From wk at gnupg.org Mon Dec 3 11:34:03 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Dec 2007 11:34:03 +0100 Subject: [Announce] Libgcrypt 1.3.2 (devel) released Message-ID: <87wsrwt6ck.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of Libgcrypt 1.3.2. This version should be considered a release candidate for 1.4.0. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementaion of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use libgcrypt. Changes compared to 1.3.2 are: * The visibility attribute is now used if supported by the toolchain. * The ACE engine of VIA processors is now used for AES-128. * The ASN.1 DER template for SHA-224 has been fixed. Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signature is: ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.3.2.tar.bz2 (941k) ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.3.2.tar.bz2.sig This file is bzip2 compressed. The SHA-1 checksum is: a6d7cf7d717edf10718d9200ab7ee11296f984ee libgcrypt-1.3.2.tar.bz2 For help on developing with Libgcrypt you should send mail to the grcypt-devel mailing list [1]. Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [2], or by donating money. Commercial support contracts for Libgcrypt are available [3], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company, is currently funding Libgcrypt development. We are always looking for interesting development projects. Happy hacking, Werner [1] See http://www.gnupg.org/documentation/mailing-lists.html . [2] Note that copyright assignments to the FSF are required. [3] See the service directory at http://www.gnupg.org/service.html . -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available Url : /pipermail/attachments/20071203/af4f475f/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From sf181257 at students.mimuw.edu.pl Mon Dec 3 16:40:12 2007 From: sf181257 at students.mimuw.edu.pl (=?ISO-8859-2?Q?=22Stanis=B3aw_T=2E_Findeisen=22?=) Date: Mon, 03 Dec 2007 16:40:12 +0100 Subject: signature format Message-ID: <4754235C.8030009@students.mimuw.edu.pl> Hello What is PGP SIGNATURE format? How to manually verify it? STF From wk at gnupg.org Mon Dec 3 20:14:00 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Dec 2007 20:14:00 +0100 Subject: signature format In-Reply-To: <4754235C.8030009@students.mimuw.edu.pl> (=?utf-8?Q?=22Stanis?= =?utf-8?Q?=C5=82aw?= T. Findeisen"'s message of "Mon, 03 Dec 2007 16:40:12 +0100") References: <4754235C.8030009@students.mimuw.edu.pl> Message-ID: <8763zfr3pj.fsf@wheatstone.g10code.de> On Mon, 3 Dec 2007 16:40, sf181257 at students.mimuw.edu.pl said: > What is PGP SIGNATURE format? How to manually verify it? Read RFC 4880. To verify an OpenPGP signature you may use a command like gpg --verify foo Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From malayter at gmail.com Tue Dec 4 17:03:43 2007 From: malayter at gmail.com (Ryan Malayter) Date: Tue, 4 Dec 2007 10:03:43 -0600 Subject: Decrypt problem with large file In-Reply-To: <200711261058.49698.thomas-pries@web.de> References: <200711180039.56797.thomas-pries@web.de> <87ejedicsw.fsf@wheatstone.g10code.de> <200711261058.49698.thomas-pries@web.de> Message-ID: <5d7f07420712040803k5c5caeean6694110d234f48b9@mail.gmail.com> On Nov 26, 2007 3:58 AM, Thomas Pries wrote: > I realized, that I have lost my data :-(. Our solution for backup encyption has been to use 7zip, since it encrypts faster and supports segmentation, per-file checksuimming, and other useful backup-oriented features. What our scripts do is: 1) generate a random hex symmetric key in memory 2) pipe that imput to GnuPG to encrypt that key (as ascii) into a small key file on our destination disk disk. 3) Use 7-zip with 2 GB file splits and the random symmtric key to compress and encrypt the backup files in .7z format from the source to the destination disk. We use the lowest (fastest) compression settings, and the 2 GB file splits because reading and writing to 4+ GB files is slow on NTFS and most other UNIX-type file systems. This is why VMware et. all use 2 GB file splits by defuault. 4) Pad most of the remaining disk space with PAR2 files, for extra protection against bad disk blocks. We use a very large block size for par2 - something like 128 Mb, IIRC. We do over 1 TB of backups per night to removable HDDs with this setup, and have never had a restore fail. We'eve never even had to use the par2 files in a real-world restore, but we do test "bad media" scenarios with them by deleting one of the 7z split files and using par2 to recreate it. Backups aren't worth much unless you test restore them to be sure that they will work. We test all of ours weekly. As a side note, we looked into using the new encryption options in the new version of Symantec NetBackup, but we don't have budget for that upgrade just yet. It would be nice to have it all in one step (even though NetBackup is closed souce, so trusting the vendor is an obvious issue). -- RPM From vedaal at hush.com Wed Dec 5 19:04:51 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Wed, 05 Dec 2007 13:04:51 -0500 Subject: Decrypt problem with large file Message-ID: <20071205180451.C34F322840@mailserver9.hushmail.com> Ryan Malayter malayter at gmail.com wrote on Tue Dec 4 17:03:43 CET 2007 : > Our solution for backup encyption has been to use 7zip ... >We do over 1 TB of backups per night a simpler, much faster, solution is to just use truecrypt and then encrypt the keyfile with gnupg quote from the truecrypt version description page http://www.truecrypt.org/docs/?s=version-history " Maximum allowed size of FAT32 volumes increased to 2 TB (note that NTFS volumes can be larger than 2 TB)." vedaal -- Find loans exclusively for members of our military. Click now! http://tagline.hushmail.com/fc/Ioyw6h4fqqGeVwzTQjiesGb8DBzZPCcZa4EcuIOYpPpiwgDh0C61Mj/ From rjh at sixdemonbag.org Wed Dec 5 20:06:56 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 05 Dec 2007 13:06:56 -0600 Subject: Decrypt problem with large file In-Reply-To: <20071205180451.C34F322840@mailserver9.hushmail.com> References: <20071205180451.C34F322840@mailserver9.hushmail.com> Message-ID: <4756F6D0.1020104@sixdemonbag.org> vedaal at hush.com wrote: > a simpler, much faster, solution is to just use truecrypt > and then encrypt the keyfile with gnupg Unless you have done performance metrics with 1TB datasets, I seriously doubt the accuracy of this statement. Backing up 1TB is definitely a torture test; small effects can grow to dominate. It is very possible that the additional overhead of the TrueCrypt virtual device driver layer will more than offset any gains achieved over 7Zip. It's also very possible that TrueCrypt would be faster. I don't know. I haven't done torture tests of the two side-by-side with the same 1TB dataset. Skepticism is most definitely warranted. From malayter at gmail.com Thu Dec 6 17:41:51 2007 From: malayter at gmail.com (Ryan Malayter) Date: Thu, 6 Dec 2007 10:41:51 -0600 Subject: Decrypt problem with large file In-Reply-To: <4756F6D0.1020104@sixdemonbag.org> References: <20071205180451.C34F322840@mailserver9.hushmail.com> <4756F6D0.1020104@sixdemonbag.org> Message-ID: <5d7f07420712060841i6654559dw35e68b7b60202571@mail.gmail.com> On Dec 5, 2007 1:06 PM, Robert J. Hansen wrote: > vedaal at hush.com wrote: > > a simpler, much faster, solution is to just use truecrypt > > and then encrypt the keyfile with gnupg > > Unless you have done performance metrics with 1TB datasets, I seriously > doubt the accuracy of this statement. Backing up 1TB is definitely a > torture test; small effects can grow to dominate. It is very possible We actually tired TrueCrypt first, but the problem wasn't performance. We actually didn't get that far. The issue we had was getting the automatic mounting of the removable HDDs to work well. Disks would either not auto-mount at all, or would be assigned the wrong mount point. This was before TrueCrypt 4 came out, so maybe those issues have been fixed. What we have is wokring okay for us, so we havne't gone back. Actually the biggest performance issue with 1 TB backup sets isn't the large files, it's backup of millions of small files. The volumes with little files take up 80% of the backup run time, versus the other 600 GB of Exchange and databse data that takes just a few hours. We think this is an NTFS problem, but it seems that most Linux filesystems have similar issues. We'll have to give ResierFS a shot next time we migrate our file server data. -- RPM From rjh at sixdemonbag.org Fri Dec 7 23:56:30 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 07 Dec 2007 16:56:30 -0600 Subject: 'Tis the season. Message-ID: <4759CF9E.6070509@sixdemonbag.org> 'Tis the season for Hanukkah, Kwanzaa, Christmas, Winter Solstice, New Year's, or whatever your favorite holiday is. It's a time to be gracious and to remember to say "please" and "thank you", and also a time for charitable giving. It's very hard--if not impossible--to reward the GnuPG developers for their labors. To whom should a donation be given? To the user who first spotted a bug, the other user who tracked it down precisely, the developer who fixed it, the sysadmin who hosts the project? What about to the mailing list, where so many questions get answered by people who have no official connection with GnuPG whatsoever? There are no good answers to this. The best that can be done is to issue virtual beer tokens, to say "thank you", and maybe to do something for a charity with similar goals to that of the GnuPG crew. So: to all the developers, to all the bugfinders, to all the people who patiently answer questions on mailing lists, to everyone who contributes to signal and diminishes noise--thank you, very much, for making this community as much fun as it is, and for your role in making GnuPG as high quality a product as it is. Consider yourselves to all have a beer token issued by me, payable on demand should we ever meet face to face. This year, as with last year, I will be donating to the Free Software Foundation with a note that it's in thanks for the GnuPG Project. I encourage anyone who is interested in doing likewise to take a look at: https://www.fsf.org/associate/support_freedom From aolsen at standard.com Fri Dec 7 22:08:36 2007 From: aolsen at standard.com (Alan Olsen) Date: Fri, 7 Dec 2007 13:08:36 -0800 Subject: Validating encrypted files Message-ID: <92A893260738B0408497A64189BC1E62032CE38A@MSEXCHANGE305.corp.standard.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I have encountered something that does not seem to be covered by any of the FAQs, manuals, or other general hints. I figured I might find a couple of good hints here. I have a number of files that I have received. I can decrypt them or not. I can check the signature or not. What I want to do is verify that the file was encrypted and to what keys. I can kludge something together by using --status-fd and grep. I am hoping for something a little more user friendly and/or script friendly. It is not always obvious that a file is encrypted. I have encountered files that have been signed ascii armored data that look encrypted, but are only encoded. The problem is that it *does* decrypt, but with no hint that it was not encrypted in the first place. I also occasionally need to verify the integrity of the encryption. (Sometimes we get damaged files. If it is damaged, there is no clear way of telling beforehand.) I believe --verify-files will do this, but it is pretty unclear from reading the docs/man pages. If the file is damaged, the only indication(s) are error messages that mean little or nothing. (I am trying to get the files sent as ascii armored, but that step is many people out of my reach.) Does --verify-files only verify signatures or will it also check for valid data in the data? Ideas? Should there be an "--file-info" command that would tell you the state of a file? (Encrypted with what keys, signed by what keys, etc.) Thanks! -----BEGIN PGP SIGNATURE----- Version: 9.5.3 (Build 5003) wsBVAwUBR1m2VGqdmbpu7ejzAQr+3ggAsRYCvto+IGE1u+UVcnzJUDOa6UgOiTVE 7DAChTTGb9bi7nBYRq6Qu7wFIQc/xkwtGBnB1sz34cptA9utcGgv/ZLcLmSCalFo F3q+vFFKHn0iPRYw+2QOtL87a3Str8HAxFvaxk3jdHwkVFe6YpjZ0yIxJNcnaVJL IawbGQceV1GV54a7fhFtpexkVEIM+Y+FoaBARawChGS2ewHFKzmUnwNICewqPWc9 K69JiQN+vdM0udJHmT9ly2Ig6R1LGyjogvTae2A/qE5WNKNFKA16WpAJetWPg3kx uyEnuc1c5IjelZOjyVT049FWM0z+OGBlrryTU2iv5vCtMiJdDKxD+A== =QHT4 -----END PGP SIGNATURE----- From roam at ringlet.net Sat Dec 8 01:42:56 2007 From: roam at ringlet.net (Peter Pentchev) Date: Sat, 8 Dec 2007 02:42:56 +0200 Subject: Validating encrypted files In-Reply-To: <92A893260738B0408497A64189BC1E62032CE38A@MSEXCHANGE305.corp.standard.com> References: <92A893260738B0408497A64189BC1E62032CE38A@MSEXCHANGE305.corp.standard.com> Message-ID: <20071208004256.GA1924@straylight.m.ringlet.net> On Fri, Dec 07, 2007 at 01:08:36PM -0800, Alan Olsen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > I have encountered something that does not seem to be covered by any of > the FAQs, manuals, or other general hints. I figured I might find a > couple of good hints here. > > I have a number of files that I have received. I can decrypt them or > not. I can check the signature or not. > > What I want to do is verify that the file was encrypted and to what > keys. I can kludge something together by using --status-fd and grep. I > am hoping for something a little more user friendly and/or script > friendly. [snip more need to know if a file is encrypted or signed correctly] If you only want to check if the file is encrypted and to what key(s), you can use --list-packets --list-only; this will list the outermost packets in the OpenPGP message without doing any decryption. Among the results there will probably be a packet that looks like this: :pubkey enc packet: version 3, algo 16, keyid 921EB6497074473C data: [1022 bits] data: [1024 bits] You can fish this line out with something like either of the following: sed -ne '/^:pubkey enc packet:/ { s/.* keyid //; s/ .*//; p;}' perl -nle '/^:pubkey enc packet:.* keyid (\s+)/ and print $1' The catch with this approach is that it does not actually do any decryption; the --list-only option takes care of that. Thus, you cannot see if the decryption will succeed, you cannot even see if the encrypted message has been signed before the encryption - the signature packets are within the encrypted data, --list-only will not analyze them. If you want to analyze the message within, too, then it would seem the logical thing that dropping --list-only would achieve some kind of goal; however, from my limited testing it does not seem so. A simple invocation of "gpg --list-packets file.gpg" only shows a "compressed packet" and then a "literal data packet" line, no signature checking in sight. Of course, if the "compressed packet" and "literal data packet" are present, the decryption was *most probably* successful... but ICBW, and it is much too late at night for me to actually check the GnuPG source to see if it is possible for it to display a "literal data packet" and only then notice that the decryption has failed. G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am jealous of the first word in this sentence. