From ged at solace.miun.se Wed Aug 1 16:06:38 2007 From: ged at solace.miun.se (Sten Lindgren) Date: Wed, 1 Aug 2007 16:06:38 +0200 (CEST) Subject: OpenPGP card on Javacard Message-ID: I have released a alpha test version of an applet implementing part of the OpenPGP card specification on Java card. It is avaible from sourceforge at http://sourceforge.net/projects/jopenpgpcard/. Feel free to test it but don't use it for production use since it is alpha. If you remove the applet from your card to update in the futureyou loose your keys, This implementation has only been tested on one brand of cards using Linux and gnupg. I does not support key sizes above 1536 bits. You may have to apply a patch to gnupg apdu.c implementing support for "SW_EXACT_LENGTH" in order to get it to work, the patch is in the release on sourceforge and attached to this mail. The patch is against GnuPG 1.4.7, no other version has been tested yet. Key import doesn't work, only on card key generation. Please read the README file before trying to use it. Most other parts of the specification should be implemented. Only some basic testing of key generation, signing and decryption has been done. Additional features as use of authentification key has not been tested. I you use authentification somewhere feel free to test and report if it works or not. Questions and bug reports should be sent to me. Some todo items that remains to be done: - Support for 2048 bit keys (This will most likely need ENVELOPE to be implemented both on card and in gnupg. 2048 bit acually work for key generation and signing but not for decryption due to need for more then 254 bytes of data to be sent to the card). - Key import. (This might not be possible to do in accordance with the OpenPGP card specification due to limitations in the Java Card API) - Automatic generation of random serial numbers for the card (when needed). - Testing on more cards. Sten Lindgren ged at solace.miun.se -------------- next part -------------- *** g10/apdu.c 2006-03-05 15:46:14.000000000 +0100 --- ../gnupg-1.4.7.patched/g10/apdu.c 2007-07-10 12:50:03.000000000 +0200 *************** *** 2640,2645 **** --- 2640,2660 ---- return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; + /* A small hack to fix support for cards sending back SW_EXACT_LENGTH */ + if ((sw & 0xff00) == SW_EXACT_LENGTH && (sw & 0x00ff) > 0) + { + resultlen = RESULTLEN; + apdu[apdulen - 1] = (sw & 0x00ff); + rc = send_apdu (slot, apdu, apdulen, result, &resultlen, pininfo); + if (rc || resultlen < 2) + { + log_error ("apdu_send_simple(%d) failed: %s\n", + slot, apdu_strerror (rc)); + unlock_slot (slot); + return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; + } + sw = (result[resultlen-2] << 8) | result[resultlen-1]; + } /* store away the returned data but strip the statusword. */ resultlen -= 2; if (DBG_CARD_IO) From alon.barlev at gmail.com Wed Aug 1 17:41:57 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Wed, 1 Aug 2007 18:41:57 +0300 Subject: OpenPGP card on Javacard In-Reply-To: References: Message-ID: <9e0cf0bf0708010841o7bbbdb90l3e9b6612d7e3bd7f@mail.gmail.com> On 8/1/07, Sten Lindgren wrote: > I have released a alpha test version of an applet implementing part of > the OpenPGP card specification on Java card. It is avaible from I just wounder... Why do you wish to do this? You already have MUSCLE which provides java applet. You already have coolkey (http://directory.fedoraproject.org/wiki/CoolKey) provides java applet. You already have standard PKCS#11 interface to MUSCLE (also using OpenSC) and coolkey. And you have http://gnupg-pkcs11.sourceforge.net/ which allows gnupg to use standard PKCS#11 tokens. Implementing a card structure for a specific software is incorrect solution. There should be a standard interface for cards that allows application to access them, without dependency of specific hardware/implementation. There are two standards: PKCS#11 (cross platform, vendor independent) and CAPI (Microsoft). The fact that GnuPG developer choose to reinvent the wheel is not for the benefit of their users. If you like smarcard development, you can try to provide a generic card (That can hold more than 3 keys), secured (2048) and usable (More than one application)... This involves in providing a PKCS#11 provider that communicate with your generic applet. Best Regards, Alon Bar-Lev. From wk at gnupg.org Wed Aug 1 20:18:08 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 01 Aug 2007 20:18:08 +0200 Subject: OpenPGP card on Javacard In-Reply-To: <9e0cf0bf0708010841o7bbbdb90l3e9b6612d7e3bd7f@mail.gmail.com> (Alon Bar-Lev's message of "Wed, 1 Aug 2007 18:41:57 +0300") References: <9e0cf0bf0708010841o7bbbdb90l3e9b6612d7e3bd7f@mail.gmail.com> Message-ID: <87bqdrw23j.fsf@wheatstone.g10code.de> On Wed, 1 Aug 2007 17:41, alon.barlev at gmail.com said: > Implementing a card structure for a specific software is incorrect > solution. The majorty of the smartcard world things different. In fact the OpenPGP card specification is in wider use than many of the other card specs. It is for example used to secure email, disk, X-ray machines, phones and a wealth of other stuff. In fact the OpenPGP card specification is even suggested by the BSI[1] because it is one of the very few openly available and actual implemented and produced specs. Shalom-Salam, Werner p.s. I won't get into such a discussion we you again, so please take this as for the records only. [1] German Federal Information Security Agency From wk at gnupg.org Wed Aug 1 20:22:38 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 01 Aug 2007 20:22:38 +0200 Subject: OpenPGP card on Javacard In-Reply-To: (Sten Lindgren's message of "Wed, 1 Aug 2007 16:06:38 +0200 (CEST)") References: Message-ID: <873az3w1w1.fsf@wheatstone.g10code.de> On Wed, 1 Aug 2007 16:06, ged at solace.miun.se said: > the OpenPGP card specification on Java card. It is avaible from > sourceforge at http://sourceforge.net/projects/jopenpgpcard/. Feel free to Cool. > and gnupg. I does not support key sizes above 1536 bits. You may have to > apply a patch to gnupg apdu.c implementing support for "SW_EXACT_LENGTH" BTW, we already have such a thing at a higher level. Anyway, I just added a similar patch to apdu.c (SVN trunk): --- apdu.c (revision 4543) +++ apdu.c (working copy) @@ -2648,6 +2649,7 @@ assert (sizeof (apdu) >= apdulen); /* As safeguard don't pass any garbage from the stack to the driver. */ memset (apdu+apdulen, 0, sizeof (apdu) - apdulen); + exact_length_hack: resultlen = RESULTLEN; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, pininfo); if (rc || resultlen < 2) @@ -2658,7 +2660,14 @@ return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; - /* store away the returned data but strip the statusword. */ + if (!did_exact_length_hack && SW_EXACT_LENGTH_P (sw)) + { + apdu[apdulen-1] = (sw & 0x00ff); + did_exact_length_hack = 1; + goto exact_length_hack; + } + + /* Store away the returned data but strip the statusword. */ resultlen -= 2; if (DBG_CARD_IO) { Shalom-Salam, Werner From jason at the-greenes.net Wed Aug 1 22:27:20 2007 From: jason at the-greenes.net (jag7720) Date: Wed, 1 Aug 2007 13:27:20 -0700 (PDT) Subject: gpg in a for loop Message-ID: <11951969.post@talk.nabble.com> I am writing a "simple" script that loops through a file and encrypts each file listed then secure copies it to another server... I am stuck When I run my script I get gpg: shawnm: skipped: public key not found here is the part of my script that does the encrytping and scp-ing for FILE in `cat $EEX` do gpg -e -r shawnm $FILE if [ $? -ne 0 ] ; then echo "Could not encrypt $FILE" exit 1 fi scp $FILE.gpg $USER@$DEST:$FILE.gpg if I put this in its own script by itself and substitute the $FILE variable with a file name it will run. gpg -e -r shawnm file.txt Am I missing something? Can someone help? Jason -- View this message in context: http://www.nabble.com/gpg-in-a-for-loop-tf4202075.html#a11951969 Sent from the GnuPG - User mailing list archive at Nabble.com. From mvyver at gmail.com Thu Aug 2 15:06:19 2007 From: mvyver at gmail.com (Mark Van De Vyver) Date: Thu, 2 Aug 2007 23:06:19 +1000 Subject: gnupg 'unknown user' complaint about the subkey of a public key (signed) Message-ID: <389c43e40708020606q5cc503d2heee15d5b22a3b64f@mail.gmail.com> Hi, Thanks for all the excellent work that has gone into making gnupg available. (Please cc me directly if possible - my list membership seems to be taking some time, and I now need to sleep... ) I'm using: openSUSE 10.2 gnupg (gpg-1.4.5-24.4 and gpg2-1.9.22-20.2 ) The gnupg packages are those distributed by suse. I think I've run into a problem that has been encountered before (see the link below): http://lists.gnupg.org/pipermail/gnupg-users/2006-May/028663.html Specifically I find that gnupg (1.4.5 and 1.9.22) always complains about a public subkey being unknown: gpg: : There is no assurance this key belongs to the named user gpg: [stdin]: sign+encrypt failed: unusable public key I've tried re-signing this key, and gpg indicates that the key was already signed. If I try and sign the subkey it indicates the key is not used for signing, and that the key has already been signed.... It took me ages/days to work all this out, so I'm at my wits end :) I assume the patch mentioned above will fix my problem.... Unfortunately I'm not that comfortable patching and building... so was hoping someone can indicate what version(s) of gnupg would come with this patch? Ideally I'd like to have a production 'version' (1.4.x), but if it is too soon for that I'd live with using the development version (2.x). My distribution is and the latest release they have is 1.4.5. I'd appreciate any suggestions. Regards Mark From jason at the-greenes.net Thu Aug 2 17:33:56 2007 From: jason at the-greenes.net (jag7720) Date: Thu, 2 Aug 2007 08:33:56 -0700 (PDT) Subject: gpg in a for loop [SOLVED] In-Reply-To: <11951969.post@talk.nabble.com> References: <11951969.post@talk.nabble.com> Message-ID: <11966839.post@talk.nabble.com> Ok, I seem to have found a solution If I add --homedir /home/foobar/.gnupg to my code it works. so instead of this gpg -e -r user at user.com file.txt use this gpg -e --homedir /home/foobar/.gnupg -r user at user.com file.txt -- View this message in context: http://www.nabble.com/gpg-in-a-for-loop-tf4202794.html#a11966839 Sent from the GnuPG - User mailing list archive at Nabble.com. From jason at the-greenes.net Wed Aug 1 21:10:04 2007 From: jason at the-greenes.net (jag7720) Date: Wed, 1 Aug 2007 12:10:04 -0700 (PDT) Subject: gpg in a for loop Message-ID: <11951969.post@talk.nabble.com> I am writing a "simple" script that loops through a file and encrypts each file listed then secure copies it to another server... I am stuck When I run my script I get gpg: shawnm: skipped: public key not found here is the part of my script that does the encrytping and scp-ing for FILE in `cat $EEX` do gpg -e -r shawnm $FILE if [ $? -ne 0 ] ; then echo "Could not encrypt $FILE" exit 1 fi scp $FILE.gpg $USER@$DEST:$FILE.gpg if I put this in its own script by itself and substitute the $FILE variable with a file name it will run. gpg -e -r shawnm file.txt Am I missing something? Can someone help? Jason -- View this message in context: http://www.nabble.com/gpg-in-a-for-loop-tf4202075.html#a11951969 Sent from the GnuPG - User mailing list archive at Nabble.com. From nico-linux-gnupg at schottelius.org Sun Aug 5 01:25:41 2007 From: nico-linux-gnupg at schottelius.org (Nico Schottelius) Date: Sun, 5 Aug 2007 01:25:41 +0200 Subject: gpgme: A small introduction started Message-ID: <20070804232541.GB16926@schottelius.org> Hello again! Sorry for the last mail, was a largefile support problem (missed -D_FILE_OFFSET_BITS=64). As I did not find any easy to use documentation for gpgme, I started to write one: http://nico.schottelius.org/documentations/howtos/a-small-introduction-for-using-gpgme/ Feel free to comment it. I'll extend it, as I continue to write more tests / examples. Nico -- Think about Free and Open Source Software (FOSS). http://nico.schottelius.org/documentations/foss/the-term-foss/ PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20070805/ff311821/attachment-0001.pgp From nico-linux-gnupg at schottelius.org Sun Aug 5 00:05:18 2007 From: nico-linux-gnupg at schottelius.org (Nico Schottelius) Date: Sun, 5 Aug 2007 00:05:18 +0200 Subject: gpgme: export key problems Message-ID: <20070804220518.GA16926@schottelius.org> Hello! I'm new to gpgme and have some understanding problems: I'm trying to export a key: -------------------------------------------------------------------------------- err = gpgme_data_new(&data); err = gpgme_op_export(ceofcontext,NULL,0,data); /* returns no error */ read_bytes = gpgme_data_seek (data, 0, SEEK_END); /* returns -1 */ p = gpgme_strerror(errno); /* returns "Invalid encoding method" */ -------------------------------------------------------------------------------- So I added more code to my test: -------------------------------------------------------------------------------- setlocale (LC_ALL, ""); gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL)); gpgme_set_textmode(ceofcontext,0); gpgme_set_armor(ceofcontext, 1); err = gpgme_data_set_encoding(data,GPGME_DATA_ENCODING_ARMOR); if(err != GPG_ERR_NO_ERROR) return 11; tmp = gpgme_data_get_encoding(data); if(tmp == GPGME_DATA_ENCODING_ARMOR) { printf("encode ok\n"); /* matches / is printed out */ } -------------------------------------------------------------------------------- Still the same error. Then I tried t-export.c from the test directory from gpgme. Result: -------------------------------------------------------------------------------- [23:47] denkbrett:gpg% LANG=C ./t-export Begin Result: t-support.h:56: Unspecified source: Invalid argument -------------------------------------------------------------------------------- I searched for examples for using gpgme, but there seem to be more or less none available. Does anyone have a hint for me, what I am doing wrong? I attached the whole testprogram. Sincerly Nico -- Think about Free and Open Source Software (FOSS). http://nico.schottelius.org/documentations/foss/the-term-foss/ PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C -------------- next part -------------- A non-text attachment was scrubbed... Name: gpgme1.c Type: text/x-csrc Size: 4350 bytes Desc: not available Url : /pipermail/attachments/20070805/28f18d03/attachment.c -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20070805/28f18d03/attachment.pgp From wk at gnupg.org Mon Aug 6 09:27:26 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 06 Aug 2007 09:27:26 +0200 Subject: gpgme: export key problems In-Reply-To: <20070804220518.GA16926@schottelius.org> (Nico Schottelius's message of "Sun, 5 Aug 2007 00:05:18 +0200") References: <20070804220518.GA16926@schottelius.org> Message-ID: <87lkcpm8bl.fsf@wheatstone.g10code.de> On Sun, 5 Aug 2007 00:05, nico-linux-gnupg at schottelius.org said: > p = gpgme_strerror(errno); /* returns "Invalid encoding method" */ You may not pass errno to a gpg_strerror or gpgme_strerror (which is just a wrapper). You shall pass an gpg_error_t error code to these functions. > I searched for examples for using gpgme, but there seem to be more or > less none available. What about: KMail, Mutt, Sylpheeed, Claws, Seahorse, Licq, GPA, Elmo, Centericq, Bazaar and Balsa? There is also a complete manual which comes with gpgme. Salam-Shalom, Werner From rjh at sixdemonbag.org Tue Aug 7 21:17:53 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 07 Aug 2007 15:17:53 -0400 Subject: OpenPGP and usability Message-ID: <46B8C561.9070101@sixdemonbag.org> (Two of the three points mentioned in this email are Enigmail-specific. However, the worst one is an OpenPGP problem, and one that probably deserves more attention, which is why I'm posting it to gnupg-users.) I'm sitting in the Hampton Room of the Sheraton Boston right now attending a meeting of electronic voting researchers. A few minutes ago a big name in computer security--if I gave it, you would probably know it--finished talking about his experiences with a large voting machine investigation, and how they were using OpenPGP to secure communications between researchers. Or, at least, trying to. I have his permission to relate his experiences to these lists. I am omitting his name because I am going from my memory of the conversation I had with him, and I may have misunderstood a detail here or there, and I don't want to do anything that might besmirch his reputation because I misunderstood things. Anyway. The problem, as he said: "forty computer security professionals can't use GnuPG among them because the [cognitive] overhead is too much." He had several mailing lists for different tasks in his electronic voting research. Roughly 40 people in total were on the mailing lists. His ultimate goal was to ensure confidentiality; assurance was not a major issue, but was a nice side benefit. He was using Enigmail and GnuPG, while other people on lists were using GnuPG + gpgol, PGP + Outlook, or (in one case) a custom Windows PowerShell script gluing together GnuPG and Microsoft Word. I do not have version numbers for any of these. The good news: he describes Thunderbird + Enigmail + GnuPG as "the best thing going for email crypto," or words pretty close to that. Unfortunately, that turned out to be pretty faint praise. Problem 1: key signatures. He says he couldn't figure out what he needed to do with the keys. Did he need to sign them? Trust them? What's validity and otrust again? Who should be set up as a trusted introducer? Why wasn't the cursed thing working?! As he said, "I know, I knew what needed to be done, but even knowing what needed to be done, I couldn't figure out what needed to be done." Even just talking about it, months after the fact, he sounded frustrated. Problem 2: PGP/MIME. Correspondents who were using PGP/MIME for attachments found massive interoperability problems. Apparently, Enigmail has an idiosyncratic way of doing PGP/MIME which causes heartache and woe for non-Enigmail users. (I haven't confirmed this; this is just according to him.) Problem 3: Key selection. They ultimately decided to just go with a single shared GnuPG key for each mailing list. The idea here was that as soon as the project finished, each person could just nuke their copy of the mailing list key and the mailing list messages would effectively be put forever beyond use. However, Enigmail would frequently encrypt-to-self, or encrypt to the keys of other people on the mailing lists, or... etc. Ultimately, he says that his resolution was just to always show the key confirmation dialog. From juergen.fenn at GMX.DE Tue Aug 7 22:44:01 2007 From: juergen.fenn at GMX.DE (Juergen Fenn) Date: Tue, 07 Aug 2007 22:44:01 +0200 Subject: OpenPGP and usability In-Reply-To: <46B8C561.9070101@sixdemonbag.org> (Robert J. Hansen's message of "Tue\, 07 Aug 2007 15\:17\:53 -0400") References: <46B8C561.9070101@sixdemonbag.org> Message-ID: "Robert J. Hansen" writes: > Anyway. The problem, as he said: "forty computer security professionals > can't use GnuPG among them because the [cognitive] overhead is too much." Sounds strange to me... but, then, I am not a security pro... > Problem 2: PGP/MIME. Correspondents who were using PGP/MIME for > attachments found massive interoperability problems. Apparently, > Enigmail has an idiosyncratic way of doing PGP/MIME which causes > heartache and woe for non-Enigmail users. (I haven't confirmed this; > this is just according to him.) I have used GnuPG with Gnus under Win98SE for quite a while now. I have not experienced any problems with other users running the more "professional" applications, e.g. mutt. However, I did not succeed to communicate with a user running enigmail under Linux because we did not manage to get the German special characters right. We did not manage to find out what this was due to. We just gave up. Thanks for your report. Regards, J?rgen. From wk at gnupg.org Wed Aug 8 10:51:15 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 08 Aug 2007 10:51:15 +0200 Subject: OpenPGP and usability In-Reply-To: <46B8C561.9070101@sixdemonbag.org> (Robert J. Hansen's message of "Tue, 07 Aug 2007 15:17:53 -0400") References: <46B8C561.9070101@sixdemonbag.org> Message-ID: <871weeh0jg.fsf@wheatstone.g10code.de> On Tue, 7 Aug 2007 21:17, rjh at sixdemonbag.org said: > Anyway. The problem, as he said: "forty computer security professionals > can't use GnuPG among them because the [cognitive] overhead is too much." So today the question is "Why Diffie can't encrypt" ;-) > Problem 1: key signatures. He says he couldn't figure out what he > needed to do with the keys. Did he need to sign them? Trust them? Just "lsign" all keys or let someone sign all keys and assign him ultimate trust. That is the easiest ad-hoc way. > What's validity and otrust again? Who should be set up as a trusted > introducer? Why wasn't the cursed thing working?! As he said, "I know, That is really hard stuff as it is about setting up a complete PKI. We can't exepct that an average user (even a security expert) can to this without a lot of experience. > Problem 2: PGP/MIME. Correspondents who were using PGP/MIME for > attachments found massive interoperability problems. Apparently, > Enigmail has an idiosyncratic way of doing PGP/MIME which causes > heartache and woe for non-Enigmail users. (I haven't confirmed this; > this is just according to him.) It is really a shame that the one Free Software project which is known by more than the computer geeks - namely Mozilla - is refusing to support an established standard like PGP/MIME. We have had several implementations of it over the years for the new mail componnent (now known as Thunderbird) but all of them have been refused without giving good reasons. In this regard Thunderbird is no better than Outlook! BTW: We would be able to solve the Outlook PGP/MIME sending problem if we could informally agree on a variant of the Content-Type header which gets checked by PGP/MIME aware MUAs before they use the real Content-Type. Yes, it would be an ugly hack but very helpful. Salam-Shalom, Werner From rjh at sixdemonbag.org Wed Aug 8 19:39:58 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 08 Aug 2007 13:39:58 -0400 Subject: OpenPGP and usability In-Reply-To: <871weeh0jg.fsf@wheatstone.g10code.de> References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf@wheatstone.g10code.de> Message-ID: <46B9FFEE.60200@sixdemonbag.org> Werner Koch wrote: > So today the question is "Why Diffie can't encrypt" ;-) Not quite Whit Diffie, but not that far away from him, either. :) > Just "lsign" all keys or let someone sign all keys and assign him > ultimate trust. That is the easiest ad-hoc way. Right, I'm not disputing that there is a way to do this. However, the person in question was unable to find that solution in the time he spent researching the problem. This suggests to me that either (a) the OpenPGP standard is bad for being too complex, (b) [GnuPG|Enigmail]'s user [interface|documentation] is bad for not making it easier to discover these things. I doubt we can do anything about (a), but all four cases of (b) might warrant some looking into. From patrick at mozilla-enigmail.org Wed Aug 8 20:20:28 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Wed, 08 Aug 2007 20:20:28 +0200 Subject: OpenPGP and usability In-Reply-To: <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> Message-ID: Werner Koch wrote: >> Problem 2: PGP/MIME. Correspondents who were using PGP/MIME for >> attachments found massive interoperability problems. Apparently, >> Enigmail has an idiosyncratic way of doing PGP/MIME which causes >> heartache and woe for non-Enigmail users. (I haven't confirmed this; >> this is just according to him.) > > It is really a shame that the one Free Software project which is known > by more than the computer geeks - namely Mozilla - is refusing to > support an established standard like PGP/MIME. We have had several > implementations of it over the years for the new mail componnent (now > known as Thunderbird) but all of them have been refused without giving > good reasons. > > In this regard Thunderbird is no better than Outlook! But there is Enigmail, and I'm doing my best to integrate .it as neatly as possible into Thunderbird ;-) > BTW: We would be able to solve the Outlook PGP/MIME sending problem if > we could informally agree on a variant of the Content-Type header which > gets checked by PGP/MIME aware MUAs before they use the real > Content-Type. Yes, it would be an ugly hack but very helpful. What precisely would you need (or send)? I would be open to implement such a "solution" in Enigmail, if it helps! -Patrick From wk at gnupg.org Thu Aug 9 05:51:42 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 09 Aug 2007 05:51:42 +0200 Subject: OpenPGP and usability In-Reply-To: (Patrick Brunschwig's message of "Wed, 08 Aug 2007 20:20:28 +0200") References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> Message-ID: <87bqdhcqlt.fsf@wheatstone.g10code.de> On Wed, 8 Aug 2007 20:20, patrick at mozilla-enigmail.org said: > What precisely would you need (or send)? I would be open to implement > such a "solution" in Enigmail, if it helps! I am considering to have a new header like Gpgol-content-type: application/pgp-encrypted to supplement the Outlook generated Content-type. The problem is that there is no way in Outlook/MAPI to override all content-types - Outlook has its own idea on how to set them. Tough it is possible to set the content-type of the top body, there is no way to set any conent type below that an thus we would end up with text/plain instead applaiction/pgp-encrypted for the first part. I have not yet implemented that in gpgol. I did some tests last year and they showed that it will be possible. It would also be possible to fixup the content type later using an SMTP proxy but that won't be easy to install. A new MAPI transport provider could also fixup such things but I fear that this will raise all kinds of compatibility problems. Salam-Shalom, Werner From patrick at mozilla-enigmail.org Thu Aug 9 09:52:44 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Thu, 09 Aug 2007 09:52:44 +0200 Subject: OpenPGP and usability In-Reply-To: <87bqdhcqlt.fsf@wheatstone.g10code.de> References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> <87bqdhcqlt.fsf@wheatstone.g10code.de> Message-ID: <46BAC7CC.4010209@mozilla-enigmail.org> Werner Koch wrote: > On Wed, 8 Aug 2007 20:20, patrick at mozilla-enigmail.org said: > >> What precisely would you need (or send)? I would be open to implement >> such a "solution" in Enigmail, if it helps! > > I am considering to have a new header like > > Gpgol-content-type: application/pgp-encrypted > > to supplement the Outlook generated Content-type. The problem is that > there is no way in Outlook/MAPI to override all content-types - Outlook > has its own idea on how to set them. Tough it is possible to set the > content-type of the top body, there is no way to set any conent type > below that an thus we would end up with text/plain instead > applaiction/pgp-encrypted for the first part. > > I have not yet implemented that in gpgol. I did some tests last year > and they showed that it will be possible. > > It would also be possible to fixup the content type later using an SMTP > proxy but that won't be easy to install. A new MAPI transport provider > could also fixup such things but I fear that this will raise all kinds > of compatibility problems. I would actually call the content type X-Gpgol-content-type: application/pgp-encrypted I think at least concerning Enigmail, I could handle this properly. -Patrick From nicholas.cole at gmail.com Thu Aug 9 08:36:21 2007 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Thu, 9 Aug 2007 07:36:21 +0100 Subject: OpenPGP and usability In-Reply-To: <46B8C561.9070101@sixdemonbag.org> References: <46B8C561.9070101@sixdemonbag.org> Message-ID: On 8/7/07, Robert J. Hansen wrote: > Problem 1: key signatures. He says he couldn't figure out what he > needed to do with the keys. Did he need to sign them? Trust them? > What's validity and otrust again? Who should be set up as a trusted > introducer? Why wasn't the cursed thing working?! As he said, "I know, > I knew what needed to be done, but even knowing what needed to be done, > I couldn't figure out what needed to be done." Even just talking about > it, months after the fact, he sounded frustrated. In my experience, this is one of the biggest hurdles. One of PGP's problems from the beginning is that words like "sign" and "valid" have always been used in several different contexts, and then introduced all of them to the user at once. What the (beginner) needs to be told is that, if he wants to tell his software to use a particular key, he should sign (validate / mark as genuine) it. If he is at all unsure about the key he needs to check the Fingerprint with his contact. And that's all. (As an aside: I note that all these social networking sites have a web of trust of sorts, so the concept is not impossible to present to the user in a very straightforward way). Other concepts should be intoduced as features that help larger organisations, not as something that the user needs to understand before he even gets started. The original PGP software also made the mistake of saying this like (I forget the exact wording now) "This is a GOOD signature from an Invalid key", which is just unhelpful to the new user. What it meant to say was "You have not validated the key that signed this message - it may or may not be genuine." Or better words to that effect. Best wishes, N. From jf_payette at hotmail.com Wed Aug 8 21:36:22 2007 From: jf_payette at hotmail.com (Jean-Francois Payette) Date: Wed, 08 Aug 2007 15:36:22 -0400 Subject: ASP Shell and GnuPG Message-ID: Hello, I saw your question about using gnupg with asp shell at this address : http://lists.gnupg.org/pipermail/gnupg-users/2006-April/028283.html. Did you find the solutions? I am having problem to make it work in asp. If i use the dos comand line it works fine. Here's my code: Set WshShell = Server.CreateObject("Wscript.Shell") command = PGP_PATH&"\gnupg\gpg.exe --sign --passphrase thisisatest C:\Inetpub\wwwroot\PGP\ENCFILES\BET2007080834_INT.XML" response.write "Exit Code: " & WshShell.run(command, 1, true) & "
" set wshshell = nothing Hope you can help _________________________________________________________________ Enjoy The Show: Buskers & Street Performers http://search.live.com/images/results.aspx?q=Amuseurs+publics&mkt=fr-ca&FORM=SERNEP From ewrobinson at fedex.com Thu Aug 9 20:56:29 2007 From: ewrobinson at fedex.com (Eric Robinson) Date: Thu, 9 Aug 2007 13:56:29 -0500 Subject: Partial file download issue - GPG In-Reply-To: References: Message-ID: <32B8847FC645964E9F42BB8CCCF0147B24649C@MEMEXCH06V.corp.ds.fedex.com> Hello Group, I need some help in determining what this problem is. I have a customer that is trying to decrypt a file but it is not 'getting' the complete file. Message is below: # gpg --decrypt SMAL070809.txt > foo.txt gpg: encrypted with 1024-bit ELG-E key, ID 957F2C4C, created 2005-03-14 "VisionaryServices (VSi ProdKey) " gpg: fatal: zlib inflate problem: invalid stored block lengths secmem usage: 2080/2368 bytes in 4/7 blocks of pool 3424/32768 [root at deepthought remit]# gpg --decrypt -o bar.txt SMAL070809.txt gpg: encrypted with 1024-bit ELG-E key, ID 957F2C4C, created 2005-03-14 "VisionaryServices (VSi ProdKey) " gpg: fatal: zlib inflate problem: invalid stored block lengths secmem usage: 2080/2368 bytes in 4/7 blocks of pool 3424/32768 [root at deepthought remit]# diff foo.txt bar.txt [root at deepthought remit]# wc -l foo.txt 1815 foo.txt Can anyone help? Thanks, Eric ------------------------------------- Eric Robinson Business Application Advisor FedEx Corporate Services Internet Engineering & EC Integration 901.263.5749 ------------------------------------- From dshaw at jabberwocky.com Thu Aug 9 22:52:56 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 9 Aug 2007 16:52:56 -0400 Subject: Partial file download issue - GPG In-Reply-To: <32B8847FC645964E9F42BB8CCCF0147B24649C@MEMEXCH06V.corp.ds.fedex.com> References: <32B8847FC645964E9F42BB8CCCF0147B24649C@MEMEXCH06V.corp.ds.fedex.com> Message-ID: <20070809205256.GA25529@jabberwocky.com> On Thu, Aug 09, 2007 at 01:56:29PM -0500, Eric Robinson wrote: > Hello Group, > I need some help in determining what this problem is. I have a customer > that is trying to decrypt a file but it is not 'getting' the complete > file. Message is below: > > # gpg --decrypt SMAL070809.txt > foo.txt > gpg: encrypted with 1024-bit ELG-E key, ID 957F2C4C, created 2005-03-14 > "VisionaryServices (VSi ProdKey) " > gpg: fatal: zlib inflate problem: invalid stored block lengths secmem > usage: 2080/2368 bytes in 4/7 blocks of pool 3424/32768 > [root at deepthought remit]# gpg --decrypt -o bar.txt SMAL070809.txt > gpg: encrypted with 1024-bit ELG-E key, ID 957F2C4C, created 2005-03-14 > "VisionaryServices (VSi ProdKey) " > gpg: fatal: zlib inflate problem: invalid stored block lengths secmem > usage: 2080/2368 bytes in 4/7 blocks of pool 3424/32768 > [root at deepthought remit]# diff foo.txt bar.txt [root at deepthought remit]# > wc -l foo.txt > 1815 foo.txt The file is corrupt, so cannot be processed. How was the file created? Try comparing the original to what the customer has. David From ewrobinson at fedex.com Thu Aug 9 23:54:34 2007 From: ewrobinson at fedex.com (Eric Robinson) Date: Thu, 9 Aug 2007 16:54:34 -0500 Subject: Partial file download issue - GPG In-Reply-To: <20070809205256.GA25529@jabberwocky.com> References: <32B8847FC645964E9F42BB8CCCF0147B24649C@MEMEXCH06V.corp.ds.fedex.com> <20070809205256.GA25529@jabberwocky.com> Message-ID: <32B8847FC645964E9F42BB8CCCF0147B2464FE@MEMEXCH06V.corp.ds.fedex.com> Thanks for the response. We think it might be the file size. These are over 4MB. Now we've started with one record, that worked, and we are increasing the file size gradually, up to 1.9MB, and success so far. Is there a file size limit on GPG? Thanks, Eric ------------------------------------- Eric Robinson Business Application Advisor FedEx Corporate Services Internet Engineering & EC Integration 901.263.5749 ------------------------------------- -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of David Shaw Sent: Thursday, August 09, 2007 3:53 PM To: gnupg-users at gnupg.org Subject: Re: Partial file download issue - GPG On Thu, Aug 09, 2007 at 01:56:29PM -0500, Eric Robinson wrote: > Hello Group, > I need some help in determining what this problem is. I have a > customer that is trying to decrypt a file but it is not 'getting' the > complete file. Message is below: > > # gpg --decrypt SMAL070809.txt > foo.txt > gpg: encrypted with 1024-bit ELG-E key, ID 957F2C4C, created 2005-03-14 > "VisionaryServices (VSi ProdKey) " > gpg: fatal: zlib inflate problem: invalid stored block lengths secmem > usage: 2080/2368 bytes in 4/7 blocks of pool 3424/32768 > [root at deepthought remit]# gpg --decrypt -o bar.txt SMAL070809.txt > gpg: encrypted with 1024-bit ELG-E key, ID 957F2C4C, created 2005-03-14 > "VisionaryServices (VSi ProdKey) " > gpg: fatal: zlib inflate problem: invalid stored block lengths secmem > usage: 2080/2368 bytes in 4/7 blocks of pool 3424/32768 > [root at deepthought remit]# diff foo.txt bar.txt [root at deepthought > remit]# wc -l foo.txt > 1815 foo.txt The file is corrupt, so cannot be processed. How was the file created? Try comparing the original to what the customer has. David _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From nico-linux-gnupg at schottelius.org Thu Aug 9 22:42:13 2007 From: nico-linux-gnupg at schottelius.org (Nico Schottelius) Date: Thu, 9 Aug 2007 22:42:13 +0200 Subject: key sizes: maximum size and shrinking Message-ID: <20070809204213.GB17879@schottelius.org> Hello guys! We are trying to write a chat protocol, which uses gpg (gpgme especially) for encryption / signing. As it is an chat protocol, we try to keep latency down. As far as I can see the biggest packets we'll have are those containing the key exchange (as others are only messages, transport protocol metadata, ..., but no packet is > 1 KiB). I did some tests (dirty notes attached) and it looks like the whole packet is about 5KiB (which is pretty much): 4096-bit dsa-elgamal public key, binary: 1680 Bytes + Initial Key exchange metadata / data: 2 + 2 + 4 + 128 tp + 2 = 138 Bytes = 3008 bytes for one inner packet, containing one transport protocol + n * 128 bytes nexthop specification, n == 8, => 1024 Bytes testing showed 128 bytes are enough, see doc/packets/outer-draft1 for tests + encyption + signatur = 4033 Bytes in test ==> ~ 5 KiB including possible bigger keys That's really much, as we intend to have static packet sizes (indenpendent of content, so external watchers cannot see which type of packet is sent) and continues traffic (so one cannot determine if we send data or noise). The first idea was to use a send interval of 250ms, but that would make ~20KiB/s + protocol overhead (transport protocols maybe mostly everything, including. http, smtp, ftp, ..., everything that may transport bytes). With this size we could only do a maximum of 2s intervals... So my questions to you gnupg experts are: - Is there a maximum size for an exported, non-armored public key? => if yes, we could use that as a base and pad the rest - Are there any good (possibly gnupg / gpgme included) methods to shrink the size of the exported public key? - Or would you recommened using gzip/bzip2/lzma additionally? As far as I've tested it, gzip and bzip2 are just adding header overhead, so I assume gnupg already does some compression itself. Thanks for any hint, Nico -- Think about Free and Open Source Software (FOSS). http://nico.schottelius.org/documentations/foss/the-term-foss/ PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C -------------- next part -------------- List of keys: [20:54] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --list-keys ./dot-gpg/pubring.gpg --------------------- pub 1024D/B9F52B24 2007-08-09 uid dsa-elgamal-4096bits (no at comment) sub 4096g/F6684B3A 2007-08-09 pub 1024D/477FAD1B 2007-08-09 uid dsa-elgamal-2048 (no at comment-key2) sub 2048g/5632130B 2007-08-09 pub 1024D/9C303CE6 2007-08-09 uid dsa-elgamal-4096-2 (and no further comments) sub 4096g/6BF7E5E9 2007-08-09 [21:08] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --list-secret-keys ./dot-gpg/secring.gpg --------------------- sec 1024D/B9F52B24 2007-08-09 uid dsa-elgamal-4096bits (no at comment) ssb 4096g/F6684B3A 2007-08-09 sec 1024D/477FAD1B 2007-08-09 uid dsa-elgamal-2048 (no at comment-key2) ssb 2048g/5632130B 2007-08-09 sec 1024D/9C303CE6 2007-08-09 uid dsa-elgamal-4096-2 (and no further comments) ssb 4096g/6BF7E5E9 2007-08-09 -------------------------------------------------------------------------------- Exporting some keys: # 4096 bits / my real key [19:37] denkbrett:test% gpg -a --export 9885188C | wc -c 3473 # 4096 bits pub 1024D/B9F52B24 2007-08-09 uid dsa-elgamal-4096bits (no at comment) sub 4096g/F6684B3A 2007-08-09 [20:33] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export -a | wc -c 2388 [20:37] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export -a B9F52B24 | wc -c 2388 [20:36] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export B9F52B24 | wc -c 1680 # 2048 [20:35] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --list-keys 2048 pub 1024D/477FAD1B 2007-08-09 uid dsa-elgamal-2048 (no at comment-key2) sub 2048g/5632130B 2007-08-09 [20:36] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export -a 477FAD1B | wc -c 1698 [20:36] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export 477FAD1B | wc -c 1169 -------------------------------------------------------------------------------- Sign exported key --local-user name -u Use name as the key to sign with. Note that this option overrides --default-key --default-key name [21:09] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export B9F52B24 -a | gpg --homedir ./dot-gpg/ -u B9F52B24 -s -a | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 4723 [21:09] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export B9F52B24 | gpg --homedir ./dot-gpg/ -u B9F52B24 -s -a | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 2505 [21:10] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export B9F52B24 | gpg --homedir ./dot-gpg/ -u B9F52B24 -s | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 1777 [21:15] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export B9F52B24 | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 --armor | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 3983 [21:17] denkbrett:gpg-tests% gpg --homedir ./dot-gpg --export B9F52B24 | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 2870 -------------------------------------------------------------------------------- Plus noise: [21:53] denkbrett:gpg-tests% (cat 512bytes; gpg --homedir ./dot-gpg --export B9F52B24) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 3380 [21:53] denkbrett:gpg-tests% (cat 512bytes 512bytes; gpg --homedir ./dot-gpg --export B9F52B24) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 3424 [21:55] denkbrett:gpg-tests% (cat 4096bytes; gpg --homedir ./dot-gpg --export B9F52B24) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 6968 [22:05] denkbrett:gpg-tests% (cat 2048bytes; gpg --homedir ./dot-gpg --export B9F52B24) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 4920 [22:13] denkbrett:gpg-tests% (cat 1536bytes; gpg --homedir ./dot-gpg --export B9F52B24) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 4406 # test: --export-options export-minimal # seems to be minimal anyway :-) [22:13] denkbrett:gpg-tests% (cat 1536bytes; gpg --homedir ./dot-gpg --export B9F52B24 --export-options export-minimal) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 4406 # Only 1162 bytes [22:23] denkbrett:gpg-tests% (cat 1162bytes; gpg --homedir ./dot-gpg --export B9F52B24 --export-options export-minimal) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 4033 -------------------------------------------------------------------------------- Compression: After encrypt/sign: [22:31] denkbrett:gpg-tests% cat 1162bytes+pubkey | bzip2 -9 > 1162bytes+pubkey.bz2 [22:31] denkbrett:gpg-tests% cat 1162bytes+pubkey | gzip -9 > 1162bytes+pubkey.gz -rw------- 1 nico nico 4033 2007-08-09 22:29 1162bytes+pubkey -rw------- 1 nico nico 4524 2007-08-09 22:30 1162bytes+pubkey.bz2 -rw------- 1 nico nico 4056 2007-08-09 22:31 1162bytes+pubkey.gz Compression: Of the public key only: [22:31] denkbrett:gpg-tests% (cat 1162bytes; gpg --homedir ./dot-gpg --export B9F52B24 --export-options export-minimal | bzip2 -9) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 4431 [22:32] denkbrett:gpg-tests% (cat 1162bytes; gpg --homedir ./dot-gpg --export B9F52B24 --export-options export-minimal | gzip -9) | gpg --homedir ./dot-gpg/ -u B9F52B24 --sign --encrypt --recipient 9C303CE6 | wc -c You need a passphrase to unlock the secret key for user: "dsa-elgamal-4096bits (no at comment) " 1024-bit DSA key, ID B9F52B24, created 2007-08-09 4056 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20070809/a2b5ea54/attachment-0001.pgp From wk at gnupg.org Fri Aug 10 12:52:43 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 10 Aug 2007 12:52:43 +0200 Subject: OpenPGP and usability In-Reply-To: <46BAC7CC.4010209@mozilla-enigmail.org> (Patrick Brunschwig's message of "Thu, 09 Aug 2007 09:52:44 +0200") References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> <87bqdhcqlt.fsf@wheatstone.g10code.de> <46BAC7CC.4010209@mozilla-enigmail.org> Message-ID: <87absz8xvo.fsf@wheatstone.g10code.de> On Thu, 9 Aug 2007 09:52, patrick at mozilla-enigmail.org said: > X-Gpgol-content-type: application/pgp-encrypted Well, the X prefix is not anymore required for user defined headers. But that is a detail. Shalom-Salam, Werner From wk at gnupg.org Fri Aug 10 12:56:07 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 10 Aug 2007 12:56:07 +0200 Subject: Partial file download issue - GPG In-Reply-To: <32B8847FC645964E9F42BB8CCCF0147B2464FE@MEMEXCH06V.corp.ds.fedex.com> (Eric Robinson's message of "Thu, 9 Aug 2007 16:54:34 -0500") References: <32B8847FC645964E9F42BB8CCCF0147B24649C@MEMEXCH06V.corp.ds.fedex.com> <20070809205256.GA25529@jabberwocky.com> <32B8847FC645964E9F42BB8CCCF0147B2464FE@MEMEXCH06V.corp.ds.fedex.com> Message-ID: <87643n8xq0.fsf@wheatstone.g10code.de> On Thu, 9 Aug 2007 23:54, ewrobinson at fedex.com said: > We think it might be the file size. These are over 4MB. > Now we've started with one record, that worked, and we are increasing > the file size gradually, up to 1.9MB, and success so far. > Is there a file size limit on GPG? No. Depending on the OS and how you pass the data to gpg (piped or given filename) you may encounter problems for files larger 2 GB. I suggest to always pipe the data to gpg so that the OS's shell can tell you that the file is too large (not sure whether they do this). It has also the advantage that you know who the culprit is (gpg or the shell) ;-). Salam-Shalom, Werner From wk at gnupg.org Fri Aug 10 14:15:36 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 10 Aug 2007 14:15:36 +0200 Subject: key sizes: maximum size and shrinking In-Reply-To: <20070809204213.GB17879@schottelius.org> (Nico Schottelius's message of "Thu, 9 Aug 2007 22:42:13 +0200") References: <20070809204213.GB17879@schottelius.org> Message-ID: <87lkcj7fh3.fsf@wheatstone.g10code.de> On Thu, 9 Aug 2007 22:42, nico-linux-gnupg at schottelius.org said: > I did some tests (dirty notes attached) and it looks like the whole > packet is about 5KiB (which is pretty much): > > 4096-bit dsa-elgamal public key, binary: 1680 Bytes Why at all are you using such insane large key sizes? What is your threat model? If it is important to have small key sizes you better use RSA or or agree on standard parameters for DSA and Elgamal keys (well, that is not defined by OpenPGP). > - Is there a maximum size for an exported, non-armored public key? > => if yes, we could use that as a base and pad the rest The only variants in the size of the keyblock are the user IDs and the signatures. The size of the key is a function of the key size and the algorithm). If you restrict yourself to a certain length of the user ID you will have an upper bound of the keyblocks size. > - Are there any good (possibly gnupg / gpgme included) methods to shrink > the size of the exported public key? No, you can't. Except for what I mentioned above. > - Or would you recommened using gzip/bzip2/lzma additionally? > As far as I've tested it, gzip and bzip2 are just adding header > overhead, so I assume gnupg already does some compression itself. Not for the key, it does not make sense. Please check the protocol you are going to use. It seems that there are some flaws. OpenPGP is not in general suited for online communication. Salam-Shalom, Werner From seh at panix.com Fri Aug 10 18:34:28 2007 From: seh at panix.com (Steven E. Harris) Date: Fri, 10 Aug 2007 09:34:28 -0700 Subject: OpenPGP and usability References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> <87bqdhcqlt.fsf@wheatstone.g10code.de> <46BAC7CC.4010209@mozilla-enigmail.org> <87absz8xvo.fsf@wheatstone.g10code.de> Message-ID: <7yodhf1h7v.fsf@panix.com> Werner Koch writes: > Well, the X prefix is not anymore required for user defined headers. Was there some change in this prescription? If so, from where? I hadn't heard about "X-" falling from use. -- Steven E. Harris From ewrobinson at fedex.com Fri Aug 10 17:42:07 2007 From: ewrobinson at fedex.com (Eric Robinson) Date: Fri, 10 Aug 2007 10:42:07 -0500 Subject: CoreLabs Detects Flaw In GnuPG - any comments ? In-Reply-To: <87lkcj7fh3.fsf@wheatstone.g10code.de> References: <20070809204213.GB17879@schottelius.org> <87lkcj7fh3.fsf@wheatstone.g10code.de> Message-ID: <32B8847FC645964E9F42BB8CCCF0147B246585@MEMEXCH06V.corp.ds.fedex.com> CoreLabs Detects Flaw In GnuPG By CXOtoday Staff Mumbai, Mar 9, 2007 Core Security Technologies has issued an advisory disclosing a flaw in the GNU Privacy Guard (GnuPG or GPG). It is an OpenPGP- compliant cryptographic software system and is a part of the Free Software Foundation's (FSF) GNU software project, and third-party email applications that rely on it for encrypted and signed email communications. CoreLabs, the research arm of Core Security, discovered this by exploiting the vulnerability. According to the press release, issued by Core Security, an attacker can add arbitrary content to encrypted and/or signed emails in order to mislead recipients about the trustworthiness of a message. In addition, attackers can use this flaw to bypass content-filtering defenses, which makes it particularly inconvenient to detect phishing attacks. The company discovered that the scripts and applications using GnuPG are prone to a vulnerability involving incorrect verification of signatures. Unsuspecting users reading a GPG encrypted and/or signed email, using a mail client or encryption extension, are led to believe that the entire message was signed by the sender when, in fact, an arbitrary portion of the content may have been inserted by an attacker. In some cases, the attacker may completely hide the signed portion of a message and present the user with only the forged portion. It should be noted that this is not a cryptographic problem. It affects how information is presented to the user and how third-party applications interact with GnuPG. This attack method infects systems using: *GnuPG 1.4.6 and previous versions *Enigmail 0.94.2 and previous versions *KMail 1.9.5 and previous versions *Evolution 2.8.1 and previous versions *Sylpheed 2.2.7 and previous versions *Mutt 1.5.13 and previous versions *GNUMail 1.1.2 and previous versions *Other scripts and applications using GnuPG may be vulnerable To address this vulnerability, users of scripts and applications using GnuPG should immediately upgrade to the latest versions of GnuPG and Enigmail. Additionally, Core Security recommends that, if a signed message looks suspicious, the validity of the signature can be verified by manually invoking GnuPG from the command line and adding the special option "--status-fd" to gain extra information. "This vulnerability is a good e.g. of how very subtle implementation decisions on how to interface data communications between two applications, in this case email front-end extensions and GnuPG, can end up exposing end users to unexpected security weaknesses," said Iv n Arce, CTO, Core Security Technologies. "We continue to encourage and support the use of GnuPG as a convenient way to improve the security and privacy of communications. To that effect and to prevent traffic analysis attacks, we also recommend that encryption should be turned on by default on every email." ------------------------------------------------------------------------ ----------------- Eric ------------------------------------- Eric Robinson Business Application Advisor FedEx Corporate Services Internet Engineering & EC Integration 901.263.5749 ------------------------------------- From dshaw at jabberwocky.com Fri Aug 10 19:08:28 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 10 Aug 2007 13:08:28 -0400 Subject: CoreLabs Detects Flaw In GnuPG - any comments ? In-Reply-To: <32B8847FC645964E9F42BB8CCCF0147B246585@MEMEXCH06V.corp.ds.fedex.com> References: <20070809204213.GB17879@schottelius.org> <87lkcj7fh3.fsf@wheatstone.g10code.de> <32B8847FC645964E9F42BB8CCCF0147B246585@MEMEXCH06V.corp.ds.fedex.com> Message-ID: <20070810170828.GB25849@jabberwocky.com> On Fri, Aug 10, 2007 at 10:42:07AM -0500, Eric Robinson wrote: > CoreLabs Detects Flaw In GnuPG > By CXOtoday Staff > Mumbai, Mar 9, 2007 > > > Core Security Technologies has issued an advisory disclosing a flaw in > the GNU Privacy Guard (GnuPG or GPG). It is an OpenPGP- compliant > cryptographic software system and is a part of the Free Software > Foundation's (FSF) GNU software project, and third-party email > applications that rely on it for encrypted and signed email > communications. http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html Basically, upgrade to 1.4.7, which was released on March 5th. David From ewrobinson at fedex.com Fri Aug 10 19:29:53 2007 From: ewrobinson at fedex.com (Eric Robinson) Date: Fri, 10 Aug 2007 12:29:53 -0500 Subject: CoreLabs Detects Flaw In GnuPG - any comments ? In-Reply-To: <20070810170828.GB25849@jabberwocky.com> References: <20070809204213.GB17879@schottelius.org><87lkcj7fh3.fsf@wheatstone.g10code.de><32B8847FC645964E9F42BB8CCCF0147B246585@MEMEXCH06V.corp.ds.fedex.com> <20070810170828.GB25849@jabberwocky.com> Message-ID: <32B8847FC645964E9F42BB8CCCF0147B2465A1@MEMEXCH06V.corp.ds.fedex.com> Thanks.... Eric -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of David Shaw Sent: Friday, August 10, 2007 12:08 PM To: gnupg-users at gnupg.org Subject: Re: CoreLabs Detects Flaw In GnuPG - any comments ? On Fri, Aug 10, 2007 at 10:42:07AM -0500, Eric Robinson wrote: > CoreLabs Detects Flaw In GnuPG > By CXOtoday Staff > Mumbai, Mar 9, 2007 > > > Core Security Technologies has issued an advisory disclosing a flaw in > the GNU Privacy Guard (GnuPG or GPG). It is an OpenPGP- compliant > cryptographic software system and is a part of the Free Software > Foundation's (FSF) GNU software project, and third-party email > applications that rely on it for encrypted and signed email > communications. http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html Basically, upgrade to 1.4.7, which was released on March 5th. David _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From alex at bofh.net.pl Fri Aug 10 13:43:44 2007 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Fri, 10 Aug 2007 13:43:44 +0200 Subject: OpenPGP and usability In-Reply-To: <871weeh0jg.fsf@wheatstone.g10code.de> References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf@wheatstone.g10code.de> Message-ID: <20070810114344.GC689@hell.pl> On Wed, Aug 08, 2007 at 10:51:15AM +0200, Werner Koch wrote: > In this regard Thunderbird is no better than Outlook! At least Thunderbird openly invites plugins and Enigmail is a good one. A. -- JID: alex at hell.pl PGP: 0x46399138 od zwracania uwagi na detale s? lekarze, adwokaci, programi?ci i zegarmistrze -- Czerski From fweimer at bfk.de Fri Aug 10 19:07:00 2007 From: fweimer at bfk.de (Florian Weimer) Date: Fri, 10 Aug 2007 19:07:00 +0200 Subject: CoreLabs Detects Flaw In GnuPG - any comments ? In-Reply-To: <32B8847FC645964E9F42BB8CCCF0147B246585@MEMEXCH06V.corp.ds.fedex.com> (Eric Robinson's message of "Fri, 10 Aug 2007 10:42:07 -0500") References: <20070809204213.GB17879@schottelius.org> <87lkcj7fh3.fsf@wheatstone.g10code.de> <32B8847FC645964E9F42BB8CCCF0147B246585@MEMEXCH06V.corp.ds.fedex.com> Message-ID: <824pj7tj2j.fsf@mid.bfk.de> * Eric Robinson: > CoreLabs Detects Flaw In GnuPG > By CXOtoday Staff > Mumbai, Mar 9, 2007 Have you seen the publication date? This has already been addressed by new software releases. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From simon at josefsson.org Fri Aug 10 21:15:10 2007 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 10 Aug 2007 21:15:10 +0200 Subject: OpenPGP and usability In-Reply-To: <7yodhf1h7v.fsf@panix.com> (Steven E. Harris's message of "Fri, 10 Aug 2007 09:34:28 -0700") References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> <87bqdhcqlt.fsf@wheatstone.g10code.de> <46BAC7CC.4010209@mozilla-enigmail.org> <87absz8xvo.fsf@wheatstone.g10code.de> <7yodhf1h7v.fsf@panix.com> Message-ID: <87wsw3mcap.fsf@mocca.josefsson.org> "Steven E. Harris" writes: > Werner Koch writes: > >> Well, the X prefix is not anymore required for user defined headers. > > Was there some change in this prescription? If so, from where? I hadn't > heard about "X-" falling from use. In RFC 822 there was X-, in RFC 2822 it has been removed. X-* is a bad idea: once you want to standardize an experimental header, you have to break the deployment of that header. /Simon From seh at panix.com Sun Aug 12 00:44:11 2007 From: seh at panix.com (Steven E. Harris) Date: Sat, 11 Aug 2007 15:44:11 -0700 Subject: OpenPGP and usability References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> <87bqdhcqlt.fsf@wheatstone.g10code.de> <46BAC7CC.4010209@mozilla-enigmail.org> <87absz8xvo.fsf@wheatstone.g10code.de> <7yodhf1h7v.fsf@panix.com> <87wsw3mcap.fsf__329.42113834924$1186785557$gmane$org@mocca.josefsson.org> Message-ID: <83absx3d4o.fsf@torus.sehlabs.com> Simon Josefsson writes: > In RFC 822 there was X-, in RFC 2822 it has been removed. April 2001? Apparently this RFC had not yet been published in the cave within which I must be living. > once you want to standardize an experimental header, you have to break > the deployment of that header. Right, and you're usually obligated to then support two headers: the experimental one, and the standardized one, which may have changed from the experimental one by way of "standardization" going beyond canonizing existing practice. -- Steven E. Harris From wk at gnupg.org Sun Aug 12 12:51:32 2007 From: wk at gnupg.org (Werner Koch) Date: Sun, 12 Aug 2007 12:51:32 +0200 Subject: OpenPGP and usability In-Reply-To: <7yodhf1h7v.fsf@panix.com> (Steven E. Harris's message of "Fri, 10 Aug 2007 09:34:28 -0700") References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> <87bqdhcqlt.fsf@wheatstone.g10code.de> <46BAC7CC.4010209@mozilla-enigmail.org> <87absz8xvo.fsf@wheatstone.g10code.de> <7yodhf1h7v.fsf@panix.com> Message-ID: <873ayphvpn.fsf@wheatstone.g10code.de> On Fri, 10 Aug 2007 18:34, seh at panix.com said: > Was there some change in this prescription? If so, from where? I hadn't > heard about "X-" falling from use. The current standard, RFC2822 does not mention it anymore: 3.6.8. Optional fields Fields may appear in messages that are otherwise unspecified in this standard. They MUST conform to the syntax of an optional-field. This is a field name, made up of the printable US-ASCII characters except SP and colon, followed by a colon, followed by any text which conforms to unstructured. The field names of any optional-field MUST NOT be identical to any field name specified elsewhere in this standard. and the change notices say: 11. Extension header fields no longer specifically called out. In contrast the old rfc822 has very detailed information about extension fields: 4.7.4. EXTENSION-FIELD A limited number of common fields have been defined in this document. As network mail requirements dictate, addi- tional fields may be standardized. To provide user-defined fields with a measure of safety, in name selection, such extension-fields will never have names that begin with the string "X-". Names of Extension-fields are registered with the Network Information Center, SRI International, Menlo Park, California. 4.7.5. USER-DEFINED-FIELD Individual users of network mail are free to define and use additional header fields. Such fields must have names which are not already used in the current specification or in any definitions of extension-fields, and the overall syntax of these user-defined-fields must conform to this specification's rules for delimiting and folding fields. Due to the extension-field publishing process, the name of a user- defined-field may be pre-empted Note: The prefatory string "X-" will never be used in the names of Extension-fields. This provides user-defined fields with a protected set of names. My conclusion is that X- was never required by the standard and that after the 19 years the IETF realized that there was no need for it. There is an obvious advantage of not using "X-": If the use of such an optional field later makes it into a standard, the software does not need to be enhanced to cope with the then standardized field Shalom-Salam, Werner From wk at gnupg.org Sun Aug 12 13:38:30 2007 From: wk at gnupg.org (Werner Koch) Date: Sun, 12 Aug 2007 13:38:30 +0200 Subject: OpenPGP and usability In-Reply-To: <20070810114344.GC689@hell.pl> (Janusz A. Urbanowicz's message of "Fri, 10 Aug 2007 13:43:44 +0200") References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf@wheatstone.g10code.de> <20070810114344.GC689@hell.pl> Message-ID: <87hcn5geyx.fsf@wheatstone.g10code.de> On Fri, 10 Aug 2007 13:43, alex at bofh.net.pl said: > At least Thunderbird openly invites plugins and Enigmail is a good one. Let Patrick explain you why there are still problems. Have you ever tried to work with the Mozilla Foundation on allowing better integration of certain plugins? For example supporting non-NSS based crypto? Salam-Shalom, Werner From seh at panix.com Sun Aug 12 17:58:29 2007 From: seh at panix.com (Steven E. Harris) Date: Sun, 12 Aug 2007 08:58:29 -0700 Subject: OpenPGP and usability References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf__32383.2582952038$1186568488$gmane$org@wheatstone.g10code.de> <87bqdhcqlt.fsf@wheatstone.g10code.de> <46BAC7CC.4010209@mozilla-enigmail.org> <87absz8xvo.fsf@wheatstone.g10code.de> <7yodhf1h7v.fsf@panix.com> <873ayphvpn.fsf@wheatstone.g10code.de> Message-ID: <83zm0w218u.fsf@torus.sehlabs.com> Werner Koch writes: > My conclusion is that X- was never required by the standard and that > after the 19 years the IETF realized that there was no need for it. Thank you for the detailed explanation. -- Steven E. Harris From patrick at mozilla-enigmail.org Mon Aug 13 09:31:41 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Mon, 13 Aug 2007 09:31:41 +0200 Subject: OpenPGP and usability In-Reply-To: <87hcn5geyx.fsf__41476.6560927548$1186918933$gmane$org@wheatstone.g10code.de> References: <46B8C561.9070101@sixdemonbag.org> <871weeh0jg.fsf@wheatstone.g10code.de> <20070810114344.GC689@hell.pl> <87hcn5geyx.fsf__41476.6560927548$1186918933$gmane$org@wheatstone.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: > On Fri, 10 Aug 2007 13:43, alex at bofh.net.pl said: > >> At least Thunderbird openly invites plugins and Enigmail is a good one. > > Let Patrick explain you why there are still problems. The user interface may be nice indeed, and the whole extension seems to be quite well-integrated into Thunderbird, but in the background I can tell you there are many hacks and workarounds needed to get things running. Still, after more than 6 years of development, there are parts of the code in Enigmail that I would call fragile > Have you ever tried to work with the Mozilla Foundation on allowing > better integration of certain plugins? For example supporting non-NSS > based crypto? The main problem is that Thunderbird is very open for add-ons related to the user interface, but once you dig into the core of the application, it's no longer so well extensible. This is especially true for some of the existing core parts. Some bits date back to Netscape 4.0 (or even earlier) and have not been redesigned ever since then -- you can imagine what follows now. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRsAI3HcOpHodsOiwAQKEUwf9HdlzC7+03LJ9tO/L9I6dcWGiRB9pVNGa MScLKFL1PaiR7HEJu58Ch/CHwXWwPQPG5gjc5icDJWm2ruDtJ6/G7iATnY5L5hIL +5m8PhNAS1lmIFT1yuxsvgsVkTBtL+JVGImTjm95rL2TuTaehpqwYPYM5Ki8hQkK 8OL+d1FLz2ZR/toLD8Xa4bD1gwqC/ml7+1qnmnzc82EJ3V1sAfuMohs3+vnrTN5Y 9+KfP9QyVbVeUMWdDRQG5KxJn5oysnz61r46RmCSIIuE9G/aWUHf6wxSLoR0JPX6 HISmJF2T/COEYzh2QolwBfAUM1ceCvsblfgxsZCKmXEy2x4xXYS57w== =f+42 -----END PGP SIGNATURE----- From tkittredge at bancfirst.com Wed Aug 15 16:30:00 2007 From: tkittredge at bancfirst.com (trkghost) Date: Wed, 15 Aug 2007 07:30:00 -0700 (PDT) Subject: Importing a key from PGP Message-ID: <12163176.post@talk.nabble.com> I am trying to import this one key from PGP and keep getting this error... C:\Program Files\GNU\GnuPG>gpg --import "Company Name.asc" gpg: public key XXXXXXX is 21450 seconds newer than the signature gpg: public key XXXXXXX is 21450 seconds newer than the signature gpg: key XXXXXXX: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 Does anyone have any suggestions around this issue? Thank you -- View this message in context: http://www.nabble.com/Importing-a-key-from-PGP-tf4273484.html#a12163176 Sent from the GnuPG - User mailing list archive at Nabble.com. From dshaw at jabberwocky.com Wed Aug 15 18:59:33 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 15 Aug 2007 12:59:33 -0400 Subject: Importing a key from PGP In-Reply-To: <12163176.post@talk.nabble.com> References: <12163176.post@talk.nabble.com> Message-ID: <20070815165933.GB12739@jabberwocky.com> On Wed, Aug 15, 2007 at 07:30:00AM -0700, trkghost wrote: > > I am trying to import this one key from PGP and keep getting this error... > > C:\Program Files\GNU\GnuPG>gpg --import "Company Name.asc" > gpg: public key XXXXXXX is 21450 seconds newer than the signature > gpg: public key XXXXXXX is 21450 seconds newer than the signature > gpg: key XXXXXXX: no valid user IDs > gpg: this may be caused by a missing self-signature > gpg: Total number processed: 1 > gpg: w/o user IDs: 1 > > Does anyone have any suggestions around this issue? gpg --ignore-time-conflict David From wk at gnupg.org Thu Aug 16 16:10:30 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 16 Aug 2007 16:10:30 +0200 Subject: [Announce] GnuPG 2.0.6 released Message-ID: <871we3po2x.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.6 This is maintenance release with a few minor enhancements. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.6) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. What's New =========== * GPGSM does now grok --default-key. * GPGCONF is now aware of --default-key and --encrypt-to. * GPGSM does again correctly print the serial number as well the the various keyids. This was broken since 2.0.4. * New option --validation-model and support for the chain-model. * Improved Windows support. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.6 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and ist mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.6.tar.bz2 (3482k) gnupg-2.0.6.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.5-2.0.6.diff.bz2 (46k) A patch file to upgrade a 2.0.5 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.6.tar.bz2 you would use this command: gpg --verify gnupg-2.0.6.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.6.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.6.tar.bz2 and check that the output matches the first line from the following list: 4aa9a3ecc954126cfc0a30bef94ec6e1fbbc7009 gnupg-2.0.6.tar.bz2 20ea4caaf8f2ff6c5432221f48601ba9162871ea gnupg-2.0.5-2.0.6.diff.bz2 Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings most translations are not entirely complete. The Swedish, Turkish, German and Russian translations close to be complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG. In fact it has been developed along with the Kmail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and in Portable Document Format at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or by donating money. Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. The GnuPG service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Marcus, Werner and all other contributors) -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070816/359fca2f/attachment-0001.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From patrick at mozilla-enigmail.org Fri Aug 17 08:44:53 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Fri, 17 Aug 2007 08:44:53 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> Message-ID: <46C543E5.7010409@mozilla-enigmail.org> Werner Koch wrote: > > * Improved Windows support. Werner, do you also plan to create binary releases (i.e. installers) for Windows? -Patrick From wk at gnupg.org Fri Aug 17 09:53:24 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 17 Aug 2007 09:53:24 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <46C543E5.7010409@mozilla-enigmail.org> (Patrick Brunschwig's message of "Fri, 17 Aug 2007 08:44:53 +0200") References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> Message-ID: <87odh6ioln.fsf@wheatstone.g10code.de> On Fri, 17 Aug 2007 08:44, patrick at mozilla-enigmail.org said: > Werner, do you also plan to create binary releases (i.e. installers) for > Windows? See www.gpg4win.org - 1.1.2 has been released. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From ladislav.hagara at unob.cz Fri Aug 17 09:38:29 2007 From: ladislav.hagara at unob.cz (Ladislav Hagara) Date: Fri, 17 Aug 2007 09:38:29 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <46C543E5.7010409@mozilla-enigmail.org> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> Message-ID: <46C55075.5010105@unob.cz> > >> * Improved Windows support. > Werner, do you also plan to create binary releases (i.e. installers) for > Windows? GnuPG 2.0.6 is included in new Gpg4win (1.1.2). http://www.gpg4win.org/ -- Ladislav Hagara From tkittredge at bancfirst.com Fri Aug 17 14:24:35 2007 From: tkittredge at bancfirst.com (trkghost) Date: Fri, 17 Aug 2007 05:24:35 -0700 (PDT) Subject: Importing a key from PGP In-Reply-To: <20070815165933.GB12739@jabberwocky.com> References: <12163176.post@talk.nabble.com> <20070815165933.GB12739@jabberwocky.com> Message-ID: <12198667.post@talk.nabble.com> David Shaw wrote: > > On Wed, Aug 15, 2007 at 07:30:00AM -0700, trkghost wrote: >> >> I am trying to import this one key from PGP and keep getting this >> error... >> >> C:\Program Files\GNU\GnuPG>gpg --import "Company Name.asc" >> gpg: public key XXXXXXX is 21450 seconds newer than the signature >> gpg: public key XXXXXXX is 21450 seconds newer than the signature >> gpg: key XXXXXXX: no valid user IDs >> gpg: this may be caused by a missing self-signature >> gpg: Total number processed: 1 >> gpg: w/o user IDs: 1 >> >> Does anyone have any suggestions around this issue? > > gpg --ignore-time-conflict > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > David, Thank you that helped out alot. We were able to get the key imported but how would I incorperate that line into the encryption process? I tried a few different ways but it keeps getting errored out. We have a batch file setup to encrypt and here is the line we use...Any help would be greatly appriciated. "D:\Program Files\GNU\GnuPG\GPG" -q --yes --pgp7 -e -a -r %2 %1 -- View this message in context: http://www.nabble.com/Importing-a-key-from-PGP-tf4273484.html#a12198667 Sent from the GnuPG - User mailing list archive at Nabble.com. From JPClizbe at tx.rr.com Fri Aug 17 19:29:57 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Fri, 17 Aug 2007 12:29:57 -0500 Subject: Importing a key from PGP In-Reply-To: <12198667.post@talk.nabble.com> References: <12163176.post@talk.nabble.com> <20070815165933.GB12739@jabberwocky.com> <12198667.post@talk.nabble.com> Message-ID: <46C5DB15.5040407@tx.rr.com> trkghost wrote: > > > David Shaw wrote: >> >> On Wed, Aug 15, 2007 at 07:30:00AM -0700, trkghost wrote: >>> >>> I am trying to import this one key from PGP and keep getting this >>> error... >>> >>> C:\Program Files\GNU\GnuPG>gpg --import "Company Name.asc" >>> gpg: public key XXXXXXX is 21450 seconds newer than the signature >>> gpg: public key XXXXXXX is 21450 seconds newer than the signature >>> gpg: key XXXXXXX: no valid user IDs >>> gpg: this may be caused by a missing self-signature >>> gpg: Total number processed: 1 >>> gpg: w/o user IDs: 1 >>> >>> Does anyone have any suggestions around this issue? >> >> gpg --ignore-time-conflict > Thank you that helped out alot. We were able to get the key imported but > how would I incorperate that line into the encryption process? I tried a > few different ways but it keeps getting errored out. > > We have a batch file setup to encrypt and here is the line we use...Any > help would be greatly appreciated. > > "D:\Program Files\GNU\GnuPG\GPG" -q --yes --pgp7 -e -a -r %2 %1 Add it to your encryption command line ...\GnuPG\GPG" --ignore-time-conflict -q --yes --pgp7 -e -a -r %2 %1 or add ignore-time-conflict to gpg.conf gpg.conf is just a text file of settings and options to gpg. It normally is found in the GnuPG homedir along with your keyring files. 'gpg --version' will tell you the location being used by GnuPG. On Windows, the default location is the expansion of %APPDATA%\GnuPG -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070817/66cd2996/attachment.pgp From kara.ml at arcor.de Sat Aug 18 12:32:54 2007 From: kara.ml at arcor.de (kara.ml at arcor.de) Date: Sat, 18 Aug 2007 12:32:54 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <87odh6ioln.fsf@wheatstone.g10code.de> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> Message-ID: <46C6CAD6.1060201@arcor.de> Hi, > On Fri, 17 Aug 2007 08:44, patrick at mozilla-enigmail.org said: > >> Werner, do you also plan to create binary releases (i.e. installers) for >> Windows? > > See www.gpg4win.org - 1.1.2 has been released. Isn't bzip2 compression supported any longer? Because with 1.1.2 i get: gpg --version gpg (GnuPG) 1.4.7 Komprimierung: nicht komprimiert (Z0), ZIP (Z1), ZLIB (Z2) gpg2 --version gpg (GnuPG) 2.0.6 Komprimierung: nicht komprimiert (Z0), ZIP (Z1), ZLIB (Z2) And i miss Z3. With personal-compress-preferences Z3 Z2 Z1 default-preference-list ...Z3 Z2 Z1 gpg complained after the first start. -- Ciao Kai http://kairaven.de/ From wk at gnupg.org Mon Aug 20 10:59:26 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Aug 2007 10:59:26 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <46C6CAD6.1060201@arcor.de> (kara ml's message of "Sat, 18 Aug 2007 12:32:54 +0200") References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> Message-ID: <871wdy7f9t.fsf@wheatstone.g10code.de> On Sat, 18 Aug 2007 12:32, kara.ml at arcor.de said: > Isn't bzip2 compression supported any longer? > Because with 1.1.2 i get: I can't remember that we ever supported bzip 2 under Windows. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From kara.ml at arcor.de Mon Aug 20 11:13:39 2007 From: kara.ml at arcor.de (Kai Raven) Date: Mon, 20 Aug 2007 11:13:39 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <871wdy7f9t.fsf@wheatstone.g10code.de> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> <871wdy7f9t.fsf@wheatstone.g10code.de> Message-ID: <46C95B43.6000705@arcor.de> Hi, > On Sat, 18 Aug 2007 12:32, kara.ml at arcor.de said: > >> Isn't bzip2 compression supported any longer? >> Because with 1.1.2 i get: > > I can't remember that we ever supported bzip 2 under Windows. What? From gpg4win 1.0.9/GnuPG 1.4.7: Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) I have used Z3 all the time with former versions. Ciao Kai From wk at gnupg.org Mon Aug 20 12:42:50 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Aug 2007 12:42:50 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <46C95B43.6000705@arcor.de> (Kai Raven's message of "Mon, 20 Aug 2007 11:13:39 +0200") References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> <871wdy7f9t.fsf@wheatstone.g10code.de> <46C95B43.6000705@arcor.de> Message-ID: <87vebafpw5.fsf@wheatstone.g10code.de> On Mon, 20 Aug 2007 11:13, kara.ml at arcor.de said: > Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) Interesting. I switched the box used to build the installer at some point and the fresh toolchain there does not come with libbz2. On the old box I used a toolchain with libbz2.a in the lib directory, configure figured that out and thus build with bzip2 support. It was linked statically so it was not obvious that there is BZIP2 support. I'll make bzip2 support explicit for the next release. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From sven at radde.name Mon Aug 20 11:29:28 2007 From: sven at radde.name (Sven Radde) Date: Mon, 20 Aug 2007 11:29:28 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <871wdy7f9t.fsf@wheatstone.g10code.de> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> <871wdy7f9t.fsf@wheatstone.g10code.de> Message-ID: <46C95EF8.5030004@radde.name> Hi! Werner Koch schrieb: > I can't remember that we ever supported bzip 2 under Windows. Here you go (installed gpg4win v1.1.0): C:\Programme\GnuPG>gpg --version gpg (GnuPG) 1.4.7 (...) Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Interestingly, though, my keys do not indicate recipient's preference/support for BZIP2. I don't remember whether this was an intentional decision by me at the time when I created/exported the key or whether it was default then... Therefore, at least for me, the change doesn't seem to break anything. I am not sure whether other people would have to re-publish their keys. cu, Sven From maccrest at gmail.com Mon Aug 20 13:34:21 2007 From: maccrest at gmail.com (Crest) Date: Mon, 20 Aug 2007 13:34:21 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <46C95B43.6000705@arcor.de> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> <871wdy7f9t.fsf@wheatstone.g10code.de> <46C95B43.6000705@arcor.de> Message-ID: <94A20C13-3FFA-4763-829E-8677BD2A405B@googlemail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 20.08.2007 um 11:13 schrieb Kai Raven: > Hi, > >> On Sat, 18 Aug 2007 12:32, kara.ml at arcor.de said: >> >>> Isn't bzip2 compression supported any longer? >>> Because with 1.1.2 i get: >> >> I can't remember that we ever supported bzip 2 under Windows. > > What? From gpg4win 1.0.9/GnuPG 1.4.7: > > Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) > > I have used Z3 all the time with former versions. > > Ciao > Kai I used bzip2 for a while now an one day about a month ago i send a mail to a windows user an he was unable to open the mail bc his gpg installation didn't support bzip2. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQIVAwUBRsl8Pf950yjRhRAFAQqrBQ/+NdperX5J5i+cakZY0cRG8MF2zNWHjOMq 1r445xG/SSBIFMA3tSw6d5zjIt6MV8ch4WeeNeyqnrzqbLYVbwBMMA6aw8gXziJI hOw5T+UoeUISdWzPdqna3O1Z9gJvTbhpVAV7iqIGeDw76mY68eDazjeTJaIiguAI sF5bbUv5tdlZHijX0ntaqg4anqEtiuN5ZLAX8/4ybNupA9pHq4QfrzoX+7ZlT6/V Iq1J0SrKmu4j2fur6T8HKYqXqaNDCtz8+InfWxxNLt+jaRulXKXP3+1phUji0vbX sUnJwrwEzW3Ha8OoefqnJ5BUyydD597XNdVKoxeqtttD3s/jPOZZIkNCtmp1Fuju zwRLTlfqFsWe+3Dzn8cUsc0KYERnVgozzsMdgc/lNfbirKtiek4D/b1A9SZ2kbT6 /YGbY+/bPR4Hxd7O2xr8Te/yy5pnqKoyfTfIA3TXbyA+iohA2K/TGjex6OLXHlCZ J+aJ+fa88bbfDo0I+BfENhvB76azSudmYLTxetNAICiTvaU8iPfFAwS8BRe/PFu/ 4qkFo/WBn5N8JXJTZE7yr5ZAONEBGnhsXAAAMvKLtaqodU+MUxIobX0I7sc/SXmR +2taVj4pZIRb+/9KzEYv2i619UE4BkNcKWrjmSMGpw45DoFZyOPg+LIg7A7DPMGA 4JM95FsO4jE= =dS2a -----END PGP SIGNATURE----- From sriharivijayaraghavan at yahoo.com.au Mon Aug 20 14:10:31 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Mon, 20 Aug 2007 22:10:31 +1000 (EST) Subject: GnuPG & OpenSSH Message-ID: <81945.9244.qm@web52607.mail.re2.yahoo.com> I've lightly read through a few gnupg man & info pages, though my questions might sound like FAQ or outright annoying :-). I'm a happy user with OpenSSH & GPG independently, but of late am trying to find if it's possible to unify them with just a key pair. 1. Is it possible to have only one key pair (public & secret pref. DSA) that can be used for both GPG & OpenSSH? (as a sys admin of some interest in cryptography, this is an important question) 2. Is gpg-agent, SSH agent service provided by GPG etc. somehow useful only when one has a card reader? Or put it other way, is it useful even when one has no card reader? 