its "transparency" and that it can be modified, quite legitimately, to suit user's specific needs. Therefore, GnuPG has a real and strong potential to be a commercial software as well. It just depends on how it will be presented (and of course of its capacity to preserve and maintain its independence). The very same stands then for a potential GPGDisk. I doubt that for instance the governments (or any more serious self respecting company) that switch to safer systems are not aware of the difference between say GnuPG and modern PGP. No chance. (-; If they switch to these system then it means that they think. If they think then they know the difference. They don't ask ranters and twitching faces for expert opinion. (-: By the way, is it possible to make this hypothetical GPGDisk in a way that it could make different file systems in one "container", say one container with three partitions: minix, ext2, win32/ntfs and so? Or even each individual container with different file system, with no partitions within? - - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ Life therefore is not a vision of a fool you are obliged to get accustomed to, and to live after the rules of someone's autogenous nightmare and cerebral defect. (Hammer von Troll, ch. "Doctrine of the Rotten Plank", from "The Book of the Joy") -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4298 <>o<> tiger192 (Cygwin/MinGW32) iQEVAwUBRT7IWLSpHvHEUtv8AQg0uwf9HwqDPH//r/rfzI36Ab3+F3oYxCTV4oUk ZVB1/z6+GRbmGHL7KcP1L24awRQ9BkCRyLseCfaXe9yMLIdIbybTpJBqolSDHu5y WR8K/Mt/Cz/3cPAyDELNFcnoXbLoLGCxKCndv9oLgYHD/w/0vOXGDiq5efsX7O3e dEU0KJo/gOdhnX+Hvi8oYTt8hRPp8u93xvcLIbvS24Ekm0/GFBY3qLeCj9gCforG gmjjpKe5/FP0yXZo6HVttJPORfWO5K3ZOvYF1bKwXe4gNID1e4L9c6gMNZPUetfa UwzM6sWFbR8KHpHmYnhiPMFQAVU0VsXQVFlA11Z6vEGdX2AADOixqw== =ahq+ -----END PGP SIGNATURE----- From vedaal at hush.com Wed Oct 25 16:41:26 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Oct 25 16:40:21 2006 Subject: gpgdisk campaign Message-ID: <20061025144127.DA122DA84B@mailserver8.hushmail.com> mica wrote: ] " ... More serious corporations, companies, governmental organizations and similar will surely rather pay for a GnuPG than for a modern PGP, particularly with the current tendency of elimination of proverbially insecure OSs from significant areas and replace them by more reliable, "transparent" and stable ones..." but they can get TrueCrypt for free now, so, the issue would be, to make a gnupg disk that is better than truecrypt, with a feature that people are willing to pay for the only thing i can think of that might accomplish this, is to have the gnupg disk linked to a gpg 'smartcard', (rsa 2048 or greater, please, ;-) ) and charge for the package considering the great amount of work that such a project would need, it is not certain that it would be profitable ... [but if it would be undertaken, i would be happy to pay for my copy in advance ... ;-) ] vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From malayter at gmail.com Wed Oct 25 17:58:22 2006 From: malayter at gmail.com (Ryan Malayter) Date: Wed Oct 25 17:57:18 2006 Subject: gpgdisk campaign In-Reply-To: <20061025144127.DA122DA84B@mailserver8.hushmail.com> References: <20061025144127.DA122DA84B@mailserver8.hushmail.com> Message-ID: <5d7f07420610250858x3552f64csea6b32cdcf7d147a@mail.gmail.com> On 10/25/06, vedaal@hush.com wrote: > but they can get TrueCrypt for free now, > There are two major reasons we're using the commercial PGPdisk here instead of TrueCrypt. 1) Manageability - PGPdisk offers centralized deployment, policy management, key escrow, etc. 2) TrueCrypt's inability to encrypt the boot disk on any platform. The first is a failing that many open source software have; management is usually accomplished through scripting. That adds lots of flexibility, but makes the product far less attractive to IT departments that just want to make it work quickly. The second is more of an architecture problem with TrueCrypt. PGPdisk and other whole-disk encryption products do some very low-level, OS-dependent stuff, like loading from the boot sector and then handing off to an OS-specific device driver. These are the sorts of things that are difficult to accomplish without heavy involvement from the OS vendor. This is also why a "GPGdisk" is probably unworkable. GnuPG is designed and strives for platform independence, and thinks like disk drivers are inherently platform specific. I would think that improving TrueCrypt, perhaps stealing the OpenPGP smart card support from GnuPG, is the "best bet" for full-featured, open-source whole-disk encryption program. Finally, let's not forget the 800-pound gorilla: Microsoft already has per-file encryption (with decent key management in the OS), and has added whole disk encryption to Vista. If those solutions work well enough, practical Windows users will not see the benefits of an open source disk encryption solution outweighing the complexity of their use. Regards, Ryan From malayter at gmail.com Wed Oct 25 17:58:22 2006 From: malayter at gmail.com (Ryan Malayter) Date: Wed Oct 25 18:07:45 2006 Subject: gpgdisk campaign In-Reply-To: <20061025144127.DA122DA84B@mailserver8.hushmail.com> References: <20061025144127.DA122DA84B@mailserver8.hushmail.com> Message-ID: <5d7f07420610250858x3552f64csea6b32cdcf7d147a@mail.gmail.com> On 10/25/06, vedaal@hush.com wrote: > but they can get TrueCrypt for free now, > There are two major reasons we're using the commercial PGPdisk here instead of TrueCrypt. 1) Manageability - PGPdisk offers centralized deployment, policy management, key escrow, etc. 2) TrueCrypt's inability to encrypt the boot disk on any platform. The first is a failing that many open source software have; management is usually accomplished through scripting. That adds lots of flexibility, but makes the product far less attractive to IT departments that just want to make it work quickly. The second is more of an architecture problem with TrueCrypt. PGPdisk and other whole-disk encryption products do some very low-level, OS-dependent stuff, like loading from the boot sector and then handing off to an OS-specific device driver. These are the sorts of things that are difficult to accomplish without heavy involvement from the OS vendor. This is also why a "GPGdisk" is probably unworkable. GnuPG is designed and strives for platform independence, and thinks like disk drivers are inherently platform specific. I would think that improving TrueCrypt, perhaps stealing the OpenPGP smart card support from GnuPG, is the "best bet" for full-featured, open-source whole-disk encryption program. Finally, let's not forget the 800-pound gorilla: Microsoft already has per-file encryption (with decent key management in the OS), and has added whole disk encryption to Vista. If those solutions work well enough, practical Windows users will not see the benefits of an open source disk encryption solution outweighing the complexity of their use. Regards, Ryan From jfmogollon at zitralia.com Thu Oct 26 09:27:42 2006 From: jfmogollon at zitralia.com (Juan Felipe =?ISO-8859-1?Q?Mogoll=F3n_Rodr=EDguez?=) Date: Thu Oct 26 09:29:37 2006 Subject: can't disable core dumps In-Reply-To: <1161609854.2978.11.camel@localhost.localdomain> References: <1161609854.2978.11.camel@localhost.localdomain> Message-ID: <1161847663.13846.5.camel@localhost.localdomain> I found the problem: It was the SELinux configuration on Fedora Core 4. I put SELINUX=permissive in /etc/selinux/conf and it worked. El lun, 23-10-2006 a las 15:24 +0200, Juan Felipe Mogoll?n Rodr?guez escribi?: > Hello to everybody: > > I am trying to make a script to generate a sign configuration files via > CGI and Perl and I have a problem when I call gpg to sign my generated > files: > > Here is the sentence that gives me problems: > > > $resultado=system("echo $FORM{'$passphrase'}| gpg --yes --no-batch --clearsign /var/www/files/file.txt"); > > when I execute that sentence I receive this output in my apache log. > > > > [Mon Oct 23 09:13:59 2006] [error] [client 127.0.0.1] gpg: fatal: , referer: http://127.0.0.1/formulario.html > > [Mon Oct 23 09:13:59 2006] [error] [client 127.0.0.1] can't disable core dumps: Permission denied, referer: http://127.0.0.1/formulario.html > > [Mon Oct 23 09:13:59 2006] [error] [client 127.0.0.1] secmem usage: 0/0 bytes in 0/0 blocks of pool 0/0, referer: http://127.0.0.1/formulario.html > > > > I know that it is not a good practice to send my passphrase in a pipe and that is the mistake. I have tried to work with various cpan perl modules but none of > them work in my case. > > GnuGP::Iterface return me the same resulta as "normal" way and GnuGP tell me that gpg cant open shared memory. > > I hope anybody can help me. > > I am using Fedora Core 4 and perl 5.8.6 and gpg 1.4.5. > > Many thanks. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Thu Oct 26 09:54:52 2006 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 26 10:19:46 2006 Subject: [Announce] GnuPG logo contest - 5 days to go Message-ID: <874ptrfr5f.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From cwalters999 at comcast.net Fri Oct 27 14:19:36 2006 From: cwalters999 at comcast.net (Chris Walters) Date: Fri Oct 27 14:23:05 2006 Subject: Another passphrase related question... Message-ID: <4541F958.5080903@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi All, I actually have a couple of questions regarding passphrases - speaking mainly of symmetric encryption (e.g. gpg -c). The first question regards the maximum length of a passphrase - I would like to know what it is in GnuPG. I know there is a practical limit to what someone could type, but I am looking more for the limit within the program. The second one is, how does GnuPG handle "non-printable" characters, other than new line characters? What I mean by this is basically anything you cannot directly type with a normal keyboard (upper ASCII and the lower ASCII characters). TIA Regards, Chris -----BEGIN PGP SIGNATURE----- iD8DBQFFQflVvWR+cfQvuEIRCNTgAJ4vj3dwLJDHfISZzvLni/f4GhbTTQCfZSmY VJkAswBo/U06LJ5TC27Hmi4= =w2yV -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Oct 27 15:12:40 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Oct 27 15:10:53 2006 Subject: Another passphrase related question... In-Reply-To: <4541F958.5080903@comcast.net> References: <4541F958.5080903@comcast.net> Message-ID: <20061027131240.GB19338@jabberwocky.com> On Fri, Oct 27, 2006 at 08:19:36AM -0400, Chris Walters wrote: > Hi All, > > I actually have a couple of questions regarding passphrases - speaking > mainly of symmetric encryption (e.g. gpg -c). > > The first question regards the maximum length of a passphrase - I would > like to know what it is in GnuPG. I know there is a practical limit to > what someone could type, but I am looking more for the limit within the > program. GPG only has a limited amount of secure (i.e. unswappable) memory, and that's where passphrases and keys are handled. The effective limit for a passphrase is a few thousand characters. > The second one is, how does GnuPG handle "non-printable" characters, > other than new line characters? What I mean by this is basically > anything you cannot directly type with a normal keyboard (upper ASCII > and the lower ASCII characters). If you can type it, GPG will use it. The only two characters that aren't usable are null and \n. Be careful, though. It's really easy to get into a situation where you can type something on one machine/keyboard/os combo that you can't type on another. If you ever need to replace a machine, you could lock yourself out. David From wk at gnupg.org Fri Oct 27 15:34:49 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 27 15:36:52 2006 Subject: Another passphrase related question... In-Reply-To: <4541F958.5080903@comcast.net> (Chris Walters's message of "Fri\, 27 Oct 2006 08\:19\:36 -0400") References: <4541F958.5080903@comcast.net> Message-ID: <873b99dgqu.fsf@wheatstone.g10code.de> On Fri, 27 Oct 2006 14:19, Chris Walters said: > The first question regards the maximum length of a passphrase - I would > like to know what it is in GnuPG. I know there is a practical limit to There is no explicit one. However the passphrase is put in secure memory and thus in practise there is a limit. A few hundered bytes won't be a problem. > The second one is, how does GnuPG handle "non-printable" characters, > other than new line characters? What I mean by this is basically Not at all. You better don't use any control characters but other then that, gpg does not do anything with the entered passphrase. It would have been better if we had specified that the passphrase shall be UTF-8 encoded. we can't change that anymore and so you should assume the passphrase is basically binary. Take care, when using Pinentry or another GUI there might be some translation done by the GUI. When usning the tty some characters are translated or ignored. For example a tab is translated to a space and we ignore all control characters. Shalom-Salam, Werner From dave.smith at st.com Fri Oct 27 16:10:38 2006 From: dave.smith at st.com (David SMITH) Date: Fri Oct 27 17:54:39 2006 Subject: Can't propagate key through public keyservers Message-ID: <20061027141038.GK23399@bristol.st.com> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 185 bytes Desc: not available Url : /pipermail/attachments/20061027/1aea61dd/attachment-0001.pgp From chris-usenet at netzpunkt.org Fri Oct 27 15:55:45 2006 From: chris-usenet at netzpunkt.org (Christoph Probst) Date: Fri Oct 27 17:55:00 2006 Subject: Bug in getkey.c:2219:merge_selfsigs Message-ID: <200610271555.47067.chris-usenet@netzpunkt.org> Hi, not sure if I hit this bug because I'm doing stupid things or if there is really something wrong with gnupg. Maybe it has something to to with concurrency or my patched version of gnupg ... I'm using the Gentoo Version of gnupg with the following options activated resp. deactivated: X nls smartcard -doc% -gpg2-experimental -ldap -openct% -pcsc-lite% It seems as if Gentoo applies a "gnupg-1.9.20-fbsd.patch" to a gnupg version "1.9.21" but I don't know where this version number is comming from. gpg itself says: gpg (GnuPG) 1.4.5 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB I was working on a large number of files (about 300) which I exported from my email client (the result of a key signing party some weeks ago): ... msg_89.asc: PGP armored data message msg_9.asc: PGP armored data message msg_90.asc: PGP armored data message msg_91.asc: PGP armored data message ... msg_98.asc: PGP armored data message msg_99.asc: PGP armored data message It is possible that some of these files were broken or not decryptable using my key. I can look into it, if it is important. In this directory I was running the following command on the 300 files: ls | xargs -L 1 gpg -d |gpg --import I expected 'ls' to pass all file names to 'xargs -L 1' and while 'xarg' passes one by one to 'gpg -d' to decrypt them. The result were many decrypted signatures for two of my gpg keys which I tried to import using '|gpg --import'. This worked for a while but suddenly gpg terminated by signal 6 ... gpg: encrypted with 2048-bit ELG-E key, ID 7F5A2741, created 2003-11-17 "Christoph Probst " gpg: key 9978AF86: "Christoph Probst " 2 new signatures gpg: onepass_sig with unknown version 126 gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring gpg: keydb_search failed: invalid keyring gpg: key 2A623F72: secret key without public key - skipped gpg: onepass_sig with unknown version 126 gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring gpg: keydb_search failed: invalid keyring gpg: encrypted with ELG-E key, ID 7F5A2741 gpg: decryption failed: secret key not available gpg: key 9978AF86: "Christoph Probst " 1 new signature gpg: Ohhhh jeeee: ... this is a bug (getkey.c:2219:merge_selfsigs) secmem usage: 1472/1472 bytes in 3/3 blocks of pool 1472/32768 xargs: gpg: terminated by signal 6 gpg: key 9978AF86: "Christoph Probst " 2 new signatures gpg: key 2A623F72: "Christoph Probst " 1 new signature gpg: key 2A623F72: "Christoph Probst " 1 new signature gpg: key 2A623F72: "Christoph Probst " 1 new signature gpg: key 2A623F72: "Christoph Probst " 1 new signature gpg: key 2A623F72: "Christoph Probst " 1 new signature gpg: Total number processed: 85 gpg: unchanged: 8 gpg: new signatures: 82 If you have further questions about this case just tell me what I should try or do. I'll save a backup copy of my yesterday keyring which should be able to reproduce this bug. Cheers, Chris -- Kontakt-Details: http://www.christoph-probst.com/kontakt/ PGP-FP: B171 7EA4 988C DD90 1601 D21C 5279 2FAF 9978 AF86 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20061027/cf13db1a/attachment.pgp