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071208/2ce1a768/attachment.pgp From yochanon at localnet.com Sat Dec 8 05:21:02 2007 From: yochanon at localnet.com (John B) Date: Fri, 7 Dec 2007 22:21:02 -0600 Subject: 'Tis the season. In-Reply-To: <4759CF9E.6070509@sixdemonbag.org> References: <4759CF9E.6070509@sixdemonbag.org> Message-ID: <200712072221.02188.yochanon@localnet.com> On Fri 07 December 07 16:56, Robert J. Hansen wrote: > 'Tis the season for Hanukkah, Kwanzaa, Christmas, Winter Solstice, New > Year's, or whatever your favorite holiday is. It's a time to be > gracious and to remember to say "please" and "thank you", and also a > time for charitable giving. > > It's very hard--if not impossible--to reward the GnuPG developers for > their labors. To whom should a donation be given? To the user who > first spotted a bug, the other user who tracked it down precisely, the > developer who fixed it, the sysadmin who hosts the project? What about > to the mailing list, where so many questions get answered by people who > have no official connection with GnuPG whatsoever? > > There are no good answers to this. The best that can be done is to > issue virtual beer tokens, to say "thank you", and maybe to do something > for a charity with similar goals to that of the GnuPG crew. > > So: to all the developers, to all the bugfinders, to all the people who > patiently answer questions on mailing lists, to everyone who contributes > to signal and diminishes noise--thank you, very much, for making this > community as much fun as it is, and for your role in making GnuPG as > high quality a product as it is. Consider yourselves to all have a beer > token issued by me, payable on demand should we ever meet face to face. > > This year, as with last year, I will be donating to the Free Software > Foundation with a note that it's in thanks for the GnuPG Project. I > encourage anyone who is interested in doing likewise to take a look at: > > https://www.fsf.org/associate/support_freedom I'd like to second all the above. Thank you to *everyone* and Happy Holidays to one and all! From grahamtodd2 at googlemail.com Sat Dec 8 01:59:40 2007 From: grahamtodd2 at googlemail.com (Graham) Date: Sat, 8 Dec 2007 00:59:40 +0000 Subject: 'Tis the season. In-Reply-To: <4759CF9E.6070509@sixdemonbag.org> References: <4759CF9E.6070509@sixdemonbag.org> Message-ID: <20071208005940.3ca29b69@graham-desktop> On Fri, 07 Dec 2007 16:56:30 -0600 "Robert J. Hansen" wrote: > This year, as with last year, I will be donating to the Free Software > Foundation with a note that it's in thanks for the GnuPG Project. I > encourage anyone who is interested in doing likewise to take a look > at: > > https://www.fsf.org/associate/support_freedom I agree! At the risk of upsetting some people, at this time of year, I celebrate the Feast Of Saturnalia (which got hi-jacked from the Romans) as the mid-winter feasting and celebration for our good fortune. So Happy Saturnalia (as my Christmas cards say) and also "Bah Humbug!" And support freedom with the FSF! -- Graham From wk at gnupg.org Sat Dec 8 18:25:49 2007 From: wk at gnupg.org (Werner Koch) Date: Sat, 08 Dec 2007 18:25:49 +0100 Subject: 'Tis the season. In-Reply-To: <4759CF9E.6070509@sixdemonbag.org> (Robert J. Hansen's message of "Fri, 07 Dec 2007 16:56:30 -0600") References: <4759CF9E.6070509@sixdemonbag.org> Message-ID: <87y7c5t7xe.fsf@wheatstone.g10code.de> On Fri, 7 Dec 2007 23:56, rjh at sixdemonbag.org said: > https://www.fsf.org/associate/support_freedom Given that I am one of the founders of the FSF Europe, the European sister[1] or the FSF, let me post this link as an alternative for people living in Europe: http://www.fsfeurope.org/help/donate.en.html Thanks, Werner [1] Although we work closely together with the FSF in the U.S., we are are financially and legally an independed organization. -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Sat Dec 8 18:37:01 2007 From: wk at gnupg.org (Werner Koch) Date: Sat, 08 Dec 2007 18:37:01 +0100 Subject: Validating encrypted files In-Reply-To: <92A893260738B0408497A64189BC1E62032CE38A@MSEXCHANGE305.corp.standard.com> (Alan Olsen's message of "Fri, 7 Dec 2007 13:08:36 -0800") References: <92A893260738B0408497A64189BC1E62032CE38A@MSEXCHANGE305.corp.standard.com> Message-ID: <87tzmtt7eq.fsf@wheatstone.g10code.de> On Fri, 7 Dec 2007 22:08, aolsen at standard.com said: > I also occasionally need to verify the integrity of the encryption. > (Sometimes we get damaged files. If it is damaged, there is no clear The OpenPGP encryption includes integrity checking of the encryption. So even without a signature you will get an error if the ciphertext has been corrupted on its way to you. This MDC feature is be default only used with modern ciphers but you may force the creation of such messages using --force-mdc. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jharris at widomaker.com Mon Dec 10 04:29:38 2007 From: jharris at widomaker.com (Jason Harris) Date: Sun, 9 Dec 2007 22:29:38 -0500 Subject: new (2007-11-25) keyanalyze results (+sigcheck) Message-ID: <20071210032938.GA1245@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-11-25/ Signatures are now being checked using keyanalyze+sigcheck: http://keyserver.kjsl.com/~jharris/aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 1855afb3705ac370a23602f79d8d56e265e65768 15444720 preprocess.keys 6401923b2776e0908e7b6ffa647e9061f9a0ee54 8891282 othersets.txt a780a8d3481d24d9cf64f40c5e16a02bd7e2b639 3730276 msd-sorted.txt 468cb4e4c8937cad364b948e1988d1217bb58165 2282 keyring_stats e07eea60f4d61d89534473d756b6ca7eabdf3652 1465862 msd-sorted.txt.bz2 4f6ef330243462a7457325e0ba1299283b3f8516 2962278 msd.txt cd49c45204a675da86b099c697f8bd9526e32f46 26 other.txt 36f518c90d5d9881591cf416fb45eafaaae8bdb4 1934287 othersets.txt.bz2 8771f5c6b1d8c6b4b1406e2b29b2c1651b37a3e1 6314538 preprocess.keys.bz2 58ef409a0bdf30ffc8ab3b64901d409d914c748a 15810 status.txt 706e3d6643368ee6149bbeda7f4746ed3f46dd16 194398 top1000table.html 8cf9a604f5cf7799c957260074eebfa203205514 29506 top1000table.html.gz 9f464af31a83c9a0b04a399e3179d4cff516ac41 9707 top50table.html 9df9d75d005471401faab9bd005e9f1544c5e496 2489 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20071209/bae947f4/attachment-0001.pgp From kaenor at gmx.net Sat Dec 8 00:09:14 2007 From: kaenor at gmx.net (Jiminy) Date: Fri, 7 Dec 2007 15:09:14 -0800 (PST) Subject: Error when signing a mail with Evolution Message-ID: <14222539.post@talk.nabble.com> Hi, I use GnuPG with Evolution. When I try to sign a mail with my key, I get this error: gpg: DSA key requires a 256 bit or larger hash What can I do? -- View this message in context: http://www.nabble.com/Error-when-signing-a-mail-with-Evolution-tf4964990.html#a14222539 Sent from the GnuPG - User mailing list archive at Nabble.com. From rickolai at embarqmail.com Mon Dec 10 02:57:53 2007 From: rickolai at embarqmail.com (Rick Shupe Sr.) Date: Sun, 09 Dec 2007 20:57:53 -0500 Subject: GNUpg 2.0.7 installation Message-ID: <475C9D21.8020303@embarqmail.com> To all concerned, I am a new linux user and I just downloaded and installed the latest version on GNUPG. Everything seemed to go accordingly. ./configure make and make install. After all that was done I tried to go into the program by typing in GNUPG-2.0.7 and I received a "command not found" message. Can you help me determine what I did wrong. sincerely, rickolai From telegraph at gmx.net Mon Dec 10 11:39:37 2007 From: telegraph at gmx.net (Gregor Zattler) Date: Mon, 10 Dec 2007 11:39:37 +0100 Subject: GNUpg 2.0.7 installation In-Reply-To: <475C9D21.8020303@embarqmail.com> References: <475C9D21.8020303@embarqmail.com> Message-ID: <20071210103937.GE10048@pit.ID-43118.user.dfncis.de> Hi Rick, * Rick Shupe Sr. [09. Dez. 2007]: > I am a new linux user and I just downloaded and installed the latest > version on GNUPG. Everything seemed to go accordingly. ./configure make > and make install. After all that was done I tried to go into the > program by typing in GNUPG-2.0.7 and I received a "command not found" > message. Can you help me determine what I did wrong. Almoste every popular linux distribution provides precompiled GnuPG binaries, sometimes even preinstalled (Debian for instances, if I'm right). I propose to use these since you are a new linux user. Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- From shavital at mac.com Mon Dec 10 14:17:45 2007 From: shavital at mac.com (Charly Avital) Date: Mon, 10 Dec 2007 08:17:45 -0500 Subject: Error when signing a mail with Evolution In-Reply-To: <14222539.post@talk.nabble.com> References: <14222539.post@talk.nabble.com> Message-ID: <475D3C79.7070305@mac.com> Jiminy wrote the following on 12/7/07 6:09 PM: > Hi, > > I use GnuPG with Evolution. When I try to sign a mail with my key, I get > this error: > > gpg: DSA key requires a 256 bit or larger hash > > What can I do? Maybe you should enable, in gpg.conf: digest-algo SHA256 I can only guess that when you generated your DSA key, option enable-dsa2 was enabled in your gpg.conf Or, I might be totally wrong, for which I apologize in advance. Charly From shavital at mac.com Mon Dec 10 14:10:53 2007 From: shavital at mac.com (Charly Avital) Date: Mon, 10 Dec 2007 08:10:53 -0500 Subject: GNUpg 2.0.7 installation In-Reply-To: <475C9D21.8020303@embarqmail.com> References: <475C9D21.8020303@embarqmail.com> Message-ID: <475D3ADD.6000408@mac.com> Rick Shupe Sr. wrote the following on 12/9/07 8:57 PM: > To all concerned, > I am a new linux user and I just downloaded and installed the latest > version on GNUPG. Everything seemed to go accordingly. ./configure make > and make install. After all that was done I tried to go into the > program by typing in GNUPG-2.0.7 and I received a "command not found" > message. Can you help me determine what I did wrong. > sincerely, > rickolai GNUPG-2.0.7 is not a command, gpg2 should be the correct one, if it's gnupg 2.0.7 that you have installed. If you have installed GnuPG 1.4.7, the command is gpg. Charly From sadam at clemson.edu Mon Dec 10 13:44:29 2007 From: sadam at clemson.edu (Adam Schreiber) Date: Mon, 10 Dec 2007 07:44:29 -0500 Subject: GNUpg 2.0.7 installation In-Reply-To: <475C9D21.8020303@embarqmail.com> References: <475C9D21.8020303@embarqmail.com> Message-ID: <8298be230712100444p36cc7521w3a9bfff4afb045f5@mail.gmail.com> On Dec 9, 2007 8:57 PM, Rick Shupe Sr. wrote: > To all concerned, > I am a new linux user and I just downloaded and installed the latest > version on GNUPG. Everything seemed to go accordingly. ./configure make > and make install. After all that was done I tried to go into the > program by typing in GNUPG-2.0.7 and I received a "command not found" > message. Can you help me determine what I did wrong. The command is 'gpg' and you won't "go into the program" as it's a command line tool. Use 'gpg --help' to determine which switches you would like to use. Cheers, Adam From wk at gnupg.org Mon Dec 10 16:42:03 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 10 Dec 2007 16:42:03 +0100 Subject: Decryption using Smartcard using CCID and PCSCD driver In-Reply-To: <200711010807.26154.volker@ixolution.de> (Volker Dormeyer's message of "Thu, 1 Nov 2007 08:07:25 +0100") References: <200711010807.26154.volker@ixolution.de> Message-ID: <8763z6pnec.fsf@wheatstone.g10code.de> Hi, it took quite some time but I fixed it today. The solution is in the SVN and will go into 1.4.8 and 2.0.8. Both to be released before Christmas. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From pmirbaha at gmail.com Mon Dec 10 17:58:40 2007 From: pmirbaha at gmail.com (parvizm) Date: Mon, 10 Dec 2007 08:58:40 -0800 (PST) Subject: Error: "gpg: mpi too large for this implementation" Message-ID: <14185055.post@talk.nabble.com> Hi, Hopefully someone can assist with an issue that has been bugging me. We are currently running (GnuPG) 1.4.7 on a Windows server. We sent over our public key to a vendor who is encrypting a file with our public key and signing it with their public key. The vendor is using PGP. When trying to decrypt the file, I receive the following error: ====================================== C:\Program Files\GNU\GnuPG\gpg" --yes --passphrase-fd 0 < passphrase.txt -o test-output.txt -d EncryptionTestFile.txt.pgp Reading passphrase from file descriptor 0 gpg: mpi too large for this implementation (34055 bits) ====================================== Any ideas what we can check to troubleshoot this error? Is this due to a problem on our end or the vendor's end? Thanks for any help anyone can provide! -- View this message in context: http://www.nabble.com/Error%3A-%22gpg%3A-mpi-too-large-for-this-implementation%22-tp14185055p14185055.html Sent from the GnuPG - User mailing list archive at Nabble.com. From btilley at vt.edu Mon Dec 10 16:53:49 2007 From: btilley at vt.edu (Brad Tilley) Date: Mon, 10 Dec 2007 10:53:49 -0500 Subject: Combining Secret Keys Message-ID: <475D610D.4020509@vt.edu> Hello all, I have three separate gpg secret keys. Initially, I wanted to keep the keys seperate, but today I'd like to have them all together. Is there a way to merge the keys into one key keeping them as they are now? Many Thanks, Brad From wk at gnupg.org Mon Dec 10 20:01:06 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 10 Dec 2007 20:01:06 +0100 Subject: [Announce] Libgcrypt 1.4.0 (stable) released Message-ID: <87y7c2ml1p.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of Libgcrypt 1.4.0. This is the new stable version of Libgcrypt and upward compatible with the 1.2 series. The 1.2 series will enter end of life state in 2 years on 2009-12-31. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. Noteworthy changes between 1.2.x and 1.4.0 are: * Support for SHA-224 and HMAC using SHA-384 and SHA-512. * Support for the SEED cipher. * Support for the Camellia cipher. * Support for OFB encryption mode. * Support for DSA2. * Support for Microsoft Windows. * The entire library is now under the LGPLv2+. The helper programs and the manual are under the GPLv2+. Kudos to Peter Gutmann for giving permissions to relicense the rndw32 and rndunix modules. * The visibility attribute is now used if supported by the toolchain. * The ACE engine of VIA processors is now used for AES-128. * Changed the way the RNG gets initialized. This allows to keep it uninitialized as long as no random numbers are used. * Updated the entropy gatherer for W32. * Made the RNG immune against fork without exec. * Reading and writing the random seed file is now protected by a fcntl style file lock on systems that provide this function. * gcry_mpi_rshift does not anymore truncate the shift count. * Reserved algorithm ranges for use by applications. * The new function gcry_md_debug should be used instead of the gcry_md_start_debug and gcry_md_stop_debug macros. * Non executable stack support is now used by default on systems supporting it. * Assembler support for the AMD64 architecture. * New configure option --enable-mpi-path for optimized builds. * Fixed a bug in the detection of symbol prefixes which inhibited the build of optimized assembler code on certain systems. * New control code GCRYCTL_PRINT_CONFIG to print the build configuration. * Experimental support for ECDSA; should only be used for testing. * New configure option --enable-random-daemon to support a system wide random daemon. The daemon code is experimental and not yet very well working. It will eventually allow to keep a global random pool for the sake of short living processes. * Minor changes to some function declarations. Buffer arguments are now typed as void pointer. This should not affect any compilation. Fixed two bugs in return values and clarified documentation. * Interface changes relative to the 1.2.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_fast_random_pol NEW. gcry_md_debug NEW. gcry_sexp_nth_string NEW. GCRY_MD_SHA224 NEW. GCRY_PK_USAGE_CERT NEW. GCRY_PK_USAGE_AUTH NEW. GCRY_PK_USAGE_UNKN NEW. GCRY_PK_ECDSA NEW. GCRY_CIPHER_SEED NEW. GCRY_CIPHER_CAMELLIA128 NEW. GCRY_CIPHER_CAMELLIA192 NEW. GCRY_CIPHER_CAMELLIA256 NEW. GCRYCTL_FAKED_RANDOM_P NEW. GCRYCTL_PRINT_CONFIG NEW. GCRYCTL_SET_RNDEGD_SOCKET NEW. gcry_mpi_scan CHANGED: Argument BUFFER is now void*. gcry_pk_algo_name CHANGED: Returns "?" instead of NULL. gcry_cipher_algo_name CHANGED: Returns "?" instead of "". gcry_pk_spec_t CHANGED: Element ALIASES is now const ptr. gcry_md_write_t CHANGED: Argument BUF is now a const void*. gcry_md_ctl CHANGED: Argument BUFFER is now void*. gcry_cipher_encrypt CHANGED: Arguments IN and OUT are now void*. gcry_cipher_decrypt CHANGED: Arguments IN and OUT are now void*. gcry_sexp_sprint CHANGED: Argument BUFFER is now void*. gcry_create_nonce CHANGED: Argument BUFFER is now void*. gcry_randomize CHANGED: Argument BUFFER is now void*. gcry_cipher_register CHANGED: Argument ALGORITHM_ID is now int*. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signatures is: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.0.tar.bz2 (942k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.0.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.0.tar.gz (1176k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.0.tar.gz.sig The SHA-1 checksums are: cd1b52e8ecfa361737c6f130ed2f1d850e312c16 libgcrypt-1.4.0.tar.bz2 69183b7100b60da8eb1648f49836a611454541bb libgcrypt-1.4.0.tar.gz For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [2], or by donating money. Commercial support contracts for Libgcrypt are available [3], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company, is currently funding Libgcrypt development. We are always looking for interesting development projects. Many thanks to all who contributed to Libgcrypt development, be it bug fixes, code, documentation, testing or helping users. Happy hacking, Werner [1] See http://www.gnupg.org/documentation/mailing-lists.html . [2] Note that copyright assignments to the FSF are required. [3] See the service directory at http://www.gnupg.org/service.html . -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available Url : /pipermail/attachments/20071210/e4ccd64b/attachment-0001.