3. Am I missing a simple 'GPG/OpenSSH unification for dummies' (dummies like me :-)) with a few solid examples on unifying GPG (keys - including exporting GPG public key to add into .ssh/authorized_keys, gpg-agent) with OpenSSH client side? The potentials are huge if OpenSSH & GPG can share the same key pair, I reckon. I wish somebody writes a nice article on one of the reputed computer magazines about this topic, with simple pictures & hands on procedures etc. (A careful reader would notice I've carefully constructed questions to lead to yes or no type of answers to avoid any ambiguity, as at this stage I should be delighted with such answers alone on the concepts/ideas/idioms. You're welcome to point me to any additional materials, of course.) Thanks in advance. Srihari PS: Keep up the good work on GPG. ____________________________________________________________________________________ Feel safe with award winning spam protection on Yahoo!7 Mail. http://mail.yahoo.com.au From signallock at gmail.com Mon Aug 20 14:29:55 2007 From: signallock at gmail.com (Victor Stuart) Date: Mon, 20 Aug 2007 20:29:55 +0800 Subject: A Passphrase Problem Message-ID: <2bfbe2040708200529jb02d4dfxf9862ed508209668@mail.gmail.com> Hi all, I'm a newbie, and have some problems with the software. I generated a pair of keys, and set the password for the secret key. Then I just noticed the option "--passphrase-file" in the manual, and quite appreciated that. I wanted to use a file as a passphrase, instead of a string. So I just did this: I edited the key, erased the original passphrase, and then typed "gpg --passphrase-file xxx --edit xxx" Command>passwd Finally I changed the passphrase to the file xxx successfully. But just then I found a serious problem, how can I change the passphrase? I tried to use the option "--passphrase-file " again but it didn't work. Original passphrase-file needed before I could change it. I am puzzling #_# Do you have any idea to help me change it back or, must revoke it? Victor Stuart From wk at gnupg.org Mon Aug 20 16:56:16 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Aug 2007 16:56:16 +0200 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <94A20C13-3FFA-4763-829E-8677BD2A405B@googlemail.com> (maccrest@gmail.com's message of "Mon, 20 Aug 2007 13:34:21 +0200") References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> <871wdy7f9t.fsf@wheatstone.g10code.de> <46C95B43.6000705@arcor.de> <94A20C13-3FFA-4763-829E-8677BD2A405B@googlemail.com> Message-ID: <87r6lycl0v.fsf@wheatstone.g10code.de> On Mon, 20 Aug 2007 13:34, maccrest at gmail.com said: > I used bzip2 for a while now an one day about a month ago i send a > mail to a windows user an he was unable to open the mail bc his gpg > installation didn't support bzip2. BZIP2 is an optional OpenPGP feature and not widely used. Using it will likely lead to such problems. The preference system should help here but in practise people sometimes change their implementation and thus the preference are not anymore valid. There is usually no need for bzip2 compression; if you really need to send a very large file, compress it first with an external program and then encrypt it. The standard compression is sufficient in almost all cases. I have now integrated BZIP2 support explicily into the installer and the next release will support it. I hope to do a release next week. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From signallock at gmail.com Mon Aug 20 16:17:03 2007 From: signallock at gmail.com (Victor Stuart) Date: Mon, 20 Aug 2007 22:17:03 +0800 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <94A20C13-3FFA-4763-829E-8677BD2A405B@googlemail.com> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> <871wdy7f9t.fsf@wheatstone.g10code.de> <46C95B43.6000705@arcor.de> <94A20C13-3FFA-4763-829E-8677BD2A405B@googlemail.com> Message-ID: <2bfbe2040708200717t27baf352tb896acea18c3c0b9@mail.gmail.com> On 8/20/07, Crest wrote: > Am 20.08.2007 um 11:13 schrieb Kai Raven: > > > Hi, > > > >> On Sat, 18 Aug 2007 12:32, kara.ml at arcor.de said: > >> > >>> Isn't bzip2 compression supported any longer? > >>> Because with 1.1.2 i get: > >> > >> I can't remember that we ever supported bzip 2 under Windows. > > > > What? From gpg4win 1.0.9/GnuPG 1.4.7: > > > > Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) > > > > I have used Z3 all the time with former versions. > > > > Ciao > > Kai > > I used bzip2 for a while now an one day about a month ago i send a > mail to a windows user an he was unable to open the mail bc his gpg > installation didn't support bzip2. Well, I use GnuPG 1.4.7 and 2.0.6 compiled by MingW32, they don't support bzip2. From wk at gnupg.org Mon Aug 20 17:49:44 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Aug 2007 17:49:44 +0200 Subject: GnuPG & OpenSSH In-Reply-To: <81945.9244.qm@web52607.mail.re2.yahoo.com> (Srihari Vijayaraghavan's message of "Mon, 20 Aug 2007 22:10:31 +1000 (EST)") References: <81945.9244.qm@web52607.mail.re2.yahoo.com> Message-ID: <87absmcijr.fsf@wheatstone.g10code.de> On Mon, 20 Aug 2007 14:10, sriharivijayaraghavan at yahoo.com.au said: > 1. Is it possible to have only one key pair (public & secret pref. DSA) that > can be used for both GPG & OpenSSH? (as a sys admin of some interest in > cryptography, this is an important question) Yes. However you want separate keys for separate tasks. Fortunately OpenPGP provides just that: There is a primary key for certifying other keys (and subkeys) and subkeys for encryption, signing and authentication. The authentication key may be used for SSH. > 2. Is gpg-agent, SSH agent service provided by GPG etc. somehow useful only > when one has a card reader? Or put it other way, is it useful even when one > has no card reader? Yes, I use it mostly without a card. This allows for a nice passphrase prompting and caching by gpg-agent. No more need for ssh-add. > 3. Am I missing a simple 'GPG/OpenSSH unification for dummies' (dummies like > me :-)) with a few solid examples on unifying GPG (keys - including exporting > GPG public key to add into .ssh/authorized_keys, gpg-agent) with OpenSSH > client side? Me too ;-). There are some text fragments floating around but there is no real HOWTO. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From jmoore3rd at bellsouth.net Mon Aug 20 17:34:37 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 20 Aug 2007 11:34:37 -0400 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <2bfbe2040708200717t27baf352tb896acea18c3c0b9@mail.gmail.com> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> <871wdy7f9t.fsf@wheatstone.g10code.de> <46C95B43.6000705@arcor.de> <94A20C13-3FFA-4763-829E-8677BD2A405B@googlemail.com> <2bfbe2040708200717t27baf352tb896acea18c3c0b9@mail.gmail.com> Message-ID: <46C9B48D.5060800@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Victor Stuart wrote: > Well, I use GnuPG 1.4.7 and 2.0.6 compiled by MingW32, they don't > support bzip2. I Compile the 1.4.Branch using MinGW & I have bzip2. Did You remember to include it when compiling? JOHN ;) Timestamp: Monday 20 Aug 2007, 11:33 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4556: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJGybSLAAoJEBCGy9eAtCsP53YH/RDo6Amh3ttJ5u0Yk0vbsnkn 2WYemATEYS5zG5D+ikf/WkDweVfUWUSTVpYVcRmw7luWtVFEteb02XXx/r+ACLUk EtzHED0zjprWgAxZ8hDzWAabWbXgA7V5sau26gx0jIE6Ho2jKLIYvFe3ML33QY02 AbOTss75ECVuzcu6XQJwMb1MMZ4bZLazCH+4G6bOqeJg4YdE1ZZuTWYofGxJ3zvI ybNVPrqJGUBF0rLoLeDuaFqFpx14VpvWmF7Ul4J6ue93p6QpluyD2SPYIFFQqSVm BHh2OYyACVLL7u7+I4jRa3jWNp+uYATPUrNuln+fPXFOPj23xPqKcga1C4MIzzY= =+/rr -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Mon Aug 20 18:20:01 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Mon, 20 Aug 2007 11:20:01 -0500 Subject: [Announce] GnuPG 2.0.6 released In-Reply-To: <2bfbe2040708200717t27baf352tb896acea18c3c0b9@mail.gmail.com> References: <871we3po2x.fsf__1516.63684887371$1187274987$gmane$org@wheatstone.g10code.de> <46C543E5.7010409@mozilla-enigmail.org> <87odh6ioln.fsf@wheatstone.g10code.de> <46C6CAD6.1060201@arcor.de> <871wdy7f9t.fsf@wheatstone.g10code.de> <46C95B43.6000705@arcor.de> <94A20C13-3FFA-4763-829E-8677BD2A405B@googlemail.com> <2bfbe2040708200717t27baf352tb896acea18c3c0b9@mail.gmail.com> Message-ID: <46C9BF31.9020402@tx.rr.com> Victor Stuart wrote: > Well, I use GnuPG 1.4.7 and 2.0.6 compiled by MingW32, they don't > support bzip2. Well, maybe not the 1.4.7 you are using from GPG4WIN as Werner pointed out earlier, but it *is* part of the 1.4.7 available from gnupg.org. Installer available at: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.7.exe C:\WINDOWS>gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 BTW, MinGW32 refers to a compiler (MINimalist Gnu for Windows32), not any group. All GnuPG builds for Windows will say MinGW regardless of who does the packaging unless the builder plays with config.h before running make. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070820/61d36229/attachment.pgp From mo at g10code.com Mon Aug 20 17:37:06 2007 From: mo at g10code.com (Moritz Schulte) Date: Mon, 20 Aug 2007 17:37:06 +0200 Subject: GnuPG & OpenSSH In-Reply-To: <81945.9244.qm@web52607.mail.re2.yahoo.com> References: <81945.9244.qm@web52607.mail.re2.yahoo.com> Message-ID: <13492.1187624226@localhost.localdomain> A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 199 bytes Desc: not available Url : /pipermail/attachments/20070820/ff65f604/attachment.pgp From hhhobbit at securemecca.net Mon Aug 20 20:29:37 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Mon, 20 Aug 2007 12:29:37 -0600 Subject: Compression routines - please include 7-Zip In-Reply-To: References: Message-ID: <46C9DD91.7050401@securemecca.net> Werner: F?r die Unterzeichnung danke. This is amazing for somebody whose father was run out of nothern Mexico (Me-hico) by Pancho Villa's raiders. I have been using the 7-Zip compression long enough to give Igor Pavlov the nod he has longed for. Bzip2 is good. 7-Zip is better. If you want to know how much better I will I give you the install for our PAC filter in 7-Zip. Reply out of group and I will give you the goods. It works in both Anglais (Etas-Unis) and Fran?ais. It is so blisteringly fast that it is time to give credit where credit is due. I had it updating our (my?) PAC filter. Even with copying the executable for 7zip.exe on Windows it is so blisteringly fast I can't believe it. I am used to the forty years that Microsoft takes. When it is done almost instantaneously (the word comes from Latin to Fran?ais to Anglais) it shocked me! What I need is more security for the sig downloads to guarantee that things are okay (email me for the script that will be available in a few hours). Tell Richard Stallman to stop toking up long enough so that we can discuss this and head it in the right direction. Other than the fact that 7-Zip does not store the UID/GID it is the best compression algorithm out there. It is only marginally better than BZIP2 but it is infinitely better than ZIP or RAR. If we can adopt it as a standard in OpenPGP it may be all that is needed to go to the next level. Why go half-way when you can go all the way? The UID/GID problem has no meaning in email anyway. What I am begging for is people to make the install of 7-Zip not optional but mandatory. In the past month I told somebody to stuff it because they refused to use it on Windows. It was the best thing that happened in my life. I have a French speaking friend who is infinitely better than all of my English speaking friends. Thanks for listening. I am too tired right now. I have to take a nap. HHH From james at freecharity.org.uk Mon Aug 20 21:26:16 2007 From: james at freecharity.org.uk (James Davis) Date: Mon, 20 Aug 2007 20:26:16 +0100 Subject: GnuPG & OpenSSH In-Reply-To: <87absmcijr.fsf@wheatstone.g10code.de> References: <81945.9244.qm@web52607.mail.re2.yahoo.com> <87absmcijr.fsf@wheatstone.g10code.de> Message-ID: <46C9EAD8.6060508@freecharity.org.uk> Werner Koch wrote: > Me too ;-). There are some text fragments floating around but there is > no real HOWTO. Steps 1-4 on this page still apply if you're not using a smart card. You'll want to use ssh-add to add keys rather than expect it to pick them up automatically though. http://www.fsfe.org/fellows/greve/freedom_bits/authenticating_ssh_logins_with_the_fellowship_crypto_card That and gpg-agent's man page were enough to get me familiar with these features. James -- FreeCharity.org.uk - Free hosting for charities and non-profits WordPress and Blogging Consultancy - (01348) 800101 From rjh at sixdemonbag.org Mon Aug 20 21:46:13 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 20 Aug 2007 14:46:13 -0500 Subject: Compression routines - please include 7-Zip In-Reply-To: <46C9DD91.7050401@securemecca.net> References: <46C9DD91.7050401@securemecca.net> Message-ID: <46C9EF85.20702@sixdemonbag.org> Henry Hertz Hobbit wrote: > I am used to the forty years that Microsoft takes. MS's implementation of zip compression is known to be ridiculously slow. Most other zip implementations are orders of magnitude faster. > Tell Richard Stallman to stop toking up long enough so that we can > discuss this and head it in the right direction. RMS is not a core contributor for the GnuPG project. He is also not on the IETF OpenPGP working group. If you are interested in pitching this, I would suggest pitching it to the IETF. GnuPG's typical position is to only support the RFC, without any embrace-and-extend. From bahamut at digital-signal.net Mon Aug 20 22:20:24 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Mon, 20 Aug 2007 15:20:24 -0500 Subject: Compression routines - please include 7-Zip In-Reply-To: <46C9DD91.7050401@securemecca.net> References: <46C9DD91.7050401@securemecca.net> Message-ID: <46C9F788.4030001@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Henry Hertz Hobbit wrote: > It is so blisteringly fast that it is time to give credit where > credit is due. I had it updating our (my?) PAC filter. Even with > copying the executable for 7zip.exe on Windows it is so blisteringly > fast I can't believe it. I am used to the forty years that Microsoft > takes. When it is done almost instantaneously (the word comes from > Latin to Fran?ais to Anglais) it shocked me! You're referring to PPMd, right? LZMA is pretty slow (though the compression it achieves is almost always worth it). Plus, PPMd is much, much better than LZMA with text. > It is only marginally better than > BZIP2 but it is infinitely better than ZIP or RAR. To be fair, RAR isn't that bad. I'm not suggesting Werner use it, but it shouldn't be grouped with zip. I'd like to see where this goes. - -- Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.6 | Enigmail 0.95.2 | GPG 1.4.7 Key ID: 0xF88E034060A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRsn3h/iOA0Bgp4/LAQNV3ggAj9AmUvhYRBvHo7gbMwQSqZpK+37GVNea sgmp+JQ+c4MjXEfkMj4LuyjTGcx+YBhtOPcSBQusiwzcurLHzgLZS+KrvzVf3Xj/ 1J1gGzwi0sAgB5I9OIhvNq1qwb8lP8+2mTjwF2gVW6Yl+CaypB5ZGJv4/7aM88oX W4yumKhCQv8MXHDf5tK6ClOj+fHJR8FLVUTKTkGrVIoNBMaZKEAuViU2FtI21x+q CHHwODb7CTxY8ocdjtdVymRqw3iqpnee5DWgsMZOv7GBIiruJa2Dpv7UxiiUD+Rn z0szhaSJSUbY9eR/Mc6gvf2q36L2o2tAiK3C2EpDsy/741Pnenx9ZQ== =nMe0 -----END PGP SIGNATURE----- From wk at gnupg.org Mon Aug 20 22:38:56 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Aug 2007 22:38:56 +0200 Subject: Compression routines - please include 7-Zip In-Reply-To: <46C9EF85.20702@sixdemonbag.org> (Robert J. Hansen's message of "Mon, 20 Aug 2007 14:46:13 -0500") References: <46C9DD91.7050401@securemecca.net> <46C9EF85.20702@sixdemonbag.org> Message-ID: <87lkc6aqlb.fsf@wheatstone.g10code.de> On Mon, 20 Aug 2007 21:46, rjh at sixdemonbag.org said: > If you are interested in pitching this, I would suggest pitching it to > the IETF. GnuPG's typical position is to only support the RFC, without > any embrace-and-extend. Right, we won't support things which are not in the standard or at least described in a draft of whom we know that it will end up as a standard. For interoperability we can't use new compression algorithms. There is also the issue that adding algorithms does not help to keep a standard clean. I was not in favor of bzip2 for that reasons and in retrospective I's better not pushed the ZLIB algorithm. Let each tool do what it can do best. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From JPClizbe at tx.rr.com Mon Aug 20 23:13:35 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Mon, 20 Aug 2007 16:13:35 -0500 Subject: Compression routines - please include 7-Zip In-Reply-To: <87lkc6aqlb.fsf@wheatstone.g10code.de> References: <46C9DD91.7050401@securemecca.net> <46C9EF85.20702@sixdemonbag.org> <87lkc6aqlb.fsf@wheatstone.g10code.de> Message-ID: <46CA03FF.2030105@tx.rr.com> Werner Koch wrote: > On Mon, 20 Aug 2007 21:46, rjh at sixdemonbag.org said: >> If you are interested in pitching this, I would suggest pitching it to >> the IETF. GnuPG's typical position is to only support the RFC, without >> any embrace-and-extend. > > Right, we won't support things which are not in the standard or at least > described in a draft of whom we know that it will end up as a standard. > > For interoperability we can't use new compression algorithms. There is > also the issue that adding algorithms does not help to keep a standard > clean. I was not in favor of bzip2 for that reasons and in > retrospective I's better not pushed the ZLIB algorithm. Werner, I agree with both Rob and you on this. Those who want to campaign for 7-Zip can pitch it to the IETF Working Group. Though if it's only marginally better than BZIP2, the WG is likely not to accept it. But the 'not in the standard' and interoperability remarks lead me to wonder, "Why is TIGER192 in the Windows build of GnuPG2 that's in GPG4Win?" -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070820/b1004586/attachment.pgp From bchill at bch.net Tue Aug 21 00:11:05 2007 From: bchill at bch.net (Brian C. Hill) Date: Mon, 20 Aug 2007 15:11:05 -0700 Subject: gnupg 2.0.2 and funopen/fopencookie on Solaris 8 In-Reply-To: <46CA03FF.2030105@tx.rr.com> References: <46C9DD91.7050401@securemecca.net> <46C9EF85.20702@sixdemonbag.org> <87lkc6aqlb.fsf@wheatstone.g10code.de> <46CA03FF.2030105@tx.rr.com> Message-ID: <20070820221105.GB22483@romulus.mondobox.com> On Fri, 23 Feb 2007 01:53, Werner Koch wrote: > On Fri, 23 Feb 2007 01:17, bchill at bch.net said: > > > How have other managed to build gnupg on SunOS 5.8? > > You can't build GnuPG 2 on a system without funopen. We will > eventually solve this by replacing most stdio operations by a our own > and enhanced stdio implementation. Unfortunately there is no other > way to do that. > > Shalom-Salam, > > Werner I put this aside for a bit, but I am back to it now. I realize that Solaris isn't a supported platform, but FAQ says that there are "positive reports" of running gnupg on Solaris. Has anyone on this list done that and how? Is there a standalone funopen library? Brian From hhhobbit at securemecca.net Tue Aug 21 08:06:43 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Tue, 21 Aug 2007 00:06:43 -0600 Subject: Compression routines - please include 7-Zip In-Reply-To: <46C9DD91.7050401@securemecca.net> References: <46C9DD91.7050401@securemecca.net> Message-ID: <46CA80F3.8060302@securemecca.net> Settle down. I am arguing for the inclusion of 7zip IN THE FUTURE! I am just afraid it is going to get overlooked again yet one more time. The fact that 7zip doesn't store the UID:GID is a plus in my mind. It allows you to get what ever UID:GID YOU are when you unzip it. That is better than some of the strange ownerships I see, sometimes with the actual install files themselves. Some people don't know what "chown -R UID:GID " is yet. I am not so stupid to not know you can NOT use 7zip now. It isn't in the RFC. What I am arguing for is NOT to forget 7zip exists when you do the next iteration of the RFC. Here is why with a non-trivial real world example comparing all of the zips. I have one machine I work on almost all the time. It isn't mine. My machine is rarely available (I did mention I have been homeless for several years now and unemployed for over eleven years now, didn't I?) and since I need the mail in sync I frequently zip it up on this machine, encrypt it, put it up to my web site and then pull it down to the other machine to keep the mail in sync on both machines. Here are the file size comparisons for the two MUAs: Evolution File Sizes: ===================== 2713325 evolution.tar.7z 2728384 evolution.tar.7z.gpg [ 1.00555 * 7zip ] 3090190 evolution.tbz [ 1.14 * 7zip ] 3221545 evolution.tar.gz [ 1.04 * bzip2 ] { used -9 } 3340579 evolution.zip [ 1.04 * gzip ] { used -9 } 7792640 evolution.tar [ 2.33 * zip ] Thunderbird File Sizes: ======================= 4058666 thunderbird.tar.7z [ BEST ] 4080803 thunderbird.tar.7z.gpg [ 1.00545 * 7zip ] 4528758 thunderbird.tbz [ 1.16 * 7zip ] 5044288 thunderbird.tar.gz [ 1.11 * bzip2 ] { used -9 } 5138290 thunderbird.zip [ 1.02 * gzip ] { used -9 } 13721600 thunderbird.tar [ 2.67 * zip ] Cipher = TWOFISH Now it doesn't take a genius to know what I am going to use with restrictive upload speeds - *.tar.7z.gpg or just *.7z.gpg! You think I am so crazy that I am not going to encrypt it with file perms like these? ftp> dir -rw-rw-r-- 1 3156036 1000006 2728384 evolution.tar.7z.gpg -rw-rw-r-- 1 3156036 1000006 4080803 thunderbird.tar.7z.gpg I don't know who else is in group 1000006. I also actually have the 7zip format on my web site (just replace the tbz with 7z): http://www.securemecca.com/InstallProxyPkg.unx.7z http://www.securemecca.com/InstallProxyPkg.msw.7z http://www.securemecca.com/fr/InstallProxyPkg_FR.unx.7z http://www.securemecca.com/fr/InstallProxyPkg_FR.msw.7z (last two are work in progress, second is actually used) But I face the same problem. There are all of these moss-backs that say they can't pull down 7-zip and compile it for their Unix systems. It isn't the Unix way! PHOOEY! You can even pull down the binary install packages of 7zip (which is NOT the Unix way as far as I am concerned) for Linux and several other Unix systems if you don't have a Gnu development system. In fact, I have to provide gzip and zip files on the sister hostsfile.org site because that IIS server isn't set to allow downloads of either 7zip or bzip2 files. So here are the actual links I use instead: http://www.securemecca.com/InstallProxyPkg.unx.tbz http://www.securemecca.com/fr/InstallProxyPkg_FR.unx.tbz http://www.hostsfile.org/InstallProxyPkg.unx.tar.gz http://www.hostsfile.org/InstallProxyPkg.msw.zip (second is same and still work in progress) All of this reminds me of the person (a Microsofft MVP) I tried to get to do the following things. 1. Use GnuPG encryption to get around the 42.zip block at his pop mail server that caused all the zip files containing the name of bad hosts I was sending to him to be blocked in a very strange way. He wouldn't do it. It wasn't the Windows way. 2. Use another mail server. It wasn't the Windows way? He is still using the same mail server. 3. Use gzip? It isn't the Windows way. It doesn't matter that WinZip and almost all other zip programs support the gzip format. It just isn't the Windows way! 4. Use 7zip? It isn't the Windows way. Besides, one zipped up file with just a few dozen bad hosts isn't worth it. SHEESH! That 7zip file contained almost a dozen files and hundreds of bad hosts and yes, they were in a folder. Work with that person is terminated! But it takes just one suggestion via an Internet search before I address a hole I know has been there for some time in what I am working on. It doesn't matter that it was way down on the 4 dozen things I had to do and the monitoring of two dozen experimental rules. Just one person making that statement will make me shift when I see it is a priority with the people considering what I am providing (it is *GPL licensed). WHAT I USE 7ZIP FOR (besides personal use): =========================================== I use 7zip to unpack the files with an auto-update and I can already hear people complaining that because it needs UnixUtils (CygWin is rather large) and 7-zip, that it ISN'T THE WINDOWS WAY! It doesn't matter that it is blisteringly fast. Phooey with the Windows way. I want the way that works that is best. I will dump my absurd keys with their huge key size if you promise to at least consider 7zip in the future. It kind of reminds me of the almost 4,000 hosts that somebody was blocking that I block with just one rule (I have no idea how many there are): BadNetworks[i++] = "216.65.41.185, 255.255.255.254"; askeeves.com, askgevees.com, askjieves.com, circuitcit.com, circuitecity.com anybody? But that ISN'T THE WINDOWS WAY! What I am saying is there IS a better mouse-trap, and it IS 7zip! It is ALL I use for my own personal use any more. It IS LGPL licensed and it IS THE GNU WAY. Pun intended. Do some tests to convince yourself that it is the real deal. And yes, I could have used 7zip's built-in AES encryption. I like TWOFISH. It is just personal preference. I may reconsider. HHH From rjh at sixdemonbag.org Tue Aug 21 08:43:52 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 21 Aug 2007 01:43:52 -0500 Subject: Compression routines - please include 7-Zip In-Reply-To: <46CA80F3.8060302@securemecca.net> References: <46C9DD91.7050401@securemecca.net> <46CA80F3.8060302@securemecca.net> Message-ID: <46CA89A8.7030003@sixdemonbag.org> Henry Hertz Hobbit wrote: > Settle down. I am arguing for the inclusion of 7zip IN THE FUTURE! Once more, this mailing list is not the correct forum to raise your concerns. Please do it on the IETF OpenPGP WG mailing list. > What I am arguing for is NOT to forget 7zip exists > when you do the next iteration of the RFC. Given that the RFC cycle has ended and a formal submission made to the IETF just weeks ago, I do not expect a new submission for at least five years. There will likely be a series of -bis releases in the months and years to come. If you want to get 7Z in a -bis release, you need to talk to the IETF OpenPGP WG. I do not know how to make the preceding more clear. From wk at gnupg.org Tue Aug 21 09:04:25 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 21 Aug 2007 09:04:25 +0200 Subject: Compression routines - please include 7-Zip In-Reply-To: <46CA03FF.2030105@tx.rr.com> (John Clizbe's message of "Mon, 20 Aug 2007 16:13:35 -0500") References: <46C9DD91.7050401@securemecca.net> <46C9EF85.20702@sixdemonbag.org> <87lkc6aqlb.fsf@wheatstone.g10code.de> <46CA03FF.2030105@tx.rr.com> Message-ID: <87ps1h9xmu.fsf@wheatstone.g10code.de> On Mon, 20 Aug 2007 23:13, JPClizbe at tx.rr.com said: > But the 'not in the standard' and interoperability remarks lead me to wonder, > "Why is TIGER192 in the Windows build of GnuPG2 that's in GPG4Win?" That is a bug. TIGER192 is defined by OpenPGP alsthough it will be dropped from the next revision. I'll fix it. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From wk at gnupg.org Tue Aug 21 09:16:44 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 21 Aug 2007 09:16:44 +0200 Subject: gnupg 2.0.2 and funopen/fopencookie on Solaris 8 In-Reply-To: <20070820221105.GB22483@romulus.mondobox.com> (Brian C. Hill's message of "Mon, 20 Aug 2007 15:11:05 -0700") References: <46C9DD91.7050401@securemecca.net> <46C9EF85.20702@sixdemonbag.org> <87lkc6aqlb.fsf@wheatstone.g10code.de> <46CA03FF.2030105@tx.rr.com> <20070820221105.GB22483@romulus.mondobox.com> Message-ID: <87lkc59x2b.fsf@wheatstone.g10code.de> On Tue, 21 Aug 2007 00:11, bchill at bch.net said: > Is there a standalone funopen library? Yes, at most places we now use our estream library which is plain POSIX. However there are a two places where funopen is still used but not required as tehre is a simple replacement: sm/certdump.c for formatting the prompts and jnlib/logging.c for logging to a socket (the later is just not available without funopen). Both will be converted to estream asap. So, in theory it should build on any POSIX system. I plan to do some tests on Solaris next week or so. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From wk at gnupg.org Tue Aug 21 09:25:03 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 21 Aug 2007 09:25:03 +0200 Subject: Compression routines - please include 7-Zip In-Reply-To: <46CA80F3.8060302@securemecca.net> (Henry Hertz Hobbit's message of "Tue, 21 Aug 2007 00:06:43 -0600") References: <46C9DD91.7050401@securemecca.net> <46CA80F3.8060302@securemecca.net> Message-ID: <87hcmt9wog.fsf@wheatstone.g10code.de> On Tue, 21 Aug 2007 08:06, hhhobbit at securemecca.net said: > time. The fact that 7zip doesn't store the UID:GID is a plus in > my mind. It allows you to get what ever UID:GID YOU are when you OpenPGP does not know about file permission , thus this is irrelevant. In fact the comprssion algorithms specified are bare-bone compression algorithms and not archival formats. If you want gpg to detect that an input file is 7zip encoded and disable compression in that case, wer can do this as long as the detection can be done by reading a few bytes at the start of the file and if you pass the filename. However, -z0 would do the same. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From dougb at dougbarton.us Tue Aug 21 08:19:05 2007 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 20 Aug 2007 23:19:05 -0700 (PDT) Subject: Compression routines - please include 7-Zip In-Reply-To: <46CA80F3.8060302@securemecca.net> References: <46C9DD91.7050401@securemecca.net> <46CA80F3.8060302@securemecca.net> Message-ID: On Tue, 21 Aug 2007, Henry Hertz Hobbit wrote: > Settle down. I am arguing for the inclusion of 7zip IN THE FUTURE! So join the IETF working group, and champion its cause. If you've read the posts on this thread, you've seen that this is the only way it's going to happen. Also, please remember that you can already compress your file with whatever algorithm you want, then encrypt it, so this whole discussion is silly. Thanks, Doug From burks at burks.de Tue Aug 21 09:17:00 2007 From: burks at burks.de (Burkhard Schroeder) Date: Tue, 21 Aug 2007 09:17:00 +0200 Subject: Decrpytion not automatically possbible Message-ID: <46CA916C.2060201@burks.de> Hi, a got the same problem with Thunderbird and Evolution: encryption is working perfect, but decryption not. I have to store the textfile manually, and then to decrypt it as a file :-( But I did not change nothing..... I got the message only in german: Fehler - Entschl?sselung fehlgeschlagen gpg Kommandozeile und Ausgabe: /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 -d --use-agent gpg: Schwierigkeiten mit dem Agenten - Agent-Ansteuerung wird abgeschaltet gpg: Passwortsatz kann im Batchmodus nicht abgefragt werden gpg: Ung?ltige Passphrase; versuchen Sie es bitte noch einmal ... gpg: Passwortsatz kann im Batchmodus nicht abgefragt werden gpg: Ung?ltige Passphrase; versuchen Sie es bitte noch einmal ... gpg: Passwortsatz kann im Batchmodus nicht abgefragt werden gpg: verschl?sselt mit 4096-Bit ELG-E Schl?ssel, ID 488E0745, erzeugt 2005-07-23 "Burkhard Schroeder " gpg: Entschl?sselung mit Public-Key-Verfahren fehlgeschlagen: Falsche Passphrase gpg: Entschl?sselung fehlgeschlagen: Geheimer Schl?ssel ist nicht vorhanden Bukrs From patrick at mozilla-enigmail.org Tue Aug 21 12:40:30 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Tue, 21 Aug 2007 12:40:30 +0200 Subject: Decrpytion not automatically possbible In-Reply-To: <46CA916C.2060201__2602.58063576675$1187689885$gmane$org@burks.de> References: <46CA916C.2060201__2602.58063576675$1187689885$gmane$org@burks.de> Message-ID: Burkhard Schroeder wrote: > Hi, > > a got the same problem with Thunderbird and Evolution: encryption is > working perfect, but decryption not. I have to store the textfile > manually, and then to decrypt it as a file :-( > > But I did not change nothing..... > > I got the message only in german: > > Fehler - Entschl?sselung fehlgeschlagen > > gpg Kommandozeile und Ausgabe: > /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 -d --use-agent > gpg: Schwierigkeiten mit dem Agenten - Agent-Ansteuerung wird abgeschaltet > gpg: Passwortsatz kann im Batchmodus nicht abgefragt werden > gpg: Ung?ltige Passphrase; versuchen Sie es bitte noch einmal ... > gpg: Passwortsatz kann im Batchmodus nicht abgefragt werden > gpg: Ung?ltige Passphrase; versuchen Sie es bitte noch einmal ... > gpg: Passwortsatz kann im Batchmodus nicht abgefragt werden > gpg: verschl?sselt mit 4096-Bit ELG-E Schl?ssel, ID 488E0745, erzeugt > 2005-07-23 > "Burkhard Schroeder " > gpg: Entschl?sselung mit Public-Key-Verfahren fehlgeschlagen: Falsche > Passphrase > gpg: Entschl?sselung fehlgeschlagen: Geheimer Schl?ssel ist nicht vorhanden I don't know why Evolution would try to use gpg-agent, but at least in Thunderbird/Enigmail make sure that the option "Use gpg-agent for passphrases" is turned OFF. Furthermore, make sure that there is no GPG_AGENT_INFO environment variable set. -Patrick From sriharivijayaraghavan at yahoo.com.au Tue Aug 21 13:40:47 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Tue, 21 Aug 2007 21:40:47 +1000 (EST) Subject: GnuPG & OpenSSH In-Reply-To: <13492.1187624226@localhost.localdomain> Message-ID: <633050.24571.qm@web52605.mail.re2.yahoo.com> --- Moritz Schulte wrote: > > > 1. Is it possible to have only one key pair (public & secret pref. DSA) > that > > can be used for both GPG & OpenSSH? (as a sys admin of some interest in > > cryptography, this is an important question) > > Uhm, possible... sure, why not. I just don't know right now how one > would achive that. It's not a crazy idea then :-). It'd be nice to discover how to achieve this though (if at all possible). > > 2. Is gpg-agent, SSH agent service provided by GPG etc. somehow useful > only > > when one has a card reader? Or put it other way, is it useful even when > one > > has no card reader? > > gpg-agent supports the ssh-agent protocol and can be used as a drop-in > replacement. It's definitely useful without smartcard reader. > Supporting the smartcard out-of-the-box is an addon. Thanks for that. On that note, I spent a few hours on gpg-agent & getting it to look after my SSH private keys (with individual pass-phrases etc.). All looking good. Wonderful. > > 3. Am I missing a simple 'GPG/OpenSSH unification for dummies' (dummies > like > > me :-)) with a few solid examples on unifying GPG (keys - including > exporting > > GPG public key to add into .ssh/authorized_keys, gpg-agent) with OpenSSH > > client side? > > I don't know about such a document. But, the gpg-agent thing is rather > simple: add "enable-ssh-support" to your gpg-agent.conf (or use > --enable-ssh-support). Then, gpg-agent will not only set GPG_AGENT_INFO > in the environment, but also e.g. SSH_AUTH_SOCK. "ssh-add " > can be used to introduce ssh keys to the gpg-gent. Note: this does only > need to be done ONCE! gpg-agent will not simply forget added ssh keys > when you restart it (like ssh-agent). The key is ready to use now. > Whenever the passphrase for the key is required, gpg-agent fires up > pinentry to retrieve the passphrase. > > Hope that helps, Indeed, it greatly helped me in understanding the mental picture of what was going on in gpg-agent :-). Thank you for that. > moritz Srihari ____________________________________________________________________________________ Get the World's number 1 free email service. http://mail.yahoo.com.au From sriharivijayaraghavan at yahoo.com.au Tue Aug 21 13:51:32 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Tue, 21 Aug 2007 21:51:32 +1000 (EST) Subject: GnuPG & OpenSSH In-Reply-To: <87absmcijr.fsf@wheatstone.g10code.de> Message-ID: <307178.16356.qm@web52608.mail.re2.yahoo.com> --- Werner Koch wrote: > On Mon, 20 Aug 2007 14:10, sriharivijayaraghavan at yahoo.com.au said: > > > 1. Is it possible to have only one key pair (public & secret pref. DSA) > that > > can be used for both GPG & OpenSSH? (as a sys admin of some interest in > > cryptography, this is an important question) > > Yes. However you want separate keys for separate tasks. Fortunately > OpenPGP provides just that: There is a primary key for certifying other > keys (and subkeys) and subkeys for encryption, signing and > authentication. The authentication key may be used for SSH. Good. Agreed it's a good idea to maintain a key per task (in fact in OpenSSH automation side of things having a key pair per task does help a lot). Question: when I did gpg2 --gen-keys (& ran through with the default DSA/Elgamal keys), the 'authentication key' (that'd be suitable for SSH authentication you're referring to) created by default? (or the DSA private key be suitable for that purpose? I suspect so.) Then the question is, now for the OpenSSH private key, how to extract/create the said 'authentication key' that can be stored in ~/.ssh/id_dsa format for SSH authentication? (I've worked out the extraction of the SSH compatible public key from the GPG using gpgkey2ssh tool, so ~/.ssh/id_dsa.pub is taken care of. Alas, gpg2 --list-public-keys and --list-secret-keys gives the same ID for both public & secret keys.) Or is there a trick involved in gpg-agent directly handling private key needed for SSH client somehow? (by only propagating the gpgkey2ssh extracted public key to .ssh/authorized_hosts of the remote machines) Thanks ____________________________________________________________________________________ Get the World's number 1 free email service. http://mail.yahoo.com.au From dshaw at jabberwocky.com Tue Aug 21 15:56:18 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 21 Aug 2007 09:56:18 -0400 Subject: Compression routines - please include 7-Zip In-Reply-To: <46CA89A8.7030003@sixdemonbag.org> References: <46C9DD91.7050401@securemecca.net> <46CA80F3.8060302@securemecca.net> <46CA89A8.7030003@sixdemonbag.org> Message-ID: <20070821135618.GA7151@jabberwocky.com> On Tue, Aug 21, 2007 at 01:43:52AM -0500, Robert J. Hansen wrote: > Henry Hertz Hobbit wrote: > > Settle down. I am arguing for the inclusion of 7zip IN THE FUTURE! > > Once more, this mailing list is not the correct forum to raise your > concerns. Please do it on the IETF OpenPGP WG mailing list. > > > What I am arguing for is NOT to forget 7zip exists > > when you do the next iteration of the RFC. > > Given that the RFC cycle has ended and a formal submission made to the > IETF just weeks ago, I do not expect a new submission for at least five > years. Now that 2440bis has been submitted to the IETF, the best way to get a new algorithm in to OpenPGP is to submit a simple draft that just adds that algorithm. It's essentially 3 pages of boilerplate, and a paragraph or twho saying "add algorithm XXXX". For example, here's the draft I put together to add the Camellia cipher: http://www.imc.org/ietf-openpgp/mail-archive/msg15758.html Of course, the WG has to approve it, and for procedural reasons I doubt it would be considered until 2440bis is published (it's hard to publish a document extending X until X is published). Still, 2440bis is already in the RFC editor queue, so it's coming. David From Sucharitha.X.Panthika at chase.com Tue Aug 21 17:17:14 2007 From: Sucharitha.X.Panthika at chase.com (Sucharitha.X.Panthika at chase.com) Date: Tue, 21 Aug 2007 11:17:14 -0400 Subject: PGPPublicKeyRing from Bouncy Castle package Message-ID: <576C22B3368703468CA4E8704A5F4D4F0FFDA8D8@swilnts812.wil.fusa.com> I am creating keys using gnupg command line and accessing the keys for my application using Bouncy Castle PGPPUblicKeyRing object reading the pubring.gpg file under user home directory. I have three different public keys one for app and one for web and one for local testing. When debug the PGPPublicKeyRing using Iterator I see only two keys in list and only one of them has uid associated. Where all my three keys have different uid's. Anyone knows why I am not getting three keys with all uids thanks much ----------------------------------------- This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. From bchill at bch.net Tue Aug 21 17:59:25 2007 From: bchill at bch.net (Brian C. Hill) Date: Tue, 21 Aug 2007 08:59:25 -0700 Subject: gnupg 2.0.2 and funopen/fopencookie on Solaris 8 In-Reply-To: <87lkc59x2b.fsf@wheatstone.g10code.de> References: <46C9DD91.7050401@securemecca.net> <46C9EF85.20702@sixdemonbag.org> <87lkc6aqlb.fsf@wheatstone.g10code.de> <46CA03FF.2030105@tx.rr.com> <20070820221105.GB22483@romulus.mondobox.com> <87lkc59x2b.fsf@wheatstone.g10code.de> Message-ID: <20070821155925.GE10170@romulus.mondobox.com> Hi Werner, Are you saying that I should be able to compile gpg now? Where do I get the estream library? Brian ====================================================================== On Tue, Aug 21, 2007 at 09:16:44AM +0200, Werner Koch wrote: > On Tue, 21 Aug 2007 00:11, bchill at bch.net said: > > > Is there a standalone funopen library? > > Yes, at most places we now use our estream library which is plain POSIX. > > However there are a two places where funopen is still used but not > required as tehre is a simple replacement: sm/certdump.c for formatting > the prompts and jnlib/logging.c for logging to a socket (the later is > just not available without funopen). Both will be converted to estream > asap. > > So, in theory it should build on any POSIX system. I plan to do some > tests on Solaris next week or so. > > > Shalom-Salam, > > Werner > > > > > -- > Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. -- _____________________________________________________________________ / Brian C. Hill bchill at bch.net http://brian.bch.net \ | UNIX Specialist BCH Technical Services http://www.bch.net | From hawke at hawkesnest.net Tue Aug 21 20:30:01 2007 From: hawke at hawkesnest.net (Alex Mauer) Date: Tue, 21 Aug 2007 13:30:01 -0500 Subject: GnuPG & OpenSSH In-Reply-To: <87absmcijr.fsf__5050.08101831681$1187625183$gmane$org@wheatstone.g10code.de> References: <81945.9244.qm@web52607.mail.re2.yahoo.com> <87absmcijr.fsf__5050.08101831681$1187625183$gmane$org@wheatstone.g10code.de> Message-ID: Werner Koch wrote: > On Mon, 20 Aug 2007 14:10, sriharivijayaraghavan at yahoo.com.au said: > > Yes. However you want separate keys for separate tasks. Fortunately > OpenPGP provides just that: There is a primary key for certifying other > keys (and subkeys) and subkeys for encryption, signing and > authentication. The authentication key may be used for SSH. How can one generate this authentication key, other than via the OpenPGP smart card? -Alex Mauer "hawke" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070821/31f6be2a/attachment.pgp From JPClizbe at tx.rr.com Wed Aug 22 05:46:15 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Tue, 21 Aug 2007 22:46:15 -0500 Subject: GnuPG & OpenSSH In-Reply-To: References: <81945.9244.qm@web52607.mail.re2.yahoo.com> <87absmcijr.fsf__5050.08101831681$1187625183$gmane$org@wheatstone.g10code.de> Message-ID: <46CBB187.70403@tx.rr.com> Alex Mauer wrote: > Werner Koch wrote: >> On Mon, 20 Aug 2007 14:10, sriharivijayaraghavan at yahoo.com.au said: >> >> Yes. However you want separate keys for separate tasks. Fortunately >> OpenPGP provides just that: There is a primary key for certifying other >> keys (and subkeys) and subkeys for encryption, signing and >> authentication. The authentication key may be used for SSH. > > How can one generate this authentication key, other than via the OpenPGP > smart card? jpclizbe at booboo ~ $ gpg --expert --gen-key Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (3) DSA (set your own capabilities) (5) RSA (sign only) (7) RSA (set your own capabilities) Your selection? 