From wk at gnupg.org Fri Oct 27 19:26:24 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 27 19:31:59 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <20061027141038.GK23399@bristol.st.com> (David SMITH's message of "Fri\, 27 Oct 2006 15\:10\:38 +0100") References: <20061027141038.GK23399@bristol.st.com> Message-ID: <87y7r1brgf.fsf@wheatstone.g10code.de> On Fri, 27 Oct 2006 16:10, David SMITH said: > I'm having some problems with my GnuPG-generated key. I have one > primary DSA for signing (which does not expire), and then every 6 months > I generate a new El-Gamal encryption key (which expires after 6 months). That is fine. Many folks do it like this. > Now, when I upload my public key to a keyserver it all appears to go OK, > but when someone else then tries to download my key, the sub-key is > missing/doesn't work. You are using an old and proken keyserver. The pks keyservers are known to not work correct with several subkeys. You better replace them by a modern implementation like SKS or ONAK. Salam-Shalom, Werner From wk at gnupg.org Fri Oct 27 19:37:01 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 27 19:41:57 2006 Subject: Bug in getkey.c:2219:merge_selfsigs In-Reply-To: <200610271555.47067.chris-usenet@netzpunkt.org> (Christoph Probst's message of "Fri\, 27 Oct 2006 15\:55\:45 +0200") References: <200610271555.47067.chris-usenet@netzpunkt.org> Message-ID: <87u01pbqyq.fsf@wheatstone.g10code.de> On Fri, 27 Oct 2006 15:55, Christoph Probst said: > It seems as if Gentoo applies a "gnupg-1.9.20-fbsd.patch" to a gnupg Can you please post this patch? Or if it is long send it to gnupg-hackers at gnupg.org. > I was working on a large number of files (about 300) which I exported from my > email client (the result of a key signing party some weeks ago): BTW, sending public keys encrypted or signed is a bad habit. There is in general no reason to do so. They end up at a public keyserver anyway. > gpg: onepass_sig with unknown version 126 From michael.kallas at web.de Fri Oct 27 19:46:08 2006 From: michael.kallas at web.de (Michael Kallas) Date: Fri Oct 27 19:44:43 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <20061027141038.GK23399@bristol.st.com> References: <20061027141038.GK23399@bristol.st.com> Message-ID: <454245E0.2050506@web.de> Hi, David SMITH schrieb: > Now, when I upload my public key to a keyserver it all appears to go OK, > but when someone else then tries to download my key, the sub-key is > missing/doesn't work. Have you ever tried hkp://subkeys.pgp.net or hkp://sks.keyserver.penguin.de ? Broken keyservers have serious problems with subkeys. Best wishes Michael -- Nobody can save your freedom but YOU - become a fellow of the FSF Europe! http://www.fsfe.org/en -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 374 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061027/3a5bf37d/signature.pgp From daff at dword.org Fri Oct 27 18:30:03 2006 From: daff at dword.org (Andreas Ntaflos) Date: Fri Oct 27 19:54:27 2006 Subject: GnuPG smartcard + KDE? Message-ID: <200610271830.03902.daff@dword.org> Hello list, this is probably something I should post to a KDE list as well, but there are probably more users here who use a GnuPG smartcard along with KDE than elsewhere. Here's the thing: I got a GnuPG smartcard (but have yet to buy a card reader) by becoming an fsfe.org fellow and like to know about the possibilities to use it with KDE. From what I've read in the smartcard HOWTO and on fsfe.org there is a PAM module to log into the system with the smartcard. Does this work with a login manager like KDM as well? What about locking the screen (xlock, KDE screen/session lock)? Can I use the smartcard for that? That's all I can think of now :) I know, card readers are not very pricy but before buying one for my laptop I just want to know what it is I can do with the smartcard that I can't do with a plain old GnuPG keyring on a USB stick. TIA Andreas -- Andreas "daff" Ntaflos Vienna, Austria GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20061027/a3256ca9/attachment.pgp From b.buerger at penguin.de Fri Oct 27 20:52:23 2006 From: b.buerger at penguin.de (Bjoern Buerger) Date: Sat Oct 28 01:25:17 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <454245E0.2050506@web.de> References: <20061027141038.GK23399@bristol.st.com> <454245E0.2050506@web.de> Message-ID: <45425567.40909@penguin.de> Michael Kallas wrote: > hkp://subkeys.pgp.net or hkp://sks.keyserver.penguin.de ? Sorry, the latter is down at the moment. But you can try hkp://random.sks.keyserver.penguin.de instead, which is a collection of public sks keyservers. All of them treat subkeys in a safe way. Greetings, Bj?rn From jmoore3rd at bellsouth.net Sat Oct 28 01:53:17 2006 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat Oct 28 01:51:58 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <45425567.40909@penguin.de> References: <20061027141038.GK23399@bristol.st.com> <454245E0.2050506@web.de> <45425567.40909@penguin.de> Message-ID: <45429BED.3070307@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Bjoern Buerger wrote: > Michael Kallas wrote: >> hkp://subkeys.pgp.net or hkp://sks.keyserver.penguin.de ? > > Sorry, the latter is down at the moment. But you can > try hkp://random.sks.keyserver.penguin.de instead, > which is a collection of public sks keyservers. All > of them treat subkeys in a safe way. I'd recommend hkp://blackhole.pca.dfn.de JOHN ;) Timestamp: Friday 27 Oct 2006, 19:53 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn4315: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCgAGBQJFQpvqAAoJEBCGy9eAtCsPfIwH/iQal+M81NGmtdvK97TzaXVE rEW+Uq8IIWxHa7XYTdMeND1CIHwA8QCuu2tdVZ6OK0B3QXg3uhX6eGtp/ys/EqBV DGWLRXLapRli0PbP36nQkT26LAFl6+0GlCGmnSIaj8TqRBmnnJ6UlsVkZiPVIrxW K0xvVAgybw9SHGndiffhdjz8iattJKPTT0T6Vq6GSkUu/K/TH+sXI4kTPbbLOSBa yn/SYT1bWxlP2878Vv16r6UUnje9mEBsylM6fZWi5YgHV+T4CNhZhUysr2ZVZFYO +n44ECoUYqiMuZQ0ei3vwTtwbAK0mSFPJPGVu0rmgw6tjmrZDKGZ7tagxgINYdY= =MS9d -----END PGP SIGNATURE----- From JPClizbe at comcast.net Sat Oct 28 08:33:34 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Oct 28 09:11:00 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <45429BED.3070307@bellsouth.net> References: <20061027141038.GK23399@bristol.st.com> <454245E0.2050506@web.de> <45425567.40909@penguin.de> <45429BED.3070307@bellsouth.net> Message-ID: <4542F9BE.8020709@comcast.net> John W. Moore III wrote: > Bjoern Buerger wrote: >> Michael Kallas wrote: >>> hkp://subkeys.pgp.net or hkp://sks.keyserver.penguin.de ? > >> Sorry, the latter is down at the moment. But you can >> try hkp://random.sks.keyserver.penguin.de instead, >> which is a collection of public sks keyservers. All >> of them treat subkeys in a safe way. > > I'd recommend hkp://blackhole.pca.dfn.de John W. Moore III wrote: > Bjoern Buerger wrote: >> Michael Kallas wrote: >>> hkp://subkeys.pgp.net or hkp://sks.keyserver.penguin.de ? > >> Sorry, the latter is down at the moment. But you can >> try hkp://random.sks.keyserver.penguin.de instead, >> which is a collection of public sks keyservers. All >> of them treat subkeys in a safe way. > > I'd recommend hkp://blackhole.pca.dfn.de I wouldn't, and it has nothing to do with the server choice. Remember, we're discussing automatic key retrieval specified in gpg.conf. One doesn't have a forty server drop-down list to cycle through, so it needs to be a best guess. What if blackhole.pca.dfn.de is down or otherwise unreachable? Or foo.baz.net? Or ...? As Bjoern indicated, sks.keyserver.penguin.de is down at the moment even though it may be the perfect choice otherwise. Recommending a single server also is *not* good net citizenship in a case such as this. It is the type of advice that causes servers to be overloaded with an undue amount of traffic as users take such recommendations as 'Gospel'. Ultimately it's the users that suffer the bottleneck. In the worst case, the administrator takes the machine offline; bandwidth costs money - directing all inquiries to a single server is irresponsible. For a comparison, I'll direct you to the recent case of D-Link, which had all of their routers throughout the world hammering a single NTP server in Denmark for time updates. See http://en.wikipedia.org/wiki/NTP_vandalism#D-Link_and_Poul-Henning_Kamp random.sks.keyserver.penguin.de is a DNS round-robin updated nightly with the currently reachable SKS servers. This removes servers that have been down from consideration. Only if there is trouble that day or at the same time as the query could one worry about the server being unreachable. A round-robin also spreads the load among all servers, and since this is SKS, it really is unimportant which server you use to update or query. random.sks.keyserver.penguin.de provides the best solution of the perennial "which server should I use" question. With keyservers just as with keys, it is best to stick with a default behavior unless you have a clear and sensible reason not to do so. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Success is the ability to go from failure to failure without losing your enthusiasm." - Mrs. Patrick Campbell -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061028/9528508b/signature.pgp From b.buerger at penguin.de Sat Oct 28 11:32:07 2006 From: b.buerger at penguin.de (Bjoern Buerger) Date: Sat Oct 28 11:30:28 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <4542F9BE.8020709@comcast.net> References: <20061027141038.GK23399@bristol.st.com> <454245E0.2050506@web.de> <45425567.40909@penguin.de> <45429BED.3070307@bellsouth.net> <4542F9BE.8020709@comcast.net> Message-ID: <45432397.6070504@penguin.de> John Clizbe wrote: >>I'd recommend hkp://blackhole.pca.dfn.de The that server has always been a good choice, since it is maintained by Germany`s National Research and Education Network and their people are payed to keep the Service running ;-) So I would second that recommendation for users in Germany - especially those in the DFN. But John is right. Putting only one single server into the configuration will cause problems. Today, tomorrow or maybe in a few years. Servers vanish into thin air, DNS entries change or don't get updates. But I should clarify the situation with *.keyserver.penguin.de, since there might be a misunderstanding. sks.keyserver.penguin.de is a single keyserver located on a private machine. The only reason for this server is this: At the time I set up the machine there was no subkey-safe server accessible, even blackhole.pca.dfn.de was running broken software and most of the public announced servers in *.pgp.net and *.keyserver.net where just inaccessible or did not sync their keys correctly. However, there was the sks keyserver project with two or three servers and I installed one on my own machine to get "my very own" Keyserver which was accessible all the time I needed it. The sks synchronisation proved to be absolutely stable since all new keys where also exchanged via mail-sync to the "old" keyserver network, sks users got the best of both worlds. And I was a student, which means: Compared to my situation today I had plenty of time for this stuff ;-) random.sks.keyserver.penguin.de has always been a private experiment. The main Problem with the existing wwwkeys.pgp.net was the missing continous maintenance of this RR-Alias. And when I started the experiment, most of the Keyservers in the pgp.net RR Aliases where broken, not subkey-safe or just not there. Since I had a cron job running, which updated the SKS Keyserver Gossip map (based on the status pages of all known SKS Servers), I feeded that information into my very own RR Alias: random.sks.keyserver.penguin.de. > I wouldn't, and it has nothing to do with the server choice. John is absolutely right. As I said before, the penguin.de aliases are only experimental and it is a private project. I have never had any problems with other people using this service, since it was the most only functional solution for some time. And I had the ressources to provide the service to anyone who wanted it. BUT: a) Nowadays there are plenty of SKS Servers out there b) I am no longer a student and my time for this stuff is very limited. I will reaktivate sks.keyserver.penguin.de sometime, but at the moment the hardware is broken and it is just a hobby... c) random.sks.keyserver.penguin.de is on hold at the moment, since the mapping script was runnning on the keyserver. d) Even if I would setup a new Server for all of this, I couldn't handle the Traffic. This was no problem in the past, since I had an agreement with my university (which was interested in such a service). e) Things change. f) I have provided this service for many years now, time for someone else to step in ;-) > Remember, we're discussing automatic key retrieval specified in gpg.conf. One > doesn't have a forty server drop-down list to cycle through, so it needs to be a > best guess. ACK. > What if blackhole.pca.dfn.de is down or otherwise unreachable? Or foo.baz.net? > Or ...? As Bjoern indicated, sks.keyserver.penguin.de is down at the moment even > though it may be the perfect choice otherwise. > Recommending a single server also is *not* good net citizenship in a case such > as this. It is the type of advice that causes servers to be overloaded with an > undue amount of traffic as users take such recommendations as 'Gospel'. Yes. I would like to see a keyserver-system where each provider offers their own local keyserver just like they do with DNS, smtp, etc. Each Server should sync with two or three other Servers via the SKS synchronisation mechanism which has proven to be very good. > Ultimately it's the users that suffer the bottleneck. In the worst case, the > administrator takes the machine offline; bandwidth costs money - directing all > inquiries to a single server is irresponsible. ACK. > random.sks.keyserver.penguin.de is a DNS round-robin updated nightly with the > currently reachable SKS servers. This removes servers that have been down from > consideration. Only if there is trouble that day or at the same time as the > query could one worry about the server being unreachable. A round-robin also > spreads the load among all servers, and since this is SKS, it really is > unimportant which server you use to update or query. Yes. But as I stated before, it is a private experiment and may also vanish some time. And at the moment the update is on hold. I would like to see such a service on the servers of some public organisation, e.g. the DFN or pgp.net. Maybe we have to change to status pages of SKS (or introduce a new machnism just for those RR-Aliases) to support some kind of "Type" for a Keyserver. E.g. most of the Keyservers in the random.sks.keyserver.penguin.de rotation provide services on the hkp standard port. But not all of them provide a Webserver on port 80 with a keyservr-request form as known by the wwwkeys.pgp.net servers. Other Servers provide hkp-service on port 80 for people behind firewalls... I would like to see different RR-Aliases like sks.rr.pgp.net pks.rr.pgp.net subkeysafe.rr.pgp.net port80.rr.pgp.net some-other-keyserver-group.rr.pgp.net eu-hkp-keyservers-subkeysafe.rr.pgp.net us-hkp-keyservers-subkeysafe.rr.pgp.net [...] I think you get the picture. Each Server Admin could add his server to one or more of these groups and the automatic update mechnism would take care of the rest. If you would implement this via something like the SKS Status Pages (and add a compatible status page to all other keyserver variants, everyone could just use the pgp.net alias or create his own RR-Alias in another domain from that information. There wouldn't be a single point of failure. Just my 2? :-) Greetings, Bj?rn CC to pgp-keyserver-folk@alt.org and sks-devel@nongnu.org set From olaf.gellert at intrusion-lab.net Sat Oct 28 10:15:59 2006 From: olaf.gellert at intrusion-lab.net (Olaf Gellert) Date: Sat Oct 28 11:54:33 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <4542F9BE.8020709@comcast.net> References: <20061027141038.GK23399@bristol.st.com> <454245E0.2050506@web.de> <45425567.40909@penguin.de> <45429BED.3070307@bellsouth.net> <4542F9BE.8020709@comcast.net> Message-ID: <454311BF.5020908@intrusion-lab.net> John Clizbe wrote: > John W. Moore III wrote: >> I'd recommend hkp://blackhole.pca.dfn.de > > I wouldn't, and it has nothing to do with the server choice. Well, I would not be so harsh. I guess there are pretty well connected servers (concerning bandwidth and reliability of network lines) and not so good connected or equipped (concerning reliable hardware) ones. Additionally good connectivity always depends on where YOU actually are (so have all lines from the server to your client wide bandwidth? No bottle- neck