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From jmoore3rd at bellsouth.net Mon Dec 10 20:33:59 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 10 Dec 2007 14:33:59 -0500 Subject: Combining Secret Keys In-Reply-To: <475D610D.4020509@vt.edu> References: <475D610D.4020509@vt.edu> Message-ID: <475D94A7.1020804@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Brad Tilley wrote: > I have three separate gpg secret keys. Initially, I wanted to keep the > keys seperate, but today I'd like to have them all together. Is there a > way to merge the keys into one key keeping them as they are now? Simply Importing all the Secret Keys into Your 'Main' Keyring should do the trick. They will then be in the same place but listed separately. It may be necessary to then designate one of the Secret Keys as the 'Default' Keypair so that gpg.exe will know which Secret Key to automatically choose. The Secret Keys that are maintained separately will also remain in the locations that they are in at present. JOHN ;) Timestamp: Monday 10 Dec 2007, 14:33 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4645: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHXZSlAAoJEBCGy9eAtCsPkAYH/1S+JbdVVnCADkuyVYxv0ZJ/ cAeYKIui9epFqEK9wcxErQWlIZ/gUescXAYXqjZoBqqAk0otEZJkPbv9IkeVs02v BIhb/PyjgW8O/A/8AB6XHaL2PceRoAeKElkwPXSmiCyA3WCwdmv53QV6pjDERrOL MUqIYN8mOWGLEYzMWgzPPj9tiCQq2RlLAPK8Y5h4i8crJcqfO7XpVVgPrsD2xmOd WKXkHECJUlpDcHz3m77w/xQlGq+JjZF34JVA3egggZc4xoeG4CZe/X46o6Wt/aWc xfsMmcKTrmqP1nLUcKjlBU2RdwsISrr7YaScp55OyQx53nwDxiTsHjxTOaJ/Qro= =WvEM -----END PGP SIGNATURE----- From volker at ixolution.de Mon Dec 10 21:55:12 2007 From: volker at ixolution.de (Volker Dormeyer) Date: Mon, 10 Dec 2007 21:55:12 +0100 Subject: Decryption using Smartcard using CCID and PCSCD driver In-Reply-To: <8763z6pnec.fsf@wheatstone.g10code.de> References: <200711010807.26154.volker@ixolution.de> <8763z6pnec.fsf@wheatstone.g10code.de> Message-ID: <200712102155.13128.volker@ixolution.de> Thank you, Werner. I plan to try the version in SVN within the next days. Regards, Volker * On Monday 10 December 2007 16:42:03, * Werner Koch wrote: > it took quite some time but I fixed it today. The solution is in the SVN > and will go into 1.4.8 and 2.0.8. Both to be released before Christmas. From wk at gnupg.org Mon Dec 10 21:10:36 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 10 Dec 2007 21:10:36 +0100 Subject: Error: "gpg: mpi too large for this implementation" In-Reply-To: <14185055.post@talk.nabble.com> (pmirbaha@gmail.com's message of "Mon, 10 Dec 2007 08:58:40 -0800 (PST)") References: <14185055.post@talk.nabble.com> Message-ID: <87ve76l39f.fsf@wheatstone.g10code.de> On Mon, 10 Dec 2007 17:58, pmirbaha at gmail.com said: > gpg: mpi too large for this implementation (34055 bits) The encrypted data is corrupt. Most likely this happened on the transport. Did you used FTP and die you make sure that binary mode was used? Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From shavital at mac.com Tue Dec 11 08:32:53 2007 From: shavital at mac.com (Charly Avital) Date: Tue, 11 Dec 2007 02:32:53 -0500 Subject: [Announce] Libgcrypt 1.4.0 (stable) released In-Reply-To: <87y7c2ml1p.fsf@wheatstone.g10code.de> References: <87y7c2ml1p.fsf@wheatstone.g10code.de> Message-ID: <475E3D25.9060809@mac.com> Werner Koch wrote the following on 12/10/07 2:01 PM: > Hello! > > We are pleased to announce the availability of Libgcrypt 1.4.0. This is > the new stable version of Libgcrypt and upward compatible with the 1.2 > series. > > The 1.2 series will enter end of life state in 2 years on 2009-12-31. > > Libgcrypt is a general purpose library of cryptographic building blocks. > It is originally based on code used by GnuPG. It does not provide any > implementation of OpenPGP or other protocols. Thorough understanding of > applied cryptography is required to use Libgcrypt. [...] > > Werner On an Apple Macbook Intel Core 2 Duo: 1. Configured for: Darwin (i386-apple-darwin9.1.0) 2. Libraries have been installed in: /usr/local/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `DYLD_LIBRARY_PATH' environment variable during execution See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- test -z "/usr/local/bin" || .././install-sh -c -d "/usr/local/bin" /bin/sh ../libtool --mode=install /usr/bin/install -c 'dumpsexp' '/usr/local/bin/dumpsexp' /usr/bin/install -c dumpsexp /usr/local/bin/dumpsexp test -z "/usr/local/bin" || .././install-sh -c -d "/usr/local/bin" /usr/bin/install -c 'libgcrypt-config' '/usr/local/bin/libgcrypt-config' test -z "/usr/local/sbin" || .././install-sh -c -d "/usr/local/sbin" test -z "/usr/local/include" || .././install-sh -c -d "/usr/local/include" /usr/bin/install -c -m 644 'gcrypt.h' '/usr/local/include/gcrypt.h' /usr/bin/install -c -m 644 'gcrypt-module.h' '/usr/local/include/gcrypt-module.h' test -z "/usr/local/share/aclocal" || .././install-sh -c -d "/usr/local/share/aclocal" /usr/bin/install -c -m 644 'libgcrypt.m4' '/usr/local/share/aclocal/libgcrypt.m4' Making install in doc make[2]: Nothing to be done for `install-exec-am'. test -z "/usr/local/share/info" || .././install-sh -c -d "/usr/local/share/info" /usr/bin/install -c -m 644 './gcrypt.info' '/usr/local/share/info/gcrypt.info' install-info --info-dir='/usr/local/share/info' '/usr/local/share/info/gcrypt.info' Making install in tests make[2]: Nothing to be done for `install-exec-am'. make[2]: Nothing to be done for `install-data-am'. make[2]: Nothing to be done for `install-exec-am'. make[2]: Nothing to be done for `install-data-am'. ------- To the best of my limited understading, Libgcrypt 1.4.0 has been successfully installed in this compuner? On a PPC machine though, it failed, see separate report. Thank you Werner, Charly From shavital at mac.com Tue Dec 11 08:41:14 2007 From: shavital at mac.com (Charly Avital) Date: Tue, 11 Dec 2007 02:41:14 -0500 Subject: [Announce] Libgcrypt 1.4.0 (stable) released In-Reply-To: <87y7c2ml1p.fsf@wheatstone.g10code.de> References: <87y7c2ml1p.fsf@wheatstone.g10code.de> Message-ID: <475E3F1A.5080408@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Werner Koch wrote the following on 12/10/07 2:01 PM: > Hello! > > We are pleased to announce the availability of Libgcrypt 1.4.0. This is > the new stable version of Libgcrypt and upward compatible with the 1.2 > series. > > The 1.2 series will enter end of life state in 2 years on 2009-12-31. [...] Compiling fails on an Apple Powerbook PPC, some problem with libtool. Werner, thanks in advance for any comment any time. Charly 1. Configured for: Darwin (powerpc-apple-darwin9.1.0) 2. /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. - -I.. -I/usr/local/include -g -O2 -Wall -Wpointer-arith -MT libgcrypt_la-missing-string.lo -MD -MP -MF .deps/libgcrypt_la-missing-string.Tpo -c -o libgcrypt_la-missing-string.lo `test -f 'missing-string.c' || echo './'`missing-string.c gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -g -O2 -Wall - -Wpointer-arith -MT libgcrypt_la-missing-string.lo -MD -MP -MF .deps/libgcrypt_la-missing-string.Tpo -c missing-string.c -fno-common - -DPIC -o .libs/libgcrypt_la-missing-string.o gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -g -O2 -Wall - -Wpointer-arith -MT libgcrypt_la-missing-string.lo -MD -MP -MF .deps/libgcrypt_la-missing-string.Tpo -c missing-string.c -o libgcrypt_la-missing-string.o >/dev/null 2>&1 mv -f .deps/libgcrypt_la-missing-string.Tpo .deps/libgcrypt_la-missing-string.Plo /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. - -I.. -I/usr/local/include -g -O2 -Wall -Wpointer-arith -MT libgcrypt_la-module.lo -MD -MP -MF .deps/libgcrypt_la-module.Tpo -c -o libgcrypt_la-module.lo `test -f 'module.c' || echo './'`module.c gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -g -O2 -Wall - -Wpointer-arith -MT libgcrypt_la-module.lo -MD -MP -MF .deps/libgcrypt_la-module.Tpo -c module.c -fno-common -DPIC -o .libs/libgcrypt_la-module.o gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -g -O2 -Wall - -Wpointer-arith -MT libgcrypt_la-module.lo -MD -MP -MF .deps/libgcrypt_la-module.Tpo -c module.c -o libgcrypt_la-module.o >/dev/null 2>&1 mv -f .deps/libgcrypt_la-module.Tpo .deps/libgcrypt_la-module.Plo /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. - -I.. -I/usr/local/include -g -O2 -Wall -Wpointer-arith -MT libgcrypt_la-ath.lo -MD -MP -MF .deps/libgcrypt_la-ath.Tpo -c -o libgcrypt_la-ath.lo `test -f 'ath.c' || echo './'`ath.c gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -g -O2 -Wall - -Wpointer-arith -MT libgcrypt_la-ath.lo -MD -MP -MF .deps/libgcrypt_la-ath.Tpo -c ath.c -fno-common -DPIC -o .libs/libgcrypt_la-ath.o gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -g -O2 -Wall - -Wpointer-arith -MT libgcrypt_la-ath.lo -MD -MP -MF .deps/libgcrypt_la-ath.Tpo -c ath.c -o libgcrypt_la-ath.o >/dev/null 2>&1 mv -f .deps/libgcrypt_la-ath.Tpo .deps/libgcrypt_la-ath.Plo /bin/sh ../libtool --tag=CC --mode=link gcc -I/usr/local/include -g - -O2 -Wall -Wpointer-arith -version-info 15:3:4 -o libgcrypt.la - -rpath /usr/local/lib libgcrypt_la-visibility.lo libgcrypt_la-misc.lo libgcrypt_la-global.lo libgcrypt_la-sexp.lo libgcrypt_la-hwfeatures.lo libgcrypt_la-stdmem.lo libgcrypt_la-secmem.lo libgcrypt_la-missing-string.lo libgcrypt_la-module.lo libgcrypt_la-ath.lo ../cipher/libcipher.la ../mpi/libmpi.la - -L/usr/local/lib -lgpg-error grep: /usr/local/lib/libintl.la: No such file or directory sed: /usr/local/lib/libintl.la: No such file or directory libtool: link: `/usr/local/lib/libintl.la' is not a valid libtool archive make[2]: *** [libgcrypt.la] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBR14/FM3GMi2FW4PvAQgBkAgAo4lSnM80F9CwtpyWIU41kmBNf7SujBea YuFB943XEmWymh0klS+yf4b62QuRtcCzhnHFhijhqmlMZSan5LqdUrrgQbtGLiHJ 3LMRMLM4FSam0c1r5aaoJFu9yTorEqHvArhMXQK6Ph3+CvveJ8zyS2lP9EcXI0XF QX3RFdcr/zpLJ1ZlEyeLrIZF8w2G2TFjesVprVSvYSBMvZBV7c/u2vAufUORjadZ UDkHwggM6w83FScW+UplA2jmG3Os02ehZOpC2NP0dQ2vcJmRydTbEZxhMkwEFzLE 4wYC5NR3MlORrMTVKU1YNjhnq1kWyPT3ORY0O2fN1TatvUF+8Ht4eg== =hHuE -----END PGP SIGNATURE----- From alexander.janssen at gmail.com Mon Dec 10 18:13:00 2007 From: alexander.janssen at gmail.com (Alexander W. Janssen) Date: Mon, 10 Dec 2007 18:13:00 +0100 Subject: [offtopic] OpenGPG Smartcard with keylength >1024 Message-ID: <475D739C.3070906@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I know this is offtopic, but I ask nonetheless, maybe someone has an idea. The BSI recently announced that it finds RSA/1024 bits not to be considered secure enough from the 1st of January on[1]. Now I have this really cool RSA-Smartcard (based on G10's code, fab'ed by ppc-systems) which does 1024 bits and I'm wondering if anyone knows a source who sells cards with, let's say, 2048 bits. PPC-Systems don't. - From what I heard, technically it's no problem to have card with bigger keylengths, although it might become slow - otoh they're probably more expensive. Not that I think I should abolish everything just because they say so, but it's worth a consideration anyway if you want to deploy a whole new PKI. Thanks, Alex. [1] http://www.bsi.de/esig/dokumente/krypto/BSI_Final_07.pdf - page 4, table "minimum keylenghts" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQCVAwUBR11zmhYlVVSQ3uFxAQIHfAP9Hx6TTKdaGj2OJnutpUX+zPr1gw7i6Qww zyedYkvE+34M8UB+YwkYtPri7IgQRsyfF/AX3y5rn/7/7mDgTJTp0wI2ldJ06WUk VRSEDBh+OSxsJ9+25Y4raUuHqxBjPHvKGdRD6ZSn13PhbbCJrwI8r+sqFLeEs50j GVKXvA7nCi0= =BJOi -----END PGP SIGNATURE----- From brad at black.cirt.vt.edu Mon Dec 10 22:40:35 2007 From: brad at black.cirt.vt.edu (Brad Tilley) Date: Mon, 10 Dec 2007 16:40:35 -0500 Subject: Combining Secret Keys In-Reply-To: <475D94A7.1020804@bellsouth.net> References: <475D610D.4020509@vt.edu> <475D94A7.1020804@bellsouth.net> Message-ID: <475DB253.2020805@black.cirt.vt.edu> John W. Moore III wrote: > Simply Importing all the Secret Keys into Your 'Main' Keyring should do > the trick. They will then be in the same place but listed separately. > It may be necessary to then designate one of the Secret Keys as the > 'Default' Keypair so that gpg.exe will know which Secret Key to > automatically choose. > > The Secret Keys that are maintained separately will also remain in the > locations that they are in at present. > > JOHN ;) OK, thanks for the tip. So, I won't need to change anything publicly? Currently, I publish the public keys on a website... nothing to change there? To go from three to one, I will import two of the private keys into the remaining private key. Is it then OK to delete the individual secret keys that I imported? What about revocation certs... are the ones I have now OK, or should they be re-generated? I apologize for all the questions... just don't wan t to screw this up. Thanks again, Brad From JPClizbe at tx.rr.com Tue Dec 11 12:37:35 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Tue, 11 Dec 2007 05:37:35 -0600 Subject: Combining Secret Keys In-Reply-To: <475DB253.2020805@black.cirt.vt.edu> References: <475D610D.4020509@vt.edu> <475D94A7.1020804@bellsouth.net> <475DB253.2020805@black.cirt.vt.edu> Message-ID: <475E767F.2000201@tx.rr.com> Brad Tilley wrote: > OK, thanks for the tip. So, I won't need to change anything publicly? > Currently, I publish the public keys on a website... nothing to change > there? To go from three to one, I will import two of the private keys > into the remaining private key. Is it then OK to delete the individual > secret keys that I imported? What about revocation certs... are the ones > I have now OK, or should they be re-generated? I think you misunderstand. You may import the keys to the same keyring file, but each public-secret key pair remains a distinct entity. You cannot merge multiple secret keys into a single key instance. You can only store them in the same file. Your existing revocation certs are fine *for each individual key*. If you wish a public key to no longer be usable, you may import the key's revocation certificate and publish the revoked key. If you delete a secret key, you lose its use. You will no longer be able to decrypt content encrypted to the corresponding public key. > I apologize for all the questions... just don't wan t to screw this up. Do not delete any of your secret keys until you understand the principles a bit better. Your present course will lead you to unwelcome and undesired results. I'll hazard a guess that you are conflating user IDs with the actual key material. -- John P. Clizbe Inet: JPClizbe(a) tx DAWT rr DAHT com Ginger Bear Networks hkp://keyserver.gingerbear.net "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071211/620ca8bf/attachment-0001.pgp From btilley at vt.edu Tue Dec 11 14:58:19 2007 From: btilley at vt.edu (Brad Tilley) Date: Tue, 11 Dec 2007 08:58:19 -0500 Subject: Combining Secret Keys In-Reply-To: <475E767F.2000201@tx.rr.com> References: <475D610D.4020509@vt.edu> <475D94A7.1020804@bellsouth.net> <475DB253.2020805@black.cirt.vt.edu> <475E767F.2000201@tx.rr.com> Message-ID: <475E977B.7020503@vt.edu> John Clizbe wrote: > Brad Tilley wrote: >> OK, thanks for the tip. So, I won't need to change anything publicly? >> Currently, I publish the public keys on a website... nothing to change >> there? To go from three to one, I will import two of the private keys >> into the remaining private key. Is it then OK to delete the individual >> secret keys that I imported? What about revocation certs... are the ones >> I have now OK, or should they be re-generated? > > I think you misunderstand. You may import the keys to the same keyring file, but > each public-secret key pair remains a distinct entity. > > You cannot merge multiple secret keys into a single key instance. You can only > store them in the same file. > > Your existing revocation certs are fine *for each individual key*. If you wish a > public key to no longer be usable, you may import the key's revocation > certificate and publish the revoked key. > > If you delete a secret key, you lose its use. You will no longer be able to > decrypt content encrypted to the corresponding public key. > >> I apologize for all the questions... just don't wan t to screw this up. > > Do not delete any of your secret keys until you understand the principles a bit > better. Your present course will lead you to unwelcome and undesired results. > > I'll hazard a guess that you are conflating user IDs with the actual key material. Sorry, my terminology wasn't accurate. I understand what you are saying. However, I was hoping to merge all three keys into one key (having three distinct, separate keys on the same keyring is what I have now). Anyway, I've almost decided to just keep the keys as they are. I got the principles down many years ago when a computer crashed and I lost a secret key :) and its revocation cert... since that time I've made regular backups and have recovered from similar incidents and revoked keys. Thanks for your time, Brad From pmirbaha at gmail.com Tue Dec 11 17:07:14 2007 From: pmirbaha at gmail.com (parvizm) Date: Tue, 11 Dec 2007 08:07:14 -0800 (PST) Subject: Error: "gpg: mpi too large for this implementation" In-Reply-To: <87ve76l39f.fsf@wheatstone.g10code.de> References: <14185055.post@talk.nabble.com> <87ve76l39f.fsf@wheatstone.g10code.de> Message-ID: <14277110.post@talk.nabble.com> Werner, You were absolutely right! I setup the ftp download again but this time using binary mode. The decryption process is now working. Thanks! -Parviz Werner Koch wrote: > > On Mon, 10 Dec 2007 17:58, pmirbaha at gmail.com said: > >> gpg: mpi too large for this implementation (34055 bits) > > The encrypted data is corrupt. Most likely this happened on the > transport. Did you used FTP and die you make sure that binary mode was > used? > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://www.nabble.com/Error%3A-%22gpg%3A-mpi-too-large-for-this-implementation%22-tp14185055p14277110.html Sent from the GnuPG - User mailing list archive at Nabble.com. From vedaal at hush.com Tue Dec 11 17:32:40 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Tue, 11 Dec 2007 11:32:40 -0500 Subject: Combining Secret Keys Message-ID: <20071211163241.245B022848@mailserver9.hushmail.com> John Clizbe JPClizbe at tx.rr.com wrote on Tue Dec 11 12:37:35 CET 2007 > You cannot merge multiple secret keys into a single key instance. > You can only store them in the same file. but it 'might be' an interesting 'feature' option ;-) isn't something like this already being done when generating an encrypting or signing subkey to an existing key? so, a possible feature request, might be to take an existing key, with a signing primary key and encrypting subkey, change the passphrase to that of the 'parent' key, and add them to the parent key as a signing subkey and an encrypting subkey [not 'high up' on my list of possible feature requests, as i publicly use only 2 keys, and one is v3 and the other v4 ;-) also, it might cause some confusion on keyservers when searching by key id or fingerprint ] but if it doesn't involve complex or tedious changes to the code, and can help people, maybe it can be considered ... vedaal -- Own the Ultimate Platinum Credit Card. Click here. http://tagline.hushmail.com/fc/Ioyw6h4dNnk7gljnvOZybgoaJXCBp3F1z8CoAIyNmpsqz4i7xQkivF/ From btilley at vt.edu Wed Dec 12 17:14:09 2007 From: btilley at vt.edu (Brad Tilley) Date: Wed, 12 Dec 2007 11:14:09 -0500 Subject: Redistributing the GnuPG Windows Binary Message-ID: <476008D1.6000208@vt.edu> Hi folks, Hope this isn't too inappropriate. It is OK to redistribute the GnuPG Windows binary installer? We'd like to distribute it with some scripts that by default setup the path, etc. Thanks, Brad From rjh at sixdemonbag.org Wed Dec 12 19:57:49 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 12 Dec 2007 12:57:49 -0600 Subject: Redistributing the GnuPG Windows Binary In-Reply-To: <476008D1.6000208@vt.edu> References: <476008D1.6000208@vt.edu> Message-ID: <47602F2D.9040209@sixdemonbag.org> Brad Tilley wrote: > Hope this isn't too inappropriate. It is OK to redistribute the GnuPG > Windows binary installer? We'd like to distribute it with some scripts > that by default setup the path, etc. GnuPG is distributed under the GNU General Public License (GPL). As long as you comply with that license, I'm pretty sure the copyright holders will bless your actions. :) From yalla at fsfe.org Wed Dec 12 22:53:04 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Wed, 12 Dec 2007 22:53:04 +0100 Subject: [offtopic] OpenGPG Smartcard with keylength >1024 In-Reply-To: <47605779.6070204@sara.nl> References: <475D739C.3070906@gmail.com> <47605779.6070204@sara.nl> Message-ID: <47605840.5010605@fsfe.