7 Possible actions for a RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Sign Certify Encrypt (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? A Possible actions for a RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Sign Certify Encrypt Authenticate (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? Q RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Follow the rest of the prompts. You could also add an Authenticate subkey. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070821/c124e7bf/attachment.pgp From wk at gnupg.org Wed Aug 22 09:01:28 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 22 Aug 2007 09:01:28 +0200 Subject: gnupg 2.0.2 and funopen/fopencookie on Solaris 8 In-Reply-To: <20070821155925.GE10170@romulus.mondobox.com> (Brian C. Hill's message of "Tue, 21 Aug 2007 08:59:25 -0700") References: <46C9DD91.7050401@securemecca.net> <46C9EF85.20702@sixdemonbag.org> <87lkc6aqlb.fsf@wheatstone.g10code.de> <46CA03FF.2030105@tx.rr.com> <20070820221105.GB22483@romulus.mondobox.com> <87lkc59x2b.fsf@wheatstone.g10code.de> <20070821155925.GE10170@romulus.mondobox.com> Message-ID: <87wsvo59yv.fsf@wheatstone.g10code.de> On Tue, 21 Aug 2007 17:59, bchill at bch.net said: > Are you saying that I should be able to compile > gpg now? Where do I get the estream library? It is part of gnupg 2.0.6 and used on any platform. (common/estream*.[ch]) I don't know whether it will build. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz. From oskar at rbgi.net Wed Aug 22 12:06:18 2007 From: oskar at rbgi.net (Oskar L.) Date: Wed, 22 Aug 2007 13:06:18 +0300 (EEST) Subject: Questions about generating keys Message-ID: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> I'm about to generate a new keypair, and got a few questions. I have many e-mail addresses and change them frequently, and therefore I don't want to have one in my public key. (Also because I'm afraid of getting spam.) I think this would be easier than having to update a lot of user IDs. Are there any any drawbacks in not having an e-mail address in the public key? Are there any widely used applications that will expect one, and not work if none is found? Why is there no way to generate a RSA keypair in one step, like when you create a DSA/Elgamal keypair? Why do I first have to create a signing key, and then in a separate step create an encryption key? This is annoying. "Name must be at least 5 characters long" Why? There are probably many people who like to go only by their first name, and have a 3 or 4 character name. Is there any way to manually set the time that will be used for the creation time? Or do I have to change the system time if I don't want to use the current time? I'm a bit of a perfectionist, and think 00:00:00 looks much better than something like 01:42:57. Oskar From james at freecharity.org.uk Wed Aug 22 14:02:27 2007 From: james at freecharity.org.uk (James Davis) Date: Wed, 22 Aug 2007 13:02:27 +0100 Subject: Questions about generating keys In-Reply-To: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> Message-ID: <46CC25D3.5030004@freecharity.org.uk> Oskar L. wrote: > I have many e-mail addresses and change them frequently, and therefore I > don't want to have one in my public key. (Also because I'm afraid of > getting spam.) I think this would be easier than having to update a lot of > user IDs. Are there any any drawbacks in not having an e-mail address in > the public key? Are there any widely used applications that will expect > one, and not work if none is found? - People may have problems searching for your key on a keyserver if you don't have your e-mail address in there. - E-mail clients using PGP won't be able to automatically know which key to use when e-mailing you - they'd have to setup specific mappings. > Why is there no way to generate a RSA keypair in one step, like when you > create a DSA/Elgamal keypair? Why do I first have to create a signing key, > and then in a separate step create an encryption key? This is annoying. Looking at the archives of this very list, it's mainly historial. http://lists.gnupg.org/pipermail/gnupg-users/2004-June/022764.html James -- http://www.freecharity.org.uk/ - Free IT services for charities http://www.freecharity.org.uk/wiki/ - The VCSWiki From rjh at sixdemonbag.org Wed Aug 22 15:04:17 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 22 Aug 2007 08:04:17 -0500 Subject: Questions about generating keys In-Reply-To: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> Message-ID: <46CC3451.7030300@sixdemonbag.org> Oskar L. wrote: > Are there any any drawbacks in not having an e-mail address in the > public key? Not especially. > Are there any widely used applications that will expect one, and not > work if none is found? Not to my knowledge. > Why is there no way to generate a RSA keypair in one step, like when you > create a DSA/Elgamal keypair? Why do I first have to create a signing key, > and then in a separate step create an encryption key? This is annoying. 1. Because the developers don't feel it's necessary, and nobody's yet submitted a patch. 2. Why do you need an RSA keypair? The overwhelming majority of users are best served by sticking with the defaults--which, in this case, means a DSA/Elgamal keypair. > "Name must be at least 5 characters long" > Why? There are probably many people who like to go only by their first > name, and have a 3 or 4 character name.' 1. Because the developers don't feel it's necessary, and nobody's yet submitted a patch. 2. RFC2440 is officially neutral about the content of a user ID packet, except that by convention it's an RFC822-style address. Speaking for myself, I'm glad GnuPG enforces a minimum; it reduces the likelihood that some poorly-conformant implementation will have a psychotic break from reality when it sees a user ID packet with length 0. GnuPG's limit is, as near as I can tell, completely arbitrary. That doesn't make it a bad choice. If the spec gives no guidance (at least, none I can see in section 5.11), then any decision whatsoever is arbitrary. Allow zero-length? Arbitrary. Allow only names of 17 characters? Arbitrary. Require at least five-letter names? Arbitrary. The ultimate metric is not whether the choice is perfect; it's whether the choice makes sense for the great majority of users. > Is there any way to manually set the time that will be used for the > creation time? Or do I have to change the system time if I don't want to > use the current time? I'm a bit of a perfectionist, and think 00:00:00 > looks much better than something like 01:42:57. There is not, and I recommend against changing your system time just to get a 'perfect' key. A key is a mathematical device which allows us to utilize trust relationships over a widely dispersed network. A perfect key is one which best contributes to the confidence and trust of the network. If I see that you've got a key date of 00:00:00, my first thought is going to be that you've played hob with your system time and carefully doctored your key. That is not going to cause me to have trust in you or your key. Doctoring a key in this way is probably ultimately against your own interests. From sriharivijayaraghavan at yahoo.com.au Wed Aug 22 15:41:54 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Wed, 22 Aug 2007 23:41:54 +1000 (EST) Subject: GnuPG & OpenSSH In-Reply-To: <87absmcijr.fsf@wheatstone.g10code.de> Message-ID: <824879.52838.qm@web52606.mail.re2.yahoo.com> --- Werner Koch wrote: > On Mon, 20 Aug 2007 14:10, sriharivijayaraghavan at yahoo.com.au said: > > > 1. Is it possible to have only one key pair (public & secret pref. DSA) > that > > can be used for both GPG & OpenSSH? (as a sys admin of some interest in > > cryptography, this is an important question) > > Yes. However you want separate keys for separate tasks. Fortunately > OpenPGP provides just that: There is a primary key for certifying other > keys (and subkeys) and subkeys for encryption, signing and > authentication. The authentication key may be used for SSH. Thanks for the direction there. I now have an 'authentication' subkey created. I've even extracted the SSH compatible public key from the subkey using gpgkey2ssh (which I can propagate to .ssh/authorized_keys of the remote machines). I'm stuck on unable to understand how to integrate the secret key of the above authentication subkey with gpg-agent (or ssh-agent for that matter though gpg-agent is my preferred choice now :-)). Just by observing things, I'd say I've two choices: 1. Extract the SSH compatible secret key from the authentication subkey somehow; then use ssh-add to populate .gnupg/sshcontrol & .gnupg/private-keys-v1.d/.key files. Naturally, I don't know how to extract an SSH compatible key from the subkey to feed it to ssh-add, so I can make no progress here. 2. Or by "other means" populate .gnupg/sshcontrol & .gnupg/private-keys-v1.d/.key files. I've made no progress here either for the lack of skill & knowledge. I'd appreciate if a GnuPG expert can guide me with either one of the choices above (or perhaps Smartcard's the only path suitable etc. as gpg-agent man pages imply smartcard approach is capable of handling .gnupg/sshcontrol & .gnupg/private-keys-v1.d/.key files 'automatically'). I also couldn't work out how to extract the keygrip id of a subkey (using gpg2 --fingerprint OR gpg2 --edit-key etc.). I suspect the keygrip of a subkey might be the same as the primary key it's associated with. Yes? (If yes, then the next question is how to populate .gnupg/private-keys-v1.d/.key with the right content :-).) Thank you. Srihari PS: Indeed with gpg-agent I've struck a gold-mine ;-). Would be nice if I can get the SSH integration using GPG subkey going somehow. I've some very useful use for these ideas. ____________________________________________________________________________________ Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. http://au.docs.yahoo.com/mail/unlimitedstorage.html From alex at bofh.net.pl Wed Aug 22 16:11:00 2007 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Wed, 22 Aug 2007 16:11:00 +0200 Subject: Questions about generating keys In-Reply-To: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> Message-ID: <20070822141100.GD18689@hell.pl> On Wed, Aug 22, 2007 at 01:06:18PM +0300, Oskar L. wrote: > I'm about to generate a new keypair, and got a few questions. > > I have many e-mail addresses and change them frequently, and therefore I > don't want to have one in my public key. (Also because I'm afraid of > getting spam.) I think this would be easier than having to update a lot of > user IDs. Are there any any drawbacks in not having an e-mail address in > the public key? Are there any widely used applications that will expect > one, and not work if none is found? Yes, common sense. if you submit your key to a keyserver, there should be some way to distinguish your key from hundreds of other having the same short name, when searching for a key. Sidenote: you are getting spammed anyway, it is better to invest in filtering infrastructure (greylisting, spamassassin, bogofilter), than play whack-a-mole with spammers, with you being the mole. > Is there any way to manually set the time that will be used for the > creation time? Or do I have to change the system time if I don't want to > use the current time? I'm a bit of a perfectionist, and think 00:00:00 > looks much better than something like 01:42:57. It looks unnatural and doctored. Alex -- JID: alex at hell.pl PGP: 0x46399138 od zwracania uwagi na detale s? lekarze, adwokaci, programi?ci i zegarmistrze -- Czerski From tmz at pobox.com Wed Aug 22 17:42:41 2007 From: tmz at pobox.com (Todd Zullinger) Date: Wed, 22 Aug 2007 11:42:41 -0400 Subject: Questions about generating keys In-Reply-To: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> Message-ID: <20070822154241.GH6380@psilocybe.teonanacatl.org> Oskar L. wrote: > "Name must be at least 5 characters long" > Why? There are probably many people who like to go only by their > first name, and have a 3 or 4 character name. It's generally considered useful to follow the typical format for a user id (FirstName LastName KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ That men do not learn very much from the lessons of history is the most important of all the lessons of history. -- Aldous Huxley Collected Essays, 1959 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20070822/eebca4f0/attachment.pgp From lists at kcoates.com Wed Aug 22 14:40:25 2007 From: lists at kcoates.com (Kevin Coates) Date: Wed, 22 Aug 2007 08:40:25 -0400 Subject: subpacket of type 20 has critical bit set Message-ID: <46CC2EB9.2040504@kcoates.com> Occasionally the console session will display "subpacket of type 20 has critical bit set" when verifying certain signatures. What exactly is this message telling me and is it of any concern to me or the key owner? Thanks in advance. Timestamp: Wed 22 August 2007, 08:34 AM --400 (Eastern Daylight Time) -- Kevin Coates Dewitt, NY USA ________________________________________________________________ (see kludges for my pgp key) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 155 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070822/84850c52/attachment.pgp From dshaw at jabberwocky.com Wed Aug 22 18:37:52 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 22 Aug 2007 12:37:52 -0400 Subject: Questions about generating keys In-Reply-To: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> Message-ID: <20070822163752.GA11288@jabberwocky.com> On Wed, Aug 22, 2007 at 01:06:18PM +0300, Oskar L. wrote: > I'm about to generate a new keypair, and got a few questions. > > I have many e-mail addresses and change them frequently, and therefore I > don't want to have one in my public key. (Also because I'm afraid of > getting spam.) I think this would be easier than having to update a lot of > user IDs. Are there any any drawbacks in not having an e-mail address in > the public key? Are there any widely used applications that will expect > one, and not work if none is found? Yes. Mail programs tend to fetch keys by email address (out of necessity - that's usually all they know about the person being mailed). > Why is there no way to generate a RSA keypair in one step, like when you > create a DSA/Elgamal keypair? Why do I first have to create a signing key, > and then in a separate step create an encryption key? This is annoying. No real reason, except it would make the list of key types very long if every possible combination was listed (RSA primary/Elgamal subkey, DSA primary/RSA subkey, RSA primary/RSA subkey, DSA primary/Elgamal subkey). > "Name must be at least 5 characters long" > Why? There are probably many people who like to go only by their first > name, and have a 3 or 4 character name. It's not common, and keeping a 5 character name helps prevent errors (mistyping). If you really have a name that short, you can use the --allow-freeform-uid to override the test. > Is there any way to manually set the time that will be used for the > creation time? Or do I have to change the system time if I don't want to > use the current time? I'm a bit of a perfectionist, and think 00:00:00 > looks much better than something like 01:42:57. As it happens, this will probably be possible in an upcoming version, but for other reasons. That said: I wouldn't bother - it changes nothing about the key and is completely cosmetic. David From dshaw at jabberwocky.com Wed Aug 22 18:46:47 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 22 Aug 2007 12:46:47 -0400 Subject: subpacket of type 20 has critical bit set In-Reply-To: <46CC2EB9.2040504@kcoates.com> References: <46CC2EB9.2040504@kcoates.com> Message-ID: <20070822164647.GA11371@jabberwocky.com> On Wed, Aug 22, 2007 at 08:40:25AM -0400, Kevin Coates wrote: > > Occasionally the console session will display "subpacket of type 20 has > critical bit set" when verifying certain signatures. What exactly is > this message telling me and is it of any concern to me or the key owner? It means that the person who made that signature set a notation on it, and marked that notation as "critical". That means, essentially, "if you don't understand this notation, you cannot understand this signature". Thus, that signature is not usable. The only notations that GPG understands, and thus allows to be critical without invalidating the signature are: preferred-email-encoding at pgp.com and pka-address at gnupg.org Note that the critical notation might be set on a key or data signature. That message can be from either. David From claws at thewildbeast.co.uk Wed Aug 22 17:17:18 2007 From: claws at thewildbeast.co.uk (Paul) Date: Wed, 22 Aug 2007 16:17:18 +0100 Subject: Questions about generating keys In-Reply-To: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> Message-ID: <20070822161718.6a1b1658@thewildbeast> On Wed, 22 Aug 2007 13:06:18 +0300 (EEST) "Oskar L." wrote: > "Name must be at least 5 characters long" > Why? There are probably many people who like to go only by their first > name, and have a 3 or 4 character name. Use gpg --gen-key --allow-freeform-uid (from 'man gpg') best regards Paul -- It isn't worth a nickle to two guys like you or me, but to a collector it is worth a fortune -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20070822/f5b6d287/attachment.pgp From oskar at rbgi.net Wed Aug 22 19:36:36 2007 From: oskar at rbgi.net (Oskar L.) Date: Wed, 22 Aug 2007 20:36:36 +0300 (EEST) Subject: Questions about generating keys In-Reply-To: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> Message-ID: <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> Robert J. Hansen wrote: > 2. Why do you need an RSA keypair? The overwhelming majority of users > are best served by sticking with the defaults--which, in this case, > means a DSA/Elgamal keypair. I prefer RSA keys because - DSA does not have a hash firewall. - They don't have a 1024 bit limit, like DSA has. I know "DSA2" can have larger keys, but last I heard PGP can't use them. - The hash used is not limited to 160 bits, like it is with DSA. - RSA is faster. I can't understand why RSA isn't the default. The only argument defending DSA I've heard is that DSA creates smaller signatures. Is this really so important to people that they are willing to give up all the benefits of RSA for it? David Shaw wrote: > No real reason, except it would make the list of key types very > long if every possible combination was listed (RSA primary/Elgamal > subkey, DSA primary/RSA subkey, RSA primary/RSA subkey, > DSA primary/Elgamal subkey). I understand, but surely an RSA keypair must be such a common thing that it could have it's own option? What I find really strange is that the archives mention a sixth option, "(6) RSA (sign and encrypt)", but version 1.4.6 gives me: Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (3) DSA (set your own capabilities) (5) RSA (sign only) (7) RSA (set your own capabilities) Why was the sixth option removed? By the way, is there a security or performance difference between a RSA (sign and encrypt) keypair with no subkeys, and a RSA (sign only) keypair with a RSA (encrypt only) subkey? David Shaw wrote: > > Is there any way to manually set the time that will be used for the > > creation time? Or do I have to change the system time if I don't want to > > use the current time? I'm a bit of a perfectionist, and think 00:00:00 > > looks much better than something like 01:42:57. > > As it happens, this will probably be possible in an upcoming version, > but for other reasons. Nice! I'm curious about what these reasons are. Alex wrote: > Yes, common sense. if you submit your key to a keyserver, there > should be some way to distinguish your key from hundreds of > other having the same short name, when searching for a key. Sorry, I forgot to say that I don't use any keyservers. Only my friends can get my private e-mail address and "private" public key. James wrote: > - E-mail clients using PGP won't be able to automatically know > which key to use when e-mailing you - they'd have to setup > specific mappings. That's ok, since they would have the same problem if the address in my key differed from the one in their address book. Since not specifying an e-mail address doesn't seem to go against the OpenPGP specification, I think I won't specify one when I create my new key. Todd wrote: > ...the --allow-freeform-uid option will bypass all checks on > the format of the user id. I'll keep that in mind in case I'll ever need it. Thanks everybody for your anwsers! -Oskar From JPClizbe at tx.rr.com Wed Aug 22 22:34:50 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 22 Aug 2007 15:34:50 -0500 Subject: Questions about generating keys In-Reply-To: <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> Message-ID: <46CC9DEA.2020408@tx.rr.com> Oskar L. wrote: > > I can't understand why RSA isn't the default. The only argument defending > DSA I've heard is that DSA creates smaller signatures. Is this really so > important to people that they are willing to give up all the benefits of > RSA for it? "Business reasons" ever come up as a rationale? RSA was patent encumbered until Sept. 2000. To include RSA, NAI would of had to have given RSADSI a license to freely redistribute PGP - not exactly in their (NAI's) best interests. Patent issues were still around when RFC 2440 was being drafted, hence RSA and IDEA being deprecated. Maybe reading some history of modern cryptography would help. See this FAQ from circa 1999 (Dated but historically accurate): http://www.scramdisk.clara.net/pgpfaq.html#SubOpenPGP http://www.scramdisk.clara.net/pgpfaq.html#SubRSAREF > I understand, but surely an RSA keypair must be such a common thing > that it could have it's own option? What I find really strange is that > the archives mention a sixth option, "(6) RSA (sign and encrypt)", but > version 1.4.6 gives me: > > Please select what kind of key you want: > (1) DSA and Elgamal (default) > (2) DSA (sign only) > (3) DSA (set your own capabilities) > (5) RSA (sign only) > (7) RSA (set your own capabilities) > > Why was the sixth option removed? Cause it's covered by 7? There are so many possible combination of key/subkey capabilities that listing all of then would make the menu far too long. > > Alex wrote: >> Yes, common sense. if you submit your key to a keyserver, there >> should be some way to distinguish your key from hundreds of >> other having the same short name, when searching for a key. > > Sorry, I forgot to say that I don't use any keyservers. Only my > friends can get my private e-mail address and "private" public key. Relying on the 'highly effective" Security via Obscurity model, huh? There's no guarantee that your key won't end up on a keyserver nor is there one that your "private" email address won't leak into the public, -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070822/f515470d/attachment-0001.pgp From jmoore3rd at bellsouth.net Wed Aug 22 22:49:12 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 22 Aug 2007 16:49:12 -0400 Subject: Questions about generating keys In-Reply-To: <46CC9DEA.2020408@tx.rr.com> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> Message-ID: <46CCA148.8010507@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 John Clizbe wrote: > There's no guarantee that your key won't end up on a keyserver nor is there one > that your "private" email address won't leak into the public, All it takes is 1 inadvertent click of 'Refresh All Keys' or a "well intentioned" sharing of the 'Gift' of a Signature. :( Public Keys are like 'Secrets'; When _only_ You have/know it, it's Secret.........whenever it's shared it's.......well, Public. JOHN ;) Timestamp: Wednesday 22 Aug 2007, 16:48 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4556: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJGzKFHAAoJEBCGy9eAtCsPm5UH/0gCHp54spcykpsSG87sluvp ix1jGDgJvnLSLr6QLci3vN5sVlV+5W17TOdmCWujz+0pucVDA3QOc0NwdK2kMoGQ /1766wV75dA3lluBvr2/fWaAOUaoyUkw6JqEEINEbwUbwObqFn4FA3RCjTojYC1I njHw4AEt7158dIBaCpvM45xvcFCxU8zbGatO2Kf6v879da5SfsIlfAahnCpDc+xf tbg1G6sjldoeGpbUMWqntDeQgKL6/RyuaZcE6vlWt+E8kLROD14c3WQqIgxQvHn+ GQUA4yn6yxsJt3oTAAINDGpfht0fIWoQJjKx18nq8icCRJBBulOe9HB9RPhE7DI= =dDDk -----END PGP SIGNATURE----- From alex at bofh.net.pl Wed Aug 22 23:16:07 2007 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Wed, 22 Aug 2007 23:16:07 +0200 Subject: Questions about generating keys In-Reply-To: <46CC9DEA.2020408@tx.rr.com> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> Message-ID: <20070822211607.GE18689@hell.pl> On Wed, Aug 22, 2007 at 03:34:50PM -0500, John Clizbe wrote: > > Alex wrote: > >> Yes, common sense. if you submit your key to a keyserver, there > >> should be some way to distinguish your key from hundreds of > >> other having the same short name, when searching for a key. > > > > Sorry, I forgot to say that I don't use any keyservers. Only my > > friends can get my private e-mail address and "private" public key. > Relying on the 'highly effective" Security via Obscurity model, huh? > > There's no guarantee that your key won't end up on a keyserver nor is there one > that your "private" email address won't leak into the public, There were people that submitted their whole keyrings to keyservers. And yesterday I got spammed to address that I created for one-time use for one person, and never gave publicly nor to anyone else. a -- JID: alex at hell.pl PGP: 0x46399138 od zwracania uwagi na detale s? lekarze, adwokaci, programi?ci i zegarmistrze -- Czerski From hawke at hawkesnest.net Wed Aug 22 23:46:03 2007 From: hawke at hawkesnest.net (Alex Mauer) Date: Wed, 22 Aug 2007 16:46:03 -0500 Subject: GnuPG & OpenSSH In-Reply-To: <824879.52838.qm__16430.5946360857$1187790283$gmane$org@web52606.mail.re2.yahoo.com> References: <87absmcijr.fsf@wheatstone.g10code.de> <824879.52838.qm__16430.5946360857$1187790283$gmane$org@web52606.mail.re2.yahoo.com> Message-ID: Srihari Vijayaraghavan wrote: > I now have an 'authentication' subkey created. I've even extracted the SSH > compatible public key from the subkey using gpgkey2ssh (which I can propagate > to .ssh/authorized_keys of the remote machines). > > I'm stuck on unable to understand how to integrate the secret key of the above > authentication subkey with gpg-agent (or ssh-agent for that matter though > gpg-agent is my preferred choice now :-)). I am having this problem as well. I created both an RSA and a DSA subkey, as well as (for testing purposes) a new separate key (DSA). I had expected them to show up in 'ssh-add -l' (I use gpg-agent with ssh-agent support) ... but they don't. It would be very helpful to know: why this doesn't happen, and how to get it to work. Thanks -Alex Mauer "hawke" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070822/9c684dd9/attachment.pgp From rjh at sixdemonbag.org Thu Aug 23 00:41:16 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 22 Aug 2007 17:41:16 -0500 Subject: Questions about generating keys In-Reply-To: <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> Message-ID: <46CCBB8C.6020700@sixdemonbag.org> Oskar L. wrote: > - They don't have a 1024 bit limit, like DSA has. I know "DSA2" can > have larger keys, but last I heard PGP can't use them. The latest versions of PGP support them. > - RSA is faster. If you are repeatedly encrypting and/or decrypting enormous files, then yes, this is potentially an issue. Otherwise, there is no practical difference in speed you will notice. > I can't understand why RSA isn't the default. The OpenPGP specification came out in the late nineties. RSA did not enter the public domain until August of 2000. The IETF refused--rightly so--to make a patented algorithm the default OpenPGP algorithm. > The only argument defending DSA I've heard is that DSA creates > smaller signatures. Is this really so important to people that they > are willing to give up all the benefits of RSA for it? This implicitly casts RSA as being somehow universally superior. It's not. Nor is it inferior. In a couple of very narrow fields, RSA is superior. In others, DSA is probably superior. In yet others, Rabin signatures are probably best. (Me, I've wondered for years why OpenPGP doesn't support Rabin; it's a beautifully elegant algorithm. And then I kick myself and say "duh, to keep the number of algorithms down, just like with Lamport signatures and WHIRLPOOL!", and go on with my business.) > Why was the sixth option removed? Because it's a deprecated key style. There's nothing inherently wrong with it, but most authorities today recommend using separate signing and encryption keys. > By the way, is there a security or performance difference between a > RSA (sign and encrypt) keypair with no subkeys, and a RSA (sign only) > keypair with a RSA (encrypt only) subkey? Only when it comes to recovering from a security-related incident. If the cops come by and force you to give the private part of a key used to encrypt a message, fine, you can do so without yielding your signing key. From dshaw at jabberwocky.com Thu Aug 23 02:22:07 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 22 Aug 2007 20:22:07 -0400 Subject: Questions about generating keys In-Reply-To: <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> Message-ID: <20070823002207.GA12560@jabberwocky.com> On Wed, Aug 22, 2007 at 08:36:36PM +0300, Oskar L. wrote: > Robert J. Hansen wrote: > > 2. Why do you need an RSA keypair? The overwhelming majority of users > > are best served by sticking with the defaults--which, in this case, > > means a DSA/Elgamal keypair. > > I prefer RSA keys because > > - DSA does not have a hash firewall. > > - They don't have a 1024 bit limit, like DSA has. I know "DSA2" can have > larger keys, but last I heard PGP can't use them. I'm not sure if that is still true or not, but either way, if PGP doesn't use them now, it will soon. The new OpenPGP spec supports large DSA (so-called "DSA2") keys. > - The hash used is not limited to 160 bits, like it is with DSA. Same here. DSA2 supports larger hashes. > - RSA is faster. This is actually not completely true. DSA makes signatures faster than RSA. RSA verifies signatures faster than DSA. Since most signatures are verified more often than they are generated, this is generally stated as RSA being faster, but in OpenPGP usage, this is almost always irrelevant. Unless you're issuing thousands of signatures a second, the time needed to read the files, and do the hashing is far more significant. > I can't understand why RSA isn't the default. The only argument defending > DSA I've heard is that DSA creates smaller signatures. Is this really so > important to people that they are willing to give up all the benefits of > RSA for it? Now that DSA2 is here, there aren't really that many benefits to RSA (and I say this as someone with an RSA key). In theory, DSA is better because it is required by OpenPGP: you won't be able to find any OpenPGP implementation that doesn't handle it. This is not true of RSA (it's legal for a program to reject it just because it is RSA). In practice, that doesn't happen much because the "big two", PGP and GPG, both handle RSA. So DSA is the default because the OpenPGP standard requires it to be present, and does not require the same of RSA. The reasons behind this were mainly legal stuff and not relevant any longer. > What I find really strange is that > the archives mention a sixth option, "(6) RSA (sign and encrypt)", but > version 1.4.6 gives me: > > Please select what kind of key you want: > (1) DSA and Elgamal (default) > (2) DSA (sign only) > (3) DSA (set your own capabilities) > (5) RSA (sign only) > (7) RSA (set your own capabilities) > > Why was the sixth option removed? The feature wasn't removed. Option 7 took its place. RSA (sign and encrypt) is the same thing as RSA (set your own capabilities) - just turn on the sign and encrypt flags. > By the way, is there a security or performance difference between a > RSA (sign and encrypt) keypair with no subkeys, and a RSA (sign only) > keypair with a RSA (encrypt only) subkey? No performance difference. There is a minor security difference between one and two keys in that if your key is compromised, with one key you've compromised both your signing and encrypting capabilitles. With two keys, you've only compromised the one. The usual example of this is the police demanding an encryption key from you (which they can do in many places around the world). If you have a subkey for encryption, you could turn over that subkey without affecting your primary key (and thus all the signatures you've gathered and issued). If you don't have a subkey for encryption, you can be forced into turning over the one key, which compromises your signing "key" as well. > David Shaw wrote: > > > Is there any way to manually set the time that will be used for the > > > creation time? Or do I have to change the system time if I don't want to > > > use the current time? I'm a bit of a perfectionist, and think 00:00:00 > > > looks much better than something like 01:42:57. > > > > As it happens, this will probably be possible in an upcoming version, > > but for other reasons. > > Nice! I'm curious about what these reasons are. Mainly the use of GPG inside anonymous remailers and similar proxies. In cases like that you may want to randomize or force the internal timestamps to hide the original values. > James wrote: > > - E-mail clients using PGP won't be able to automatically know > > which key to use when e-mailing you - they'd have to setup > > specific mappings. > > That's ok, since they would have the same problem if the address > in my key differed from the one in their address book. Since > not specifying an e-mail address doesn't seem to go against the > OpenPGP specification, I think I won't specify one when I create > my new key. There is a whole lot of code in the world that really really expects an email address in there. You're free to do what you want, but don't be surprised when something breaks. David From oskar at rbgi.net Thu Aug 23 04:11:35 2007 From: oskar at rbgi.net (Oskar L.) Date: Thu, 23 Aug 2007 05:11:35 +0300 (EEST) Subject: Questions about generating keys In-Reply-To: <46CC9DEA.2020408@tx.rr.com> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> Message-ID: <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> Thanks again for all your answers, I'm really interested in this kind of stuff. Robert J. Hansen wrote (regarding "DSA2" keys): > The latest versions of PGP support them. That's good news. Can it also create them? But there are probably still many using older versions. I know some who refuse to update from 6.5.8. David Shaw wrote: > Now that DSA2 is here, there aren't really that many benefits to RSA > (and I say this as someone with an RSA key). In theory, DSA is better > because it is required by OpenPGP: you won't be able to find any > OpenPGP implementation that doesn't handle it. This is not true of > RSA (it's legal for a program to reject it