in between?). And it might even be that a server that is reachable from random.sks.keyserver.de is not reachable from my local client. > Remember, we're discussing automatic key retrieval specified in gpg.conf. One > doesn't have a forty server drop-down list to cycle through, so it needs to be a > best guess. If you ask me cycling AUTOMATICALLY through a local list of servers could even be a better thing than random.sks.keyserver.de, because it let's room for users choices. So maybe random.sks.keyserver.de is a reasonable default, but may not always be the best solution. In a list that is stepped through locally I could decide to enter serverX.wherever.com as first, serverY.somewhereelse.org as second and random.sks.keyserver.de as third choice. > random.sks.keyserver.penguin.de provides the best > solution of the perennial "which server should I > use" question. So as always: Having or proposing just a single solution is not a good thing. Have lots of solutions and let people choose what to use seems better (and having a good default for those who are not experienced enough to choose or who don't care). So the solution "random.sks.keyserver.de" might be a good default, but who am I to judge what is the BEST solution? Cheers, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services olaf.gellert@intrusion-lab.net From robbat2 at gentoo.org Sat Oct 28 12:30:38 2006 From: robbat2 at gentoo.org (Robin H. Johnson) Date: Sat Oct 28 14:24:46 2006 Subject: Bug in getkey.c:2219:merge_selfsigs In-Reply-To: <87u01pbqyq.fsf@wheatstone.g10code.de> References: <200610271555.47067.chris-usenet@netzpunkt.org> <87u01pbqyq.fsf@wheatstone.g10code.de> Message-ID: <20061028103038.GD7140@curie-int.orbis-terrarum.net> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : /pipermail/attachments/20061028/f24b90a5/attachment.pgp From laurent.jumet at skynet.be Sat Oct 28 16:49:46 2006 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat Oct 28 17:00:32 2006 Subject: Could not change expiration date... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello ! I could not change the expiration date of my first SubKey (ElGamal). Procedure seems OK but it's never acted. I had to revoque it after having made another EG SubKey. Any suggestion? Known bug? - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFFQ26V9R1toM+vcEwRA74KAKDThw5kDYZOKlhhJQrOTD3MUXOpqACglAww gYFLsMEL5NGLY1rd+lsZ+6U= =QfUp -----END PGP SIGNATURE----- From me at psmay.com Sun Oct 29 16:58:54 2006 From: me at psmay.com (Peter S. May) Date: Sun Oct 29 19:24:09 2006 Subject: FAQ 6.10: "If I submit a key to a keyserver, nothing happens ..." Message-ID: <4544CFBE.3080007@psmay.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My brother-in-law has just started using GnuPG for Windows (I think the version in Gpg4win, but not sure). Until I reread the FAQ it was a bit confusing that his keyserver uploads weren't working. It didn't readily give him an error probably because he was using it through Enigmail, but that's beside the point. The point: What's so difficult about supporting HKP uploads on Windows that it hasn't been done yet, two major releases after the FAQ says the error was added? Why would downloads work but not uploads? Has the task been assigned? Has this been fixed in the 1.9 dev versions? Thanks -- PSM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFRM+2ei6R+3iF2vwRAmIiAJ9jHvWLenjTzWnS3rxVodtLbjx+cgCfVBlh kNKC0sd9vvx4RPkxMN2mCnI= =cqdc -----END PGP SIGNATURE----- From henry.bremridge at xobie.com Sun Oct 29 19:25:17 2006 From: henry.bremridge at xobie.com (Henry Bremridge) Date: Sun Oct 29 19:26:13 2006 Subject: FSFE Smart Card Message-ID: <200610291826.k9TIQ2d3025953@rs26.luxsci.com> Running Debian-Etch I deleted my decryption sub-key by mistake and my back up was incomplete... After taking advice it seems that the only way forward is (in order) to: - Issue a new keypair - Sign the new-keypair with my current signature - Tell all those who signed my old-key of my new key ID - Revoke my old keypair - Publish my key Question: - The FSFE website states that the recommended procedure is to use the smart card with sub-keys only. If however I am creating a new key-pair and backing up the secret key to a safe place, then what is the problem? If I lose my smart card would I not be able to continue with the backed up secret-key? - Is there any way to add a uid to the generated smart card, or is it possible to only use one identity? Any assistance would be much appreciated -- Henry Sun Oct 29 18:25:08 GMT 2006 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20061029/fb31720f/attachment.pgp From wk at gnupg.org Sun Oct 29 19:57:09 2006 From: wk at gnupg.org (Werner Koch) Date: Sun Oct 29 20:01:51 2006 Subject: Bug in getkey.c:2219:merge_selfsigs In-Reply-To: <20061028103038.GD7140@curie-int.orbis-terrarum.net> (Robin H. Johnson's message of "Sat\, 28 Oct 2006 03\:30\:38 -0700") References: <200610271555.47067.chris-usenet@netzpunkt.org> <87u01pbqyq.fsf@wheatstone.g10code.de> <20061028103038.GD7140@curie-int.orbis-terrarum.net> Message-ID: <877iyjar22.fsf@wheatstone.g10code.de> On Sat, 28 Oct 2006 12:30, Robin H. Johnson said: > As one of the Gentoo crypto developers, I can conclusively state that > this patch is not at fault. I was just curious what this patch is about. I can't remember that it has been posted before. > # this warning is only available on gcc4! > sed -i -e '/AM_CFLAGS/s!-Wno-pointer-sign!!g' g10/Makefile.am > sed -i -e '/AM_CFLAGS/s!-Wno-pointer-sign!!g' g10/Makefile.in Right, thus we do AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign]) since quite some time. Salam-Shalom, Werner From JPClizbe at comcast.net Sun Oct 29 23:00:08 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Sun Oct 29 22:59:29 2006 Subject: FAQ 6.10: "If I submit a key to a keyserver, nothing happens ..." In-Reply-To: <4544CFBE.3080007@psmay.com> References: <4544CFBE.3080007@psmay.com> Message-ID: <45452468.8080905@comcast.net> Peter S. May wrote: > My brother-in-law has just started using GnuPG for Windows (I think the > version in Gpg4win, but not sure). Until I reread the FAQ it was a bit > confusing that his keyserver uploads weren't working. It didn't readily > give him an error probably because he was using it through Enigmail, but > that's beside the point. If an error is returned from GnuPG, Enigmail should have popped up a warning window. If not I need to open a bug for Patrick. > The point: What's so difficult about supporting HKP uploads on Windows > that it hasn't been done yet, two major releases after the FAQ says the > error was added? Why would downloads work but not uploads? Has the > task been assigned? Has this been fixed in the 1.9 dev versions? What's so difficult? Nothing. It has been implemented for a very long time now. Hasn't been done yet? It has worked without a problem for me for over 3 1/2 years. LDAP on Windows was fixed circa 1.3.6-cvs. C:\WINDOWS>gpg --send-key 0x608d2a10 gpg: sending key 608D2A10 to hkp server minsky.surfnet.nl Key block added to key server database. New public keys added:
1 keys added successfully.