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remco Post schrieb: > If this is true, an openpgp smartcard could do 2048 bits, but would cost > a bit more, I'd be very intrested. Speed is not really an issue, unless > of course signing or decryption would take more than say 5 seconds. Well, I heard it in a talk Werner gave during a FSFE-meeting in Duesseldorf a couple of months ago. However, I don't know of any vendor shipping cards doing 2048 bits. Or even DSA. Cheers, Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQCVAwUBR2BYPhYlVVSQ3uFxAQL9XwQAhopHAjhged1AmdR0SPuMn8VIVXyOEkiv OX0CwibWH/jd6NcDu5De4/hQWPknvkPUI/erRVQ7QDIpfOCfj0TPhXg5HvudI1jN OBzCOKTUvML+jqWHWzmlF4Wo0x6m7dJ51XUoQ/D2iMUjZIclA8Xo3GcXgySndLQZ xbkgOhRnO9A= =eCWB -----END PGP SIGNATURE----- From r.post at sara.nl Wed Dec 12 22:49:45 2007 From: r.post at sara.nl (Remco Post) Date: Wed, 12 Dec 2007 22:49:45 +0100 Subject: [offtopic] OpenGPG Smartcard with keylength >1024 In-Reply-To: <475D739C.3070906@gmail.com> References: <475D739C.3070906@gmail.com> Message-ID: <47605779.6070204@sara.nl> Alexander W. Janssen wrote: > Hi, > Hi Alexander, > Now I have this really cool RSA-Smartcard (based on G10's code, fab'ed > by ppc-systems) which does 1024 bits and I'm wondering if anyone knows a > source who sells cards with, let's say, 2048 bits. PPC-Systems don't. > > From what I heard, technically it's no problem to have card with bigger > keylengths, although it might become slow - otoh they're probably more > expensive. > If this is true, an openpgp smartcard could do 2048 bits, but would cost a bit more, I'd be very intrested. Speed is not really an issue, unless of course signing or decryption would take more than say 5 seconds. -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000 Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC "I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams From nateeccels at yahoo.com Wed Dec 12 20:46:30 2007 From: nateeccels at yahoo.com (nate eccels) Date: Wed, 12 Dec 2007 11:46:30 -0800 (PST) Subject: Backdoor? Message-ID: <988733.65215.qm@web46006.mail.sp1.yahoo.com> Does gpg have any trapdoors. ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ From roam at ringlet.net Thu Dec 13 11:37:11 2007 From: roam at ringlet.net (Peter Pentchev) Date: Thu, 13 Dec 2007 12:37:11 +0200 Subject: Backdoor? In-Reply-To: <988733.65215.qm@web46006.mail.sp1.yahoo.com> References: <988733.65215.qm@web46006.mail.sp1.yahoo.com> Message-ID: <20071213103710.GA1848@straylight.m.ringlet.net> On Wed, Dec 12, 2007 at 11:46:30AM -0800, nate eccels wrote: > Does gpg have any trapdoors. Even if it did have any, do you seriously expect anybody would come out and say "Yes!" on the official public mailing list? :P Humor aside, the answer ought to be "no" - although all that I can say is "almost certainly no", since I have not myself done a full review of the GnuPG code. Still, there are lots and lots of people who *have* - maintainers of GnuPG packages on all kinds of operating systems and distributions, security researchers hoping for a quick claim to fame, serious security researchers really interested in the risks of deploying GnuPG in various kinds of environment... Since nobody has come up with anything so far, I personally am confident enough that, no, GnuPG does not have any backdoors. And just by the way, it really ought to be "backdoor", not "trapdoor", when you are speaking about cryptography - because, strictly speaking, GnuPG *does* implement various trapdoor algorithms, but that is actually a very, very good thing :) G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If there were no counterfactuals, this sentence would not have been paradoxical. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071213/3e51058e/attachment.pgp From 210525p42015 at denstarfarm.us Thu Dec 13 12:53:12 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Thu, 13 Dec 2007 06:53:12 -0500 Subject: Are there new Builds for OS/X ? Message-ID: <47611D28.4020106@denstarfarm.us> Was wondering if I am current and if there is anything new for the mac? gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. -- Robert D. From jmoore3rd at bellsouth.net Thu Dec 13 14:28:31 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 13 Dec 2007 08:28:31 -0500 Subject: Backdoor? In-Reply-To: <988733.65215.qm@web46006.mail.sp1.yahoo.com> References: <988733.65215.qm@web46006.mail.sp1.yahoo.com> Message-ID: <4761337F.6070603@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 nate eccels wrote: > Does gpg have any trapdoors. Have You ever heard the story about the Frog & the Scorpion on the river bank? Still, asking this Question in the Developers Forum indicated a certain amount of Faith that the writers of the code will give You a Fair & Balanced Answer. I assure You it is safe to also assume the answer to Your Question is a resounding NO! JOHN :-D Timestamp: Thursday 13 Dec 2007, 08:28 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4655: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHYTN9AAoJEBCGy9eAtCsPY+4IAIqujkfBJi6J3hIrzwT54z+7 GFCLF/x4yHU5oU6F27h+UglUzK+Apk4Tn2vR+QNQX8ui1VbnRDquz2KUWmZgaD6M MSoNLclZWmlkXR9MMuiaS/wejpIN9ZgGHQC8jNBErY6bdn4IXpIcWz4Pnfc77wyq c3qXSgjxO0R/FijSnsyc67Bn1iCo1lfTv4ihsN8nkim3Qa0sFAjjisB8hgMZ7uUk BV/Rxkr2K7Tx5RzlQE+w/X3mVbViwsnejAbFoflYKokreK+GxRiy/VHG5ji/RxGN 9uucmE0Cf4XPVI3zlGO4xivcg+vU76sr73P/D8n3eRIDpLm2a5/r9Fpa1Clt5YA= =sSs1 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu Dec 13 14:35:38 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 13 Dec 2007 07:35:38 -0600 Subject: Backdoor? In-Reply-To: <988733.65215.qm@web46006.mail.sp1.yahoo.com> References: <988733.65215.qm@web46006.mail.sp1.yahoo.com> Message-ID: <4761352A.1060409@sixdemonbag.org> nate eccels wrote: > Does gpg have any trapdoors. Why would you trust the opinions of random people you've never met? You don't know us. You have no reason to trust our statements, especially about such an important topic. The source code is out there. Inspect it yourself. Make your own decisions and compile your own binary if you're concerned. From jmoore3rd at bellsouth.net Thu Dec 13 14:51:13 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 13 Dec 2007 08:51:13 -0500 Subject: Backdoor? In-Reply-To: <4761352A.1060409@sixdemonbag.org> References: <988733.65215.qm@web46006.mail.sp1.yahoo.com> <4761352A.1060409@sixdemonbag.org> Message-ID: <476138D1.9000507@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: > Why would you trust the opinions of random people you've never met? For the same reason that One might ask Jim Jones about the Nutritional Value of the Kool-Aid. :-D JOHN ;) Timestamp: Thursday 13 Dec 2007, 08:50 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4655: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHYTjPAAoJEBCGy9eAtCsPBwgH/1/z/9NnLfdCaUxX0vjqrERa n4hVGmnsIZsoyToahYT4Nj3HW+Mfcodj4cBh4g2EAySA/xed64JfJ/VGQ9yYqvZH E9qg+xi+1kFhazFQOXjiI8T+SoMRmJi0BW/gdM3iMnp/LzVWx3qGNyHS4m837lPP 5qcUmHYkHZTa1h6aYjWsvc732JMMUa44cP/maRdfHYTEN1tDYM+m5F+Ch14NOmV4 Fp1vlrtsENfxYIC8BJhbZpmHpKFe1TtWlpEjnHO8/97VCLao0hd9s+Oec9g7YODP vkEMWelR4P0zs7XJHj2SFUAXLfhMth+Bf+UoNgQYZy5CGNVO4VxvAwki1qJpaJk= =e7tz -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Dec 13 15:17:06 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 13 Dec 2007 09:17:06 -0500 Subject: Are there new Builds for OS/X ? In-Reply-To: <47611D28.4020106@denstarfarm.us> References: <47611D28.4020106@denstarfarm.us> Message-ID: <20071213141705.GA24209@jabberwocky.com> On Thu, Dec 13, 2007 at 06:53:12AM -0500, Robert D. wrote: > Was wondering if I am current and if there is anything new for the mac? > > gpg (GnuPG) 1.4.7 > Copyright (C) 2006 Free Software Foundation, Inc. Yes, you are current. Version 1.4.8 will be coming out soon. David From benjamin at py-soft.co.uk Thu Dec 13 17:09:09 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 13 Dec 2007 16:09:09 +0000 Subject: Are there new Builds for OS/X ? In-Reply-To: <20071213141705.GA24209@jabberwocky.com> References: <47611D28.4020106@denstarfarm.us> <20071213141705.GA24209@jabberwocky.com> Message-ID: <47615925.8030002@py-soft.co.uk> David Shaw wrote: >> Was wondering if I am current and if there is anything new for the mac? >> >> gpg (GnuPG) 1.4.7 >> Copyright (C) 2006 Free Software Foundation, Inc. >> > > Yes, you are current. Version 1.4.8 will be coming out soon. > When 1.4.8 is officially released, rather than just release candidates, I will be updating the mac-gpg project version. I haven't really got time to fiddle around with RCs, unless someone is willing to pay for my time.... Ben From Ccovington at logis.org Thu Dec 13 17:19:07 2007 From: Ccovington at logis.org (Chris Covington) Date: Thu, 13 Dec 2007 10:19:07 -0600 Subject: How to trust a key only for users in one domain Message-ID: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DB2@lo-mail.LOGIS.ORG> What would the command line be in GnuPG to sign a key and specify a domain, so that if that signed key signs another key in the specified domain, the other key would be listed as valid? For instance if I want to sign the gnupgAdmin at example.org public key so that any key that the gnupgAdmin signs is listed as valid, if the key is for a user in the example.org domain. This is typically referred to as a "Trusted Introducer" signature and is listed in RFC 4880 section 5.2.3.14. Thanks, Chris From wk at gnupg.org Thu Dec 13 17:15:04 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Dec 2007 17:15:04 +0100 Subject: Redistributing the GnuPG Windows Binary In-Reply-To: <476008D1.6000208@vt.edu> (Brad Tilley's message of "Wed, 12 Dec 2007 11:14:09 -0500") References: <476008D1.6000208@vt.edu> Message-ID: <87hcimy3jr.fsf@wheatstone.g10code.de> On Wed, 12 Dec 2007 17:14, btilley at vt.edu said: > Hope this isn't too inappropriate. It is OK to redistribute the GnuPG > Windows binary installer? We'd like to distribute it with some scripts > that by default setup the path, etc. You need to distribute the source files as weel, that is the tarball matching the version number. If you distribute it via an server it is sufficient to put the source file into the same directory and make a corresponding note in the documentation. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jmoore3rd at bellsouth.net Thu Dec 13 18:16:08 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 13 Dec 2007 12:16:08 -0500 Subject: How to trust a key only for users in one domain In-Reply-To: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DB2@lo-mail.LOGIS.ORG> References: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DB2@lo-mail.LOGIS.ORG> Message-ID: <476168D8.3070907@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Chris Covington wrote: > What would the command line be in GnuPG to sign a key and specify a domain, so that if that signed key signs another key in the specified domain, the other key would be listed as valid? > > For instance if I want to sign the gnupgAdmin at example.org public key so that any key that the gnupgAdmin signs is listed as valid, if the key is for a user in the example.org domain. This is typically referred to as a "Trusted Introducer" signature and is listed in RFC 4880 section 5.2.3.14. tsign Domain specificity is one of the Questions that will be 'asked' during Signing. JOHN ;) Timestamp: Thursday 13 Dec 2007, 12:16 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4655: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHYWjWAAoJEBCGy9eAtCsP9v0H/00XNxXPKCFdti8Jdd8VmHFU DSPJYcdEbmu6GahGxG1Hqb9SgJGQ8NfGD0+uL0VsaBdS0+LNCXUkFhvhaQltVyFt n7fBUMiUCDF/dZE2C+l4MN+alZUz57vXYUwtCbEy1UKWm7xL2yKQrFO9bNtIJpZ7 B6wXmZQW77y5Z+1FAv3vUggVIlgbhYJuLkjTxg6yx8izWr8W7lhxkvIxFPMzxUsS miyutZdWst3o6jImpG7BBI3WLtScBmiq33IDF0e3yBwYqfD4PBSLy8CVp5K+ajP4 oORawFoGskxM6bPyikJOadjUHZ7pFiLsLaZphD/8QMFdFo3RfGWfYJ5nSxmF3nY= =h18N -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Dec 13 18:46:27 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 13 Dec 2007 12:46:27 -0500 Subject: How to trust a key only for users in one domain In-Reply-To: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DB2@lo-mail.LOGIS.ORG> References: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DB2@lo-mail.LOGIS.ORG> Message-ID: <20071213174627.GA24753@jabberwocky.com> On Thu, Dec 13, 2007 at 10:19:07AM -0600, Chris Covington wrote: > What would the command line be in GnuPG to sign a key and specify a > domain, so that if that signed key signs another key in the > specified domain, the other key would be listed as valid? > > For instance if I want to sign the gnupgAdmin at example.org public key > so that any key that the gnupgAdmin signs is listed as valid, if the > key is for a user in the example.org domain. This is typically > referred to as a "Trusted Introducer" signature and is listed in RFC > 4880 section 5.2.3.14. Use "gpg --edit-key (thekey)" and then "tsign". You will be asked the usual signature questions, and also the trust level (RFC-4880 section 5.2.3.13) and then the domain. David From Ccovington at logis.org Thu Dec 13 18:48:59 2007 From: Ccovington at logis.org (Chris Covington) Date: Thu, 13 Dec 2007 11:48:59 -0600 Subject: How to trust a key only for users in one domain In-Reply-To: <476168D8.3070907@bellsouth.net> References: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DB2@lo-mail.LOGIS.ORG> <476168D8.3070907@bellsouth.net> Message-ID: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DDB@lo-mail.LOGIS.ORG> Tsign works - thank you! -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of John W. Moore III Sent: Thursday, December 13, 2007 11:16 AM To: GnuPG Users List Subject: Re: How to trust a key only for users in one domain -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Chris Covington wrote: > What would the command line be in GnuPG to sign a key and specify a domain, so that if that signed key signs another key in the specified domain, the other key would be listed as valid? > > For instance if I want to sign the gnupgAdmin at example.org public key so that any key that the gnupgAdmin signs is listed as valid, if the key is for a user in the example.org domain. This is typically referred to as a "Trusted Introducer" signature and is listed in RFC 4880 section 5.2.3.14. tsign Domain specificity is one of the Questions that will be 'asked' during Signing. JOHN ;) Timestamp: Thursday 13 Dec 2007, 12:16 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4655: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHYWjWAAoJEBCGy9eAtCsP9v0H/00XNxXPKCFdti8Jdd8VmHFU DSPJYcdEbmu6GahGxG1Hqb9SgJGQ8NfGD0+uL0VsaBdS0+LNCXUkFhvhaQltVyFt n7fBUMiUCDF/dZE2C+l4MN+alZUz57vXYUwtCbEy1UKWm7xL2yKQrFO9bNtIJpZ7 B6wXmZQW77y5Z+1FAv3vUggVIlgbhYJuLkjTxg6yx8izWr8W7lhxkvIxFPMzxUsS miyutZdWst3o6jImpG7BBI3WLtScBmiq33IDF0e3yBwYqfD4PBSLy8CVp5K+ajP4 oORawFoGskxM6bPyikJOadjUHZ7pFiLsLaZphD/8QMFdFo3RfGWfYJ5nSxmF3nY= =h18N -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From Ccovington at logis.org Thu Dec 13 20:03:53 2007 From: Ccovington at logis.org (Chris Covington) Date: Thu, 13 Dec 