just because it is RSA). > In practice, that doesn't happen much because the "big two", PGP and > GPG, both handle RSA. > > So DSA is the default because the OpenPGP standard requires it to be > present, and does not require the same of RSA. The reasons behind > this were mainly legal stuff and not relevant any longer. I wasn't aware of this, thanks for the info! David Shaw wrote: > This is actually not completely true. DSA makes signatures faster > than RSA. RSA verifies signatures faster than DSA. Since most > signatures are verified more often than they are generated, this is > generally stated as RSA being faster, but in OpenPGP usage, this is > almost always irrelevant. Unless you're issuing thousands of > signatures a second, the time needed to read the files, and do the > hashing is far more significant. Robert J. Hansen wrote: > If you are repeatedly encrypting and/or decrypting enormous files, > then yes, this is potentially an issue. Otherwise, there is no > practical difference in speed you will notice. Ok, so RSA isn't always significantly faster, as I thought it was. I had read somewhere that it was, (probably on this list) and my own testing with my 4GB backup files showed RSA to be notably faster. David Shaw wrote: > Same here. DSA2 supports larger hashes. So would it be fair to sum up the differences like this: - for signing DSA is faster, for verification RSA is faster, but there's not much of a difference. - OpenPGP implementations must support DSA, but supporting RSA is optional, but both gpg and PGP support RSA, so there's not much of a differance. - original DSA limited to 1024 bit keys and 160 bit hashes. - DSA signatures are smaller. - updated DSA, aka "DSA2", equal to RSA when it comes to the lenghts of keys and hashes. - Of PGP, only the newest version support DSA2 keys. - RSA has a hash firewall If there are no other significant differences that I have missed, since I want a key larger that 1024 bits, it must be a DSA2 or RSA key. RSA gets a minus for not being required by OpenPGP, but only a small one since it is supported anyway. DSA2 gets minus points both for lack of support in older versions of PGP, and for lack of a hash firewall. RSA still seems better to me, but not by as much as I previously thought. Robert J. Hansen wrote: > The OpenPGP specification came out in the late nineties. RSA did > not enter the public domain until August of 2000. The IETF > refused--rightly so--to make a patented algorithm the default > OpenPGP algorithm. So they accepted RSA into the standard, while it was still restricted by patents, as long as it wasn't made the default? I took for granted that an open standard like OpenPGP would not have accepted any patented stuff into the standard, and that RSA was added later, after the patents ran out. I'm a bit sad to find out I was wrong, I was under the impression that OpenPGP only allowed completely free and open algorithms. If the IETF refused to make RSA the default, does that mean that the people behind OpenPGP originally wanted it to be the default, but then had to change it to DSA? > Relying on the 'highly effective" Security via Obscurity model, huh? > > There's no guarantee that your key won't end up on a keyserver nor is > there one > that your "private" email address won't leak into the public, I would not say that just because someone doesn't willingly make their address available to spammers makes them a believer in security through obscurity. Full disclosure is not a good strategy when it comes to personal information like e-mail addresses, credit card numbers etc. Saying that going through a little trouble to greatly decrease the risk of something bad happening is not worth it because it won't make you 100% secure makes no sense. That's like saying that you can't get 100% protection from dying in a car crash, so therefore don't bother using a seatbelt. For example, this list has a public archive with the posters e-mail addresses, so spammers can easily get them. Having a separate account for e-mail lists that deletes everything not coming from the lists is not much trouble, but it makes it a lot harder for the spammers to get your address, if it is not available anywhere on the web. Spammers also find addresses by sending out mail to common names at different domains, to see if they bounce back or not. So mary at gmail.com will get spam even if she never gave out her address to anyone. Adding a number to the user name is little trouble for you, but makes things much more difficult for the spammers. Oskar From rjh at sixdemonbag.org Thu Aug 23 05:14:56 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 22 Aug 2007 22:14:56 -0500 Subject: Questions about generating keys In-Reply-To: <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> Message-ID: <46CCFBB0.3040605@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Oskar L. wrote: > That's good news. Can it also create them? But there are probably > still many using older versions. I know some who refuse to update > from 6.5.8. Yes. And yes, there are still people using the very old 6.5.8 codebase. These people ought to be dragged out into the street and forcibly introduced into the twenty-first century, but hey, that's just my opinion. > Ok, so RSA isn't always significantly faster, as I thought it was. I > had read somewhere that it was, (probably on this list) and my own > testing with my 4GB backup files showed RSA to be notably faster. Err--how? When you're doing a signature, you're signing less than 1k of data with RSA or DSA. When you're encrypting a file, less than 1k of data is being encrypted with RSA or Elgamal. How does this test show any speed difference between the two? The time differential between RSA/DSA/Elgamal is statistical noise given the much, much larger time spent reading the 4GB of data. > - for signing DSA is faster, for verification RSA is faster, but > there's not much of a difference. I'd just keep the last clause. "There's not much of a difference." Timing of DSA versus RSA will depend heavily on everything from processor load to disk I/O to the phase of the moon. Generally speaking, yes, the first two clauses are correct, but it's impossible to say with specificity what will happen in your particular environment. > - OpenPGP implementations must support DSA, but supporting RSA is > optional, but both gpg and PGP support RSA, so there's not much of a > differance. Pretty much. > - original DSA limited to 1024 bit keys and 160 bit hashes. Yes. > - DSA signatures are smaller. Yes. > - updated DSA, aka "DSA2", equal to RSA when it comes to the lenghts > of keys and hashes. Not really. E.g., DSA2048 uses SHA256 as a hash algorithm. But I can use SHA512 with an RSA2048 key. RSA keys offer the best selection of hash algorithms, but this is mostly a canard. > - Of PGP, only the newest version support DSA2 keys. Newest versions, not version. I think PGP 9.0 introduced DSA2, and they're up to 9.5. > - RSA has a hash firewall Yes, but I am unconvinced that this is something an average user needs to be concerned about. (I'm concerned about it, but I freely admit to being paranoid.) > RSA still seems better to me, but not by as much as I previously > thought. What does this "better" mean? Seriously. You're arguing about whether Godzilla or Mechagodzilla is more effective at flattening downtown Tokyo. The answer doesn't matter. Whether it's Godzilla or Mechagodzilla, people are still going to run for the hills. Likewise, given the astronomical difficulty of attacking either RSA or DSA, it's hard for me to say one is "better". The instant an attacker sees RSA or DSA, the attacker is going to give up trying to forge a message by cryptanalytic means. In a lot of ways, I think this is arguing over how many angels can dance on the head of a pin. > So they accepted RSA into the standard, while it was still restricted > by patents, as long as it wasn't made the default? You can have a perfectly OpenPGP-conformant application that treats RSA messages as noise and silently discards them. In RFC language, there are a few special keywords that are almost always capitalized: MUST: a conformant application is required to... SHOULD: while not required for conformance, it is good if... MAY: totally irrelevant to conformance, but worth considering... NOT: invert the meaning of the preceding word. DSA is a MUST algorithm, as are SHA-1 and 3DES. RSA is a MAY algorithm. > I took for granted that an open standard like OpenPGP would not have > accepted any patented stuff into the standard It didn't. You can implement OpenPGP without paying anyone a dime in patent royalties. > If the IETF refused to make RSA the default, does that mean that the > people behind OpenPGP originally wanted it to be the default, but > then had to change it to DSA? The distinction between "the IETF" and "the people behind OpenPGP" is not as big as you might think. The IETF is fundamentally composed of a lot of people who are interested in technology. That's all. Their working groups (WGs) are open to the public. Public participation on IETF mailing lists is heavily encouraged. I sit on the IETF OpenPGP mailing list just to track the latest changes. In Ye Olden Days, when Phil Z. was developing Classic PGP (PGP 2.6, RFC1991), his attitude towards intellectual property was remarkably cavalier. It created an awful lot of problems for PGP 2.6, since practically everything about it was patent-encumbered. The patent problems were one of the driving forces behind the development of a next-generation PGP technology, which became OpenPGP (RFC2440). - From the very earliest days of OpenPGP, there has been a strong commitment to the total absence of patent-encumbered algorithms from MUSTs. > I would not say that just because someone doesn't willingly make > their address available to spammers makes them a believer in security > through obscurity. Full disclosure is not a good strategy when it > comes to personal information like e-mail addresses, credit card > numbers etc. I'm with John Clizbe on this one, although I'd use a different argument. In the battle between armor and warhead, _always_ bet on the warhead. Playing defensively and trying to make an email address invisible is going to be an exercise in frustration. They always get seen. They always get spammed. Play defensively and you lose. Whitelisting, graylisting, blacklisting, Bayesian filters, even lawsuits if you're so inclined--those are all active measures which force the spammers to adapt to your actions. That gives you a measure of initiative back. You're no longer playing pure defensive. If you like, I'll ask the antispam research group here at UI if they think there's anything to be gained by omitting an email address from a key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iFYEAREKAAYFAkbM+50ACgkQf2XByo0Cu7N03gDeJlx8PraZYkGURhaBeACc+yNm iL74DXfbA9touADeLCaUxKN28EWvkc8Zzct3YhETW2lHj1xeubYUookBHAQBAQoA BgUCRsz7nQAKCRC3APSC/q+BCS0zCADMTlLu4935o2rskJMEJHRiYVZL92ZSLM8E Gat9thVt0wC+uj140cSynRj/yPvVHm9jbI0RRJQcokod9hBPys1iUGSV2md7Bxgm ycWji7A87PR3lFTrUk/FuUzIbj4afnQn0EkChx27YJL3H1rAZ5X2AqH1lNY/WrLK YqvDfVLBtEBSR+3i4XxIW7vD1j3ZXy89WeAvGTKnykv2aqJ1hqkhUArG5KI2Z2v7 OGVp6vec1l+LPxI/lutaTFTHh9g6dOPGxKu9NVMHaHeBgP5E5sacpxrwhDO1Rxn4 tXQpIlxuNhgmnw1pIUpHJHrrhUsTsuHEYSmA7A9kelse0WI0S4Ig =LAPz -----END PGP SIGNATURE----- From oskar at rbgi.net Thu Aug 23 11:40:02 2007 From: oskar at rbgi.net (Oskar L.) Date: Thu, 23 Aug 2007 12:40:02 +0300 (EEST) Subject: Questions about generating keys In-Reply-To: <46CCFBB0.3040605@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> Message-ID: <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> Robert J. Hansen wrote: > In the battle between armor and warhead, _always_ bet on the warhead. > > Playing defensively and trying to make an email address invisible is > going to be an exercise in frustration. They always get seen. They > always get spammed. Play defensively and you lose. Well if you need to have an e-mail address available to the general public then this is certainly true. Spammers have even been known to hire cheap labor to surf the web looking for e-mail addresses and filling in spam in forms, so even hiding your address in a blurred upside-down JPEG won't help. If you have security unaware friends who type in your address on "send your friend an ecard" type of sites, or have you in their address book on their Windows box full with spyware, then the spammers will get your address, no matter what you do. But if you don't need a public address, and only have security conscious friends, then I would think you have a good change of staying of the spammers lists. Yahoo! has a nice free service called AddressGuard. You just create a base name (foo) and append an ID (bar) to it, and now you have a disposable address: foo-bar at yahoo.com, witch delivers mail to your normal Yahoo! address. You can have 500 different IDs, so you can give a different address to each of your friends, and check who is leaking your address. > Whitelisting, graylisting, blacklisting, Bayesian filters, even lawsuits > if you're so inclined--those are all active measures which force the > spammers to adapt to your actions. That gives you a measure of > initiative back. You're no longer playing pure defensive. Those are all good things, but just because we have them does not mean that it's not a good idea to try to stay of the spammers list in the first place. Personally I'd like to see more aggressive anti-spam measures, like the ones taken by Blue Frog. > If you like, I'll ask the antispam research group here at UI if they > think there's anything to be gained by omitting an email address from a > key. User IDs do not provide any authentication, so security wise they are useless. The most secure thing would be not to have one at all, and have my friends remember that key number xxxxxxxx belongs to me. This way, if my friends get raided, it will be more difficult or impossible for the police to figure out that it's my key. But since this is very inconvenient, I decided to sacrifice a little security for convenience, by putting my first name in the user ID. I don't provide an e-mail address mainly because it's easier to change my e-mail address if I don't have to update my key, but this undeniably also makes things a little harder for spammers, since it's one less place they can find my e-mail address. It might also help in a deniability claim. I don't however think that it's too much to ask that people remember witch e-mail address goes with witch key. Oskar From dshaw at jabberwocky.com Thu Aug 23 05:35:55 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 22 Aug 2007 23:35:55 -0400 Subject: Questions about generating keys In-Reply-To: <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> References: <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> Message-ID: <20070823033555.GA12913@jabberwocky.com> On Thu, Aug 23, 2007 at 05:11:35AM +0300, Oskar L. wrote: > Ok, so RSA isn't always significantly faster, as I thought it was. I had > read somewhere that it was, (probably on this list) and my own testing > with my 4GB backup files showed RSA to be notably faster. Make sure you're comparing apples to apples here. If you're comparing RSA to DSA, you need to measure signature speed. If you want to compare RSA encryption speed, you need to compare it against an encryption algorithm like Elgamal. DSA doesn't encrypt. > So would it be fair to sum up the differences like this: > - for signing DSA is faster, for verification RSA is faster, > but there's not much of a difference. There is a substantial difference, but no real difference in practice for most uses of OpenPGP. (I could make up a case where it might make a difference, but it would be an odd, clearly invented, case). > - OpenPGP implementations must support DSA, but supporting RSA > is optional, but both gpg and PGP support RSA, so there's > not much of a differance. Yes. > - original DSA limited to 1024 bit keys and 160 bit hashes. Yes. > - DSA signatures are smaller. Yes. DSA signatures are relative to the size of the hash used. RSA signatures are relative to the size of the key. > - updated DSA, aka "DSA2", equal to RSA when it comes to the > lenghts of keys and hashes. Not exactly equal, but roughly equal. The largest DSA2 key that GPG will generate is a 3072 bit key that uses a 256-bit hash. The largest RSA key that GPG will generate is 4092 bits long. 3072/256 is roughly balanced in strength (that is, the key and the hash are about the same strength). 4096, the RSA limit, isn't felt to be significantly stronger than 3072 (the next step after 3072 is actually 7680 in the NIST key management publication 800-57). > - RSA has a hash firewall Yes. > If there are no other significant differences that I have missed, since I > want a key larger that 1024 bits, it must be a DSA2 or RSA key. RSA gets a > minus for not being required by OpenPGP, but only a small one since it is > supported anyway. DSA2 gets minus points both for lack of support in older > versions of PGP, and for lack of a hash firewall. RSA still seems better > to me, but not by as much as I previously thought. It's important to note that we're talking about tiny fiddling details here. Either path is so vastly stronger than is usually needed that this is rather like discussing whether a 1001-foot fence is better than a 1000-foot fence: sure, 1001 sounds better, but if you have an attacker that could get over a 1000 foot fence, it's safe to assume they can make a pretty good crack at the remaining foot. If you're really worried about people with older software not being able to use your key, that's a strong reason to not choose DSA2. In that case, I'd make a RSA primary key, an encryption subkey of whatever algorithm you like, and then a DSA subkey that you actually use to sign with. Do avoid signing documents with a big RSA key. It's really annoying to the recipient. > So they accepted RSA into the standard, while it was still restricted by > patents, as long as it wasn't made the default? I took for granted that an > open standard like OpenPGP would not have accepted any patented stuff into > the standard, and that RSA was added later, after the patents ran out. I'm > a bit sad to find out I was wrong, I was under the impression that OpenPGP > only allowed completely free and open algorithms. It's way more complex than that (both for OpenPGP and other IETF specs). Check out the significant number of patent-related documents on the IETF website. There are (at least) two full RFCs on this topic alone. Remember also that before OpenPGP was OpenPGP, it was just PGP: a good bit of the OpenPGP standard was "standardized" before the IETF was brought in. Again, historical and occasional legal issues that aren't really relevant any longer. David From rjh at sixdemonbag.org Thu Aug 23 13:05:24 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 23 Aug 2007 06:05:24 -0500 Subject: Questions about generating keys In-Reply-To: <46CD64AF.4010403@radde.name> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> Message-ID: <46CD69F4.4040509@sixdemonbag.org> Sven Radde wrote: > I am paranoid, too. Could someone therefore please explain to me what a > hash firewall actually is (possibly off-list)? In an RSA signature, data about what algorithm was used in a signature is, itself, part of the signed data. You can't lie about a signature algorithm without tampering with the message and making the signature fail to verify. In DSA, the data is not part of the signed data. This allows you to lie. This has potential problems if one of the supported hashes becomes so catastrophically weak that second-preimage attacks become feasible. SHA-1 may be basically dead as far as crypto goes, but it is a _long_ way from a second-preimage attack. The paranoid interpretation of this: Let's speculate that tomorrow, Shengdong University continues their trend of eye-popping crypto research and announces a second-preimage attack against SHA-1. You migrate to RIPEMD160 or truncated SHA256 or what-have-you as a result. An attacker wants to forge one of your new RIPEMD160-based signatures. An attacker gets a good RIPEMD160-based signature from you. This is basically one very long binary sequence, which says "hey, if the message you're reading hashes out to this binary sequence, then yes, it's for real." I construct a new message, saying "I, Sven Radde, agree to pay Rob Hansen one frosty cold pint of bitters." I wave the dead chicken over it, or whatever Shengdong U. says I have to do, in order to make it hash out to the exact same binary sequence as the one your signature says is authentic. I lift your RIPEMD160 signature and place it on my new forged message. I proceed to then lie and say "This message used SHA-1 as a digest." I give it to your local barkeep. He looks at the message, SHA-1s it, gets the binary sequence I constructed. He compares it against your signature block, which says "hey, if the message you're reading hashes out to this binary sequence, then yes, it's for real." Your barkeep pours me a nice cold frosty pint of bitters--hey, I'm a barbaric American and I drink my beer _cold_, thank you very much--and puts the bill for it on your tab. I have now defrauded you by using a forged message. And it's all made possible by the lack of a hash function firewall. The practical paranoid interpretation of this: A second-preimage attack on SHA-1 would be a mathematical advance of such massive proportions that worrying about its consequences for DSA signatures is kind of dumb. If you stay up late at night wondering what will ever happen to "Deal Or No Deal" in the days after a meteor hits Earth, then you're probably the type of person who worries about what happens to DSA signatures after a second-preimage attack on SHA1. The rest of the world, however, will have much more important things to worry about. ... Personally, I myself subscribe to the practical paranoid view. From rjh at sixdemonbag.org Thu Aug 23 13:29:56 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 23 Aug 2007 06:29:56 -0500 Subject: Questions about generating keys In-Reply-To: <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> Message-ID: <46CD6FB4.1060309@sixdemonbag.org> Oskar L. wrote: > But if you don't need a public address, and only have security conscious > friends, then I would think you have a good change of staying of the > spammers lists. This is not my experience. I've received spam addressed to my amateur radio call sign (KC0SJE) at a domain that's not directly associated with me. I don't know how it was discovered, but for right now I'm leaning towards the hypothesis that spammers have made pacts with the Devil and learned dark arts. > Those are all good things, but just because we have them does not mean > that it's not a good idea to try to stay of the spammers list in the first > place. Sure it is. All of us are constrained by external forces. We don't have as much time, as much energy, as much money, as much anything as we want. We have to make tradeoffs. That's called economics. If I know that one sort of antispam measure is going to reduce the spam I receive 100-fold over the reduction produced by another antispam measure... and the 100-fold measure takes the same amount of resources as the other one... then why should I ever use the second measure? I get a 100-fold reduction from X amount of time and labor, or a 101-fold reduction from a 2X amount of time and labor. This is really simple to me; I'm going to take the 100-fold reduction and spend the extra X time goofing off, or visiting my nephews, or grabbing lunch with my sister, or doing thesis research, or... Use the most effective measures available to you, and know when to stop. If I had 2X units of time, I still wouldn't use the two measures to get a 101-fold reduction in spam. I'd spend X time using the technologies currently available, and I'd spend X time researching new technologies to try and kick the 100-fold technology up to 1000-fold. That'd be a very efficient and economical use of time. > User IDs do not provide any authentication, so security wise they are > useless. Whoawhoawhoawhoa. I don't know where you got this from, but it's very wrong. "User IDs do not provide any authentication", okay, that much is true. If you want authentication, you're really looking for a trusted signature on the user ID, fine. But "security wise they are useless" is just barking madness. Really. > The most secure thing would be not to have one at all, and have > my friends remember that key number xxxxxxxx belongs to me. This way, if > my friends get raided, it will be more difficult or impossible for the > police to figure out that it's my key. You are apparently not up to date on something called traffic analysis. I suggest you look into it. What you're talking about here is probably a pipe dream. If you're that concerned about getting raided, there are two things you need to do right now. 1. Stop posting to crypto mailing lists that keep public archives. Creating an electronic paper trail of yourself saying "I'm concerned about getting raided by the cops, please help me figure out how to protect my electronic privacy" is not a very smart thing to do. 2. Hire an information security professional. GnuPG can be part of a security solution, it can even be a very effective part, but it is not magic fairy dust. You will not find privacy or security just by sprinkling a little magic fairy dust here and there and thinking that it will "just work". If your needs are this high-level, you need the services of an information security professional. From phiroc at free.fr Thu Aug 23 14:47:27 2007 From: phiroc at free.fr (phiroc at free.fr) Date: Thu, 23 Aug 2007 14:47:27 +0200 Subject: Using an old .gnupg directory Message-ID: <1187873247.46cd81df261f6@imp.free.fr> Hello, I recently reinstalled cygwin from scratch on my Windows machine, after copying the .gnupg directory and its contents to an USB key. Now, I would like to decrypt files encrypted with the private key in that .gnupg directory, in my new cygwin installation. Obviously, I should copy the .gnupg directory to my new home directory. But what should I do next? Many thanks. phiroc From phiroc at free.fr Thu Aug 23 13:22:14 2007 From: phiroc at free.fr (phiroc at free.fr) Date: Thu, 23 Aug 2007 13:22:14 +0200 Subject: Using an old .gnupg directory Message-ID: <1187868134.46cd6de6ec492@imp.free.fr> Hello, I recently reinstalled cygwin from scratch on my Windows machine, after copying the .gnupg directory and its contents to an USB key. Now, I would like to decrypt files encrypted with the private key in that .gnupg directory, in my new cygwin installation. Obviously, I should copy the .gnupg directory to my new home directory. But what should I do next? Many thanks. phiroc From snoken at tunedal.nu Thu Aug 23 13:44:12 2007 From: snoken at tunedal.nu (Snoken) Date: Thu, 23 Aug 2007 13:44:12 +0200 Subject: Questions about generating keys In-Reply-To: <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> Message-ID: <200708231144.l7NBiZNv030981@www11.aname.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 04:11 2007-08-23, Oskar L. wrote: - --snip-- >Robert J. Hansen wrote (regarding "DSA2" keys): >> The latest versions of PGP support them. > >That's good news. Can it also create them? But there are probably still >many using older versions. I know some who refuse to update from 6.5.8. Some people stick to PGP 8.1, a version fairly compliant with GPG. See below. > > >David Shaw wrote: >> Now that DSA2 is here, there aren't really that many benefits to RSA >> (and I say this as someone with an RSA key). In theory, DSA is better >> because it is required by OpenPGP: you won't be able to find any >> OpenPGP implementation that doesn't handle it. This is not true of >> RSA (it's legal for a program to reject it just because it is RSA). >> In practice, that doesn't happen much because the "big two", PGP and >> GPG, both handle RSA. > - -- snip -- > >So would it be fair to sum up the differences like this: >- for signing DSA is faster, for verification RSA is faster, > but there's not much of a difference. >- OpenPGP implementations must support DSA, but supporting RSA > is optional, but both gpg and PGP support RSA, so there's > not much of a differance. >- original DSA limited to 1024 bit keys and 160 bit hashes. >- DSA signatures are smaller. >- updated DSA, aka "DSA2", equal to RSA when it comes to the > lenghts of keys and hashes. >- Of PGP, only the newest version support DSA2 keys. >- RSA has a hash firewall > >If there are no other significant differences that I have missed, since I >want a key larger that 1024 bits, it must be a DSA2 or RSA key. RSA gets a >minus for not being required by OpenPGP, but only a small one since it is >supported anyway. DSA2 gets minus points both for lack of support in older >versions of PGP, and for lack of a hash firewall. RSA still seems better >to me, but not by as much as I previously thought. > > - --snip -- > >Oskar PGP 8.1 verifies SHA-256 hashes made by large RSA-keys, but NOT any signatures made by DSA2-keys. "Signing algorithm not supported". To create DSA2-keys with GPG you have to use the option "enable-dsa2". Snoken -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959 iD8DBQFGzXNCWisObvnr8tQRAuSVAJ9p0FHy+Xgp+qetg00FBDDlf2/7eACfTu6t RONfGdW5At2219R7Y4VZXL4= =QFqQ -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Aug 23 15:57:49 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 23 Aug 2007 09:57:49 -0400 Subject: Using an old .gnupg directory In-Reply-To: <1187868134.46cd6de6ec492@imp.free.fr> References: <1187868134.46cd6de6ec492@imp.free.fr> Message-ID: <20070823135749.GA14833@jabberwocky.com> On Thu, Aug 23, 2007 at 01:22:14PM +0200, phiroc at free.fr wrote: > Hello, > > I recently reinstalled cygwin from scratch on my Windows machine, after copying > the .gnupg directory and its contents to an USB key. Now, I would like to > decrypt files encrypted with the private key in that .gnupg directory, in my new > cygwin installation. Obviously, I should copy the .gnupg directory to my new > home directory. But what should I do next? You shouldn't have to do anything else. Once you have a .gnupg directory in your home directory, GPG will find it and use it. David From alex at bofh.net.pl Thu Aug 23 16:10:33 2007 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Thu, 23 Aug 2007 16:10:33 +0200 Subject: Questions about generating keys In-Reply-To: <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> References: <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> Message-ID: <20070823141032.GA31967@hell.pl> On Thu, Aug 23, 2007 at 12:40:02PM +0300, Oskar L. wrote: > Robert J. Hansen wrote: > > In the battle between armor and warhead, _always_ bet on the warhead. > > > > Playing defensively and trying to make an email address invisible is > > going to be an exercise in frustration. They always get seen. They > > always get spammed. Play defensively and you lose. > > Well if you need to have an e-mail address available to the general public > then this is certainly true. Spammers have even been known to hire cheap > labor to surf the web looking for e-mail addresses and filling in spam in > forms, so even hiding your address in a blurred upside-down JPEG won't > help. [] I'll tell you something. I have three public email addresses that I use almost exclusively, and one doubles as my Jabber ID, and I never used obsfuctaion or protection: all they do is irritate users and decrease chance that someone who should be able to contact me, can't. Yet, I receive much less spam to my mbox than for example to comments on my blog. Why? I use some not very complicated precautions. Actually, as I said before one of two spams slip in a month, sometimes one more, sometimes none at all. All those things that you describe involve lot of effort on your and your correspondent's side, and are weak - if someone who has your address gets a trojan, your address leaks out. If someone accidentally puts server log files on the net, your address leaks out, when someone writes to your wrong address (like sending private reply to email address) the communication won't work. What are you tring to do, is like full time wearing full biosafety hazmat suit with closed air circulation just to avoid getting common cold. It won't work this way or another, the air will run out at some point or the suit will wear and tear where and when you are not looking. And you are a big inconvenience to your peers. What I'm saying is that this approach is stupid, and wasteful of time and resources. It seems secure, gives this warm and fuzzy feeling, but it isn't. It is like taking your shoes in the airport, but what if someone smuggles some C4 in a buttplug and blows it with electronics of his ipod? > If you have security unaware friends who type in your address on "send > your friend an ecard" type of sites, or have you in their address book on > their Windows box full with spyware, then the spammers will get your > address, no matter what you do. All people are security unconscious and some point.s > But if you don't need a public address, and only have security conscious > friends, then I would think you have a good change of staying of the > spammers lists. And what if I haven't such friends? > > Whitelisting, graylisting, blacklisting, Bayesian filters, even lawsuits > > if you're so inclined--those are all active measures which force the > > spammers to adapt to your actions. That gives you a measure of > > initiative back. You're no longer playing pure defensive. > > Those are all good things, but just because we have them does not mean > that it's not a good idea to try to stay of the spammers list in the first > place. Personally I'd like to see more aggressive anti-spam measures, > like the ones taken by Blue Frog. It is not good idea, because you can't in the same way you can't quit address lists of influenza viruses and meteorite strikes. > User IDs do not provide any authentication, so security wise they are > useless. The most secure thing would be not to have one at all, and have > my friends remember that key number xxxxxxxx belongs to me. This way, if heh you are expecting big things of people and if someone offers them chocolate[1] to give out your secret number? [1] research shows that people are willing to give out actual passwords in exchange for chocolate > my friends get raided, it will be more difficult or impossible for the > police to figure out that it's my key. But since this is very > inconvenient, I decided to sacrifice a little security for convenience, by > putting my first name in the user ID. I don't provide an e-mail address > mainly because it's easier to change my e-mail address if I don't have to > update my key, but this undeniably also makes things a little harder for > spammers, since it's one less place they can find my e-mail address. It > might also help in a deniability claim. I don't however think that it's > too much to ask that people remember witch e-mail address goes with witch > key. if you do things that can get you raided by police, that changes the threat model but on the other hand, surveillance usually means communication intercepts so the interceptors will know that communciations encrypted with this particular key and id go to you Alex -- JID: alex at hell.pl PGP: 0x46399138 od zwracania uwagi na detale s? lekarze, adwokaci, programi?ci i zegarmistrze -- Czerski From seh at panix.com Thu Aug 23 17:44:10 2007 From: seh at panix.com (Steven E. Harris) Date: Thu, 23 Aug 2007 08:44:10 -0700 Subject: Questions about generating keys References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> Message-ID: <7y1wdufe1j.fsf@fillmore.spawar.navy.mil> "Oskar L." writes: > Yahoo! has a nice free service called AddressGuard. [...] Spamgourmet? has offered this and more since October 2000. Footnotes: ? http://www.spamgourmet.com/ -- Steven E. Harris From ngvb69-gnupg at yahoo.co.uk Fri Aug 24 10:33:59 2007 From: ngvb69-gnupg at yahoo.co.uk (ngvb69-gnupg at yahoo.co.uk) Date: Fri, 24 Aug 2007 09:33:59 +0100 (BST) Subject: Questions about generating keys Message-ID: <915201.69692.qm@web26707.mail.ukl.yahoo.com> Robert J. Hansen wrote: > > The latest versions of PGP support them. I've got the most up-to-date version of PGP. In fact, it doesn't support them _yet_. The signs are there that they're _almost_ supported - in other words, if you try to add a DSA2 signing subkey the combo boxes have 1536, 2048, and 3072 bit-length options, but when you hit the 'OK' button, you get the message 'Signing key size must be between 1024 and 1024 bits'. A representative from PGP Corporation confirmed (and I quote) that "PGP is still prepared to jump to the new DSS standard once it is finalized". Nigel +------------------------------------------------------------+ | Give a man a fish and he will eat for a day. Teach him how | | to fish, and he will sit in a boat & drink beer all day. | +------------------------------------------------------------+ ___________________________________________________________ Want ideas for reducing your carbon footprint? Visit Yahoo! For Good http://uk.promotions.yahoo.com/forgood/environment.html From dshaw at jabberwocky.com Fri Aug 24 14:58:29 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 24 Aug 2007 08:58:29 -0400 Subject: Questions about generating keys In-Reply-To: <915201.69692.qm@web26707.mail.ukl.yahoo.com> References: <915201.69692.qm@web26707.mail.ukl.yahoo.com> Message-ID: <20070824125829.GB16341@jabberwocky.com> On Fri, Aug 24, 2007 at 09:33:59AM +0100, ngvb69-gnupg at yahoo.co.uk wrote: > Robert J. Hansen wrote: > > > > The latest versions of PGP support them. > > I've got the most up-to-date version of PGP. In fact, it doesn't support them > _yet_. > > The signs are there that they're _almost_ supported - in other words, if you > try to add a DSA2 signing subkey the combo boxes have 1536, 2048, and 3072 > bit-length options, but when you hit the 'OK' button, you get the message > 'Signing key size must be between 1024 and 1024 bits'. > > A representative from PGP Corporation confirmed (and I quote) that "PGP is > still prepared to jump to the new DSS standard once it is finalized". Thanks for checking this. Can you tell me what happens if you import a (GPG created) DSA2 key into PGP? Is PGP then able to verify a DSA2 signature created with GPG? It's reasonably common with this sort of thing to enable reading a new feature before enabling writing it. It's the whole be-liberal-in-what-you-accept thing. David From oskar at rbgi.net Fri Aug 24 20:06:24 2007 From: oskar at rbgi.net (Oskar L.) Date: Fri, 24 Aug 2007 21:06:24 +0300 (EEST) Subject: Questions about generating keys (hash firewalls) In-Reply-To: <46CD69F4.4040509@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> Message-ID: <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> That was a very good explanation of what a hash firewall and a second-preimage attack are. But I think it gives the impression that all the hash firewall is good for is protecting against a second-preimage attack, and therefore is of little importance, since a successful second-preimage attack on SHA-1 is very unlikely to happen. A much more real threat than the second-preimage attack is the birthday attack. The attack is based on the birthday paradox, which deals with how many people there need to be, for the chance to be over 50% that two will have the same birthday. The answer is 253 pairs. So if we start with Bob, we need to have 253 more people, to be able to make 253 different pairs of which Bob is part of. This can be compared to the second-preimage attack; trying to find a message that hashes to a given hash. However, if we don't need to start with anyone in particular, and just take 23 people, we can make the same amount (253) of different pairs from only these 23 people. This is how the birthday attack works; trying to find any two messages that hashes to the same hash, and as shown by the birthday paradox, this is much more likely to succeed than the second-preimage attack. This is how it could be used. I take two pictures, one offensive and one nice. The resolution is 2048x1536, which means they contain 3145278 pixels. If I change a pixel 5 shades darker or brighter, it will be such a small change that it won't be noticed. So I have 11 (original+5+5) alternatives for each of the 3145278 pixels. This means I can make 11^3145278 versions of each picture. That's so many that not even calculators designed to show very large numbers can show the result. Now I compare all the hashes from one picture to all the hashes from the other. If I find one version of the offensive picture and one version of the nice picture that have the same hash, I sign the offensive picture and send it to someone, and can then deny I did so and show the nice picture with the same hash as proof. If I have signed the picture with a key with a hash firewall, the receiver knows (in a perfect world) that in the attack I could use different algorithms, but am limited to using only collisions between hashes made by the same algorithm. If I don't use a firewall the receiver knows that the attack would be much easier for me, since I could use a "collision" between different algorithms. Do hash firewalls have any drawbacks (performance decrease, difficult to implement, patent issues etc.)