C:\WINDOWS> Could you be a bit more specific than 'doesn't work'? That's a huge amount of territory to try and debug. FWIW, this is the first I have heard of such an issue on either this, the Enigmail list, or PGP-Basics. When one selects 'Upload Public Keys to Keyserver' from Enigmail key management window, Enigmail pops up a window with a drop-down selection for Keyserver. Which keyserver is being selected? Has he tried a different selection? -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061029/15ad6329/signature.pgp From dshaw at jabberwocky.com Sun Oct 29 23:16:22 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Oct 29 23:14:33 2006 Subject: FAQ 6.10: "If I submit a key to a keyserver, nothing happens ..." In-Reply-To: <4544CFBE.3080007@psmay.com> References: <4544CFBE.3080007@psmay.com> Message-ID: <20061029221622.GD2769@jabberwocky.com> On Sun, Oct 29, 2006 at 10:58:54AM -0500, Peter S. May wrote: > My brother-in-law has just started using GnuPG for Windows (I think the > version in Gpg4win, but not sure). Until I reread the FAQ it was a bit > confusing that his keyserver uploads weren't working. It didn't readily > give him an error probably because he was using it through Enigmail, but > that's beside the point. You are confused. That FAQ item refers to a version of GnuPG that hasn't been current in 6 years. You might be having a problem, but it seems to work just fine for everyone else and has been working for many years. > The point: What's so difficult about supporting HKP uploads on Windows > that it hasn't been done yet, two major releases after the FAQ says the > error was added? Why would downloads work but not uploads? Has the > task been assigned? Has this been fixed in the 1.9 dev versions? Please give enough information that we might be able to help you. Simply saying "keyserver uploads weren't working" gives us no way to even guess. David From spamcan26 at yahoo.com Mon Oct 30 01:12:23 2006 From: spamcan26 at yahoo.com (Dead Loss) Date: Mon Oct 30 01:11:00 2006 Subject: gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: Message-ID: <20061030001223.16892.qmail@web53304.mail.yahoo.com> I have downloaded GnuPG-1.4.5 and successfully built it using ./configure ?prefix=/usr/mylocal ?libdir=/usr/local/lib \ ?includedir=/usr/local/phplibs/include/ ?with-libiconv-prefix=/usr/local/phplibs as I do not have root access to my machine, but when I try to connect to pgp.mit.edu I get the following error [mylogin][~]$ gpg ?keyserver pgp.mit.edu ?recv-keys 0?985A444B gpg: requesting key 985A444B from hkp server pgp.mit.edu /usr/mylocal/libexec/gnupg/gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: cannot open shared object file: No such file or directory gpg: no handler for keyserver scheme `hkp? gpg: keyserver receive failed: keyserver error What have I done wrong? Obviously gpgkeys_hkp is not able to resolve the library at run time, but how to fix this? I had to edit keyserver/Makefile.am to get it to compile as it kept failing - could not find curl/curl.h (ksutils.c). make[2]: Entering directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5/keyserver' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgkeys_ldap-gpgkeys_ldap.o -MD -MP -MF ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo" -c -o gpgkeys_ldap-gpgkeys_ldap.o `test -f 'gpgkeys_ldap.c' || echo './'`gpgkeys_ldap.c; \ then mv -f ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo" ".deps/gpgkeys_ldap-gpgkeys_ldap.Po"; else rm -f ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo"; exit 1; fi In file included from gpgkeys_ldap.c:47: ksutil.h:26:23: curl/curl.h: No such file or directory make[2]: *** [gpgkeys_ldap-gpgkeys_ldap.o] Error 1 make[2]: Leaving directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5/keyserver' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5' make: *** [all] Error 2 I moved these definitions to the end and added $(gpgkeys_curl_CPPFLAGS) gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@ $(gpgkeys_curl_CPPFLAGS) gpgkeys_ldap_LDADD = ../util/libutil.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ gpgkeys_finger_LDADD = ../util/libutil.a @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ Richard From dshaw at jabberwocky.com Mon Oct 30 01:37:46 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Oct 30 01:36:03 2006 Subject: gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: In-Reply-To: <20061030001223.16892.qmail@web53304.mail.yahoo.com> References: <20061030001223.16892.qmail@web53304.mail.yahoo.com> Message-ID: <20061030003746.GE2769@jabberwocky.com> On Sun, Oct 29, 2006 at 04:12:23PM -0800, Dead Loss wrote: > I have downloaded GnuPG-1.4.5 and successfully built it using > > ./configure ?prefix=/usr/mylocal ?libdir=/usr/local/lib \ > ?includedir=/usr/local/phplibs/include/ ?with-libiconv-prefix=/usr/local/phplibs > > as I do not have root access to my machine, but when I try to connect to pgp.mit.edu I get the following error > > [mylogin][~]$ gpg ?keyserver pgp.mit.edu ?recv-keys 0?985A444B > > gpg: requesting key 985A444B from hkp server pgp.mit.edu > > /usr/mylocal/libexec/gnupg/gpgkeys_hkp: error while loading shared > libraries: libcurl.so.3: cannot open shared object file: No such file > or directory > > gpg: no handler for keyserver scheme `hkp? > > gpg: keyserver receive failed: keyserver error > > > What have I done wrong? Obviously gpgkeys_hkp is not able to resolve the library at run time, but how to fix this? Your configure statement pretty much broke autoconf's heart. Try a simple "./configure --prefix=/where/you/can/write/to" and leave it at that. Let autoconf work for you. David From dave.smith at st.com Mon Oct 30 10:42:20 2006 From: dave.smith at st.com (David SMITH) Date: Mon Oct 30 10:41:39 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <87y7r1brgf.fsf@wheatstone.g10code.de> References: <20061027141038.GK23399@bristol.st.com> <87y7r1brgf.fsf@wheatstone.g10code.de> Message-ID: <20061030094220.GA12355@bristol.st.com> On Fri, Oct 27, 2006 at 07:26:24PM +0200, Werner Koch wrote: > On Fri, 27 Oct 2006 16:10, David SMITH said: > > I'm having some problems with my GnuPG-generated key. I have one > > primary DSA for signing (which does not expire), and then every 6 months > > I generate a new El-Gamal encryption key (which expires after 6 months). > > That is fine. Many folks do it like this. I thought so. :-) > > Now, when I upload my public key to a keyserver it all appears to go OK, > > but when someone else then tries to download my key, the sub-key is > > missing/doesn't work. > > You are using an old and proken keyserver. The pks keyservers are > known to not work correct with several subkeys. You better replace > them by a modern implementation like SKS or ONAK. I suspected as much. I was just a bit surprised, as I've propagated my key through public keyservers before, and never come across this problem. I guess it must not like my new subkeys. Thanks (to you and the others) for the suggestions on which keyservers to try; I'll try them when I get home (as we have a rather restrictive firewall here at work). Does anyone have any more details on exactly *what* is "broken" on the pks keyservers? I'm going to have to convince our IT department that it's the keyserver that's broken, and not my key (since no-one else has the problem, as they all use single subkeys), and I think it's going to be an uphill struggle to persuade them to install a brand new keyserver rather than just tell me to create a new set of keys. Thanks. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith@st.com BRISTOL, BS32 4SQ | Home Email: David.Smith@ds-electronics.co.uk From olaf.gellert at intrusion-lab.net Mon Oct 30 12:43:55 2006 From: olaf.gellert at intrusion-lab.net (Olaf Gellert) Date: Mon Oct 30 12:42:29 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <20061030094220.GA12355@bristol.st.com> References: <20061027141038.GK23399@bristol.st.com> <87y7r1brgf.fsf@wheatstone.g10code.de> <20061030094220.GA12355@bristol.st.com> Message-ID: <4545E57B.6090401@intrusion-lab.net> David SMITH wrote: > Does anyone have any more details on exactly *what* is "broken" on the > pks keyservers? I'm going to have to convince our IT department that it's > the keyserver that's broken, and not my key (since no-one else has the > problem, as they all use single subkeys), and I think it's going to be > an uphill struggle to persuade them to install a brand new keyserver > rather than just tell me to create a new set of keys. To my knowledge on outdated versions of PKS a key is mangled completely if a new subkey arrives. On recent PKS servers, a new subkey is simply not stored (so the old subkey stays there and the complete key stays intact, only the new subkey is missing). The word has it that there was one single patched PKS that could handle multiple subkeys, but the patch was never published. You might convince your IT-department at least when someone else has to add a new subkey. So just sit and wait and you will get better (or more) arguments... ;-) No, to be honest: SKS keyservers work for all recent key formats of PGP/GnuPG, so that's a solution... Regards, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services olaf.gellert@intrusion-lab.net From wk at gnupg.org Mon Oct 30 12:44:41 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 30 12:47:01 2006 Subject: Can't propagate key through public keyservers In-Reply-To: <20061030094220.GA12355@bristol.st.com> (David SMITH's message of "Mon\, 30 Oct 2006 09\:42\:20 +0000") References: <20061027141038.GK23399@bristol.st.com> <87y7r1brgf.fsf@wheatstone.g10code.de> <20061030094220.GA12355@bristol.st.com> Message-ID: <87wt6i81ue.fsf@wheatstone.g10code.de> On Mon, 30 Oct 2006 10:42, David SMITH said: > Does anyone have any more details on exactly *what* is "broken" on the > pks keyservers? I'm going to have to convince our IT department that it's PKS does not support OpenPGP. What it does is just a hack to support one subkey but no full merging code. There are other problems as well. David could probably come up with complete list. The common understanding is not to use pks anymore. All big sites have meanwhile changed to SKS. Salam-Shalom, Werner From spamcan26 at yahoo.com Mon Oct 30 14:36:46 2006 From: spamcan26 at yahoo.com (Dead Loss) Date: Mon Oct 30 14:35:48 2006 Subject: gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: Message-ID: <20061030133646.63169.qmail@web53301.mail.yahoo.com> Thanks for your reply. I have started a fresh install and I still have the same issues 1. make uninstall to remove current installation 2. Download source from GnuPG.org 3. gunzip2 -c gnupg-1.4.5.tar.bz2|tar -xf 4. cd gnupg-1.4.5 5. ./configure --prefix=/usr/mylocal 6. make All goes well until... Making all in keyserver make[2]: Entering directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5/keyserver' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgkeys_ldap-gpgkeys_ldap.o -MD -MP -MF ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo" -c -o gpgkeys_ldap-gpgkeys_ldap.o `test -f 'gpgkeys_ldap.c' || echo './'`gpgkeys_ldap.c; \ then mv -f ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo" ".deps/gpgkeys_ldap-gpgkeys_ldap.Po"; else rm -f ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo"; exit 1; fi In file included from gpgkeys_ldap.c:47: ksutil.h:26:23: curl/curl.h: No such file or directory make[2]: *** [gpgkeys_ldap-gpgkeys_ldap.o] Error 1 make[2]: Leaving directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5/keyserver' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5' make: *** [all] Error 2 So I then tried 7, ./configure --prefix=/usr/mylocal -?with-libiconv-prefix=/usr/local/phplibs 8. make 9. make install 10. gpg --help gpg: error while loading shared libraries: libiconv.so.2: cannot open shared object file: No such file or directory Hmmmm.... ---Reply --to Original Message---- Your configure statement pretty much broke autoconf's heart. Try a simple "./configure --prefix=/where/you/can/write/to" and leave it at that. Let autoconf work for you. David ----- Original Message ---- From: Dead Loss To: gnupg-users@gnupg.org Sent: Monday, October 30, 2006 12:12:23 AM Subject: gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: I have downloaded GnuPG-1.4.5 and successfully built it using ./configure ?prefix=/usr/mylocal ?libdir=/usr/local/lib \ ?includedir=/usr/local/phplibs/include/ ?with-libiconv-prefix=/usr/local/phplibs as I do not have root access to my machine, but when I try to connect to pgp.mit.edu I get the following error [mylogin][~]$ gpg ?keyserver pgp.mit.edu ?recv-keys 0?985A444B gpg: requesting key 985A444B from hkp server pgp.mit.edu /usr/mylocal/libexec/gnupg/gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: cannot open shared object file: No such file or directory gpg: no handler for keyserver scheme `hkp? gpg: keyserver receive failed: keyserver error What have I done wrong? Obviously gpgkeys_hkp is not able to resolve the library at run time, but how to fix this? I had to edit keyserver/Makefile.am to get it to compile as it kept failing - could not find curl/curl.h (ksutils.c). make[2]: Entering directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5/keyserver' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgkeys_ldap-gpgkeys_ldap.o -MD -MP -MF ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo" -c -o gpgkeys_ldap-gpgkeys_ldap.o `test -f 'gpgkeys_ldap.c' || echo './'`gpgkeys_ldap.c; \ then mv -f ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo" ".deps/gpgkeys_ldap-gpgkeys_ldap.Po"; else rm -f ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo"; exit 1; fi In file included from gpgkeys_ldap.c:47: ksutil.h:26:23: curl/curl.h: No such file or directory make[2]: *** [gpgkeys_ldap-gpgkeys_ldap.o] Error 1 make[2]: Leaving directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5/keyserver' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5' make: *** [all] Error 2 I moved these definitions to the end and added $(gpgkeys_curl_CPPFLAGS) gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@ $(gpgkeys_curl_CPPFLAGS) gpgkeys_ldap_LDADD = ../util/libutil.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ gpgkeys_finger_LDADD = ../util/libutil.a @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ Richard From dshaw at jabberwocky.com Mon Oct 30 15:50:42 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Oct 30 15:48:59 2006 Subject: gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: In-Reply-To: <20061030133646.63169.qmail@web53301.mail.yahoo.com> References: <20061030133646.63169.qmail@web53301.mail.yahoo.com> Message-ID: <20061030145042.GB22310@jabberwocky.com> On Mon, Oct 30, 2006 at 05:36:46AM -0800, Dead Loss wrote: > Thanks for your reply. I have started a fresh install and I still have the same issues > > 1. make uninstall to remove current installation > 2. Download source from GnuPG.org > 3. gunzip2 -c gnupg-1.4.5.tar.bz2|tar -xf > 4. cd gnupg-1.4.5 > 5. ./configure --prefix=/usr/mylocal > 6. make > All goes well until... > > Making all in keyserver > make[2]: Entering directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5/keyserver' > if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgkeys_ldap-gpgkeys_ldap.o -MD -MP -MF ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo" -c -o gpgkeys_ldap-gpgkeys_ldap.o `test -f 'gpgkeys_ldap.c' || echo './'`gpgkeys_ldap.c; \ > then mv -f ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo" ".deps/gpgkeys_ldap-gpgkeys_ldap.Po"; else rm -f ".deps/gpgkeys_ldap-gpgkeys_ldap.Tpo"; exit 1; fi > In file included from gpgkeys_ldap.c:47: > ksutil.h:26:23: curl/curl.h: No such file or directory > make[2]: *** [gpgkeys_ldap-gpgkeys_ldap.o] Error 1 > make[2]: Leaving directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5/keyserver' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/usr/home/mylogin/apps/dl/gnupg-1.4.5' > make: *** [all] Error 2 Ok, good. Can you send me the config.log file that autoconf generated for this run? David From spamcan26 at yahoo.com Mon Oct 30 16:45:49 2006 From: spamcan26 at yahoo.com (Dead Loss) Date: Mon Oct 30 16:44:47 2006 Subject: gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: Message-ID: <20061030154550.22210.qmail@web53307.mail.yahoo.com> Have sent config.log file to dshaw at his jabberwocky address. Shall I cross post here? From FHubeny at wittbiomedical.com Fri Oct 27 20:52:15 2006 From: FHubeny at wittbiomedical.com (Frank Hubeny) Date: Mon Oct 30 18:12:30 2006 Subject: Windows GUI recommendation for USB disk Message-ID: <7AE52964E6B84342B866EFC4FE3CC06F13A7F5@exchange1.venom.wittbiomedical.com> Hello Robert; I got your e-mail from gnupg user group posts. You can use gpgshell on a USB drive. You have to have a installed copy of both gpg, and gpgshell on your pc first. Then down load a utility called copy2usb from the gpgshell web site. There is a link to it in the documentation for gpgshell. It works fine I am using it now and have removed all encryption tools from my pc. The file manager in gpgshell works fine. For me to do encryption and decryption. If I can help please send me any questions in plain text. FRANK D. HUBENY RMA SUPERVISOR Philips Medical Systems Cardio/Vascular Systems 305 North Drive Melbourne, Florida 32934 USA Phone: +1 321.253.5693 ext. 1176 Toll-free: +1 800.669.1328 ext. 1176 Fax: +1 321.253.0372 E-Mail: fhubeny@wittbiomedical.com The information contained in this message is confidential and may be legally privileged. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, or reproduction is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ? ? From spamcan26 at yahoo.com Sat Oct 28 18:41:08 2006 From: spamcan26 at yahoo.com (Dead Loss) Date: Mon Oct 30 18:12:40 2006 Subject: gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: Message-ID: <20061028164108.63957.qmail@web53305.mail.yahoo.com> I have downloaded GnuPG-1.4.5 and built it using ./configure ?prefix=/usr/mylocal ?libdir=/usr/local/lib ?includedir=/usr/local/phplibs/include/ ?with-libiconv-prefix=/usr/local/phplibs as I do not have root access to my machine, but when I try to connect to pgp.mit.edu I get the following error [mylogin][~]$ gpg ?keyserver pgp.mit.edu ?recv-keys 0?985A444B gpg: requesting key 985A444B from hkp server pgp.mit.edu /usr/mylocal/libexec/gnupg/gpgkeys_hkp: error while loading shared libraries: libcurl.so.3: cannot open shared object file: No such file or directory gpg: no handler for keyserver scheme `hkp? gpg: keyserver receive failed: keyserver error What have I done wrong? I had to edit keyserver/Makefile.am to get it to compile as it kept failing - could not find curl/curl.h (ksutils.c). I moved these definitions to the end and added $(gpgkeys_curl_CPPFLAGS) gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@ $(gpgkeys_curl_CPPFLAGS) gpgkeys_ldap_LDADD = ../util/libutil.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ gpgkeys_finger_LDADD = ../util/libutil.a @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ Richard From psmay at halfgeek.org Sun Oct 29 23:25:32 2006 From: psmay at halfgeek.org (Peter S. May) Date: Mon Oct 30 18:12:43 2006 Subject: FAQ 6.10: "If I submit a key to a keyserver, nothing happens ..." In-Reply-To: <20061029221622.GD2769@jabberwocky.com> References: <4544CFBE.3080007@psmay.com> <20061029221622.GD2769@jabberwocky.com> Message-ID: <45452A5C.6000306@halfgeek.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > Please give enough information that we might be able to help you. > Simply saying "keyserver uploads weren't working" gives us no way to > even guess. Since the problem was mentioned in the FAQ, I assumed this was the problem at hand; I didn't think any further information was necessary. Apologies. In any case, it isn't my own problem; I'll have to investigate next time he and I are in the same state (some months from now). Thanks -- PSM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFRSpYei6R+3iF2vwRArK4AJ9v7ZXYhy24B3HxImIUErBi8p15WgCfRvaT KFc5JN4Epv4EdaOwMUrVcPE= =X87K -----END PGP SIGNATURE----- From nicholas at njhaes.org Mon Oct 30 18:01:55 2006 From: nicholas at njhaes.org (Nicholas) Date: Mon Oct 30 19:25:55 2006 Subject: Link error in 1.9.{91,92,93,94} Message-ID: <200610310102.23929.nicholas@njhaes.org> Hello, Hope you can help even if this is more of a GNU make question. I get the following linker error Making all in kbx make[2]: Entering directory `/usr/src/packages/SOURCES/gnupg-1.9.94/kbx' gcc -g -O2 -Wall -o kbxutil kbxutil.o keybox-util.o keybox-init.o keybox-blob.o keybox-file.o keybox-search.o keybox-update.o keybox-openpgp.o keybox-dump.o ../jnlib/libjnlib.a ../gl/libgnu.a -L/usr/local/lib -lksba -lgpg-error -L/usr/local/lib -lgcrypt -lgpg-error -lgpg-error ../common/libcommon.a -ldl ../jnlib/libjnlib.a(utf8conv.o)(.text+0x5a0): In function `do_utf8_to_native': /usr/src/packages/SOURCES/gnupg-1.9.94/jnlib/utf8conv.c:574: undefined reference to `libiconv_open' several more undefined references to libiconv, libiconv_open and libiconv_close omitted collect2: ld returned 1 exit status Some more details to help or obsure: Running GNU/Linux, distro. is SuSE 9.2, SuSE updated kernel 2.6.8-24.25-default On Athlon i686 machine gpg configured with ./configure --enable-noexecstack --enable-dsa2 --enable-m-guard --with-gpg-error-prefix=/usr/local --with-libassuan-prefix=/usr/local --with-ksba-prefix=/usr/local --with-pth-prefix=/usr/local --with-libiconv-prefix=/usr/local --with-libgcrypt-prefix=/usr/local --with-photo-viewer=/opt/kde3/bin/kuickshow --enable-symcryptrun --enable-selinux-support --disable-scdaemon --disable-ldap --with-dirmngr-pgm=/usr/local/bin/ --with-libintl-prefix=/usr/local --with-pinentry-pgm=/usr/local/bin/ Versions: libgpg-error = 1.4 libassuan = 0.9.3 libksba = 1.0.0 pth = 2.0.7 libiconv = 1.11 libgcrypt = 1.2.3 dirmngr = 0.9.6 pinentry = 0.7.2 If I run gcc directly in kbx (and at the several other points where the same type of error occurs) and include "-liconv" I can compile. This is obviously seriously dumb way to go about fixing the problem even though I have finished the compile that way. The Makefile seems ok, the variables for libiconv are pointing to /usr/local (why -rpath?): LIBICONV = /usr/local/lib/libiconv.so -Wl,-rpath -Wl,/usr/local/lib LTLIBICONV = -L/usr/local/lib -liconv -R/usr/local/lib and these variables are set in the subdirectories' Makefiles too. I don't know enough about the tool-chain to see why "-liconv" isn't passed to gcc. compiling with gcc (GCC) 3.3.4 (pre 3.3.5 20040809) Thanks, Nicholas -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : /pipermail/attachments/20061031/baa1d786/attachment.pgp From wk at gnupg.org Tue Oct 31 20:54:07 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 31 21:28:45 2006 Subject: [Announce] libassuan 1.0.0 released Message-ID: <8764e0gt28.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From atkin901 at yahoo.com Tue Oct 31 22:00:07 2006 From: atkin901 at yahoo.com (Mark Atkinson) Date: Tue Oct 31 22:03:07 2006 Subject: gpg strips '0x' on key searches... Message-ID: For example, in v1.4.5 that I'm using: gpg --keyserver hkp://pgpkeys.mit.edu --search-keys 0xCA6CDFB2 is translated to: http://pgpkeys.mit.edu:11371/pks/lookup?op=index&options=mr&search=CA6CDFB2&exact=on and fails. where http://pgpkeys.mit.edu:11371/pks/lookup?op=index&options=mr&search=0xCA6CDFB2&exact=on would work. Is this the fault of gpg, or the key server? -- Mark Atkinson atkin901@yahoo.com (!wired)?(coffee++):(wired); From stijn at sandcat.nl Tue Oct 31 14:58:04 2006 From: stijn at sandcat.nl (Stijn Hoop) Date: Wed Nov 1 17:44:08 2006 Subject: deleting signatures from uids Message-ID: <20061031135804.GV31897@localhost.localdomain> Hi, I'm almost certain that this is a FAQ but my GoogleFu fails me today so I turn to the mailing list. After a reinstall some weeks ago today I "needed" my GPG key again, and to my horror I forgot to copy it over. Luckily I found an old backup of my ~/.gnupg and all seemed well after a cleanup of the trust db etc. However I also wanted to "clean up" my key. It was published on a keyserver a long while ago (2001) when me and a few friends where toying around with PGP; I've since used GnuPG once in a while but they stopped using it, and aren't interested in the web of trust anymore. On the keyservers, there are therefore lots of signatures on my key from others that a) are really not useful anymore or b) that I have never even met (how did those get there!). Fortunately it looks like I can delete those signatures locally with --edit-key and then using 'delsig'. However I cannot get the keyservers to accept the new key without the useless signatures; they only seem to add new ones (as is evident from the multiple self-signatures now present). In a way I can see why; removing signatures from uids seems like it should require a passphrase, however it doesn't work that way. I've also read that it's nearly impossible to remove a key from the keyservers, however that's also not what I want to do, just update it. Am I running into a limitation of the public key server architecture? If so I guess I'll have to live with the crufty signatures, but if not, what am I doing wrong? Regards, --Stijn From bogus@does.not.exist.com Tue Oct 31 20:56:19 2006 From: bogus@does.not.exist.com () Date: Sun Nov 19 01:23:23 2006 Subject: No subject Message-ID: > I was more thinking along the line of the AT Mega > Funcard with an Atmel ATmega161 or -163 EXACTLY what I concluded - if you're interested, join the above list and then browse the archives at http://www.py-soft.co.uk/mailman/private/open-openpgp-card/ > SOSSE is a nice starting ground for development; however, as this is a > security product, I think one should rewrite large parts of it with > constantly keeping security in mind. SOSSE is developed as an > educational platform, not a crypto provider. I think, if you audited > SOSSE code for security, you have more chance of overseeing a weakness > than if you wrote completely new code. I agree that SOSSE provides a good starting point. We may yet decide to write this from the ground up, but SOSSE will at least point us [me] in the right direction! :) > I'm not touching legality with a 40-feet pole, by the way :). Nor me... :) Ben