2007 13:03:53 -0600 Subject: How to trust a key only for users in one domain In-Reply-To: <20071213174627.GA24753@jabberwocky.com> References: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DB2@lo-mail.LOGIS.ORG> <20071213174627.GA24753@jabberwocky.com> Message-ID: <30FD0B68D2083E4BA5AB66F7E136C29D621B4DE5@lo-mail.LOGIS.ORG> That works - thanks! -----Original Message----- From: gnupg-users-bounces+ccovington=logis.org at gnupg.org [mailto:gnupg-users-bounces+ccovington=logis.org at gnupg.org] On Behalf Of David Shaw Sent: Thursday, December 13, 2007 11:46 AM To: gnupg-users at gnupg.org Subject: Re: How to trust a key only for users in one domain On Thu, Dec 13, 2007 at 10:19:07AM -0600, Chris Covington wrote: > What would the command line be in GnuPG to sign a key and specify a > domain, so that if that signed key signs another key in the > specified domain, the other key would be listed as valid? > > For instance if I want to sign the gnupgAdmin at example.org public key > so that any key that the gnupgAdmin signs is listed as valid, if the > key is for a user in the example.org domain. This is typically > referred to as a "Trusted Introducer" signature and is listed in RFC > 4880 section 5.2.3.14. Use "gpg --edit-key (thekey)" and then "tsign". You will be asked the usual signature questions, and also the trust level (RFC-4880 section 5.2.3.13) and then the domain. David _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From canuzzi at gmx.net Thu Dec 13 20:30:35 2007 From: canuzzi at gmx.net (Enzo Canuzzi) Date: Thu, 13 Dec 2007 20:30:35 +0100 Subject: Backdoor? In-Reply-To: <988733.65215.qm@web46006.mail.sp1.yahoo.com> References: <988733.65215.qm@web46006.mail.sp1.yahoo.com> Message-ID: <4761885B.4010509@gmx.net> >Does gpg have any trapdoors. Yes there is. Run gpg with the options: --open-back-door --user admin --password admin From gnupg at ethen.de Thu Dec 13 23:14:43 2007 From: gnupg at ethen.de (gnupg at ethen.de) Date: Thu, 13 Dec 2007 23:14:43 +0100 Subject: ksba_crl_parse failed: Invalid CRL object Message-ID: <200712132314.44449.gnupg@ethen.de> When dirmngr tries to load http://www.rsasecurity.com/products/keon/repository/certificate_status/RSA_Security_2048_v3.CRL I get "ksba_crl_parse failed: Invalid CRL object" in the logfile and verification failes. Other CRLs are binary, this one starts with "-----BEGIN X509 CRL-----". Is this expected behavior or what can I do to fix it? Thanks! From gnupg at ethen.de Fri Dec 14 00:01:11 2007 From: gnupg at ethen.de (gnupg at ethen.de) Date: Fri, 14 Dec 2007 00:01:11 +0100 Subject: ksba_crl_parse failed: Invalid CRL object Message-ID: <200712140001.11438.gnupg@ethen.de> When dirmngr tries to load http://www.rsasecurity.com/products/keon/repository/certificate_status/RSA_Security_2048_v3.CRL I get "ksba_crl_parse failed: Invalid CRL object" in the logfile and verification failes. Other CRLs are binary, this one starts with "-----BEGIN X509 CRL-----". Is this expected behavior or what can I do to fix it? Thanks! From r.post at sara.nl Fri Dec 14 01:10:02 2007 From: r.post at sara.nl (Remco Post) Date: Fri, 14 Dec 2007 01:10:02 +0100 Subject: gpg and macos 10.5 Message-ID: <4761C9DA.8070705@sara.nl> Hi All, it seams that gpg and macos 10.5 are not on good terms for the smartcard: flops:~ remco$ gpg --card-status --no-use-agent gpg: detected reader `SCR335 USB Smart Card Reader 00 00' gpg: pcsc_status failed: insufficient buffer (0x80100008) 35 gpg: Ohhhh jeeee: ATR returned by pcsc_status is too large secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 Abort trap (and I guess it somehow thinks it should try speaking dutch to me....) This is on macos 10.5 on ppc with gpg 1.4.7 -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000 Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC "I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams From malayter at gmail.com Fri Dec 14 05:53:34 2007 From: malayter at gmail.com (Ryan Malayter) Date: Thu, 13 Dec 2007 22:53:34 -0600 Subject: Backdoor? In-Reply-To: <5d7f07420712132052l3c586b66n657e51d3da439120@mail.gmail.com> References: <988733.65215.qm@web46006.mail.sp1.yahoo.com> <4761352A.1060409@sixdemonbag.org> <5d7f07420712132052l3c586b66n657e51d3da439120@mail.gmail.com> Message-ID: <5d7f07420712132053s3725c29j7192a8640f260a7a@mail.gmail.com> On Dec 13, 2007 7:35 AM, Robert J. Hansen wrote: > The source code is out there. Inspect it yourself. Make your own > decisions and compile your own binary if you're concerned. Also make sure your compiler is open source as well. Inspect the code for that, too. And you have to translate that into machine language by hand, just to be safe! -- RPM From wk at gnupg.org Fri Dec 14 10:36:06 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 14 Dec 2007 10:36:06 +0100 Subject: ksba_crl_parse failed: Invalid CRL object In-Reply-To: <200712132314.44449.gnupg@ethen.de> (gnupg@ethen.de's message of "Thu, 13 Dec 2007 23:14:43 +0100") References: <200712132314.44449.gnupg@ethen.de> Message-ID: <87zlwdwrcp.fsf@wheatstone.g10code.de> On Thu, 13 Dec 2007 23:14, gnupg at ethen.de said: > verification failes. Other CRLs are binary, this one starts with "-----BEGIN > X509 CRL-----". > > Is this expected behavior or what can I do to fix it? Yes, Dirmngr only supports binary CRLs. I have not seen anything about an ASCII armor requirement in the specs. You may use dirmngr-client to manualy load the CRL: dirmngr-client --load-crl --pem crl.asc Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From gnupg at ethen.de Fri Dec 14 11:19:32 2007 From: gnupg at ethen.de (gnupg at ethen.de) Date: Fri, 14 Dec 2007 11:19:32 +0100 Subject: ksba_crl_parse failed: Invalid CRL object In-Reply-To: <87zlwdwrcp.fsf@wheatstone.g10code.de> References: <200712132314.44449.gnupg@ethen.de> <87zlwdwrcp.fsf@wheatstone.g10code.de> Message-ID: <200712141119.32772.gnupg@ethen.de> > Dirmngr only supports binary CRLs. ?I have not seen anything about > an ASCII armor requirement in the specs. ?You may use dirmngr-client > to manualy load the CRL: > > ? dirmngr-client --load-crl --pem ?crl.asc # dirmngr-client --load-crl --pem /dev/shm/RSA_Security_2048_v3.asc dirmngr-client: loading CRL `/dev/shm/RSA_Security_2048_v3.asc' failed: Invalid CRL object dirmngr[20793.0] DBG: -> OK Dirmngr 1.0.1 at your service 2007-12-14 11:07:56 dirmngr[20793] connection from process 8888 (1002:100) dirmngr[20793.0] DBG: <- LOADCRL /dev/shm/RSA_Security_2048_v3.asc 2007-12-14 11:07:56 dirmngr[20793] ksba_crl_parse failed: Invalid CRL object 2007-12-14 11:07:56 dirmngr[20793] crl_parse_insert failed: Invalid CRL object 2007-12-14 11:07:56 dirmngr[20793] command LOADCRL failed: Invalid CRL object dirmngr[20793.0] DBG: -> ERR 150995106 Invalid CRL object dirmngr[20793.0] DBG: <- BYE dirmngr[20793.0] DBG: -> OK closing connection Sorry, that didn't work. Is there a way to unarmor the file? Other ideas? I'm surprised at rsasecurity doing something unusual. From shavital at mac.com Fri Dec 14 11:25:58 2007 From: shavital at mac.com (Charly Avital) Date: Fri, 14 Dec 2007 05:25:58 -0500 Subject: gpg and macos 10.5 In-Reply-To: <4761C9DA.8070705@sara.nl> References: <4761C9DA.8070705@sara.nl> Message-ID: <47625A36.9040404@mac.com> Remco Post wrote the following on 12/13/07 7:10 PM: > Hi All, > > it seams that gpg and macos 10.5 are not on good terms for the smartcard: > > flops:~ remco$ gpg --card-status --no-use-agent > gpg: detected reader `SCR335 USB Smart Card Reader 00 00' > gpg: pcsc_status failed: insufficient buffer (0x80100008) 35 > > gpg: Ohhhh jeeee: ATR returned by pcsc_status is too large > secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 > Abort trap > > (and I guess it somehow thinks it should try speaking dutch to me....) > > This is on macos 10.5 on ppc with gpg 1.4.7 > I get an almost identical output with a SCR331 USB Smart Card Reader (identified as gpg: detected reader `CCID Smart Card Reader 00 00') After the output about insufficient buffer and Abort trap, Terminal reports "gpg quit unexpectedly", report: Process: gpg [2174] Path: /usr/local/bin/gpg Identifier: gpg Version: ??? (???) Code Type: X86 (Native) Parent Process: bash [2120] Date/Time: 2007-12-14 05:22:29.398 -0500 OS Version: Mac OS X 10.5.1 (9B18) Report Version: 6 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Crashed Thread: 0 Thread 0 Crashed: 0 libSystem.B.dylib 0x92b4b47a __kill + 10 1 libSystem.B.dylib 0x92bc2782 raise + 26 2 libSystem.B.dylib 0x92bd1d3f abort + 73 3 gpg 0x0009b443 g10_log_bug + 99 4 gpg 0x0004013c reset_pcsc_reader + 492 5 gpg 0x00040318 pcsc_send_apdu + 184 6 gpg 0x000412ec send_apdu + 92 7 gpg 0x00041494 send_le + 404 8 gpg 0x00041b30 apdu_send_simple + 80 9 gpg 0x0003e27f iso7816_select_application + 63 10 gpg 0x0003db25 app_select_openpgp + 53 11 gpg 0x0003390c open_card + 508 12 gpg 0x000349a5 agent_learn + 165 13 gpg 0x00036ec2 card_status + 98 14 gpg 0x000099a9 main + 25497 15 gpg 0x00001f36 start + 54 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000000 ebx: 0x92bd1cff ecx: 0xbfffec8c edx: 0x92b4b47a edi: 0x00000000 esi: 0xa02da578 ebp: 0xbfffeca8 esp: 0xbfffec8c ss: 0x0000001f efl: 0x00000286 eip: 0x92b4b47a cs: 0x00000007 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x000c67b4 Binary Images: 0x1000 - 0xd0f07 +gpg ??? (???) <67b6e3e6d45edf963afb9c536c105ed7> /usr/local/bin/gpg 0x106000 - 0x1e0fd8 +libiconv.2.dylib ??? (???) /usr/local/lib/libiconv.2.dylib 0x24e000 - 0x25afe7 com.apple.pcsc 6.0 (32672) /System/Library/Frameworks/PCSC.framework/PCSC 0x8fe00000 - 0x8fe2d883 dyld 95.3 (???) <81592e798780564b5d46b988f7ee1a6a> /usr/lib/dyld 0x90c47000 - 0x90c71fef libauto.dylib ??? (???) /usr/lib/libauto.dylib 0x914b7000 - 0x91596fff libobjc.A.dylib ??? (???) <5eda47fec2d0e7853b3506aa1fd2dafa> /usr/lib/libobjc.A.dylib 0x92add000 - 0x92c37fe3 libSystem.B.dylib ??? (???) <8ecc83dc0399be3946f7a46e88cf4bbb> /usr/lib/libSystem.B.dylib 0x93d4f000 - 0x93d5dffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x94845000 - 0x94846fef libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x94f5c000 - 0x94f68fff libbz2.1.0.dylib ??? (???) <9ea4fe135c9e52bd0590eec12c738e82> /usr/lib/libbz2.1.0.dylib 0x9559f000 - 0x956d7ff7 libicucore.A.dylib ??? (???) /usr/lib/libicucore.A.dylib 0x95ab0000 - 0x95be2fe7 com.apple.CoreFoundation 6.5 (476) <8bfebc0dbad6fc33bea0fa00a1b9ec37> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x96087000 - 0x9608efe9 libgcc_s.1.dylib ??? (???) /usr/lib/libgcc_s.1.dylib 0x961e5000 - 0x96242ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib Charly 10.5.1 - Macbook Intel Core 2 Duo From wk at gnupg.org Fri Dec 14 13:27:44 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 14 Dec 2007 13:27:44 +0100 Subject: gpg and macos 10.5 In-Reply-To: <4761C9DA.8070705@sara.nl> (Remco Post's message of "Fri, 14 Dec 2007 01:10:02 +0100") References: <4761C9DA.8070705@sara.nl> Message-ID: <878x3xv4u7.fsf@wheatstone.g10code.de> On Fri, 14 Dec 2007 01:10, r.post at sara.nl said: > gpg: Ohhhh jeeee: ATR returned by pcsc_status is too large The PC/SC driver returns an ATR (Answer-To-Reset, the initial hello from a smartcard) which is longer than the maximum of 32 bytes. The Beta of Leopard had some problems with PC/SC: http://lists.apple.com/archives/apple-cdsa/2007/Sep/msg00011.html Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Dec 14 14:35:45 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 14 Dec 2007 14:35:45 +0100 Subject: [Announce] GnuPG: second release candidate for 1.4.8 Message-ID: <87wsrhtn4e.fsf@wheatstone.g10code.de> Hi, I just uploaded a second release candidate for GnuPG 1.4.8: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc2.tar.bz2 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc2.tar.bz2.sig If you have problems with 1.4.7, you may want to give it a try. Those who reported build problems should also try to build that one and report if the problems persist (to the gnupg-users ML). Note that the language files are not all updated and our translators may want to check whether they find time to send an update in. There are certainly a couple of bugs not yet fixed as we had not the time to work through all bug reports, please complain if there are important things still not resolved. The actual release of 1.4.8 is planned for December 20. Noteworthy changes since the last release candidate --------------------------------------------------- * Allow encryption using legacy Elgamal sign+encrypt keys if option --rfc2440 is used. * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. * Fix RFC-4880 typo in the SHA-224 hash prefix. Old SHA-224 signatures will continue to work. Happy hacking, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available Url : /pipermail/attachments/20071214/5e5e14f9/attachment-0001.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From shavital at mac.com Fri Dec 14 16:34:57 2007 From: shavital at mac.com (Charly Avital) Date: Fri, 14 Dec 2007 10:34:57 -0500 Subject: [Announce] GnuPG: second release candidate for 1.4.8 In-Reply-To: <87wsrhtn4e.fsf@wheatstone.g10code.de> References: <87wsrhtn4e.fsf@wheatstone.g10code.de> Message-ID: <4762A2A1.8070000@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Werner Koch wrote the following on 12/14/07 8:35 AM: > Hi, > > I just uploaded a second release candidate for GnuPG 1.4.8: > > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc2.tar.bz2 > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc2.tar.bz2.sig > > If you have problems with 1.4.7, you may want to give it a try. Those > who reported build problems should also try to build that one and report > if the problems persist (to the gnupg-users ML). > > Note that the language files are not all updated and our translators may > want to check whether they find time to send an update in. There are > certainly a couple of bugs not yet fixed as we had not the time to work > through all bug reports, please complain if there are important things > still not resolved. > The actual release of 1.4.8 is planned for December 20. > Noteworthy changes since the last release candidate > * Allow encryption using legacy Elgamal sign?? keys if > option --rfc2440 is used. > * Fixed the auto creation of the key stub for smartcards. > * Fixed a rare bug in decryption using the OpenPGP card. > * Fix RFC-4880 typo in the SHA-224 hash prefix. Old SHA-224 > signatures will continue to work. > Happy hacking, > > Werner Compiled and running on: Version info: gnupg 1.4.8rc2 Configured for: Darwin (i386-apple-darwin9.1.0) and on Version info: gnupg 1.4.8rc2 Configured for: Darwin (powerpc-apple-darwin9.1.0) Charly - MacOSX (10.5.1) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEbBAEBCAAGBQJHYqKbAAoJEM3GMi2FW4PvyE0H+PDxq4aWPqOln14/74RqJKcq 9ypOJeEpgLyMTzQY5Ejw4oEb89h6eKnDNy/dKFdy6DiYbaujzfYuKTFj+G5aFtGz Wx9eNzpNBD0tHykc9uCP75m5MPHMp4Mw2zrNvhmBbF7nqHrUPTL/sRBRB6R7IZhU /7nuBHV/f9hRaCZgJUh5SSCJpEhPkzei/gt8PLinUXmqnOPuWqU0moR1TEqqU4J0 3Sk9P9UVkxL2zZlk4Yk/rzEyiE5rAb7lqiwH32WDIQQZeAd4KysZ3IeZW9yj8FpW 5ryjAtHSVSGyaDiJh8d+yvsOOrMnWmiPuNzokfTxahH1bqBSpYR2ZEVE2RHwEw== =xKwA -----END PGP SIGNATURE----- From wk at gnupg.org Fri Dec 14 17:26:04 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 14 Dec 2007 17:26:04 +0100 Subject: [Announce] Here comes the release candidate for GnuPG 2.0.8 Message-ID: <87tzmls0o3.fsf@wheatstone.g10code.de> Hi, I just uploaded a release candidate for GnuPG 2.0.8: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-2.0.8rc1.tar.bz2 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-2.0.8rc1.tar.bz2.sig Note that the language files are not all updated and our translators may want to check whether they find time to send an update in. There are certainly a couple of bugs not yet fixed as we had not the time to work through all bug reports, please complain if there are important things still not resolved. The actual release of 2.0.8 is also planned for December 20. Noteworthy changes since 2.0.7 ------------------------------ * Make sure that under Windows the file permissions of the socket are taken into account. This required a change of our socket emulation code; thus old GnuPG modules can't be used anymore. * Fixed a crash in gpgconf. * Enhanced gpg-connect-agent with a small scripting language. * New option --list-config for gpgconf. * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the pinentry. * Allow encryption with legacy Elgamal sign+encrypt keys with option --rfc2440. * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. * Creating DSA2 keys is now possible. * New option --extra-digest-algo for gpgsm to allow verification of broken signatures. Note: You need the current version of libassuan (1.0.4) to build this. Happy hacking, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available Url : /pipermail/attachments/20071214/7e220758/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From rl4518 at att.com Tue Dec 11 21:31:37 2007 From: rl4518 at att.com (LICON, RAY (ATTPB)) Date: Tue, 11 Dec 2007 12:31:37 -0800 Subject: make fails after entering ./gnupg-2.0.7/scd Message-ID: <5073CBABB0230B4EAD7830D295770693068893@casndg1msgusr71.ITServices.sbc.com> ? Ultra Enterprise 4500, solaris 10, gcc 3.46, make 3.81 Everything builds ok until I get into the scd directory ... Is there a way to disable the scd make? Is it necessary for gnpug to function? -thank you, Ray <<<<<>>>>> make ..... /usr/local/src/objcode/gnupg-2.0.7/scd make[2]: Entering directory `/usr/local/src/objcode/gnupg-2.0.7/scd' gcc -DHAVE_CONFIG_H -I. -I.. -I../gl -I../intl -I../common -DLOCALEDIR=\"/usr/local/share/locale\" -DGNUPG_BINDIR="\"/usr/local/bin\"" -DGNUPG_LIBEXECDIR="\"/usr/local/libexec\"" -DGNUPG_LIBDIR="\"/u sr/local/lib/gnupg\"" -DGNUPG_DATADIR="\"/usr/local/share/gnupg\"" -DGNUPG_SYSCONFDIR="\"/usr/local/ etc/gnupg\"" -I/usr/local/include -I/usr/local/include -I/usr/local/include -I/usr/local/includ e -I/usr/local/include -O2 -mcpu=ultrasparc -mtune=ultrasparc -Wall -Wpointer-arith -MT ccid-driver .o -MD -MP -MF .deps/ccid-driver.Tpo -c -o ccid-driver.o ccid-driver.c ccid-driver.c:87:17: usb.h: No such file or directory ccid-driver.c:227: error: syntax error before "usb_dev_handle" ccid-driver.c:227: warning: no semicolon at end of struct or union ccid-driver.c:248: error: syntax error before '}' token ccid-driver.c: In function `prepare_special_transport': ccid-driver.c:337: error: dereferencing pointer to incomplete type ccid-driver.c:339: error: dereferencing pointer to incomplete type ccid-driver.c:340: error: dereferencing pointer to incomplete type ccid-driver.c:341: error: dereferencing pointer to incomplete type ccid-driver.c:342: error: dereferencing pointer to incomplete type ccid-driver.c:343: error: dereferencing pointer to incomplete type ccid-driver.c:344: error: dereferencing pointer to incomplete type ccid-driver.c:345: error: dereferencing pointer to incomplete type ccid-driver.c:349: error: dereferencing pointer to incomplete type ccid-driver.c: In function `parse_ccid_descriptor': ..... ccid-driver.c:2524: error: dereferencing pointer to incomplete type ccid-driver.c:2558: error: dereferencing pointer to incomplete type make[2]: *** [ccid-driver.o] Error 1 make[2]: Leaving directory `/usr/local/src/objcode/gnupg-2.0.7/scd' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/objcode/gnupg-2.0.7' make: *** [all] Error 2 Ray Licon AT&T WEST Advanced Technical Support 310-762-6968 From sven at radde.name Wed Dec 12 19:44:51 2007 From: sven at radde.name (Sven Radde) Date: Wed, 12 Dec 2007 19:44:51 +0100 Subject: Redistributing the GnuPG Windows Binary In-Reply-To: <476008D1.6000208@vt.edu> References: <476008D1.6000208@vt.edu> Message-ID: <47602C23.7030601@radde.name> Hi! Brad Tilley schrieb: > Hope this isn't too inappropriate. It is OK to redistribute the GnuPG > Windows binary installer? IANAL, but given that GnuPG is GPLed, it should be perfectly OK. However, you probably have to GPL your additions to the binary (i.e. the customized scripts). > We'd like to distribute it with some scripts > that by default setup the path, etc. I don't know what exactly you are trying to do, but I think you should have a look at gpg4win.org. It allows you to create customized GnuPG installers - the default version bundles GnuPG with some GUIs and also sets PATH correctly. HTH, Sven From wk at gnupg.org Sat Dec 15 12:28:30 2007 From: wk at gnupg.org (Werner Koch) Date: Sat, 15 Dec 2007 12:28:30 +0100 Subject: make fails after entering ./gnupg-2.0.7/scd In-Reply-To: <5073CBABB0230B4EAD7830D295770693068893@casndg1msgusr71.ITServices.sbc.com> (RAY LICON's message of "Tue, 11 Dec 2007 12:31:37 -0800") References: <5073CBABB0230B4EAD7830D295770693068893@casndg1msgusr71.ITServices.sbc.com> Message-ID: <87d4t8qjs1.fsf@wheatstone.g10code.de> On Tue, 11 Dec 2007 21:31, rl4518 at att.com said: > Everything builds ok until I get into the scd directory ... > Is there a way to disable the scd make? Is it necessary for gnpug to function? The configure script figured out that libusb is available and expect an usb.h file. To workaround, comment out in config.h (top directory) /* defined if libusb is available */ #define HAVE_LIBUSB 1 and run make again. config.h is generated by configure, so you need to do this with running configure. scd/ is only required for smartcard support. If you don't build it, you are just missing smartcard support. Smartcards are even supported without libusb, then using PC/SC. I am not sure whether this as ever been tested on Solaris. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From aolsen at standard.com Tue Dec 18 19:51:47 2007 From: aolsen at standard.com (Alan Olsen) Date: Tue, 18 Dec 2007 10:51:47 -0800 Subject: GPG 1.4.x v.s 2.x Message-ID: <92A893260738B0408497A64189BC1E62032CE3C1@MSEXCHANGE305.corp.standard.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 The place I work needs to upgrade gpg badly. They know this. The question is do they go with the 1.4.x tree or should they go to the 2.x codebase? Suggestions? Recommendations? We get files from clients all over the world. Are there features used in the 2.x versions that 1.4.x cannot handle? Thanks. -----BEGIN PGP SIGNATURE----- Version: 9.5.3 (Build 5003) wsBVAwUBR2gWw2qdmbpu7ejzAQpaDwf7B8HQHiC+JY4yzfU6nB9RDuGT9LwqQ8FU 0iFCdYTHscqyUyUg92A2kf5CUT1Cv+QRthQELa9AXSJvBoCa43cn19h4bbQfGNC2 SXBJFH9vvSQ1KHcnndimlvaRtoyyUqcjij5VRZvrWPoLi4dlP5qXCE9JM3TO3X3W F+J2CzTu5BTXEZ3bhkjjIcgevrJNoRdRY9cnpzWHOJcBkpn352OdiO77GEZYXF5d +kZ1k6JdIkNtOBZPGxYvpnVHLDXa3wxDRV5rg52qUAAKVLH6VmaZt+l4R/3P5t0L hBwJ95mh92Dv7zQ/ysDsTdpFhVl1yROSBVSCPA4HR8XL5UPzyEEa6g== =Lbp4 -----END PGP SIGNATURE----- From hs2412 at gmail.com Mon Dec 17 18:43:52 2007 From: hs2412 at gmail.com (Hardeep Singh) Date: Mon, 17 Dec 2007 23:13:52 +0530 Subject: Decrypt only if signed Message-ID: Hi I am writing a batch script and the basic requirement is that GPG should only decrypt the file if its signed by using one of the keys in the keyring. If it has not been signed, just encrypted, it should leave it encrypted and not decrypt it. The additional requirement, if possible, is that it should only decrypt if signed by a specific KEY ID. Please let me know if this is possible through GPG with some shell scripting if needed. Thanks & Regards Hardeep Singh From wk at gnupg.org Thu Dec 20 10:40:28 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 10:40:28 +0100 Subject: [Announce] GnuPG 1.4.8 released Message-ID: <8763ytd7qr.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-1 release: Version 1.4.8. This is GnuPG's 10th birthday celebration release. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility, samrtcard support and is compliant with the OpenPGP Internet standard as described by RFC-4880 (the recently released update of RFC-2440). Note that this version is from the GnuPG-1 series and thus smaller than those from the GnuPG-2 series, easier to build and also better portable. In contrast to GnuPG-2 (e.g version 2.0.8) it comes with no support for S/MIME or other tools useful for desktop environments. Fortunately you may install both versions alongside on the same system without any conflict. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.8 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.8.tar.bz2 (3242k) gnupg-1.4.8.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.8.tar.gz (4550k) gnupg-1.4.8.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.7-1.4.8.diff.bz2 (330k) A patch file to upgrade a 1.4.7 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.8.exe (2117k) gnupg-w32cli-1.4.8.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. This is a command line only version; the source files are the same as given above. Note, that this is a minimal installer and unless you are just in need for the gpg binary, you are better off using the full featured installer at http://www.gpg4win.org . A new version of Gpg4win, including this version of GnuPG will be available and announced soon. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.8.tar.bz2 you would use this command: gpg --verify gnupg-1.4.8.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.8.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.8.tar.bz2 and check that the output matches the second line from the following list: 29803a37645493104b239247505418f9c5bedd88 gnupg-1.4.8.tar.gz 4b63267358e5c70f05b48e27d6877bad2636cabd gnupg-1.4.8.tar.bz2 e69d50a34c9f8d80aca366494228e2be0e8c641b gnupg-1.4.7-1.4.8.diff.bz2 6ef3f9ba7a36ad1da53a02a8733bf77bc5305587 gnupg-w32cli-1.4.8.exe What's New =========== * Changed the license to GPLv3. * Improved detection of keyrings specified multiple times. * Changes to better cope with broken keyservers. * Minor bug fixes. * The new OpenPGP standard is now complete, and has been published as RFC-4880. The GnuPG --openpgp mode (note this is not the default) has been updated to match the new standard. The --rfc2440 option can be used to return to the older RFC-2440 behavior. The main differences between the two are "--enable-dsa2 --no-rfc2440-text --escape-from-lines --require-cross-certification". * By default (i.e. --gnupg mode), --require-cross-certification is now on. --rfc2440-text and --force-v3-sigs are now off. * Allow encryption using legacy Elgamal sign+encrypt keys if option --rfc2440 is used. * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. * Fix RFC-4880 typo in the SHA-224 hash prefix. Old SHA-224 signatures will continue to work. Internationalization ==================== GnuPG comes with support for 28 languages. Due to a lot of new and changed strings some translations are not entirely complete. The Chinese (Simple and Traditional), Czech, Dutch, French, German, Norwegian, Polish, Romanian, Russian, Spanish, Swedish and Turkish translations are close to be complete. Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, order extensions or support or more general by donating money to the Free Software movement (e.g. http://www.fsfeurope.org/help/donate.en.html). Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by gpg's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. A service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Werner and the other contributors) -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20071220/ac14720e/attachment-0001.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From wk at gnupg.org Thu Dec 20 10:55:16 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 10:55:16 +0100 Subject: [Announce] GnuPG's 10th birthday Message-ID: <87tzmdbshn.fsf@wheatstone.g10code.de> A Short History of the GNU Privacy Guard ======================================== It's been a decade now that the very first version of the GNU Privacy Guard [0] has been released. This very first version was not yet known under the name of GnuPG but dubbed "g10" as a reference on the German constitution article on freedom of telecommunication (Grundgesetz Artikel 10) and as a pun on the G-10 law which allows the secret services to bypass these constitutional guaranteed freedoms. Version 0.0.0 released on December 20th 1997 [1], was a barely working replacement of PGP avoiding all patented algorithm by using Elgamal and Blowfish instead of RSA and IDEA. It was prominently marked as a test version but nevertheless included most of the features of the current GnuPG. The data format however was not compatible with OpenPGP but oriented towards the PGP 2 format with a few extensions (e.g. to allow streaming of data). The OpenPGP working group was founded back in fall 1997 and I learned a bit to late about it to build "g10" according to the then existing draft. For copyright reasons it was practically not possible to reverse engineer the format used by PGP-5, so the establishment of the OpenPGP WG was the right thing at the right time. Before talking about GnuPG we need to go some more years back in history: To help political activists Phil Zimmermann published a software called Pretty Good Privacy (PGP) in 1991. PGP was designed as an easy to use encryption tool with no backdoors and disclosed source code. PGP was indeed intended to be cryptographically strong and not just pretty good; however it had a couple of inital bugs, most of all a home designed cipher algorithm. With the availability of the source code a community of hackers (Branko Lankester, Colin Plumb, Derek Atkins, Hal Finney, Peter Gutmann and others) helped him to fix these flaws and a get a solid version 2 out. Soon after that the trouble started. As in many counties the use or export of cryptographic devices and software was also strongly restricted in the USA. Only weak cryptography was generally allowed. PGP was much stronger and due to the Usenet and the availability of FTP servers and BBSs, PGP accidently leaked out of the country and soon Phil was sued for unlicensed munitions export. Those export control laws were not quite up to the age of software with the funny effect that exporting the software in printed form seemed not to be restricted. MIT Press thus published a book with the PGP source code which was then scanned outside the USA to form the base of PGP-2i ("i" for international). Since then that version was used widely. The criminal investigations against Phil ended in 1996 and he founded PGP Inc to write PGP-5. The first public release was done in spring 1997. The same year at the 39th IETF meeting at Munich in August Phil Zimmermann and Jon Callas asked the IETF to setup a working group to publish a standard for the protocol used by PGP-5 under the name OpenPGP. The main drive behind this was to allow widespread use of strong encryption even if at some point the new company would decide to stop selling and supporting PGP. As it turned out PGP Inc was acquired by Network Associates just a few months later and in 2002 this company actually ceased support and development of PGP (though the PGP product was later continued by the new PGP Corporation). Also often claimed to be Free Software, PGP has never fulfilled the requirements for it: PGP-5 is straight proprietary software; the availability of the source code alonedoes not make it free. PGP-2 has certain restrictions on commercial use [2] and thus puts restrictions on the software which makes it also non-free. Another problem with PGP-2 is that it requires the use of the patented RSA and IDEA algorithms. The patent on RSA was only valid in the USA but the patent on IDEA was and is still valid [3] in most countries. Although the GNU project listed a requirement for a PGP replacement for some years on its task list, it was not possible to start implementing it as long as patents on all public key algorithms were valid. That changed when in April 1997 the basic patent on public key algorithms expired (the Diffie-Hellman US patent 4200770) and finally in August when the broader Hellman-Merkle patent (4218582) expired. A month later, at the Individual-Network Betriebstagung at Aachen [4], Richard Stallman continued his talk with a BoF session where he asked the European hackers to start implementing public key software. The arms trafficker laws of the USA prohibited the GNU project to write such software in their country or even by US citizens working abroad. Thus he told the European hackers that they are in the unique position to help the GNU with crypto software. Being tired of writing SMGL conversion software and without a current fun project, I soon found my self hacking on PGP-2 parsing code based on the description in RFC-1991 and the pgformat.txt file. As this turned out to be easy I continued and finally came up with code to decrypt and create PGP-2 data. After I told the GNU towers that I will take up the PGP replacement implementation I spent the rest of the year replacing IDEA by Blowfish, RSA by Elgamal, implementing streaming encryption, adding some key management and getting the code into a reasonable shape. There used to be a plan for a free version of Secure Shell called PSST (later known as LSH) with a somewhat populated mailing lists maintained by Martin Hamilton. Martin was the so kind to setup a mailing list for g10 too and announced it on that list. This way we got the first subscribers. Eventually I made the first tarball, put it up to ftp.guug.de, the FTP server of the German Unix User Group, and wrote an announcement [5]. Right the next day Peter Gutmann offered to allow the use of his random number code for systems without a /dev/random. This eventually helped a lot to make GnuPG portable to many platforms. The next two months were filled with code updates and a lengthly discussion on the name; we finally settled for Anand Kumria's suggestion of GnuPG and made the first release under this name (gnupg-0.2.8) on Feb 24 [6]. Just a few days later an experimental version with support for Windows was released. (That release also fixed an alignment problem on Alpha boxes which was detected due to kernel log files filling up the hard disk and an admin asking whether they really need to be backed up. ;-) In July 1998 the first more or less OpenPGP draft compliant version was released. Matthew Skala had contributed Twofish code done cleanly From scratch (Twofish was at that time a promising AES candidate and suggested by Schneier as a Blowfish replacement; however we had some copyright concerns with the reference code). Michael Roth contributed a Triple-DES implementation later the year and thus completed the required set of OpenPGP algorithms. Over the next year the usual problems were solved, features discussed, complaints noticed and support