? What's the reason DSA doesn't have one? Oskar "Robert J. Hansen" wrote: > In an RSA signature, data about what algorithm was used in a signature > is, itself, part of the signed data. You can't lie about a signature > algorithm without tampering with the message and making the signature > fail to verify. > > In DSA, the data is not part of the signed data. This allows you to > lie. This has potential problems if one of the supported hashes becomes > so catastrophically weak that second-preimage attacks become feasible. > > SHA-1 may be basically dead as far as crypto goes, but it is a _long_ > way from a second-preimage attack. > > > > > The paranoid interpretation of this: > > Let's speculate that tomorrow, Shengdong University continues their > trend of eye-popping crypto research and announces a second-preimage > attack against SHA-1. You migrate to RIPEMD160 or truncated SHA256 or > what-have-you as a result. > > An attacker wants to forge one of your new RIPEMD160-based signatures. > An attacker gets a good RIPEMD160-based signature from you. This is > basically one very long binary sequence, which says "hey, if the message > you're reading hashes out to this binary sequence, then yes, it's for > real." > > I construct a new message, saying "I, Sven Radde, agree to pay Rob > Hansen one frosty cold pint of bitters." I wave the dead chicken over > it, or whatever Shengdong U. says I have to do, in order to make it hash > out to the exact same binary sequence as the one your signature says is > authentic. > > I lift your RIPEMD160 signature and place it on my new forged message. > I proceed to then lie and say "This message used SHA-1 as a digest." > > I give it to your local barkeep. He looks at the message, SHA-1s it, > gets the binary sequence I constructed. He compares it against your > signature block, which says "hey, if the message you're reading hashes > out to this binary sequence, then yes, it's for real." > > Your barkeep pours me a nice cold frosty pint of bitters--hey, I'm a > barbaric American and I drink my beer _cold_, thank you very much--and > puts the bill for it on your tab. > > I have now defrauded you by using a forged message. And it's all made > possible by the lack of a hash function firewall. > > > > > > The practical paranoid interpretation of this: > > A second-preimage attack on SHA-1 would be a mathematical advance of > such massive proportions that worrying about its consequences for DSA > signatures is kind of dumb. > > If you stay up late at night wondering what will ever happen to "Deal Or > No Deal" in the days after a meteor hits Earth, then you're probably the > type of person who worries about what happens to DSA signatures after a > second-preimage attack on SHA1. The rest of the world, however, will > have much more important things to worry about. > > > > > ... Personally, I myself subscribe to the practical paranoid view. > From wk at gnupg.org Fri Aug 24 21:37:26 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 24 Aug 2007 21:37:26 +0200 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> (Oskar L.'s message of "Fri, 24 Aug 2007 21:06:24 +0300 (EEST)") References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> Message-ID: <87tzqorafd.fsf@wheatstone.g10code.de> On Fri, 24 Aug 2007 20:06, oskar at rbgi.net said: > Do hash firewalls have any drawbacks (performance decrease, difficult to > implement, patent issues etc.)? What's the reason DSA doesn't have one? DSA ist the signature algorithm used with DSS, the Digital Signature Standard. DSS requires the use of DSA along with SHA-1 as the hash algorithms. Similar provisions have been setup for DSA1 i.e. the combination of certain key sizes with certain hash algorithms. Thus there is no need for the hash firewall. OpenPGP OTOH allows to use any suitable hash algorithms with DSA. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dshaw at jabberwocky.com Fri Aug 24 21:52:40 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 24 Aug 2007 15:52:40 -0400 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> References: <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> Message-ID: <20070824195240.GB26648@jabberwocky.com> On Fri, Aug 24, 2007 at 09:06:24PM +0300, Oskar L. wrote: > Do hash firewalls have any drawbacks (performance decrease, difficult to > implement, patent issues etc.)? What's the reason DSA doesn't have one? I suspect a major reason is the main use of DSA is really DSS - and DSS was never intended to be used with any hash other than SHA-1. It gets a little stickier with DSA2/DSS2 where there are several possible hashes. For example, a 1024/160 DSA key can use SHA1, but also SHA224, SHA256, SHA384, or SHA512, by truncating them to 160 bits. David From rjh at sixdemonbag.org Fri Aug 24 22:00:50 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 24 Aug 2007 15:00:50 -0500 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> Message-ID: <46CF38F2.3090909@sixdemonbag.org> Oskar L. wrote: > So if we start with Bob, we need to have 253 more people, to be able to > make 253 different pairs of which Bob is part of. We need 22 more people. In a room of 23 people, there are C(23, 2) different pairs, or 253. You should probably refresh your knowledge of combinatorics before talking about the birthday paradox. From rjh at sixdemonbag.org Fri Aug 24 22:08:05 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 24 Aug 2007 15:08:05 -0500 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <46CF38F2.3090909@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <46CF38F2.3090909@sixdemonbag.org> Message-ID: <46CF3AA5.4090308@sixdemonbag.org> Robert J. Hansen wrote: > In a room of 23 people, there are C(23, 2) different pairs, or 253. D'oh. This will teach me to read things quickly. Oskar was specifically saying pairs of which Bob was a part, not total pairs in the room. (gets out the brown paper bag) From rjh at sixdemonbag.org Fri Aug 24 22:15:18 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 24 Aug 2007 15:15:18 -0500 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> Message-ID: <46CF3C56.5000203@sixdemonbag.org> Oskar L. wrote: > calculators designed to show very large numbers can show the result. Now I > compare all the hashes from one picture to all the hashes from the other. Doing a birthday attack is highly nontrivial. E.g., to do a birthday attack on SHA256 requires a minimum, a _minimum_, of over 10**17 joules to be liberated as heat. That's about as much as you'd get from an entire full-out strategic nuclear exchange between the US and Russia. You're talking global climate change at that point, along with potential mass extinction of humanity. It's not pretty. > Do hash firewalls have any drawbacks (performance decrease, difficult to > implement, patent issues etc.)? What's the reason DSA doesn't have one? Historical reasons. Nobody ever thought DSA would be used with anything other than SHA-1, so if there's only one approved hash function, there's no need for a hash firewall. DSS explicitly requires SHA-1 as a hash. From ngvb69-gnupg at yahoo.co.uk Fri Aug 24 23:00:51 2007 From: ngvb69-gnupg at yahoo.co.uk (Nigel Brown) Date: Fri, 24 Aug 2007 22:00:51 +0100 (BST) Subject: Questions about generating keys Message-ID: <665251.80821.qm@web26704.mail.ukl.yahoo.com> Message: 5 Date: Fri, 24 Aug 2007 08:58:29 -0400 David Shaw wrote: > > Thanks for checking this. Can you tell me what happens if you import > a (GPG created) DSA2 key into PGP? Is PGP then able to verify a DSA2 > signature created with GPG? No problem. PGP Desktop accepts the GPG-created DSA2 key quite happily, and verifies the DSA2 signature made in GPG on a separate key. If I import the secret part of the GPG-created DSA2 key PGP will also let me sign keys with it in PGP. hmm... so PGP _does_ support DSA2 really... (but still won't create DSA2 keys) > It's reasonably common with this sort of thing to enable reading a new > feature before enabling writing it. It's the whole > be-liberal-in-what-you-accept thing. Right you are. And I should have known better than to doubt Mr Hansen. ___________________________________________________________ Want ideas for reducing your carbon footprint? Visit Yahoo! For Good http://uk.promotions.yahoo.com/forgood/environment.html From rjh at sixdemonbag.org Fri Aug 24 23:18:28 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 24 Aug 2007 16:18:28 -0500 Subject: Questions about generating keys In-Reply-To: <665251.80821.qm@web26704.mail.ukl.yahoo.com> References: <665251.80821.qm@web26704.mail.ukl.yahoo.com> Message-ID: <46CF4B24.6020406@sixdemonbag.org> Nigel Brown wrote: > Right you are. And I should have known better than to doubt Mr Hansen. In fact, I was wrong--I said PGP supported creating DSA2 keys, which apparently it doesn't. I foolishly thought that just because I'd seen PGP support using DSA2 keys, that it meant PGP supported creating DSA2 keys. From oskar at rbgi.net Fri Aug 24 23:32:15 2007 From: oskar at rbgi.net (Oskar L.) Date: Sat, 25 Aug 2007 00:32:15 +0300 (EEST) Subject: Questions about generating keys In-Reply-To: <46CD6FB4.1060309@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> Message-ID: <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> "Robert J. Hansen" wrote: > This is not my experience. I've received spam addressed to my amateur > radio call sign (KC0SJE) at a domain that's not directly associated with > me. I don't know how it was discovered, but for right now I'm leaning > towards the hypothesis that spammers have made pacts with the Devil and > learned dark arts. My first guess would be that you are in one of your friends address book, and your friend has spyware that got it. > If I know that one sort of antispam measure is going to reduce the spam > I receive 100-fold over the reduction produced by another antispam > measure... and the 100-fold measure takes the same amount of resources > as the other one... then why should I ever use the second measure? If the amount of resources are so small that even combined they are insignificant, then why not use both? Everyone who gets sent spam isn't on one single list, which all the spammers use. Spammers get their addresses in different ways, so different spammers will have different lists. Lists are valuable, you can make money by selling a list of working addresses, so they are not likely freely shared between spammers. The fewer lists you are on, the less spam you will be sent. It's not an all or nothing deal. Just because you won't be able to be totally free from spam, is that a good reason to carelessly leave your address all over the Internet? > I get a 100-fold reduction from X amount of time and labor, or a > 101-fold reduction from a 2X amount of time and labor. This is really > simple to me; I'm going to take the 100-fold reduction and spend the > extra X time goofing off, or visiting my nephews, or grabbing lunch with > my sister, or doing thesis research, or... Yes, it's logical to use the measure(s) that gives the best results for your amount of time and effort. It's also logical to use all of the measures that gives you or you contacts no inconvenience at all. > "User IDs do not provide any authentication", okay, that much is true. > If you want authentication, you're really looking for a trusted > signature on the user ID, fine. You are confusing authenticity and trust. I you visit Bob and he gives you his fingerprint, and when you get home you see that it matches the one on his key, then the key is authenticated. If you now get Marys key, with a signature from Bob, this does not make Marys key authenticated! Bob might not know much about security, and have been tricked to signing a false key. He might secretly hate you and have created "Marys" key himself. Someone might hold his cat hostage and force him to sign false keys. The point is that even if Bob is your best friend and a security guru who has no cat, his signature is still not a 100% guarantee that the key really belongs to Mary. All the signature provides is various degrees of trust. > You are apparently not up to date on something called traffic analysis. > I suggest you look into it. What you're talking about here is probably > a pipe dream. I have an account on a server run by a trusted party, which has an encrypted connection for accessing e-mail accounts. Most of my friends have accounts on the same server, so our messages to each other never leaves the server. Traffic analysis will reveal what time you are active, and how much data you are transferring. To only way to protect against it is to download and upload all the time at a constant rate. Not worth it in my situation. > 1. Stop posting to crypto mailing lists that keep public archives. > Creating an electronic paper trail of yourself saying "I'm concerned > about getting raided by the cops, please help me figure out how to > protect my electronic privacy" is not a very smart thing to do. I don't think there's anything wrong with saying that I want to protect my privacy. I think if asked if they care about privacy, most people would answer yes. I have been sent letters by the police on several occasions telling me that my phone has been listened to (by law they have to inform you of this some time after). I had my car confiscated and searched. So if I know they are interested in me, surely the strange thing would be if I did not try to protect my privacy? I never said I was concerned about getting raided, I said if someone else got raided it's not good if they find info about me there. > 2. Hire an information security professional. GnuPG can be part of a > security solution, it can even be a very effective part, but it is not > magic fairy dust. You will not find privacy or security just by > sprinkling a little magic fairy dust here and there and thinking that it > will "just work". Heh, I certainly don't think that only encrypting e-mail and signing backups with GnuPG will somehow make all aspects of my life secure. I don't know how you got this impression. I also use TrueCrypt for whole disk encryption, BCWipe for secure deletion, TOR for anonymity, a good firewall, and all my machines run Linux and my "supersecure" machine is never connected to the Internet. > If your needs are this high-level, you need the > services of an information security professional. My needs are not high level, and I don't really need security for anything other that paying bills online. But it's nice to have some privacy, and security is a very interesting an inexpensive hobby. Oskar From oskar at rbgi.net Sat Aug 25 00:21:51 2007 From: oskar at rbgi.net (Oskar L.) Date: Sat, 25 Aug 2007 01:21:51 +0300 (EEST) Subject: Questions about generating keys (hash firewalls) In-Reply-To: <46CF3C56.5000203@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <46CF3C56.5000203@sixdemonbag.org> Message-ID: <46910.62.142.195.88.1187994111.squirrel@mail.rbgi.net> Robert J. Hansen wrote: > Doing a birthday attack is highly nontrivial. E.g., to do a birthday > attack on SHA256 requires a minimum, a _minimum_, of over 10**17 joules > to be liberated as heat. That's about as much as you'd get from an > entire full-out strategic nuclear exchange between the US and Russia. > You're talking global climate change at that point, along with potential > mass extinction of humanity. It's not pretty. I only meant to point out that a birthday attack would have a much better chance of finding a collision than a second preimage attack. I'm sorry if I made it sound trivial, I know it's not. I just tried to give an example of how it works that would be easy to understand. I'm pretty sure the process is called a birthday attack, weather it's successful or not, and no matter how few hashes you use. So even if you only compare the hash values of "a", "b" and "c" in hope of finding a collision, it's still a birthday attack. Oskar From rjh at sixdemonbag.org Sat Aug 25 00:46:34 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 24 Aug 2007 17:46:34 -0500 Subject: Questions about generating keys In-Reply-To: <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> Message-ID: <46CF5FCA.9090908@sixdemonbag.org> Oskar L. wrote: > My first guess would be that you are in one of your friends address > book, and your friend has spyware that got it. This is not the case. No one had it except me. > If the amount of resources are so small that even combined they are > insignificant, then why not use both? Because there is no such thing as an 'insignificant' amount of resources. Everything has a price associated with it. The trick is to get the most bang for your buck. >> "User IDs do not provide any authentication", okay, that much is >> true. If you want authentication, you're really looking for a >> trusted signature on the user ID, fine. > > You are confusing authenticity and trust. Please read the manual. I am not confusing the two. Authentication of a user ID is provided by a trusted signature. Period, end of sentence. > I you visit Bob and he gives you his fingerprint, and when you get > home you see that it matches the one on his key, then the key is > authenticated. No. You also have to trust that Bob isn't playing a game with you. > If you now get Marys key, with a signature from Bob, > this does not make Marys key authenticated! Yes. Like I said: you're really looking for a _trusted_ signature. Clearly, in this case you do not trust Bob to make signatures that are in accordance with your security policy. > point is that even if Bob is your best friend and a security guru who > has no cat, his signature is still not a 100% guarantee that the key > really belongs to Mary. All the signature provides is various degrees What world do you live in which offers total assurances of anything other than the inevitability of death and taxes? This is not a game of certainties. Security is a game of probabilities. Anyone who insists on absolutes needs to stop using computers. > Traffic analysis will reveal what time you are active, and how much > data you are transferring. More importantly in the case you're describing, to whom. From jmoore3rd at bellsouth.net Sat Aug 25 00:57:17 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 24 Aug 2007 18:57:17 -0400 Subject: Questions about generating keys In-Reply-To: <665251.80821.qm@web26704.mail.ukl.yahoo.com> References: <665251.80821.qm@web26704.mail.ukl.yahoo.com> Message-ID: <46CF624D.2000506@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Nigel Brown wrote: > I should have known better than to doubt Mr Hansen. Nonsense! Mr. Hansen thrives on "being doubted" as this is what keeps Him on His toes. :-D *LOL* Seriously; any time You Question a statement for reasons other than "That's not what I wanted to hear" You should challenge the speaker. :) JOHN ;) Timestamp: Friday 24 Aug 2007, 18:56 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4570: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJGz2JLAAoJEBCGy9eAtCsPjUUH/1OmIxnxFdOqmPUjsHI0V+yv fbknTTCACxWVzmRLVl5WuE/aLgfvywTQ4bp/ldOAj03FbDd25sI5KxNSi0jB60E1 PAFmiayRNY5bdchGzwRivD4i/ygQ0Iuu4l8x5r9amV02Iyw7OybhQ05NrVIkNKjN QC5ZdYXSPiq9VfpZrO8nMNkaJbBo4AVnu9EfU9Yo8AJXEDaQKXzEB2KiJgS5xLc+ hf4ZbY+KHzJw5guQHK52s9wX58oyFjVY5jLi9MaMopaDHAXhJzuH3Dtft9Fu0cUH FbANWSx8JKy63Um78jnDUWMa6+vrisu4l4yHYnJmYNnTDxN0m3GnhIHzeXINL5k= =ionx -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Sat Aug 25 01:04:21 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 24 Aug 2007 19:04:21 -0400 Subject: Questions about generating keys In-Reply-To: <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> Message-ID: <46CF63F5.70108@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Oskar L. wrote: > Traffic analysis will reveal what time you are active, and how much data > you are transferring. To only way to protect against it is to download and > upload all the time at a constant rate. Not worth it in my situation. It will also reveal just who communicates with whom and how often; as well as the amount of data sent. This data, with analysis is the basis behind targeting where missiles & search warrants are delivered. Think of it as a blind man locating the hub of a bicycle wheel by feeling the spokes. :-D JOHN ;) Timestamp: Friday 24 Aug 2007, 19:03 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4570: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJGz2P0AAoJEBCGy9eAtCsPXSgH/3YE7/bnna8gtpzYW7G+EPaw v9Wt/W0qJHNrl2sxkS4x7ekf+zwfYyAFSeKs0GeZbOC5SYJQs73mC0HDbeq39tGu nJjbGhC+JQBDxjaxjozZQhGEd+ifsmrNrmOH1kEREI4EqQFnnj8DzTG+Iiu//HNX +sQlLU1QH+ePMcwkzeKFb0RjQ2JyRo6g0eAY/3q9BdtWrR5ylv9433TNu6hQ6ahI 98ESyjQf6mDd5gq1z4FDf/h9YSpu4SKCAnrWllVrJ8sxLWMzbVfVzg9c7ufQaf6+ n0eb8NRT4FFcHwtNUHs/f/g9JxNTuo/KVs+mcI98VwSZ/M04qRgxVjaTuDT8Z18= =yBzc -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sat Aug 25 01:17:26 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 24 Aug 2007 18:17:26 -0500 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <46910.62.142.195.88.1187994111.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <46CF3C56.5000203@sixdemonbag.org> <46910.62.142.195.88.1187994111.squirrel@mail.rbgi.net> Message-ID: <46CF6706.3000402@sixdemonbag.org> Oskar L. wrote: > I only meant to point out that a birthday attack would have a much better > chance of finding a collision than a second preimage attack. I'm sorry if > I made it sound trivial, I know it's not. I just tried to give an example > of how it works that would be easy to understand. Well, except that your attack isn't a birthday attack. A birthday attack involves making a ton of different messages and checking _all_ messages created to find _any_ collision. Your attack involves taking one particular message and creating permutations of it, one after another, looking for a collision with your particular message. From oskar at rbgi.net Sat Aug 25 03:46:25 2007 From: oskar at rbgi.net (Oskar L.) Date: Sat, 25 Aug 2007 04:46:25 +0300 (EEST) Subject: Questions about generating keys In-Reply-To: <46CF5FCA.9090908@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> Message-ID: <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> Robert J. Hansen wrote: > Because there is no such thing as an 'insignificant' amount of > resources. Everything has a price associated with it. The trick is to > get the most bang for your buck. Well I guess what's insignificant to one person might not be to another. I know some spammers get addressed by scanning common names, so I would get name123 at example.com instead of name at example.com. I consider having to type 3 digits more a day to be an insignificant hassle, and well worth the extra security. Robert J. Hansen wrote: >> I you visit Bob and he gives you his fingerprint, and when you get >> home you see that it matches the one on his key, then the key is >> authenticated. > > No. You also have to trust that Bob isn't playing a game with you. That the key is authentic means that it is the key Bob wanted you to have, and has not been changed in a man-in-the-middle attack or by any other means. That's all. You can be sure of this if the fingerprint matches. You do not need to trust Bob for the key to be authentic. Bob can be the biggest liar in the world, you still have his authentic key. To be secure you also need to trust him. Authentication can exist without trust, and trust can exist without authentication, but only both combined creates security. Think of it this way. Let's say you don't trust Google for some reason. Then you go to https://mail.google.com, and verify that the SSL certificate is correct, so you can be sure your not on a phishing site. Would you now claim that the site isn't authentic, just because you don't trust Google? Or if you see someone you don't trust, can your eyes then not authenticate to you that the person is who you think they are? Of course they can, because authentication does not require trust, it's security that does. If you do not trust Bob, you can do gpg --edit-key Bob, then type trust. You will be given these options: 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately >> If you now get Marys key, with a signature from Bob, >> this does not make Marys key authenticated! > > Yes. Like I said: you're really looking for a _trusted_ signature. > Clearly, in this case you do not trust Bob to make signatures that are > in accordance with your security policy. Even if we trust Bob completely, then his signature would still just add trust to Marys key, not authentication. We _trust_ that Bob has checked Marys fingerprint carefully before signing her key, we have not _verified_ that he has. > What world do you live in which offers total assurances of anything > other than the inevitability of death and taxes? A world in which medical advances will get rid of death and crypto-anarchism will get rid of taxes? But seriously, when it comes to people trust is the best you can have. You know your friend is able to hit you in the face, but you have good reasons for strongly believing he/she won't. But that's as good as it gets. There's no proof. You can't be 100% sure. Total assurance can be found in mathematics. You don't trust that 5+5=10, you know it. Oskar From oskar at rbgi.net Sat Aug 25 04:11:44 2007 From: oskar at rbgi.net (Oskar L.) Date: Sat, 25 Aug 2007 05:11:44 +0300 (EEST) Subject: Questions about generating keys (hash firewalls) In-Reply-To: <46CF6706.3000402@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <46CF3C56.5000203@sixdemonbag.org> <46910.62.142.195.88.1187994111.squirrel@mail.rbgi.net> <46CF6706.3000402@sixdemonbag.org> Message-ID: <44795.62.142.195.88.1188007904.squirrel@mail.rbgi.net> > Well, except that your attack isn't a birthday attack. > > A birthday attack involves making a ton of different messages and > checking _all_ messages created to find _any_ collision. > > Your attack involves taking one particular message and creating > permutations of it, one after another, looking for a collision with your > particular message. No, in my example I used two, not one messages (pictures) and created permutations of both, and then compared both groups of hashes against each other. Oskar From rjh at sixdemonbag.org Sat Aug 25 07:06:34 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 25 Aug 2007 00:06:34 -0500 Subject: Questions about generating keys In-Reply-To: <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> Message-ID: <46CFB8DA.2060209@sixdemonbag.org> Oskar L. wrote: > That the key is authentic means that it is the key Bob wanted you to have, > and has not been changed in a man-in-the-middle attack or by any other > means. This is not the definition I have seen in use in the field. In formalisms, authentication is usually presented as some variety of inductive reasoning about trust. > Think of it this way. Let's say you don't trust Google for some reason. > Then you go to https://mail.google.com, and verify that the SSL > certificate is correct, so you can be sure your not on a phishing site. > Would you now claim that the site isn't authentic, just because you don't > trust Google? Darn right I wouldn't. If I had good reason to believe Google was up to something nefarious, there is nothing in heaven or earth that would cause me to say "yes, that site is authentic." Trust is the ultimate dealbreaker. Always has been, always will be. Authentication in a nutshell, can be summed up in a single sentence. Unfortunately, you get two choices in how to finish it. I believe this thing to be authentic, because... * I just do, all right? * I note it has something authentic which vouches for it. Choose one of the two statements. If you choose the latter, then continue the chain. An example follows: When my friend John Hawley receives a signed email message from me, he might deem it authentic because it has a valid signature. Why is the signature authentic? Because the key which made the signature is authentic. Why is the key which made the signature authentic? Because a signature on that key is authentic. Why is that signature authentic? Because the key which made that signature is authentic. Why is the key which made the signature authentic? Because that's John's own key. Why does that make the key authentic? Because he just does, all right? ... Trust underlies all authentication. Follow an authentication chain far enough and you will always, inevitably, reach trust, some level where the answer is "because I just do, all right?" At that point you've reached your inductive case. Everything starts from there. But, in the absence of that first trust, authentication fails. This is why trust is a necessary precondition for authentication. Without it, everything falls apart. Authentication is, for lack of a better phrase, a formal inference system for trust. Think PROLOG with different semantics. > If you do not trust Bob, you can do gpg --edit-key Bob, then type trust. > You will be given these options: Arguing from user interface design, as opposed to first principles, is something new to me. In fact, your argument undercuts what you're trying to argue. OpenPGP provides such a varied level of trusts precisely because the calculus of trust is so subtle. From allen.schultz at gmail.com Sat Aug 25 10:16:41 2007 From: allen.schultz at gmail.com (Allen Schultz) Date: Sat, 25 Aug 2007 02:16:41 -0600 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <44795.62.142.195.88.1188007904.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <46CF3C56.5000203@sixdemonbag.org> <46910.62.142.195.88.1187994111.squirrel@mail.rbgi.net> <46CF6706.3000402@sixdemonbag.org> <44795.62.142.195.88.1188007904.squirrel@mail.rbgi.net> Message-ID: <3f34f8420708250116i702c875ep7fe8aea1452e066a@mail.gmail.com> Is there a comprehensive list of hashes used in encryption that can help me choose which is the best to use? From rjh at sixdemonbag.org Sat Aug 25 15:00:07 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 25 Aug 2007 08:00:07 -0500 Subject: Questions about generating keys In-Reply-To: <46CFED72.2050508@radde.name> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> <46CFB8DA.2060209@sixdemonbag.org> <46CFED72.2050508@radde.name> Message-ID: <46D027D7.1010500@sixdemonbag.org> Sven Radde wrote: > 1) If it means "the site contents are created by a particular firm", > it is not necessary to trust that firm in any way to deem the site > "authentic". How do you know it's created by a particular firm? Who told you? How did you find out? What's the provenance of your information? How was it conveyed to you? Ultimately, you trust _someone_. Which is precisely the point I made: trust underlies everything. Without that fundamental trust, there's no point talking about authenticity. Each person gets to decide for themselves what are the fundamental questions of trust, as well as answers to those questions. These are the holiest of the holies in a security policy; these are heartbeats that animate every policy and mechanism. Where does the trust lie, and what implications does this trust--or lack thereof--have on the rest of the system? > It is the same with "trusting" keys in GnuPG. Trust, in this case, > only means that the key belongs to a particular person (by inductive > reasoning as you explained very nicely). No disagreement, but a terminology note: the terms "keytrust" and "ownertrust" appear to be on their way out, replaced by "validity" and "trust". Speaking for myself, I like this change; it seems to reduce confusion in newcomers. > The person itself could be a total a**h**e but that would not prevent > [key validity]. This was pointed out in my post. At some point you say "I trust them because I trust them." If you choose to trust someone despite knowing they are fundamentally untrustworthy, that's your choice, and I don't have any say in it. As for me, I choose not to trust people I consider fundamentally untrustworthy. Nobody else has a say in that, either. > If I know that said a**h**e, despite of his other attitudes, always > takes utmost care in verifying other people's keys, I can assign an > appropriate ownertrust. This is not about being nice or being a jerk. Authenticity != trust != niceness. While authenticity is dependent upon trust, niceness appears orthogonal to them both. > As another point, think of codesigning-certificates. Just because, > e.g., an ActiveX control is signed, it does not mean that it is safe, Correct. On the other hand, if it's signed by someone you trust (there's that word again), then there's no reason not to use it. After all, its provenance is vouched by the signature... the signature is vouched by the key... the key is vouched by some trust relationship... and ultimately you reach the "I trust it because I say so and it's my choice" point. > or whatever property one would like to claim about its > contents/functions. It only means that it was created by the > certificate owner and not manipulated by a third party. The signature only says the certificate owner vouches for the provenance of the code, not necessarily that the author vouches for it. Unless you have the special case where the signer is the same as the author. From rjh at sixdemonbag.org Sat Aug 25 15:05:31 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 25 Aug 2007 08:05:31 -0500 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <3f34f8420708250116i702c875ep7fe8aea1452e066a@mail.gmail.com> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <46CF3C56.5000203@sixdemonbag.org> <46910.62.142.195.88.1187994111.squirrel@mail.rbgi.net> <46CF6706.3000402@sixdemonbag.org> <44795.62.142.195.88.1188007904.squirrel@mail.rbgi.net> <3f34f8420708250116i702c875ep7fe8aea1452e066a@mail.gmail.com> Message-ID: <46D0291B.10400@sixdemonbag.org> Allen Schultz wrote: > Is there a comprehensive list of hashes used in encryption that can > help me choose which is the best to use? If all you want is to provide a very high level of authentication for your messages, just stick with the defaults and you'll do just fine. Seriously. GnuPG is specifically designed so that the defaults are sensible for the overwhelming majority of users. There is no "best" hash. My usual metaphor is that arguments over the "best" hash function, the "best" key, the "best" encryption algorithm, etc., are about as meaningful as debating whether Godzilla or Mechagodzilla is more effective at flattening Tokyo. No matter which one you choose, Tokyo gets flattened. From oskar at rbgi.net Sat Aug 25 16:29:12 2007 From: oskar at rbgi.net (Oskar L.) Date: Sat, 25 Aug 2007 17:29:12 +0300 (EEST) Subject: Questions about generating keys In-Reply-To: <46CFB8DA.2060209@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> <46CFB8DA.2060209@sixdemonbag.org> Message-ID: <40716.62.142.195.88.1188052152.squirrel@mail.rbgi.net> > If I had good reason to believe Google was up to something nefarious, > there is nothing in heaven or earth that would cause me to say "yes, > that site is authentic." The point of certificates is for you to be able to verify that you are on the site you think you are, and not a fake one. If you go to somesite.com, and the certificate is ok, then the site is _authentic_. If the certificate is not ok, then someone might have messed with your DNS settings or hosts file, making somesite.com go to the wrong IP, and the site you get is then fake. To say that a site isn't authentic because you don't trust the information on it or the people that run it makes little sense. Does McDonald's not have an authentic site because we don't believe them when they say their food is healthy? Is politician X's site authentic because we agree with him/her, but politician Y's is not, because we disagree with him/her? Mallory might be a liar who you don't trust, but that does not mean that it's impossible for anyone to authenticate that Mallory really is Mallory. Mallory can never be unauthentic, only someone pretending to be her can. > Trust is the ultimate dealbreaker. Always has been, always will be. Yes you can trust your friend Trevor, and yes weather you trust him or not is the deal breaker. But you also need to authenticate him by some means. Anyone can tell you they are Trevor. If you visit him authentication is easy, you recognize him by his looks, the sound of his voice etc. Crypto makes authentication over the Internet possible. > Authentication in a nutshell, can be summed up in a single sentence. > Unfortunately, you get two choices in how to finish it. > > > > I believe this thing to be authentic, because... > > * I just do, all right? > * I note it has something authentic which vouches > for it. "I just do, all right?" That's not a good answer. It offers no facts or logical reasoning. If a company tells you their products are the best, and you ask them why, would you be satisfied if they answered "they just are, all right?" "I believe X to be authentic, because I note it has Y which vouches for it." That's logical reasoning, but leaves the question of why you trust Y unanswered. > Choose one of the two statements. If you choose the latter, then > continue the chain. I would rather have: -This thing is authentic, because I have verified it myself. -I trust this thing, because someone I trust and have verified claims it to be. > Why is the signature authentic? Because the key which made the > signature is authentic. Yes, that's logical. > Why is the key which made the signature authentic? Because a signature > on that key is authentic. No then it's only trusted. The signature on the key is authentic, yes, and the public key you use to verify the signature is also authentic. But the information, someone claiming that another a key is authentic, is only trusted. You can't verify that your friend isn't lying to you by using any kind of crypto. This is the weak link in the chain which brings everything down to the level of trust. The key would be authentic if you had verified it yourself. > Why is the key which made the signature authentic? Because that's > John's own key. > > Why does that make the key authentic? Because he just does, all right? It doesn't. Verifying the fingerprint would make it authentic. > Follow an authentication chain > far enough and you will always, inevitably, reach trust, some level > where the answer is "because I just do, all right?" If there are other people besides yourself involved in the chain, and they are providing information which you do not verify, only trust, then yes, trust is the weakest point. But that does not mean that everything in the chain is only trusted. Somewhere in the chain we could have 5+5=10, and we do not need to trust this, we can be 100% sure of it. > why trust is a necessary precondition for authentication. Without it, > everything falls apart. You can trust Trevor, but this trust is useless if you have no way of authenticating that Trevor really is Trevor. Trust is not needed for authentication. You can authenticate a lot of things just by looking at them, your friends for example. Oskar From oskar at rbgi.net Sat Aug 25 16:54:30 2007 From: oskar at rbgi.net (Oskar L.) Date: Sat, 25 Aug 2007 17:54:30 +0300 (EEST) Subject: Questions about generating keys (hash firewalls) In-Reply-To: <46D0291B.10400@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org><46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <46CF3C56.5000203@sixdemonbag.org> <46910.62.142.195.88.1187994111.squirrel@mail.rbgi.net> <46CF6706.3000402@sixdemonbag.org> <44795.62.142.195.88.1188007904.squirrel@mail.rbgi.net><3f34f8420708250116i702c875ep7fe8aea1452e066a@mail.gmail.com> <46D0291B.10400@sixdemonbag.org> Message-ID: <38784.62.142.195.88.1188053670.squirrel@mail.rbgi.net> Allen Schultz wrote: > Is there a comprehensive list of hashes used in encryption that can > help me choose which is the best to use? I'm sure there is, but such a list would not do you much good. The application you use probably only supports a few. Some are old and insecure, and should not be used. I suggest you check what hashes your application supports, then read about them on Wikipedia. Here's a few: http://en.wikipedia.org/wiki/SHA1 http://en.wikipedia.org/wiki/RIPEMD160 http://en.wikipedia.org/wiki/WHIRLPOOL Oskar From oskar at rbgi.net Sat Aug 25 17:28:32 2007 From: oskar at rbgi.net (Oskar L.) Date: Sat, 25 Aug 2007 18:28:32 +0300 (EEST) Subject: Questions about generating keys In-Reply-To: <46D027D7.1010500@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> <46CFB8DA.2060209@sixdemonbag.org> <46CFED72.2050508@radde.name> <46D027D7.1010500@sixdemonbag.org> Message-ID: <41596.62.142.195.88.1188055712.squirrel@mail.rbgi.net> > Ultimately, you trust _someone_. Which is precisely the point I made: > trust underlies everything. Without that fundamental trust, there's no > point talking about authenticity. If that someone is yourself, do you still call it trust? Some things about myself I only trust, such as my memory about certain things. Other things I am completely sure of, and don't call trust. That I won't all of a sudden hit myself in the face for no reason, for example. My ability to look at the fingerprint on a paper, and compare it to the on on the screen, is something I'm completely sure I'm capable of doing correctly, so therefore I call a key I have verified authentic, not trusted. Maybe you call it trusted, and we are just arguing about the meaning of words? Oskar From JPClizbe at tx.rr.com Sat Aug 25 21:41:07 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Sat, 25 Aug 2007 14:41:07 -0500 Subject: Questions about generating keys In-Reply-To: <40716.62.142.195.88.1188052152.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> <46CFB8DA.2060209@sixdemonbag.org> <40716.62.142.195.88.1188052152.squirrel@mail.rbgi.net> Message-ID: <46D085D3.9070007@tx.rr.com> Oskar L. wrote: > Robert J. Hansen wrote: >> why trust is a necessary precondition for authentication. Without it, >> everything falls apart. > > You can trust Trevor, but this trust is useless if you have no way of > authenticating that Trevor really is Trevor. > > Trust is not needed for authentication. You can authenticate a lot of > things just by looking at them, your friends for example. You're not trusting your own recollection, your memory, that they are indeed your friends? If a stroke or other accident wipes away those memories, they will no longer be recognized as your friends; the memory, hence, the trust has been removed. You're back to trusting because you say so. Say what you want, it's all authentication is built on trust. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070825/cebcd62d/attachment.pgp From JPClizbe at tx.rr.com Sat Aug 25 21:34:47 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Sat, 25 Aug 2007 14:34:47 -0500 Subject: Questions about generating keys In-Reply-To: <41596.62.142.195.88.1188055712.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> <46CFB8DA.2060209@sixdemonbag.org> <46CFED72.2050508@radde.name> <46D027D7.1010500@sixdemonbag.org> <41596.62.142.195.88.1188055712.squirrel@mail.rbgi.net> Message-ID: <46D08457.7090507@tx.rr.com> Oskar L. wrote: >> Ultimately, you trust _someone_. Which is precisely the point I made: >> trust underlies everything. Without that fundamental trust, there's no >> point talking about authenticity. > > If that someone is yourself, do you still call it trust? Well, I can't speak to what you call it. But... PGP calls it implicit trust. GnuPG calls it ultimate trust. Or as Robert would say, "I trust that key because it is mine. I created it. Ergo, I trust it because I say that I trust it." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070825/ed8642cb/attachment.pgp From rjh at sixdemonbag.org Sat Aug 25 23:15:08 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 25 Aug 2007 16:15:08 -0500 Subject: Questions about generating keys In-Reply-To: <40716.62.142.195.88.1188052152.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> <46CFB8DA.2060209@sixdemonbag.org> <40716.62.142.195.88.1188052152.squirrel@mail.rbgi.net> Message-ID: <46D09BDC.6040106@sixdemonbag.org> Oskar L. wrote: > The point of certificates is for you to be able to verify that you > are on the site you think you are, and not a fake one. Yes--which involves trust. Do you trust the certificate authority? Do you trust that the site in question isn't trying to scam you? Etc., etc. Trust lies at the root. Always. > To say that a site isn't authentic because you don't trust the > information on it or the people that run it makes little sense. If I actively distrust the people who are providing me with information, that's much more fundamental than actively distrusting the information itself. Failing to trust information because I actively distrust the people involved in its production and conveyance makes a heck of a lot of sense to me. And without that fundamental trust, there is no possible authentication. Trust lies at the root. Always. > Is politician X's site authentic because we agree with him/her, but > politician Y's is not, because we disagree with him/her? If you think disagreeing with someone is the same thing as actively distrusting them, I feel sorry for you. It is a very poor way to live. > Mallory can never be unauthentic, only someone pretending to be her > can. Clearly, I've had the misfortune of knowing worse sociopaths than you have. > Anyone can tell you they are Trevor. If you visit him authentication > is easy, you recognize him by his looks, the sound of his voice etc. > Crypto makes authentication over the Internet possible. How do you know he's Trevor? How do you know he is who he says he is? How do you know he's not impersonating someone named Trevor? How do you know you're not being taken for a ride? How do you know you can trust yourself? > "I just do, all right?" > > That's not a good answer. It offers no facts or logical reasoning. Great. Prove that you exist. Offer facts and logical reasoning that affirms your own existence. Keep in mind that you can't argue using facts from existence itself, since that reduces down to an assumption of a fact not in evidence--that existence exists. Philosophers have been wrestling with this for a few thousand years, from Rene Descartes' brain-in-a-jar to Gregory Chaitin's holographic universe to--I'm blanking on his name, but a philosopher was once asked to refute solipsism and did so by kicking a rock very hard. While hopping around on one foot and cursing, he exclaimed "I refute it thus!" Epistemological reasoning aside, declarative truth lies at the root of every piece of inductive logic. In mathematics, they are called axioms. Take Euclidean geometry as an example: take the most convoluted construction in Euclidean geometry and you will reduce it down to the handful of axioms Euclid declared, such as "parallel lines never intersect". Why do parallel lines never intersect? Because Euclid declared they never intersect. Declarative truth--an axiom. By definition, axioms offer neither facts or logical reasoning. They simply exist. "I just do, all right?!" is the root axiom of trust. > If a company tells you their products are the best, and you ask them > why, would you be satisfied if they answered "they just are, all > right?" Why do you think that authenticity is universal? It's not. You don't get any say over whom I trust or to what degree. That has some real significance for signatures. Alice: You can trust this message from Charlene. She signed it. Bob: Err--why should I trust her signature? Alice: Because I verified her key. So the message has a sig, the sig came from a key, the key has sigs on it, each sig came from a key, one of those keys is mine. Perfect chain of trust. There, see? Charlene's message is authentic. Bob: ... who are you, and why do I care if your signature is on Charlene's key? Alice: ... Bob: ... Alice: ... Bob: Right. Well, have a nice day! Trust is a very personal decision. If I choose to be satisfied by the company's declaration, that's my business. If I choose not to be satisfied, that's my business. > "I believe X to be authentic, because I note it has Y which vouches > for it." > > That's logical reasoning, but leaves the question of why you trust Y > unanswered. Yes. Inductive proofs are like that. You reason by inductive steps until you reach a basis case. It's rather a lot like my instructions for how to climb down a ladder: 1. If you're on the ground, stop. 2. Otherwise, move down a rung and climb down from there. The fact that inductive cases are not basis cases--and likewise, the fact that basis cases tend to be axiomatic--is so obvious that I'm having great trouble seeing what you're getting at. > -This thing is authentic, because I have verified it myself. You're begging the question. Why is it authentic? Because you've verified it yourself. Why does that make it authentic? Because you trust yourself. Why do you trust yourself? Because you just _do_, all right? > My ability to look at the fingerprint on a paper, and compare it to > the on on the screen, is something I'm completely sure I'm capable of > doing correctly, so therefore I call a key I have verified authentic, > not trusted. You're trusting that you're not suffering from untreated schizophrenia or other mental illnesses that would massively impair your ability to make rational judgments. You're trusting your eyes. You're trusting that your PC is displaying the information accurately. Your trust here is so implicit that you deny it even exists--but trust lies at the root. Always. If root trust is not present, there is no possibility of authentication. Ever. ... At this point, Oskar, I have explained this as thoroughly as I can. In fact, I think I've probably overexplained it substantially, and in the process annoyed the living daylights out of several people on this list who just wish this thread would end. I am not going to respond to this any further. Please take your last shot at it and let's put this to bed so that the list can return to its usual state of happy quiescence. From dan_yt555 at yahoo.com Sun Aug 26 00:19:20 2007 From: dan_yt555 at yahoo.com (Dan T.) Date: Sat, 25 Aug 2007 15:19:20 -0700 (PDT) Subject: Questions about generating keys In-Reply-To: <46CF5FCA.9090908@sixdemonbag.org> Message-ID: <706615.53793.qm@web63111.mail.re1.yahoo.com> --- "Robert J. Hansen" wrote: > > > This is not my experience. I've received spam addressed to my amateur > > > radio call sign (KC0SJE) at a domain that's not directly associated with > > > me. I don't know how it was discovered, but for right now I'm leaning > > > towards the hypothesis that spammers have made pacts with the Devil and > > > learned dark arts. > > > > > Oskar L. wrote: > > My first guess would be that you are in one of > > your friends address > > book, and your friend has spyware that got it. > > > This is not the case. No one had it except me. == Snipped == This is no real mystery: The address kc0sje AT sixdemonbag.org is available on the MIT key server: It is also in Google: Dan ____________________________________________________________________________________ Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting From rjh at sixdemonbag.org Sun Aug 26 02:23:05 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 25 Aug 2007 19:23:05 -0500 Subject: Questions about generating keys In-Reply-To: <706615.53793.qm@web63111.mail.re1.yahoo.com> References: <706615.53793.qm@web63111.mail.re1.yahoo.com> Message-ID: <46D0C7E9.3020407@sixdemonbag.org> Dan T. wrote: > This is no real mystery: Wrong domain. From SeidlS at schneider.com Sun Aug 26 00:08:55 2007 From: SeidlS at schneider.com (SeidlS at schneider.com) Date: Sat, 25 Aug 2007 17:08:55 -0500 Subject: Scott Seidl/Schneider is out of the office. Message-ID: I will be out of the office starting 08/24/2007 and will not return until 08/30/2007. I will return your message when I get back. Thanks From dougb at dougbarton.us Sun Aug 26 07:58:22 2007 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 25 Aug 2007 22:58:22 -0700 (PDT) Subject: Questions about generating keys (hash firewalls) In-Reply-To: <20070824195240.GB26648@jabberwocky.com> References: <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <20070824195240.GB26648@jabberwocky.com> Message-ID: On Fri, 24 Aug 2007, David Shaw wrote: > On Fri, Aug 24, 2007 at 09:06:24PM +0300, Oskar L. wrote: > >> Do hash firewalls have any drawbacks (performance decrease, difficult to >> implement, patent issues etc.)? What's the reason DSA doesn't have one? > > I suspect a major reason is the main use of DSA is really DSS - and > DSS was never intended to be used with any hash other than SHA-1. > > It gets a little stickier with DSA2/DSS2 where there are several > possible hashes. For example, a 1024/160 DSA key can use SHA1, but > also SHA224, SHA256, SHA384, or SHA512, by truncating them to 160 > bits. I've followed this thread with interest, since my only signing key is a 1024 DSA key, and I'm considering options for what my "next" key should be. It almost sounds from what you're saying above that there actually is an argument for RSA's hash firewall being "better" than DSA[2] here, but if I correctly understood what you said later in the thread, the margin by which it's "better" is so small as to not be worth considering. Is that more or less correct? The other question I had is about what you said above regarding truncating hashes with DSA2. Am I understanding correctly that even with DSA2 the hash size can be no larger than 160 bits? Thanks, Doug (who hopes these questions aren't too dopey) -- If you're never wrong, you're not trying hard enough From dougb at dougbarton.us Sun Aug 26 08:03:28 2007 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 25 Aug 2007 23:03:28 -0700 (PDT) Subject: Questions about generating keys (hash firewalls) In-Reply-To: References: <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <20070824195240.GB26648@jabberwocky.com> Message-ID: On Sat, 25 Aug 2007, Doug Barton wrote: > The other question I had is about what you said above regarding truncating > hashes with DSA2. Am I understanding correctly that even with DSA2 the hash > size can be no larger than 160 bits? *sigh* Never mind this bit, I just re-re-read a later part of the thread where you said that it was possible to generate a DSA2 key that can use a full 256 bit hash. I'm still curious about the issue of whether the hash firewall issue makes a "significant" difference or not though. Doug -- If you're never wrong, you're not trying hard enough From rjh at sixdemonbag.org Sun Aug 26 08:16:18 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 26 Aug 2007 01:16:18 -0500 Subject: Questions about generating keys (hash firewalls) In-Reply-To: References: <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <20070824195240.GB26648@jabberwocky.com> Message-ID: <46D11AB2.7010208@sixdemonbag.org> Doug Barton wrote: > It almost sounds from what you're saying above that there actually is an > argument for RSA's hash firewall being "better" than DSA[2] here, but if I > correctly understood what you said later in the thread, the margin by > which it's "better" is so small as to not be worth considering. Is that > more or less correct? I think I was the one who made that argument and said the margin was ultimately not worth considering, so I hope you'll forgive me answering this one despite it being addressed to David. Anyway. Yeah, I think that's a fair assessment. Is there a benefit? Yes. Does the benefit matter? Not really. Or, as David said, if your property is surrounded by a 1000-foot fence, a 1001-foot fence is not going to be much better. If the bad guy can clear a 1000-foot fence, the additional foot probably isn't going to stop him. From newsgroups at thomas-huehn.de Sun Aug 26 15:17:13 2007 From: newsgroups at thomas-huehn.de (=?ISO-8859-15?Q?Thomas_H=FChn?=) Date: Sun, 26 Aug 2007 15:17:13 +0200 Subject: Difference gpg1 and gpg2 with OpenPGP smartcard Message-ID: Hi I have Ubuntu Feisty Fawn. And I see this: huehnts at blackbox:~$ LANG=C gpg --card-status gpg: detected reader `REINER SCT CyberJack pp_a (8348344228) 00 00' Application ID ...: D2760001240101000001000000A40000 Version ..........: 1.0 Manufacturer .....: PPC Card Systems Serial number ....: 000000A4 Name of cardholder: Thomas Huehn Language prefs ...: de Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Max. PIN lengths .: 254 254 254 PIN retry counter : 3 3 3 Signature counter : 8 Signature key ....: 7A72 DC96 5ED2 FD2E 91A0 D652 1DDB 9E21 A673 64E8 Encryption key....: E7A3 80EB E03F 94DD ECC4 4087 D47A 3140 10C5 A5D7 Authentication key: C9F2 08EC 2191 2782 0C3F 5892 07C0 AAD1 0595 E5E0 General key info..: [none] huehnts at blackbox:~$ LANG=C gpg2 --card-status gpg: OpenPGP card not available: Unknown IPC command huehnts at blackbox:~$ LANG=C gpg --version gpg (GnuPG) 1.4.6 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 huehnts at blackbox:~$ LANG=C gpg2 --version gpg (GnuPG) 2.0.3 Copyright (C) 2007 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, TIGER192, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB, BZIP2 How can I get gpg2 to detect my smartcard? Do I have to find out what scdaemon exactly does and how to configure it? Or is that another problem? Thanks Thomas From shavital at mac.com Sun Aug 26 16:48:20 2007 From: shavital at mac.com (Charly Avital) Date: Sun, 26 Aug 2007 17:48:20 +0300 Subject: Difference gpg1 and gpg2 with OpenPGP smartcard In-Reply-To: References: Message-ID: <46D192B4.70308@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thomas H?hn wrote the following on 8/26/07 4:17 PM: > Hi > > I have Ubuntu Feisty Fawn. And I see this: [...] > > How can I get gpg2 to detect my smartcard? Do I have to find out what > scdaemon exactly does and how to configure it? Or is that another problem? > > Thanks > Thomas You have to set your MUA to use the executable path to gpg2, and not to gpg. I have a similar situation on a PPC laptop running MacOS 10.4.10, gpg 1.4.7 and gpg2 2.0.4. In the MUA, Thunderbird 2.0.0.6, GnuPG's executable path has been set to /usr/local/bin/gpg2. Hope this helps, Charly. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRtGSr83GMi2FW4PvAQijnggAjwBZUsWrn2M2yWIwnRVRHxvfNfh7oOcM wdsF6KKhBV5uV0lYfAS8XlXAbVQ2zrE94OVRZ+p1uhbm41g8PSiWeo1cRug3lQHU hgH24rKtUgGXFYcnZTKK3FfD4XxevE4ysavZ0zrztM5N63vdBm77xUOYWMg7d9kZ qS1+QdeCPi5tBsp8KYOYgEoxH2oQ1KXaLVP7qoZi0Q1CzNOPR4eni0JCLWCgG2Cj MF9rKmraKf2p9Pk6CHQ2i9iQPhS/OK9IY+9BnSkYSE49hDLnBJT2PZl+M1v59MA1 fGHymUsVk+KD8/jdDFAZCxEJ+9lz8Sr/4LiD3ZhcU5VLkxACQXuasw== =B0io -----END PGP SIGNATURE----- From newsgroups at thomas-huehn.de Sun Aug 26 17:35:28 2007 From: newsgroups at thomas-huehn.de (=?ISO-8859-1?Q?Thomas_H=FChn?=) Date: Sun, 26 Aug 2007 17:35:28 +0200 Subject: Difference gpg1 and gpg2 with OpenPGP smartcard In-Reply-To: <46D192B4.70308@mac.com> References: <46D192B4.70308@mac.com> Message-ID: Charly Avital schrieb: > You have to set your MUA to use the executable path to gpg2, and not to gpg. I'm not doing anything with a MUA, I'm using gpg2 itself. Thomas From shavital at mac.com Sun Aug 26 18:48:46 2007 From: shavital at mac.com (Charly Avital) Date: Sun, 26 Aug 2007 19:48:46 +0300 Subject: Difference gpg1 and gpg2 with OpenPGP smartcard In-Reply-To: References: <46D192B4.70308@mac.com> Message-ID: <46D1AEEE.6000103@mac.com> Thomas H?hn wrote the following on 8/26/07 6:35 PM: > Charly Avital schrieb: > >> You have to set your MUA to use the executable path to gpg2, and not to gpg. > > I'm not doing anything with a MUA, I'm using gpg2 itself. > > Thomas Sorry, I thought you were using gpg2 for e-mail processing. Charly From ged at solace.miun.se Sun Aug 26 20:09:19 2007 From: ged at solace.miun.se (Sten Lindgren) Date: Sun, 26 Aug 2007 20:09:19 +0200 (CEST) Subject: OpenPGPCar on JavaCard key import and large keys Message-ID: Hi In order to be able to import keys using the Java Card framework it looks quite impossible to use the import mechanism used in the OpenPGPCard specification. So unfortunatly a none standard workaround has to be used which I propse further down. Also since most (all?) java cards today only support short Lc/Le, decryption using the OpenPGP card on Java card is no possible due to length of data that need to be sent. This can be done however using ENVELOPE to encapsulate and split APDUs using long Lc. I have tried to describe some none standard additions as well as use of the ENVELOPE command in a document included below. All of which I already have implemented (however not tested yet) in my Java Card implementation of the spec. Comments and suggestions are welcome. Any chance of actually geting support for it implemented in GnuPG? Anyone with the needed skill who has time to make an implementation for GnuPG. I could make an attempt myself but it will likely take time, get implemented upside down and in the wrong place. Are there any need, interest and/or use for further extensions to the card? Maybe the possibility for OpenPGP certificate for the public key to be stored on card? Expand the card edge to make it have enough functionality to be able to be used together with PKCS #11 (possible making a PKCS #15 compatible structure)? Such additions would be placed in the todo list however and not be part of any 1.0 release (unless it is something trivial to implement that add a lot). Proposed none standard extentions for key import etc follows. These are some extensions used by JOpenPGPCard that are not part of the OpenPGP card specification as of version 1.1. DOs for GET DATA ================ Tag Format Description --------------------------------------- DF S Extra options 4 bytes DOs in detail Extra Options: -------------- With this DO the card indicates features that are not standard in the OpenPGP card specification as of version 1.1 but are needed for some implementations, eg. Java Card. A set Bit(1) means that the function is available. Bits are counted from 0-31 where lsb is 0. This DO will be sent as part of the constructed DO 0x73 (Discretionary data objects) and should not be parsed by applications not supporting it. b0-b15 : Maximum number of octets that can be sent to the card using ENVELOPE. b16 : Maximum number of octets for ENVELOPE is announced in b0-b15. This is announced as a service to applications that wish to use it. If it is not set b0-b15 should be ignored. b17-b29 : RFU (should be 0). b30 : RSA key import has to be done using RSA modulus & private exponent. b31 : RSA key import has to be done using RSA CRT notation. NOTE: Key import methods in this field may only be specified if Extended capabilities DO has key import unset. If key import is set in extended capabilities applications should assume that key import is done as in the original specification and ignore the import bits set in this DO. Only one RSA key import method may be specified in the Extra Options. DO for PUT DATA =============== If a key import method for RSA is specified in extra options and the "support for Key Import" is not set in the Extended capabilities, the Private key template DOs (DOs E0-E2) change as follows. The private key template DO may be set multiple times for each key with different tags in order to reduce the amount of data that has to be sent at the same time. Each tag for a key should only be sent once. All tags needed for the type of key import as specified in the extra options have to be sent before the key is valid. The tags may be sent in any order. Currently only RSA CRT key format is specified Input of RSA CRT key. (xx = length) E0,E1 or E2 xx Tag to indicate a private key data object (signature, decryption, authentification). C0 xx Public exponent e C1 xx Prime1 p C2 xx Prime2 q C3 xx Public modulus n D1 xx PQ = q^-1 mod p D2 xx DP1 = d mod (p - 1) D3 xx DQ1 = d mod (q - 1) Tags C0-C3, D1-D3 can be sent in any order using one or more (recommended) PUT DATA to relevant DO (E0-E2). The tag for private key data object (E0-E2) has to be present in each command. Commands: ========= ENVELOPE This is part of the OpenPGP card specification. This is a clarification of the implementation based on the author's interpretation of the command. This command is used under T=0 to be able to fragment APDUs using Lc. The long APDU is split into one or more parts that are sent in the data field of the ENVELOPE command. When all data has been sent an empty ENVELOPE command is sent (i.e. with empty Lc & Le and no data field). The data is then concatenated by the card in order it was received and the resulting APDU is processed. This is needed when e.g. decryption using 2048 bit keys are to be used since the data that need to be sent to the card doesn't fit into the data field of an APDU using short Lc. CLA : 00 INS : C2 P1 : 00 P2 : 00 Lc : xx or empty to indicate that all data has been sent. Data Field : Part of APDU to be sent or empty to indicate that all data has been sent. Le : Empty Sten Lindgren ged at solace.miun.se From wk at gnupg.org Mon Aug 27 10:06:01 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Aug 2007 10:06:01 +0200 Subject: Difference gpg1 and gpg2 with OpenPGP smartcard In-Reply-To: ("Thomas =?utf-8?Q?H=C3=BChn=22'?= =?utf-8?Q?s?= message of "Sun, 26 Aug 2007 15:17:13 +0200") References: Message-ID: <87ps19o106.fsf@wheatstone.g10code.de> On Sun, 26 Aug 2007 15:17, newsgroups at thomas-huehn.de said: > How can I get gpg2 to detect my smartcard? Do I have to find out what > scdaemon exactly does and how to configure it? Or is that another problem? You need to install gpg-agent and scdaemon. gpg2 uses scdaemon via gpg-agent for accessng the smartcards. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From newsgroups at thomas-huehn.de Mon Aug 27 10:19:05 2007 From: newsgroups at thomas-huehn.de (=?ISO-8859-1?Q?Thomas_H=FChn?=) Date: Mon, 27 Aug 2007 10:19:05 +0200 Subject: Difference gpg1 and gpg2 with OpenPGP smartcard In-Reply-To: <87ps19o106.fsf@wheatstone.g10code.de> References: <87ps19o106.fsf@wheatstone.g10code.de> Message-ID: Werner Koch schrieb: > On Sun, 26 Aug 2007 15:17, newsgroups at thomas-huehn.de said: > >> How can I get gpg2 to detect my smartcard? Do I have to find out what >> scdaemon exactly does and how to configure it? Or is that another problem? > > You need to install gpg-agent and scdaemon. gpg2 uses scdaemon via > gpg-agent for accessng the smartcards. Thank you very much. Thomas From wk at gnupg.org Mon Aug 27 10:24:15 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Aug 2007 10:24:15 +0200 Subject: OpenPGPCar on JavaCard key import and large keys In-Reply-To: (Sten Lindgren's message of "Sun, 26 Aug 2007 20:09:19 +0200 (CEST)") References: Message-ID: <87lkbxo05s.fsf@wheatstone.g10code.de> On Sun, 26 Aug 2007 20:09, ged at solace.miun.se said: > I have tried to describe some none standard additions as well as use of > the ENVELOPE command in a document included below. All of which I already > have implemented (however not tested yet) in my Java Card implementation > of the spec. Comments and suggestions are welcome. I'll forward to Achim Pietig who maintains the specs. We are already collecting new features for a new revision. > Any chance of actually geting support for it implemented in GnuPG? Sure. It just a matter of time. I'd like to do this myself but I doubt that I get to it in th next few months. Other contributions are welcome, but remember that we need to do some legal paper exchange with the FSF. > Are there any need, interest and/or use for further extensions to the > card? Maybe the possibility for OpenPGP certificate for the public key to > be stored on card? Expand the card edge to make it have enough Hmmh, mine is 81k - quite some stuff for a smartcard. The size of the OpenPGP keyrings was the thereason that went for the fingerprint approach. And weel, in almost all cases you need a net connection and thus you can get trghe certificate/keblock online. > functionality to be able to be used together with PKCS #11 (possible > making a PKCS #15 compatible structure)? Hey, it is already usable for with pkcs#11 (www.scute.org and Alon's alternative scdaemon). A design goal is to keep the specs from getting too complex - thus pkcs#15 is nothing we should go for. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From greg_motter at hotmail.com Mon Aug 27 19:02:00 2007 From: greg_motter at hotmail.com (Greg Motter) Date: Mon, 27 Aug 2007 10:02:00 -0700 (PDT) Subject: How to have 2 seperate keyrings on a server Message-ID: <12353314.post@talk.nabble.com> Hello, GPG newbie here and have a question. I'm working on setting up some encryption on a server and have been working with a consultant giving us what we should be doing. One thing he wants us to do is set up 2 keyrings and maintain 2 keyrings on our server. All we are doing is encrypting flat text files that contain sensitive info when they are at rest. Then having a seperate process to decrypt these files when they are needed. What he wants us to do is this: 1) Have a first keyring with our main key pair. The decrypt process will access this keyring to do the decrypting. 2) Have a second keyring with just the public key from the first keyring. We'd then access this second keyring for our encryption process. >From everything I've read. I see that you can change your keyring from the gpg.conf file. Is it possible to change the keyring you want to use from within the command line? I've tried using --keyring and --primary-keyring from the command line a bit without success. Any suggestions? Greg -- View this message in context: http://www.nabble.com/How-to-have-2-seperate-keyrings-on-a-server-tf4336951.html#a12353314 Sent from the GnuPG - User mailing list archive at Nabble.com. From JPClizbe at tx.rr.com Mon Aug 27 23:10:06 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Mon, 27 Aug 2007 16:10:06 -0500 Subject: How to have 2 seperate keyrings on a server In-Reply-To: <12353314.post@talk.nabble.com> References: <12353314.post@talk.nabble.com> Message-ID: <46D33DAE.5010609@tx.rr.com> Greg Motter wrote: > I'm working on setting up some encryption on a server and have been working > with a consultant giving us what we should be doing. One thing he wants us > to do is set up 2 keyrings and maintain 2 keyrings on our server. All we are > doing is encrypting flat text files that contain sensitive info when they > are at rest. Then having a separate process to decrypt these files when they > are needed. What he wants us to do is this: > > 1) Have a first keyring with our main key pair. The decrypt process will > access this keyring to do the decrypting. > > 2) Have a second keyring with just the public key from the first keyring. > We'd then access this second keyring for our encryption process. Good lord, the schemes these "Consultants" come up with. >>From everything I've read. I see that you can change your keyring from the > gpg.conf file. Is it possible to change the keyring you want to use from > within the command line? I've tried using --keyring and --primary-keyring > from the command line a bit without success. > > Any suggestions? try --homedir Each set of keyring files go in their own (sub)directory -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070827/43e1f342/attachment.pgp From adam at avertech.net Tue Aug 28 01:24:24 2007 From: adam at avertech.net (Adam Richards) Date: Mon, 27 Aug 2007 16:24:24 -0700 Subject: pinentry-curses and gpg-agent ipc write error Message-ID: <20070827232424.GA12275@avertech.net> Hi. I'm trying to get pinentry-curses (0.7.2_6) to work with gpg and gpg-agent (v2.0.4). Both installed via /usr/ports on FreeBSD-RELEASE, default Makefile options. But it is not working. When I enter my passphrase in the pinentry-curses dialog, the response is: ---------------------------------------------------------------- gpg: problem with the agent: IPC write error gpg: Invalid passphrase; please try again ... You need a passphrase to unlock the secret key for user: "" 4096-bit ELG key, ID AEXXXXXX, created 2005-11-25 (main key ID 0BA2643B) gpg: problem with the agent: IPC write error gpg: encrypted with 4096-bit ELG key, ID AEXXXXXX, created 2005-11-25 "" gpg: public key decryption failed: General error gpg: decryption failed: No secret key ---------------------------------------------------------------- Pinentry is indeed linked to pinentry-curses, my ~/.gnupg/gpg-agent.conf is setup correctly, and I'm using `use-agent' directive in ~/.gnupg/gpg.conf: ---------------------------------------------------------------- ~> pwd /usr/local/bin ~> ll pinentry [...] pinentry@ -> pinentry-curses ~> cat ~/.gnupg/gpg-agent.conf default-cache-ttl 3600 pinentry-program /usr/local/bin/pinentry debug-level guru debug-all ~> grep use-agent ~/.gnupg/gpg.conf use-agent ---------------------------------------------------------------- I know I have the correct passphrase because when I use a different pinentry, it works just fine: ---------------------------------------------------------------- ~> pwd /usr/local/bin ~> ll pinentry [...] pinentry@ -> pinentry-gtk ~> gpg -v sample.txt.gpg [... gtk dialog comes up and I enter passphrase, hit OK ...] gpg: public key is AEXXXXXX gpg: using subkey AEXXXXXX instead of primary key 0BA2643B You need a passphrase to unlock the secret key for user: "" gpg: using subkey AEXXXXXX instead of primary key 0BA2643B 4096-bit ELG key, ID AEXXXXXX, created 2005-11-25 (main key ID 0BA2643B) gpg: encrypted with 4096-bit ELG key, ID AEXXXXXX, created 2005-11-25 "" gpg: AES256 encrypted data gpg: original file name='sample.txt' ---------------------------------------------------------------- And yes, I do remember to kill -HUP gpg-agent when needed. I initiate gpg-agent from my ~/.zshrc: ---------------------------------------------------------------- [...] # {{{ gpg-agent automation if [[ -f $HOME/.gpg-agent-info ]] && kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then echo 'GPG-AGENT CURRENTLY RUNNING, UPDATING ENV...' GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info` export GPG_AGENT_INFO echo 'GPG-AGENT ENV REFRESHED.' else echo '...STARTING GPG-AGENT' eval `/usr/local/bin/gpg-agent --daemon` echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info echo 'GPG-AGENT READY.' fi # }}} [...] ~> /bin/ps x | grep gpg-agent 89498 ?? Ss 0:00.36 /usr/local/bin/gpg-agent --daemon ~> sockstat | grep gpg-agent adam gpg-agent 89498 6 stream /tmp/gpg-GqplAN/S.gpg-agent ---------------------------------------------------------------- And I believe my ENV is correct: ---------------------------------------------------------------- ~> cat /tmp/gpg-GqplAN/S.gpg-agent OK Pleased to meet you ~> env | grep GPG GPG_AGENT_INFO=/tmp/gpg-GqplAN/S.gpg-agent:89498:1 GPG_TTY=/dev/ttypm ~> tty /dev/ttypm ---------------------------------------------------------------- Any help would be greatly appreciated. :) I haven't had much luck googling around. I do not want to use a graphical-based pinentry because I'm running xterm only over ssh session and I'm not interested in X forwarding. Thanks! -- Adam Richards e:adam at avertech.net | k:0x0BA2643B From dougb at dougbarton.us Tue Aug 28 08:13:48 2007 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 27 Aug 2007 23:13:48 -0700 (PDT) Subject: Questions about generating keys (hash firewalls) In-Reply-To: <46D11AB2.7010208@sixdemonbag.org> References: <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <20070824195240.GB26648@jabberwocky.com> <46D11AB2.7010208@sixdemonbag.org> Message-ID: On Sun, 26 Aug 2007, Robert J. Hansen wrote: > Doug Barton wrote: >> It almost sounds from what you're saying above that there actually is an >> argument for RSA's hash firewall being "better" than DSA[2] here, but if I >> correctly understood what you said later in the thread, the margin by >> which it's "better" is so small as to not be worth considering. Is that >> more or less correct? > > I think I was the one who made that argument and said the margin was > ultimately not worth considering, so I hope you'll forgive me answering > this one despite it being addressed to David. Of course, I appreciate the response. > Anyway. Yeah, I think that's a fair assessment. Is there a benefit? > Yes. Does the benefit matter? Not really. > > Or, as David said, if your property is surrounded by a 1000-foot fence, > a 1001-foot fence is not going to be much better. If the bad guy can > clear a 1000-foot fence, the additional foot probably isn't going to > stop him. Ok, got it, thanks. Doug -- If you're never wrong, you're not trying hard enough From wk at gnupg.org Tue Aug 28 09:40:19 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 28 Aug 2007 09:40:19 +0200 Subject: pinentry-curses and gpg-agent ipc write error In-Reply-To: <20070827232424.GA12275@avertech.net> (Adam Richards's message of "Mon, 27 Aug 2007 16:24:24 -0700") References: <20070827232424.GA12275@avertech.net> Message-ID: <87bqcsksyk.fsf@wheatstone.g10code.de> On Tue, 28 Aug 2007 01:24, adam at avertech.net said: > echo '...STARTING GPG-AGENT' > eval `/usr/local/bin/gpg-agent --daemon` > echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info BTW, you can do this easier by using gpg-agent's --write-env-file option. > ~> env | grep GPG > GPG_AGENT_INFO=/tmp/gpg-GqplAN/S.gpg-agent:89498:1 > GPG_TTY=/dev/ttypm Looks good. Two things you should test: 1. Run pinentry manually: $ pinentry GETPIN If this works, pinentry is okay. 2. Get the gpg-connect-agent tool (It is part of gnupg2) $ gpg-connect-agent GET_CONFIRMATION X X X X You should then get a pinentry dialog. If this works. the problem is due to gpg. To debug this, I suggest to use ktrace to tarce the system calls done by gpg. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From albert at fsfe.org Tue Aug 28 14:57:51 2007 From: albert at fsfe.org (Albert Dengg) Date: Tue, 28 Aug 2007 14:57:51 +0200 Subject: How to have 2 seperate keyrings on a server In-Reply-To: <12353314.post@talk.nabble.com> References: <12353314.post@talk.nabble.com> Message-ID: <20070828125751.GD31971@Mjolnir.lan> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Aug 27, 2007 at 10:02:00AM -0700, Greg Motter wrote: > > Hello, > > GPG newbie here and have a question. > > I'm working on setting up some encryption on a server and have been working > with a consultant giving us what we should be doing. One thing he wants us > to do is set up 2 keyrings and maintain 2 keyrings on our server. All we are > doing is encrypting flat text files that contain sensitive info when they > are at rest. Then having a seperate process to decrypt these files when they > are needed. What he wants us to do is this: > > 1) Have a first keyring with our main key pair. The decrypt process will > access this keyring to do the decrypting. > > 2) Have a second keyring with just the public key from the first keyring. > We'd then access this second keyring for our encryption process. > > >From everything I've read. I see that you can change your keyring from the > gpg.conf file. Is it possible to change the keyring you want to use from > within the command line? I've tried using --keyring and --primary-keyring > from the command line a bit without success. hi just a question... maybe i'm overlooking something what is the point of having 2 keyrings if both are readable by the same user? and if you have different users running the two processes, then just edit the corresponging ~/.gnupg/gpg.conf files to point to the corresponding keyrings (of course i could be overlooking somethin...) yours albert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQCVAwUBRtQbySIMiEpzxsFKAQISTAP/dXsrLZmGrNORLyC0KnUowTxcg0uDaibu ENno8EoNSIwv8aA0YS63GSVlHOkGWilD1I3jj6gkJGrbAT+WX7Vrf/O+dyWIhjGX vC9VAL18YU6FIAYQ5RxZQ8asQEEV4UkaU9Xjph6b03nOJF/swT0SygkhtD2mxxMt xSsO0TJbHSI= =Jvuw -----END PGP SIGNATURE----- From adam at avertech.net Tue Aug 28 19:18:29 2007 From: adam at avertech.net (Adam Richards) Date: Tue, 28 Aug 2007 10:18:29 -0700 Subject: pinentry-curses and gpg-agent ipc write error In-Reply-To: <87bqcsksyk.fsf@wheatstone.g10code.de> References: <20070827232424.GA12275@avertech.net> <87bqcsksyk.fsf@wheatstone.g10code.de> Message-ID: <20070828171829.GA20869@avertech.net> > > echo '...STARTING GPG-AGENT' > > eval `/usr/local/bin/gpg-agent --daemon` > > echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info > > BTW, you can do this easier by using gpg-agent's --write-env-file option. Nice tip! Thanks. > 1. Run pinentry manually: > > $ pinentry > GETPIN > > If this works, pinentry is okay. Ok, I execute pinentry and get this: +-----------------------------------------------+ | PIN: *************************_______________ | | | | | +-----------------------------------------------+ After typing in passphrase in the dialog, I get a successful echo of my passphrase: pinentry-curses: no LC_CTYPE known - assuming UTF-8 D <...removed...> OK Pinentry appears to be fine. > 2. Get the gpg-connect-agent tool (It is part of gnupg2) > > $ gpg-connect-agent > GET_CONFIRMATION X X X X > > You should then get a pinentry dialog. This is the dialog I get: +------------------+ | | +------------------+ So it also appears gpg-agent is fine. > If this works. the problem is due to gpg. To debug this, I > suggest to use ktrace to tarce the system calls done by gpg. Alright, will do. I'll send relevant results of kdump of ktrace.out soon. Thanks Werner! -Adam From greg_motter at hotmail.com Tue Aug 28 23:56:38 2007 From: greg_motter at hotmail.com (Greg Motter) Date: Tue, 28 Aug 2007 14:56:38 -0700 (PDT) Subject: How to have 2 seperate keyrings on a server In-Reply-To: <20070828125751.GD31971@Mjolnir.lan> References: <12353314.post@talk.nabble.com> <20070828125751.GD31971@Mjolnir.lan> Message-ID: <12377218.post@talk.nabble.com> Albert Dengg-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, Aug 27, 2007 at 10:02:00AM -0700, Greg Motter wrote: >> >> Hello, >> >> GPG newbie here and have a question. >> >> I'm working on setting up some encryption on a server and have been >> working >> with a consultant giving us what we should be doing. One thing he wants >> us >> to do is set up 2 keyrings and maintain 2 keyrings on our server. All we >> are >> doing is encrypting flat text files that contain sensitive info when they >> are at rest. Then having a seperate process to decrypt these files when >> they >> are needed. What he wants us to do is this: >> >> 1) Have a first keyring with our main key pair. The decrypt process will >> access this keyring to do the decrypting. >> >> 2) Have a second keyring with just the public key from the first keyring. >> We'd then access this second keyring for our encryption process. >> >> >From everything I've read. I see that you can change your keyring from >> the >> gpg.conf file. Is it possible to change the keyring you want to use from >> within the command line? I've tried using --keyring and >> --primary-keyring >> from the command line a bit without success. > hi > just a question... > maybe i'm overlooking something > what is the point of having 2 keyrings if both are readable by the same > user? > and if you have different users running the two processes, then just > edit the corresponging ~/.gnupg/gpg.conf files to point to the > corresponding keyrings > > (of course i could be overlooking somethin...) > > yours > albert > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iQCVAwUBRtQbySIMiEpzxsFKAQISTAP/dXsrLZmGrNORLyC0KnUowTxcg0uDaibu > ENno8EoNSIwv8aA0YS63GSVlHOkGWilD1I3jj6gkJGrbAT+WX7Vrf/O+dyWIhjGX > vC9VAL18YU6FIAYQ5RxZQ8asQEEV4UkaU9Xjph6b03nOJF/swT0SygkhtD2mxxMt > xSsO0TJbHSI= > =Jvuw > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Honestly, I don't fully understand the purpose entirely also. Either way you'll still need the passphrase to decrypt. But they wanted 2 keyrings. I'm guessing just another level of obfuscation more than anything. -- View this message in context: http://www.nabble.com/How-to-have-2-seperate-keyrings-on-a-server-tf4336951.html#a12377218 Sent from the GnuPG - User mailing list archive at Nabble.com. From greg_motter at hotmail.com Tue Aug 28 23:57:44 2007 From: greg_motter at hotmail.com (Greg Motter) Date: Tue, 28 Aug 2007 14:57:44 -0700 (PDT) Subject: How to have 2 seperate keyrings on a server In-Reply-To: <46D33DAE.5010609@tx.rr.com> References: <12353314.post@talk.nabble.com> <46D33DAE.5010609@tx.rr.com> Message-ID: <12377234.post@talk.nabble.com> John Clizbe-3 wrote: > > Greg Motter wrote: >> I'm working on setting up some encryption on a server and have been >> working >> with a consultant giving us what we should be doing. One thing he wants >> us >> to do is set up 2 keyrings and maintain 2 keyrings on our server. All we >> are >> doing is encrypting flat text files that contain sensitive info when they >> are at rest. Then having a separate process to decrypt these files when >> they >> are needed. What he wants us to do is this: >> >> 1) Have a first keyring with our main key pair. The decrypt process will >> access this keyring to do the decrypting. >> >> 2) Have a second keyring with just the public key from the first keyring. >> We'd then access this second keyring for our encryption process. > > Good lord, the schemes these "Consultants" come up with. > >>>From everything I've read. I see that you can change your keyring from the >> gpg.conf file. Is it possible to change the keyring you want to use from >> within the command line? I've tried using --keyring and >> --primary-keyring >> from the command line a bit without success. >> >> Any suggestions? > > try --homedir > > Each set of keyring files go in their own (sub)directory > > -- > John P. Clizbe Inet: John (a) Mozilla-Enigmail.org > You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A > "what's the key to success?" / "two words: good decisions." > "what's the key to good decisions?" / "one word: experience." > "how do i get experience?" / "two words: bad decisions." > > "Just how do the residents of Haiku, Hawai'i hold conversations?" > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > --homedir along with --no-default-keyring certainly did the trick. Thanks for the help! -- View this message in context: http://www.nabble.com/How-to-have-2-seperate-keyrings-on-a-server-tf4336951.html#a12377234 Sent from the GnuPG - User mailing list archive at Nabble.com. From greg_motter at hotmail.com Wed Aug 29 00:08:48 2007 From: greg_motter at hotmail.com (Greg Motter) Date: Tue, 28 Aug 2007 15:08:48 -0700 (PDT) Subject: gpg: Option "--passphrase" is ambiguous Message-ID: <12377401.post@talk.nabble.com> Hello, I'm currently getting the error "gpg: Option "--passphrase" is ambiguous" when I attempt to use the --passphrase switch. I believe this is because our test box only has gpg 1.4.1 installed? Does anyone remember when --passphrase was added as an option. I took a look at the release notes and did not see it after 1.4.1. When I run this on the window's version, I don't get this error and it works just fine in --batch mode. If this is not a release version issue? Any ideas? Greg -- View this message in context: http://www.nabble.com/gpg%3A-Option-%22--passphrase%22-is-ambiguous-tf4344605.html#a12377401 Sent from the GnuPG - User mailing list archive at Nabble.com. From dshaw at jabberwocky.com Wed Aug 29 00:19:56 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 28 Aug 2007 18:19:56 -0400 Subject: gpg: Option "--passphrase" is ambiguous In-Reply-To: <12377401.post@talk.nabble.com> References: <12377401.post@talk.nabble.com> Message-ID: <20070828221956.GB6036@jabberwocky.com> On Tue, Aug 28, 2007 at 03:08:48PM -0700, Greg Motter wrote: > > Hello, > > I'm currently getting the error "gpg: Option "--passphrase" is ambiguous" > when I attempt to use the --passphrase switch. > > I believe this is because our test box only has gpg 1.4.1 installed? Does > anyone remember when --passphrase was added as an option. I took a look at > the release notes and did not see it after 1.4.1. It was added in 1.4.3. David From trichotecene at yahoo.es Wed Aug 29 18:15:38 2007 From: trichotecene at yahoo.es (Dimitri) Date: Wed, 29 Aug 2007 18:15:38 +0200 (CEST) Subject: problem in Outlook 2003 Message-ID: <464408.6647.qm@web27205.mail.ukl.yahoo.com> Hello friends. For days he has been changing the computer with which he worked, in the actual PC I importeded my key without problems, but whenever I execute the Key Manager WinPT the system shows me the following message to me: "not ultimately trusted key found. Please Seth AT least one secret key to ultimate trust ". In addition, whenever treatment to send a message from outlook 2003, shows the following error to me: "the operation due to a serious error in Outlook could not be completed". I have reviewed the configuration of the WinPT and Outlook and not at all strange nonencounter that me of lights of which it can be last. Somebody has some idea of the problem?. Regards, Dimitri.- http://es.geocities.com/trichotecene ____________________________________________________________________________________ S? un Mejor Amante del Cine ?Quieres saber c?mo? ?Deja que otras personas te ayuden! http://advision.webevents.yahoo.com/reto/entretenimiento.html From wk at gnupg.org Thu Aug 30 10:15:10 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 30 Aug 2007 10:15:10 +0200 Subject: problem in Outlook 2003 In-Reply-To: <464408.6647.qm@web27205.mail.ukl.yahoo.com> (trichotecene@yahoo.es's message of "Wed, 29 Aug 2007 18:15:38 +0200 (CEST)") References: <464408.6647.qm@web27205.mail.ukl.yahoo.com> Message-ID: <87fy21bfqp.fsf@wheatstone.g10code.de> On Wed, 29 Aug 2007 18:15, trichotecene at yahoo.es said: > In addition, whenever treatment to send a message from > outlook 2003, shows the following error to me: > > "the operation due to a serious error in Outlook could > not be completed". I have heard a few of such complains in the last weeks but I have no idea wats going wrong. Given that we are currently working on a complete redesign of GpgOL, it might be better to wait for his instead of trying to fix a rare bug in the old code. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From adam at avertech.net Thu Aug 30 17:30:27 2007 From: adam at avertech.net (Adam Richards) Date: Thu, 30 Aug 2007 08:30:27 -0700 Subject: pinentry-curses and gpg-agent ipc write error In-Reply-To: <20070828171829.GA20869@avertech.net> References: <20070827232424.GA12275@avertech.net> <87bqcsksyk.fsf@wheatstone.g10code.de> <20070828171829.GA20869@avertech.net> Message-ID: <20070830153027.GK12275@avertech.net> > > If this works. the problem is due to gpg. To debug this, I > > suggest to use ktrace to tarce the system calls done by gpg. > > Alright, will do. I'll send relevant results of kdump of > ktrace.out soon. Didn't get very exciting output of ktrace: -------------------------------------------------------------- ~> ktrace -dit+ /usr/local/bin/gpg -d mail.gpg [...] ~> kdump -f ktrace.out 70994 ktrace RET ktrace 0 70994 ktrace CALL execve(0xbfbfe7a9,0xbfbfe678,0xbfbfe688) 70994 ktrace NAMI "/usr/local/bin/gpg" 70994 ktrace NAMI "/libexec/ld-elf.so.1" -------------------------------------------------------------- A ktrace of the same cmdline, but with pinentry->pinentry-gtk, renders the exact same output (except pid of course) -- and pinentry-gtk works where pinentry->pinentry-curses does not. Any suggestions for deeper inspection? Thanks. -Adam From moses.mason at gmail.com Fri Aug 31 08:11:05 2007 From: moses.mason at gmail.com (Moses) Date: Fri, 31 Aug 2007 14:11:05 +0800 Subject: How to use GnuPG to generate sha512sum hash? Message-ID: <87bcf3800708302311o74f7d451y906bf81874daf9d3@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, I want hash some strings by using GnuPG, I know GPG have hash function, but I can't find how to do it in the manuals or other documentations on the official website. What's parameters used by GPG for hash? Furthermore, I would like use sha-512 hash strings from standard input, rather than from files, is it possible? If not, is there any other app can do this for me? Thanks and best regards. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: http://firegpg.tuxfamily.org iD8DBQFG17D0HuqxyCZQdwkRAuJ+AJ9W4jMKzUrCofxp5TMGRUMSwTZ0XgCggAAh 8uIJNLUxueNC+gEVhUK9h0Y= =Iacf -----END PGP SIGNATURE----- From tmz at pobox.com Fri Aug 31 10:38:51 2007 From: tmz at pobox.com (Todd Zullinger) Date: Fri, 31 Aug 2007 04:38:51 -0400 Subject: How to use GnuPG to generate sha512sum hash? In-Reply-To: <87bcf3800708302311o74f7d451y906bf81874daf9d3@mail.gmail.com> References: <87bcf3800708302311o74f7d451y906bf81874daf9d3@mail.gmail.com> Message-ID: <20070831083851.GD29678@psilocybe.teonanacatl.org> Moses wrote: > I want hash some strings by using GnuPG, I know GPG have hash > function, but I can't find how to do it in the manuals or other > documentations on the official website. What's parameters used by > GPG for hash? > > Furthermore, I would like use sha-512 hash strings from standard > input, rather than from files, is it possible? If not, is there any > other app can do this for me? Perhaps this: echo "some string" | gpg --print-md SHA512 is what you're looking for? -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The best cure for insomnia is to get a lot of sleep. -- W.C. Fields -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20070831/1c03689e/attachment-0001.pgp From moses.mason at gmail.com Fri Aug 31 13:16:02 2007 From: moses.mason at gmail.com (Moses) Date: Fri, 31 Aug 2007 19:16:02 +0800 Subject: How to use GnuPG to generate sha512sum hash? In-Reply-To: <20070831083851.GD29678@psilocybe.teonanacatl.org> References: <87bcf3800708302311o74f7d451y906bf81874daf9d3@mail.gmail.com> <20070831083851.GD29678@psilocybe.teonanacatl.org> Message-ID: <87bcf3800708310416q7ba5ece6o1d5cd7e05496ec39@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Thank you for your reply, it works. But hash results that I got from GPG is different from some web based hash calculator, such as, http://www.johnmaguire.us/tools/hashcalc/ or http://people.eku.edu/styere/Encrypt/JS-SHA1.html e.g. for "AAA", web based SHA1 result is: 606ec6e9bd8a8ff2ad14e5fade3f264471e82251 , and SHA512 result is: 8d708d18b54df3962d696f069ad42dad7762b5d4d3c97ee5fa2dae0673ed46545164c078b8db3d59c4b96020e4316f17bb3d91bf1f6bc0896bbe75416eb8c385 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: http://firegpg.tuxfamily.org iD8DBQFG1/hJHuqxyCZQdwkRAnxYAJ4vzQEW1dzbIUf7vpQqs+9wE5w/QQCfZk8Z mpKmG7pz3LKvKJzK63vol6E= =aqOq -----END PGP SIGNATURE----- but GPG's result is: > echo AAA | gpg --print-md SHA1 1AE0 9EE3 43FA 9C61 8DE7 C5C1 770E F4E4 90B2 4ADA > echo AAA | gpg --print-md SHA512 1CD99029 6017D85F 8B909505 21AE360D C8D907C3 A09B14AB 5B273F85 7BC2F166 B90B3889 07DF7A7C A383D585 D555F383 92B1101E 0A2B1829 0D966F54 25036FDB Due to I have try more than one web-based cryptographic hash calculator. I don't think online results are wrong. All of them generates the same results except GPG. Did I miss something? Or it's a issue of my GPG installation? Best regards. On 8/31/07, Todd Zullinger wrote: > Moses wrote: > > I want hash some strings by using GnuPG, I know GPG have hash > > function, but I can't find how to do it in the manuals or other > > documentations on the official website. What's parameters used by > > GPG for hash? > > > > Furthermore, I would like use sha-512 hash strings from standard > > input, rather than from files, is it possible? If not, is there any > > other app can do this for me? > > Perhaps this: > > echo "some string" | gpg --print-md SHA512 > > is what you're looking for? > > -- > Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > The best cure for insomnia is to get a lot of sleep. > -- W.C. Fields > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > -- "I may not agree with what you say but I will defend to the death your right to say it" From moses.mason at gmail.com Fri Aug 31 13:22:00 2007 From: moses.mason at gmail.com (Moses) Date: Fri, 31 Aug 2007 19:22:00 +0800 Subject: How to use GnuPG to generate sha512sum hash? In-Reply-To: <20070831083851.GD29678@psilocybe.teonanacatl.org> References: <87bcf3800708302311o74f7d451y906bf81874daf9d3@mail.gmail.com> <20070831083851.GD29678@psilocybe.teonanacatl.org> Message-ID: <87bcf3800708310422u6ee3d054s5da8b0fae3af73ac@mail.gmail.com> Hi, (Sorry for last mail, FireGPG truncated my mail...so here it should be) Thank you for your reply, it works. But hash results that I got from GPG is different from some web based hash calculator, such as, http://www.johnmaguire.us/tools/hashcalc/ or http://people.eku.edu/styere/Encrypt/JS-SHA1.html e.g. for "AAA", web based SHA1 result is: 606ec6e9bd8a8ff2ad14e5fade3f264471e82251 , and SHA512 result is: 8d708d18b54df3962d696f069ad42dad7762b5d4d3c97ee5fa2dae0673ed46545164c078b8db3d59c4b96020e4316f17bb3d91bf1f6bc0896bbe75416eb8c385 but GPG's result is: > echo AAA | gpg --print-md SHA1 1AE0 9EE3 43FA 9C61 8DE7 C5C1 770E F4E4 90B2 4ADA > echo AAA | gpg --print-md SHA512 1CD99029 6017D85F 8B909505 21AE360D C8D907C3 A09B14AB 5B273F85 7BC2F166 B90B3889 07DF7A7C A383D585 D555F383 92B1101E 0A2B1829 0D966F54 25036FDB Due to I have try more than one web-based cryptographic hash calculator. I don't think online results are wrong. All of them generates the same results except GPG. Did I miss something? Or it's a issue of my GPG installation? Best regards. On 8/31/07, Todd Zullinger wrote: > Moses wrote: > > I want hash some strings by using GnuPG, I know GPG have hash > > function, but I can't find how to do it in the manuals or other > > documentations on the official website. What's parameters used by > > GPG for hash? > > > > Furthermore, I would like use sha-512 hash strings from standard > > input, rather than from files, is it possible? If not, is there any > > other app can do this for me? > > Perhaps this: > > echo "some string" | gpg --print-md SHA512 > > is what you're looking for? > > -- > Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > The best cure for insomnia is to get a lot of sleep. > -- W.C. Fields > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > From roam at ringlet.net Fri Aug 31 11:29:20 2007 From: roam at ringlet.net (Peter Pentchev) Date: Fri, 31 Aug 2007 12:29:20 +0300 Subject: How to use GnuPG to generate sha512sum hash? In-Reply-To: <20070831083851.GD29678@psilocybe.teonanacatl.org> References: <87bcf3800708302311o74f7d451y906bf81874daf9d3@mail.gmail.com> <20070831083851.GD29678@psilocybe.teonanacatl.org> Message-ID: <20070831092920.GA20467@straylight.m.ringlet.net> On Fri, Aug 31, 2007 at 04:38:51AM -0400, Todd Zullinger wrote: > Moses wrote: > > I want hash some strings by using GnuPG, I know GPG have hash > > function, but I can't find how to do it in the manuals or other > > documentations on the official website. What's parameters used by > > GPG for hash? > > > > Furthermore, I would like use sha-512 hash strings from standard > > input, rather than from files, is it possible? If not, is there any > > other app can do this for me? > > Perhaps this: > > echo "some string" | gpg --print-md SHA512 > > is what you're looking for? ...or, certainly, echo -n "some string" if you want just the string without the terminating newline :) At least on most POSIX-like systems, that is. G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence every third, but it still comprehensible. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20070831/b4d3f9e6/attachment.pgp From dshaw at jabberwocky.com Fri Aug 31 13:55:32 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 31 Aug 2007 07:55:32 -0400 Subject: How to use GnuPG to generate sha512sum hash? In-Reply-To: <87bcf3800708310422u6ee3d054s5da8b0fae3af73ac@mail.gmail.com> References: <87bcf3800708302311o74f7d451y906bf81874daf9d3@mail.gmail.com> <20070831083851.GD29678@psilocybe.teonanacatl.org> <87bcf3800708310422u6ee3d054s5da8b0fae3af73ac@mail.gmail.com> Message-ID: <20070831115532.GA19230@jabberwocky.com> On Fri, Aug 31, 2007 at 07:22:00PM +0800, Moses wrote: > Hi, > > (Sorry for last mail, FireGPG truncated my mail...so here it should be) > > Thank you for your reply, it works. But hash results that I got from > GPG is different from some web based hash calculator, such as, > http://www.johnmaguire.us/tools/hashcalc/ or > http://people.eku.edu/styere/Encrypt/JS-SHA1.html > > e.g. for "AAA", > web based SHA1 result is: > 606ec6e9bd8a8ff2ad14e5fade3f264471e82251 > , and SHA512 result is: > 8d708d18b54df3962d696f069ad42dad7762b5d4d3c97ee5fa2dae0673ed46545164c078b8db3d59c4b96020e4316f17bb3d91bf1f6bc0896bbe75416eb8c385 > > but GPG's result is: > > echo AAA | gpg --print-md SHA1 > 1AE0 9EE3 43FA 9C61 8DE7 C5C1 770E F4E4 90B2 4ADA > > > echo AAA | gpg --print-md SHA512 > 1CD99029 6017D85F 8B909505 21AE360D C8D907C3 A09B14AB 5B273F85 > 7BC2F166 B90B3889 07DF7A7C A383D585 D555F383 92B1101E 0A2B1829 > 0D966F54 25036FDB > > Due to I have try more than one web-based cryptographic hash > calculator. I don't think online results are wrong. All of them > generates the same results except GPG. You are making a mistake with "echo". By default, echo adds a newline at the end of what it prints. You are hashing "AAA" on the website, and "AAA\n" with GPG, so naturally they don't match. Add the "-n" flag to echo to tell it to not add a newline, and you will see the results match: echo -n AAA | gpg --print-md sha512 David From moses.mason at gmail.com Fri Aug 31 16:23:51 2007 From: moses.mason at gmail.com (Moses) Date: Fri, 31 Aug 2007 22:23:51 +0800 Subject: How to use GnuPG to generate sha512sum hash? In-Reply-To: <20070831115532.GA19230@jabberwocky.com> References: <87bcf3800708302311o74f7d451y906bf81874daf9d3@mail.gmail.com> <20070831083851.GD29678@psilocybe.teonanacatl.org> <87bcf3800708310422u6ee3d054s5da8b0fae3af73ac@mail.gmail.com> <20070831115532.GA19230@jabberwocky.com> Message-ID: <87bcf3800708310723u16eeefdcmd5a0463407779ffc@mail.gmail.com> O...I see. I've get the correct hash on Linux..., thank you all! :-) The problem remains now is how to get the same hashing on Windows, because echo on windows does not have -n flag: > echo -n AAA -n AAA so, on windows "echo -n AAA | gpg --print-md sha1" is actually hashing "-n AAA\n" but not "AAA"... :-\ Is there a easy way to get rid of the newline on windows system? Best regards. On 8/31/07, David Shaw wrote: > On Fri, Aug 31, 2007 at 07:22:00PM +0800, Moses wrote: > > Hi, > > > > (Sorry for last mail, FireGPG truncated my mail...so here it should be) > > > > Thank you for your reply, it works. But hash results that I got from > > GPG is different from some web based hash calculator, such as, > > http://www.johnmaguire.us/tools/hashcalc/ or > > http://people.eku.edu/styere/Encrypt/JS-SHA1.html > > > > e.g. for "AAA", > > web based SHA1 result is: > > 606ec6e9bd8a8ff2ad14e5fade3f264471e82251 > > , and SHA512 result is: > > 8d708d18b54df3962d696f069ad42dad7762b5d4d3c97ee5fa2dae0673ed46545164c078b8db3d59c4b96020e4316f17bb3d91bf1f6bc0896bbe75416eb8c385 > > > > but GPG's result is: > > > echo AAA | gpg --print-md SHA1 > > 1AE0 9EE3 43FA 9C61 8DE7 C5C1 770E F4E4 90B2 4ADA > > > > > echo AAA | gpg --print-md SHA512 > > 1CD99029 6017D85F 8B909505 21AE360D C8D907C3 A09B14AB 5B273F85 > > 7BC2F166 B90B3889 07DF7A7C A383D585 D555F383 92B1101E 0A2B1829 > > 0D966F54 25036FDB > > > > Due to I have try more than one web-based cryptographic hash > > calculator. I don't think online results are wrong. All of them > > generates the same results except GPG. > > You are making a mistake with "echo". By default, echo adds a newline > at the end of what it prints. You are hashing "AAA" on the website, > and "AAA\n" with GPG, so naturally they don't match. > > Add the "-n" flag to echo to tell it to not add a newline, and you > will see the results match: > > echo -n AAA | gpg --print-md sha512 > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From sven at radde.name Thu Aug 23 12:39:19 2007 From: sven at radde.name (Sven Radde) Date: Thu, 23 Aug 2007 10:39:19 -0000 Subject: Questions about generating keys In-Reply-To: <46CCFBB0.3040605@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> Message-ID: <46CD64AF.4010403@radde.name> Hi! Robert J. Hansen schrieb: >> Ok, so RSA isn't always significantly faster, as I thought it was. I >> had read somewhere that it was, (probably on this list) and my own >> testing with my 4GB backup files showed RSA to be notably faster. >> I second Robert here. With 4GB of data, the hashing / symmetric encryption takes so long that it is almost totally irrelevant whether you use RSA/DSA/ElGamal. The amount of time for the asymmetric encryption/signing is constant and does not depend on the size of the data. About the only scenario where you would be seriously concerned with asymmetric processing time would be a rapid exchange of very small data packets such as in an instant-messaging session. However, reducing keysize is far more effective here than changing algorithms (according to my experiences with Miranda's GnuPG plugin). >> - RSA has a hash firewall >> > Yes, but I am unconvinced that this is something an average user needs > to be concerned about. (I'm concerned about it, but I freely admit to > being paranoid.) > I am paranoid, too. Could someone therefore please explain to me what a hash firewall actually is (possibly off-list)? I don't seem to get much info from Google (only hash values from firewall applications... ;-). cu, Sven From greg_motter at hotmail.com Thu Aug 23 20:40:20 2007 From: greg_motter at hotmail.com (Greg Motter) Date: Thu, 23 Aug 2007 18:40:20 -0000 Subject: Possible to pass the private key? Message-ID: <12299545.post@talk.nabble.com> Hello all, I have a couple of questions about how to handle the private key on a server. The company I'm working with , is working with a consultant who said the following: "GNUPG has a keyring just like PGP. The private keys on that keyring need to be controlled and not just left in the keyring file. If it's an automated process to encrypt the flat files then you should compile the program doing it with the private key. If it's a manual process, the private key needs to be kept with someone off the server." First off, from what i've read, it sounds like private keys are not kept in the keyring, but rather in their own file that is then encrypted symetrically using the passphrase? Secondly is it possible to do what he is asking? Is it possible to pass in the private key through gpg command? Next, If I could pass in the private key through the program itself, and then secure the source code. Would the private key likely be more at risk in the object code since it would not truly be encrypted at that point? Basically what we are trying to do is encrypt flat text files that will be on our server at rest. I'll be creating a subroutine to handle all of the gpg goodness in the background. But we're still trying to work out the best way that these files would be secure. Obviously if we leave the private key out there, then any user who had access to gpg would have access to the key, although not to the passphrase. Is there some better way? Thanks, Greg Motter -- View this message in context: http://www.nabble.com/Possible-to-pass-the-private-key--tf4319226.html#a12299545 Sent from the GnuPG - User mailing list archive at Nabble.com. From Toot4fun at gmail.com Thu Aug 23 22:15:31 2007 From: Toot4fun at gmail.com (Toot4fun) Date: Thu, 23 Aug 2007 20:15:31 -0000 Subject: Key Comment/Email Address Length Message-ID: <12301255.post@talk.nabble.com> Does GPG limit the length of the comment and email address fields when creating a key? If so, what are the limitations? Thank you. -- View this message in context: http://www.nabble.com/Key-Comment-Email-Address-Length-tf4319759.html#a12301255 Sent from the GnuPG - User mailing list archive at Nabble.com. From sven at radde.name Sat Aug 25 09:11:07 2007 From: sven at radde.name (Sven Radde) Date: Sat, 25 Aug 2007 07:11:07 -0000 Subject: Questions about generating keys (hash firewalls) In-Reply-To: <44795.62.142.195.88.1188007904.squirrel@mail.rbgi.net> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <46CD64AF.4010403@radde.name> <46CD69F4.4040509@sixdemonbag.org> <49392.62.142.195.88.1187978784.squirrel@mail.rbgi.net> <46CF3C56.5000203@sixdemonbag.org> <46910.62.142.195.88.1187994111.squirrel@mail.rbgi.net> <46CF6706.3000402@sixdemonbag.org> <44795.62.142.195.88.1188007904.squirrel@mail.rbgi.net> Message-ID: <46CFCA54.8090303@radde.name> Oskar L. schrieb: > No, in my example I used two, not one messages (pictures) and created > permutations of both, and then compared both groups of hashes against each > other. This appears to be somewhere in the middle between a birthday attack and a preimage attack. It looks like a preimage attack on a large set of preimages. Thinking it in the terms of the classical birthday paradoxon would mean to put men and women in a room and check all couples of both sexes for a matching birthday. I am not sure how many, but it definitely needs more people than checking for the same birthday within the whole group. NOT having a hash firewall would reduce the complexity of that attack by a constant factor: You can try all available hash functions to find the collision. This makes a difference in practice only if you can do the hash calculations in parallel (it doesn't really help you to try both SHA-1 and RIPEMD-160, if you could do two SHA-1 calculations in the same time). Thinking this in the "classical" setting again, it would mean to associate more than one date to each person, besides the birthdate (say, birthdate of boyfriend/girlfriend, etc). This appears to reduce the amount of needed persons in proportion to the number of dates that you associate to each (to keep the same number of dates/hashes available to compare). Given the complexities of the task of finding collisions in cryptography and the number of available hash functions, this reduction does not appear to be very significant. It makes mainly sense if you can actually substitute a weak hash function. cu, Sven From sven at radde.name Sat Aug 25 10:47:52 2007 From: sven at radde.name (Sven Radde) Date: Sat, 25 Aug 2007 08:47:52 -0000 Subject: Questions about generating keys In-Reply-To: <46CFB8DA.2060209@sixdemonbag.org> References: <35395.62.142.195.88.1187777178.squirrel@mail.rbgi.net><42329.62.142.195.88.1187804196.squirrel@mail.rbgi.net> <46CC9DEA.2020408@tx.rr.com> <49651.62.142.195.88.1187835095.squirrel@mail.rbgi.net> <46CCFBB0.3040605@sixdemonbag.org> <52998.62.142.195.88.1187862002.squirrel@mail.rbgi.net> <46CD6FB4.1060309@sixdemonbag.org> <53269.62.142.195.88.1187991135.squirrel@mail.rbgi.net> <46CF5FCA.9090908@sixdemonbag.org> <58086.62.142.195.88.1188006385.squirrel@mail.rbgi.net> <46CFB8DA.2060209@sixdemonbag.org> Message-ID: <46CFED72.2050508@radde.name> Hi! Robert J. Hansen schrieb: >> Think of it this way. Let's say you don't trust Google for some reason. >> Then you go to https://mail.google.com, and verify that the SSL >> certificate is correct, so you can be sure your not on a phishing site. >> Would you now claim that the site isn't authentic, just because you don't >> trust Google? > > Darn right I wouldn't. > > If I had good reason to believe Google was up to something nefarious, > there is nothing in heaven or earth that would cause me to say "yes, > that site is authentic." > > Trust is the ultimate dealbreaker. Always has been, always will be. I think, it is is undefined what it means / should mean that "a site is authentic" here. 1) If it means "the site contents are created by a particular firm", it is not necessary to trust that firm in any way to deem the site "authentic". 2) If it means that the site content is harmless or the owner treats personal data well or something like that, trust in the owner would be required (in addition to trust in the ownership as such, as defined in 1). It is the same with "trusting" keys in GnuPG. Trust, in this case, only means that the key belongs to a particular person (by inductive reasoning as you explained very nicely). The person itself could be a total a**h**e but that would not prevent trust in the key. It would not even prevent the GnuPG concept of "ownertrust". If I know that said a**h**e, despite of his other attitudes, always takes utmost care in verifying other people's keys, I can assign an appropriate ownertrust. There can also be some people that I really, really trust personally but that are totally clueless about the correct verification procedures when signing other people's GnuPG keys. In fact, I know some. So, despite that I trust them, I did not assign any ownertrust to their GnuPG keys (it's not that they would sign many keys anyway...). As another point, think of codesigning-certificates. Just because, e.g., an ActiveX control is signed, it does not mean that it is safe, or whatever property one would like to claim about its contents/functions. It only means that it was created by the certificate owner and not manipulated by a third party. Summarizingly, we must note that GnuPG, SSL certificates or cryptography as a whole can only help with point 1) mentioned above. Everything beyond "proof of ownership/creation" is more of a social issue that cannot be solved by crypto. However, it is impossible to do reasoning about the contents themselves, if the ownership isn't established first. cu, Sven From mailinglists-282114 at thomas-huehn.de Wed Aug 29 14:29:03 2007 From: mailinglists-282114 at thomas-huehn.de (=?ISO-8859-15?Q?Thomas_H=FChn?=) Date: Wed, 29 Aug 2007 14:29:03 +0200 Subject: personal-*-preferences Message-ID: <46D5668F.8050706@thomas-huehn.de> Hi I'm playing around with the ~/.gnupg/gpg.conf file. For example I've set "personal-cipher-preferences S9 S8 S7 S10 S4 S3 S2" (I also tried delimiting them with commas). I have made sure that those ciphers are supported in my GnuPG version (Ubuntu Feisty Fawn) by looking at "gpg --version". But all those personal-*-preferences don't do anything. When I create a new key and enter "pref" at the edit-key menu, I see "S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1 [mdc] [no-ks-modify]", that's exactly the result without any personal-*-preferences setting in the config file. Where am I wrong? I have successfully used those settings on another computer in the past, I think. Thomas From bushfiel at purdue.edu Thu Aug 30 20:14:17 2007 From: bushfiel at purdue.edu (paladino) Date: Thu, 30 Aug 2007 11:14:17 -0700 (PDT) Subject: losing meaningful whitespaces in an encrypted file Message-ID: <12413076.post@talk.nabble.com> Hi, I'm sorry to jump right in with a dumb question, but I've tried doing some research myself and I have to confess to much of this being way over my head. I work for a University that uses GnuPG to encrypt files to send out to various vendors. We're having a very odd situation right now with one of our files. We are sending a file that has a header line that ends with 13 spaces. We are encrypting the file from the command line, on a unix machine, with GnuPG. Here's the actual command our guys are using: /usr/local/bin/gpg -v -r XXXXXXXX -f &filename We are then transmitting the file to a vendor who is unencrypting it with the windows version of PGP. When I look at the file here, immediately before it is encrypted, the 13 white spaces are still there. When I look at the file at the vendor, immediately after decryption, the 13 spaces are gone. I haven't had any luck with getting more information from the vendor about what kind of options they are using. I do know they are using a windows version, and the guy says he basically just double clicks on it, types in a password, and it unencrypts the file. Is there anything obvious that could be causing something like this? Which end is it more likely the problem is at? I've been reading about pgp and gpg all day, and while I've learned alot about both, I'm no closer to a solution for this one than when I started. Thanks for any help at all. -- View this message in context: http://www.nabble.com/losing-meaningful-whitespaces-in-an-encrypted-file-tf4356011.html#a12413076 Sent from the GnuPG - User mailing list archive at Nabble.com. From tkittredge at bancfirst.com Tue Aug 21 20:24:44 2007 From: tkittredge at bancfirst.com (trkghost) Date: Tue, 21 Aug 2007 18:24:44 -0000 Subject: Ignore Signature Message-ID: <12260503.post@talk.nabble.com> Is there a way to ignore a signature when importing a key? Thank you -- View this message in context: http://www.nabble.com/Ignore-Signature-tf4306973.html#a12260503 Sent from the GnuPG - User mailing list archive at Nabble.com.