for gpg in various other software was introduced by their respective authors. Finally, on September 7, 1999 the current code was released as version 1.0.0 with the major update of including Mike Ashley's GNU Privacy Handbook [7]. A year later the RSA patent was to expire on September 20; the patent holder placed the patent into the public domain 3 weeks earlier and thus we could release 1.0.3 with RSA support already on September 18. One of the major obstacles on widespread use public cryptography had gone (far too late of course). Also in 1999 the German government decided that strong encryption will not be regulated in any way and that its use is recommended for everyone. To publicly support this statement the Ministry of Economics funded the porting of GnuPG and related software to Microsoft Windows [8]. The US government was not keen to see that and tried to urge the German government to revise the decision to allow unregulated distribution of crypto software [9]. That did not work out and to the end the USA had no other way than to weaken their own export rules. Although we still develop GnuPG using servers located in Europe the new US export controls eventually allowed US hackers to contribute to GnuPG development. In 2001 David Shaw joined the project and since then he is one of the most active GnuPG hackers and the co-maintainer. It's now a long time since GnuPG could be managed as a fun project and thus I now spend most of my professional life maintaining and extending GnuPG. In 2001 I founded g10 Code, a Free Software company for the development and support of GnuPG and related software. The most known project is probably GnuPG-2 which started under the name NewPG as part of the broader Aegypten project. The main goal of Aegypten was to provide support for S/MIME under GNU/Linux and integrate that cleanly with other mail clients, most notably KMail. Although having been actively used since 2004, we released 2.0.0 only one years ago. It was not that much fun writing X.509/CMS (commonly named S/MIME) software compared to the elegant and very interoperable OpenPGP protocol. Having mastered that we meanwhile achieved to provide a software which is really useful and works nicely with almost any other S/MIME implementation. It also turned out that we could port GnuPG-2 to Windows - despite my original claim that a modern POSIX platform will be needed for GnuPG-2. This development also showed that it is viable to develop Free Software as a business. With the new tools and from a user's perspective S/MIME and OpenPGP will soon not make much of a difference anymore. However I had to smile when I today read a report on the last RSA Europe conference where a quick poll during a talk showed that OpenPGP is the mostly used encryption protocol. Recall that GnuPG is just one tool; there are numerous other tools out to solve related privacy problems. Kudos to all who worked on writing and deploying privacy tools over all these years! Happy Hacking, Werner [0] http://www/gnupg.org [1] ftp://ftp.gnupg.org/gcrypt/historic/g10-0.0.0.tar.gz [2] from pgpdoc2.txt: "Finally, if you want to turn PGP into a commercial product and make money selling it, then we must agree on a way for me to also make money on it. [...] Under no circumstances may PGP be distributed without the PGP documentation, including this PGP User's Guide." [3] "valid" is meant in the sense the patent holders use it and does not imply that I regard patents on software a valid concept. See http://www.fsfeurope.org/projects/swpat/background.en.html . [4] http://www.dascon.de/IN-BT97/programm.html [5] http://lists.gnupg.org/pipermail/gnupg-devel/1997-December/014131.html There are just a few mails in December mainly discussing patent things. [6] http://lists.gnupg.org/pipermail/gnupg-devel/1998-February/014208.html [7] http://lists.gnupg.org/pipermail/gnupg-announce/1999q3/000037.html [8] http://partners.nytimes.com/library/tech/99/11/cyber/articles/19encrypt.html [9] http://www.heise.de/tp/r4/artikel/5/5124/1.html -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20071220/00458bad/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From alessandro.bottoni at infinito.it Wed Dec 19 11:34:47 2007 From: alessandro.bottoni at infinito.it (Alessandro Bottoni) Date: Wed, 19 Dec 2007 11:34:47 +0100 Subject: How can I compile the CardMan 4000 driver on Kubuntu 7.10? Message-ID: <4768F3C7.2090202@infinito.it> Hi Guys, I downloaded the CM4000 driver from http://svn.gnumonks.org/trunk/omnikey_cardman/new/kernel/cm4000/ and I tried to compile it on both a Kubuntu 7.10 with kernel 2.6.22-14 and a Linux Mint 3.0 (== Kubuntu 7.04) with kernel 2.6.20-16 (on both machines I installed both the kernel headers and the kernel sources). I'm keep on getting a flood of error messages and I'm not able to compile the driver. It looks like the compiler does not find some header ("cm4000.h"?) or something like that. I tried to fix it but I was not lucky... Does anybody know hot to compile this driver on Kunbuntu 7.10? Do I have to put it in any particular location (maybe in /lib/modules/2.6.20-16-generic/build/drivers/)? Am I missing any required component/header? Any suggestion? Many thanks in advance. -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ "Reality is that which, when you stop believing in it, doesn't go away." -- Philip K. Dick From wk at gnupg.org Thu Dec 20 10:44:54 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 10:44:54 +0100 Subject: [Announce] GnuPG 2.0.8 released Message-ID: <87zlw5bsyx.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.8 This is GnuPG's 10th birthday celebration release. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.8) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems. What's New =========== * Enhanced gpg-connect-agent with a small scripting language. * New option --list-config for gpgconf. * Fixed a crash in gpgconf. * Gpg-agent now supports the passphrase quality bar of the latest Pinentry. * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the pinentry. * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. * Creating DSA2 keys is now possible. * New option --extra-digest-algo for gpgsm to allow verification of broken signatures. * Allow encryption with legacy Elgamal sign+encrypt keys with option --rfc2440. * Windows is now a supported platform. * Made sure that under Windows the file permissions of the socket are taken into account. This required a change of our socket emulation code and changed the IPC protocol under Windows. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.8 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and ist mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.8.tar.bz2 (3568k) gnupg-2.0.8.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.7-2.0.8.diff.bz2 (156k) A patch file to upgrade a 2.0.7 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs for GnuPG-2. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.8.tar.bz2 you would use this command: gpg --verify gnupg-2.0.8.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.8.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.8.tar.bz2 and check that the output matches the first line from the following list: baeb7962f9d3d4628ada78036d1f5d4480aaa2d9 gnupg-2.0.8.tar.bz2 80f8c84834122e988eaeeaddff070097b3a9f383 gnupg-2.0.7-2.0.8.diff.bz2 Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings many translations are not entirely complete. The German, Polish, Russian, Swedish and Turkish translations are close to be complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG-2. In fact it has been developed along with the KMail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and in Portable Document Format at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, order extensions or support or more general by donating money to the Free Software movement (e.g. http://www.fsfeurope.org/help/donate.en.html). Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. The GnuPG service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Marcus, Werner and all other contributors) -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20071220/22b45e58/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From dmdm00 at yahoo.com Sun Dec 16 19:37:04 2007 From: dmdm00 at yahoo.com (dmdm) Date: Sun, 16 Dec 2007 10:37:04 -0800 (PST) Subject: how to create a key with two user ids and two number ids Message-ID: <14364461.post@talk.nabble.com> how to create a key with twoids what is the command line? ie send at mydomain.com and config at mydomain.com thanks dmdm -- View this message in context: http://www.nabble.com/how-to-create-a-key-with-two-user-ids-and-two-number-ids-tp14364461p14364461.html Sent from the GnuPG - User mailing list archive at Nabble.com. From dmdm00 at yahoo.com Sun Dec 16 20:46:27 2007 From: dmdm00 at yahoo.com (dmdm) Date: Sun, 16 Dec 2007 11:46:27 -0800 (PST) Subject: how to create a key with two user ids and two number ids Message-ID: <14364461.post@talk.nabble.com> how to create a key with twoids what is the command line? ie send at mydomain.com and config at mydomain.com thanks dmdm -- View this message in context: http://www.nabble.com/how-to-create-a-key-with-two-user-ids-and-two-number-ids-tp14364461p14364461.html Sent from the GnuPG - User mailing list archive at Nabble.com. From alessandro.bottoni at infinito.it Mon Dec 17 18:27:56 2007 From: alessandro.bottoni at infinito.it (Alessandro Bottoni) Date: Mon, 17 Dec 2007 18:27:56 +0100 Subject: Problems with GPG, a Cardman4000 and the FSFE card Message-ID: <4766B19C.4050102@infinito.it> Hi Guys, I'm trying to use this stuff: Card Reader: PCMCIA CardMan4000 Smartcard: FSFE (OpenGPG) Card Distro: Linux Mint 3.0 (something like Kubuntu 7.04) GPG 1.4.6 (and GPG2 2.0.3, as an alternative) OpenSC 0.11.1.3 (ubuntu) PCSCD 1.3.3.1 (ubuntu) PCSC-Lite 1.3.3.1 (ubuntu) All this stuff works fine with Windows XP (winscard.dll). On Linux, the card is reacheable from opensc-tool, openct-tool and from the PKCS#11 part of Mozilla Thunderbird (that is: edit/options/security/devices...). But: There is no way to see the card from GPG 1.4 or GPG 2.0.3. There is no way to see it from the Enigmail part of Mozilla Thunderbird (that is: the OpenGPG menu). I just keep on getting this message: $ gpg --card-status winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running gpg: pcsc_establish_context failed: no service (0x8010001d) gpg: reader not available gpg: OpenPGP card not available Thunderbird/Enigmail says: "Your card reader is not accessible". So, it looks like my reader is not visible but... that is not true! The CardMan4000 is visible from PCSC (that should be used by GPG, behind the scene). Even the card is visible from PCSC (and PCSCD is obviously running...). Here the output of a few diagnostic programs: $ openct-tool list 0 OMNIKEY CardMan 4000 $ opensc-tool -l winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running Readers known about: Nr. Driver Name 0 openct OMNIKEY CardMan 4000 1 openct OpenCT reader (detached) 2 openct OpenCT reader (detached) 3 openct OpenCT reader (detached) 4 openct OpenCT reader (detached) $ opensc-tool -n winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running OpenPGP $ opensc-tool -a winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running 3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1 $ opensc-tool --serial winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running sc_card_ctl(*, SC_CARDCTL_GET_SERIALNR, *) failed Thunderbird is able to access the card from within its PKCS#11 internal support and lists the FSFE card, as expected, amongst the others security devices in its "preferences/security/devices" page. (I tried both GPG1.4 and GPG2, with and without the "--disable-ccid" option, and it does not make any difference.) Is anybody able to understand why this card is not visible/usable from GPG and GPG2 while it is still visible from PCSC? Many thanks in advance -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ "Don't ask what Linux can do for you, ask what you can do for Linux" -- Greg Klebus From alessandro.bottoni at infinito.it Wed Dec 19 11:55:33 2007 From: alessandro.bottoni at infinito.it (Alessandro Bottoni) Date: Wed, 19 Dec 2007 11:55:33 +0100 Subject: GnuPG and Eutron SmartPocket on Linux? Message-ID: <4768F8A5.9090800@infinito.it> Hi Guys, I'm trying to use a Eutron SmartPocket reader to read a FSFE card with GnuPG 1.4.6 on a Linux Mint 3.0 (== Kubuntu 7.04) and on a Kubuntu 7.10. I tried the "--disable-ccid" tip I found here: http://www.fsfe.org/en/forums/fellowship_smoothers/problems_writing_on_smartcard_on_ubuntu_breezy but it does not work. Any suggestion? -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ "In mathematics you don't understand things. You just get used to them." -- John von Neumann From 210525p42015 at denstarfarm.us Thu Dec 20 13:38:38 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Thu, 20 Dec 2007 07:38:38 -0500 Subject: Looking for missing Lib modules Message-ID: <476A624E.9020008@denstarfarm.us> I was trying to build 2.0.8 on my Intel mac and came across these errors and found libassuan and libksba but not "Pth" .... and also wonder where do I put them so the make-file can find them? *** You need libassuan with Pth support to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libassuan/ *** (at least version 1.0.4 (API 1) is required). *** configure: *** *** You need libksba to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libksba/ *** (at least version 1.0.2 using API 1 is required). *** configure: *** *** It is now required to build with support for the *** GNU Portable Threads Library (Pth). Please install this *** library first. The library is for example available at *** ftp://ftp.gnu.org/gnu/pth/ *** On a Debian GNU/Linux system you can install it using *** apt-get install libpth-dev *** To build GnuPG for Windows you need to use the W32PTH *** package; available at: *** ftp://ftp.g10code.com/g10code/w32pth/ *** configure: error: *** *** Required libraries not found. Please consult the above messages From shavital at mac.com Thu Dec 20 13:38:38 2007 From: shavital at mac.com (Charly Avital) Date: Thu, 20 Dec 2007 07:38:38 -0500 Subject: [Announce] GnuPG 1.4.8 released In-Reply-To: <8763ytd7qr.fsf@wheatstone.g10code.de> References: <8763ytd7qr.fsf@wheatstone.g10code.de> Message-ID: <476A624E.5070809@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Werner Koch wrote the following on 12/20/07 4:40 AM: > Hello > > We are pleased to announce the availability of a new stable GnuPG-1 > release: Version 1.4.8. MacOSX (10.5.1) Compiled with idea.c 1. Intel Core 2 Duo Version info: gnupg 1.4.8 Configured for: Darwin (i386-apple-darwin9.1.0) 2. G4 PPC Version info: gnupg 1.4.8 Configured for: Darwin (powerpc-apple-darwin9.1.0) > > This is GnuPG's 10th birthday celebration release. [...] Warm greetings, many happy returns, and Seasonal Greetings. Thanks to the GnuPG team. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJHamI3AAoJEM3GMi2FW4PvYFIH/3AZs5qdjm+eLRsNqZMkyphV x3Ovsk2ptPxOr7mhHkgUZLumxf7qBR2miLTWd8LTOEU0easZk3YdKrwKx0cWz1GY k5wnNFXBVsyZB36BNe4bttfwgeJ8qaRTQrcrnpiSOd6eCDuSKZPKe/OQSHTBbiK4 7lvTy+3gkG7VC/YkIael9gkjfjPe7cnxhwCRNcrB7PXbP/aE3bR8RpLCmTxlBerW JoYobJrz33ekUO2QlIsxFqjpZnt8VGrucBdajJ65ZZBKwra9hqrRkBPwSRNfo1bU XJj2BPESAnC5oOtPuwyxP8Mf5+Ip97KMTwbt3sJqLM1n+BM00tbG5f2AhXCSncU= =KRQz -----END PGP SIGNATURE----- From grahamtodd2 at googlemail.com Thu Dec 20 14:12:36 2007 From: grahamtodd2 at googlemail.com (Graham) Date: Thu, 20 Dec 2007 13:12:36 +0000 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <87tzmdbshn.fsf@wheatstone.g10code.de> References: <87tzmdbshn.fsf@wheatstone.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Dec 2007 10:55:16 +0100 Werner Koch wrote: > A Short History of the GNU Privacy Guard > ======================================== > > It's been a decade now that the very first version of the GNU Privacy > Guard [0] has been released. [snipped] Thank you Werner for that most informative annoucement. Certainly, kudos to all those hackers who gave us a FREE (as in freedom) privacy tool, and thanks to them all - from Phil Zimmerman onwards - who risked personal freedom to ensure we had liberty. However, as many philosophers have observed, "liberty is not licence"; just because you CAN do something, it doesn't mean you necessarily SHOULD be allowed to do it under all circumstances. Apart from not being able to find anyone to use encryption using PGP or GnuPG outside of our very small community, we are faced with the use of these very strong encryption tools by those who would attack the very heart of our way of life. We need to take a step back and consider how GnuPG should be used in the future. We need a debate at the widest level in the internet community. - -- Graham Todd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQFHampbthMHx1h/UZYRAhUwAJ9EpB2ZDoaKBq6t3wW5ekvefODNKACePOOF vhgv1FnAjhDzTWqdEfWJQBA= =n7fk -----END PGP SIGNATURE----- From telegraph at gmx.net Thu Dec 20 14:21:11 2007 From: telegraph at gmx.net (Gregor Zattler) Date: Thu, 20 Dec 2007 14:21:11 +0100 Subject: Decrypt only if signed In-Reply-To: References: Message-ID: <20071220132111.GE7125@pit.ID-43118.user.dfncis.de> Hi Hardeep, * Hardeep Singh [17. Dez. 2007]: > I am writing a batch script and the basic requirement is that GPG > should only decrypt the file if its signed by using one of the keys in > the keyring. If it has not been signed, just encrypted, it should > leave it encrypted and not decrypt it. This is not possible since normally (via gpg --sign --encrypt ...) signed and encrypted files are first signed and then encryted in order to reveal the signature and therefore the originator of the file only to the intended audience. Therefore you have to encrypt the file in order to "see" the signature. If you control the way the file is generated in the first place you could do this in two steps: first encrypt then sign the encrypted file. Then you can simply check the signature of the file and proceed depending on the outcome of the signature check. Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- From telegraph at gmx.net Thu Dec 20 14:12:07 2007 From: telegraph at gmx.net (Gregor Zattler) Date: Thu, 20 Dec 2007 14:12:07 +0100 Subject: how to create a key with two user ids and two number ids In-Reply-To: <14364461.post@talk.nabble.com> References: <14364461.post@talk.nabble.com> Message-ID: <20071220131207.GD7125@pit.ID-43118.user.dfncis.de> Hi dmdm, * dmdm [16. Dez. 2007]: > > how to create a key with twoids > what is the command line? > > ie send at mydomain.com > and > config at mydomain.com You first create a key with one user-id gpg --gen-key and the add the other gpg --edit-key adduid your-first-user-or-key-id-here Both are interactive commands. Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- From dave.smith at st.com Thu Dec 20 13:12:35 2007 From: dave.smith at st.com (David SMITH) Date: Thu, 20 Dec 2007 12:12:35 +0000 Subject: how to create a key with two user ids and two number ids In-Reply-To: <14364461.post@talk.nabble.com> References: <14364461.post@talk.nabble.com> Message-ID: <20071220121234.GJ12931@bristol.st.com> On Sun, Dec 16, 2007 at 10:37:04AM -0800, dmdm wrote: > > how to create a key with twoids Create a key with one UID, then edit the key and add a second UID. > what is the command line? Some hints from gpg --help: --gen-key generate a new key pair --edit-key sign or edit a key | +-> adduid add a user ID HTH... -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith at st.com BRISTOL, BS32 4SQ | Home Email: David.Smith at ds-electronics.co.uk From wk at gnupg.org Thu Dec 20 15:56:27 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 15:56:27 +0100 Subject: Looking for missing Lib modules In-Reply-To: <476A624E.9020008@denstarfarm.us> (Robert D.'s message of "Thu, 20 Dec 2007 07:38:38 -0500") References: <476A624E.9020008@denstarfarm.us> Message-ID: <871w9h9zz8.fsf@wheatstone.g10code.de> On Thu, 20 Dec 2007 13:38, 210525p42015 at denstarfarm.us said: > I was trying to build 2.0.8 on my Intel mac and came across these errors > and found libassuan and libksba but not "Pth" .... and also wonder > where do I put them so the make-file can find them? I can't tell you how to get PTh for your system but in general the soruces available at ftp.gnu.org build just fine. GNU/Linux systems you just need to install the pth(-dev) package. You need to properly install these libraries inluding the development files (*.h and *.a). Then configure gnupg. IT is also possible to install these libraries locally; you then need to use the diverse --with-foo-prefix configure options. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Thu Dec 20 16:00:54 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 16:00:54 +0100 Subject: GnuPG and Eutron SmartPocket on Linux? Message-ID: <87sl1x8l7d.fsf@wheatstone.g10code.de> An embedded message was scrubbed... From: Werner Koch Subject: Re: GnuPG and Eutron SmartPocket on Linux? Date: Thu, 20 Dec 2007 16:00:01 +0100 Size: 1361 Url: /pipermail/attachments/20071220/dc05c2d3/attachment.mht From wk at gnupg.org Thu Dec 20 16:04:05 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 16:04:05 +0100 Subject: GPG 1.4.x v.s 2.x In-Reply-To: <92A893260738B0408497A64189BC1E62032CE3C1@MSEXCHANGE305.corp.standard.com> (Alan Olsen's message of "Tue, 18 Dec 2007 10:51:47 -0800") References: <92A893260738B0408497A64189BC1E62032CE3C1@MSEXCHANGE305.corp.standard.com> Message-ID: <87odcl8l22.fsf@wheatstone.g10code.de> On Tue, 18 Dec 2007 19:51, aolsen at standard.com said: > We get files from clients all over the world. Are there features used in the 2.x versions that 1.4.x cannot handle? Yes, S/MIME (i.e. CMS/X.509). However if you are using OpenPGP that does not effect you. The OpenPGP code of GnuPG-2 is identically to the code of GnuPG-1. The major difference is that gpg2 requires a running gpg-agent to ask for the passphrase. If you don't want to change your work environment your best choice is to go with gnupg 1.4.8 Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Thu Dec 20 16:05:52 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 16:05:52 +0100 Subject: Decrypt only if signed In-Reply-To: (Hardeep Singh's message of "Mon, 17 Dec 2007 23:13:52 +0530") References: Message-ID: <87k5n98kz3.fsf@wheatstone.g10code.de> On Mon, 17 Dec 2007 18:43, hs2412 at gmail.com said: > I am writing a batch script and the basic requirement is that GPG > should only decrypt the file if its signed by using one of the keys in > the keyring. If it has not been signed, just encrypted, it should > leave it encrypted and not decrypt it. You need to decrypt the file before you can tell whether it is signed. GnuPG emits enough information via --status-fd to detect if the file was signed as well as the keyID used to sign the file. Delete the plaintext if it has not been signed. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tzanak at yahoo.com Sun Dec 16 13:55:59 2007 From: tzanak at yahoo.com (geo909) Date: Sun, 16 Dec 2007 04:55:59 -0800 (PST) Subject: Help! I can't revoke my public Key! Message-ID: <14353913.post@talk.nabble.com> Hello to everyone. I have just started using gpg in Ubuntu and I did some tests, creating keys etc. I uploaded one of them (ID is 134FE86D) in http://pgp.mit.edu/ with the username "Georgios N. Tzanakis" and then I tried to revoke it. I did what I have to do and got the revoke key in the form below: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: A revocation certificate should follow -----END PGP PUBLIC KEY BLOCK----- But when I try to submit it (that is, pasting all that to the "Enter ASCII-armored PGP key here:" field, I get the message: "Public Key Server -- Add Key block in add request contained no new keys, userid's, or signatures. Your key block contained 1 format errors, which were treated as if the erroneous elements hadn't been part of your submission. The last error was on key 0xffbfb3a8: Key block corrupt: signature without key" ...and my unwanted key is always there. Why the revoke key doesn't work? Am I doing something wrong? (The passphrase and all that are correct). Thank you very much for your time. George -- View this message in context: http://www.nabble.com/Help%21-I-can%27t-revoke-my-public-Key%21-tp14353913p14353913.html Sent from the GnuPG - User mailing list archive at Nabble.com. From thurston at cs.queensu.ca Wed Dec 19 18:12:06 2007 From: thurston at cs.queensu.ca (Adrian Thurston) Date: Wed, 19 Dec 2007 12:12:06 -0500 Subject: using pgp for web-based social networking Message-ID: <476950E6.3030405@cs.queensu.ca> Hi, I am interested in using PGP to implement web-based distributed social networking. I used to use facebook and I found it very useful, however I disagree with dumping my personal information into a central database. So I set out to make something of my own. I have defined a protocol and described it here: http://www.cs.queensu.ca/~thurston/fif/ In a sense it is a thin wrapper around PGP, except keys are managed on behalf of the user and URIs go into key ids, not names. The advantage of this is that it is easy to use. If anyone here is interested in social networking I'd love to get some feedback. Thanks, Adrian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071219/3967571f/attachment.pgp From dshaw at jabberwocky.com Thu Dec 20 16:49:53 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 20 Dec 2007 10:49:53 -0500 Subject: Help! I can't revoke my public Key! In-Reply-To: <14353913.post@talk.nabble.com> References: <14353913.post@talk.nabble.com> Message-ID: <20071220154953.GA23872@jabberwocky.com> On Sun, Dec 16, 2007 at 04:55:59AM -0800, geo909 wrote: > > Hello to everyone. > > I have just started using gpg in Ubuntu and I did some tests, creating keys > etc. > I uploaded one of them (ID is 134FE86D) in > http://pgp.mit.edu/ > with the username "Georgios N. Tzanakis" > and then I tried to revoke it. I did what I have to do and got > the revoke key in the form below: > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: A revocation certificate should follow > > > -----END PGP PUBLIC KEY BLOCK----- > > But when I try to submit it (that is, pasting all that to the > "Enter ASCII-armored PGP key here:" field, I get the message: > > "Public Key Server -- Add > Key block in add request contained no new > keys, userid's, or signatures. Do this: gpg --import (the revocation file) gpg --keyserver pgp.mit.edu --send-key (the key id) David From wk at gnupg.org Thu Dec 20 17:36:28 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 17:36:28 +0100 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: (grahamtodd2@googlemail.com's message of "Thu, 20 Dec 2007 13:12:36 +0000") References: <87tzmdbshn.fsf@wheatstone.g10code.de> Message-ID: <87d4t1727n.fsf@wheatstone.g10code.de> On Thu, 20 Dec 2007 14:12, grahamtodd2 at googlemail.com said: > of our very small community, we are faced with the use of these very > strong encryption tools by those who would attack the very heart of our > way of life. We need to take a step back and consider how GnuPG should > be used in the future. I strongly disagree with conclusion and state that we need to continue to tell people to use of privacy tools - without any backdoors. It needs to be as common as locking the door of your card and house. Yes, I can imagine a world where this would not be required but our world is not yet like that. Speaking of Germany, our home secretary is working on turning Germany into a surveillance state despite the terrific experience we had 70 years ago. He tells us that we need to give up some freedom to be safer against terrorism. The real terrorism experience we make here are due to neo-nazis punching people to death or a single nazis who bombed the October-Feast. Nothing which can be avoided by surveillance. Those they will catch with these measures are the little crooks and small tax dodgers. All citizens are put under general suspicion - this is in total contradiction to our long existing and hard-fought culture of justice. Instead of doing something reasonable for saving lives, like a speed limit on our streets, feeding the poor or caring about those who drown in the Mediterranean Sea on their getaway from the climatic changes, we put millions and millions into surveillance. If you want to fight terrorism you need to solve the real problems of the people and thus pulling away the volunteers of terror. Banning encryption in any way is not an option. There is well known saying attributed to Phil Zimmermann: When encryption is outlawed, only outlaws have encryption. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jmoore3rd at bellsouth.net Thu Dec 20 17:57:16 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 20 Dec 2007 11:57:16 -0500 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <87d4t1727n.fsf@wheatstone.g10code.de> References: <87tzmdbshn.fsf@wheatstone.g10code.de> <87d4t1727n.fsf@wheatstone.g10code.de> Message-ID: <476A9EEC.7020309@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Werner Koch wrote: > There is well known saying attributed to Phil Zimmermann: > > When encryption is outlawed, only outlaws have encryption. "Borrowed" no doubt from the U.S. National Rifle Association motto of the '60's: When Guns are Outlawed; Only Outlaws will have Guns! JOHN ;) Timestamp: Thursday 20 Dec 2007, 11:55 --500 (Eastern Standard Time) P.S. To paraphrase the 2nd Motto: I'll give up Encryption when they pry My Keyboard from My cold, stiff fingers! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4658: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHap7qAAoJEBCGy9eAtCsPub4IAJsdXcUtp9DaLbIXToQPZ/a/ 4iQrqNQTKmtjMmejdOflxnNtfSnq+RbdZA6RVJe2eU4ONIMUgmjIa8O72fPD5V1E tfdwLmCNdU69pr1EvYV/6ToEE+tA4V4ysmhx5Z/aRaywdzuXaqXzP8XbBmaoneyS NJr4i3I6qDh3kajRlYcVP3uexsIiL0M97TsZCa/UYaZssCWm3T5YXTeLG+NyEFOv SF5JL/x0nv2K+zKrYU+Lp1v2+hvWdmnW9Pmawf0I9uTGo0+zI+DfGgiFxGDLfysM KcG0k5eHvYRdjZSYQpVF4/iN2YZ4R3ng/iOlVlJZdzB1RT5zy1+fQHnazaQD+N0= =MtP4 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu Dec 20 18:01:48 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 20 Dec 2007 11:01:48 -0600 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <87d4t1727n.fsf@wheatstone.g10code.de> References: <87tzmdbshn.fsf@wheatstone.g10code.de> <87d4t1727n.fsf@wheatstone.g10code.de> Message-ID: <476A9FFC.1050109@sixdemonbag.org> Werner Koch wrote: > Speaking of Germany, our home secretary is working on turning Germany > into a surveillance state despite the terrific experience we had 70 > years ago. 70 years? 1990 doesn't seem that long ago. For those who are not up on German history, prior to German reunification the German Democratic Republic was one of the most heavily surveilled nations on the planet. Watch "Das Leben der Anderen" sometime (released in the US as "The Lives of Others"; not sure about how it's named in other foreign releases). The movie is definitely worth watching. From benjamin at py-soft.co.uk Thu Dec 20 18:46:00 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 20 Dec 2007 17:46:00 +0000 Subject: Mac GNU Privacy Guard v1.4.8 Message-ID: <476AAA58.6080101@py-soft.co.uk> The latest binary install package for GnuPG v1.4.8 for MacOSX is now available to download from http://prdownloads.sourceforge.net/macgpg/GnuPG1.4.8.dmg?download MD5 checksum: db046fd96e274dfe3c7021047561fb5a Intended for MacOSX v10.4.x or greater. Universal binary so will install on both Intel and PPC Macs. Please direct any queries to the MacGPG team - http://macgpg.sourceforge.net/ Ben From rjh at sixdemonbag.org Thu Dec 20 18:49:51 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 20 Dec 2007 11:49:51 -0600 Subject: GPG 1.4.x v.s 2.x In-Reply-To: <92A893260738B0408497A64189BC1E62032CE3C1@MSEXCHANGE305.corp.standard.com> References: <92A893260738B0408497A64189BC1E62032CE3C1@MSEXCHANGE305.corp.standard.com> Message-ID: <476AAB3F.1000603@sixdemonbag.org> Alan Olsen wrote: > The place I work needs to upgrade gpg badly. They know this. The > question is do they go with the 1.4.x tree or should they go to the > 2.x codebase? Depends on what you want to do with it. If you're only worried about OpenPGP (RFC2440 or RFC4880) traffic, then the 1.4 tree is the one to use; it has the longest history, more eyes have looked at it, and the user community is larger. From rjh at sixdemonbag.org Thu Dec 20 18:18:49 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 20 Dec 2007 11:18:49 -0600 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <200712201558.lBKFwhF4022855@shards.monkeyblade.net> References: <87tzmdbshn.fsf@wheatstone.g10code.de> <200712201558.lBKFwhF4022855@shards.monkeyblade.net> Message-ID: <476AA3F9.7020208@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Graham wrote: > we are faced with the use of these very strong encryption tools by > those who would attack the very heart of our way of life. Prove it. You're asserting "the right to privacy and the means to enforce that right are so dangerous to our way of life that they must be restricted in their scope." That's an extraordinary claim, and it needs extraordinary evidence to back it up... extraordinary evidence I have never seen from anyone who has made this claim. As soon as you can prove that your opinion is correct, then I'll join the debate you're so keen to start. But until that time, you're fearmongering. Please stop. We have enough fearmongers in the world without you joining them. Come back over to our side of the fence, Graham. It's scary over here, but it's also free. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iFYEAREIAAYFAkdqo/gACgkQf2XByo0Cu7NkhADdGytCqHOULia3wX59GPQnjIkM Wnx/7d+hNwys5ADfaZWNYFXQx+zm797RChpu6pO1alD8K2R4k4r6VYkBHAQBAQgA BgUCR2qj+AAKCRC3APSC/q+BCRp1B/0QgQiuTqkr587tLgqeHqV18Fc4V3m4JFP6 BMRAMEv0ZKCV8gKvp//sSeNn0R5EnV3AU8/QbIboqF73Utc0y6jqOtcjkaQd6Sq3 9ysm96Ffbi65J+chsBp/k1BXwTphF9/ljeg+hf8fHySb56hAcLhCucP9Qm0VdJyy Zq2Nh5edXPDjpeTKyV4/uE8EtSY2PuqBLc2/gtYNiGJAxxczbu8dclK+f4Rg1hEM ondzIQq1+0rRrGrnX4PY2g167wzFLcMsux34nPJ/MYQn0/APow7E1IgA7kvEfxGs VDvhnv32zqj1o72jr5c9qRV/3M4c3bWqqL/D3lRu4PwgxY0n9z9Z =yfBk -----END PGP SIGNATURE----- From benjamin at py-soft.co.uk Thu Dec 20 18:53:51 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 20 Dec 2007 17:53:51 +0000 Subject: using pgp for web-based social networking In-Reply-To: <476950E6.3030405@cs.queensu.ca> References: <476950E6.3030405@cs.queensu.ca> Message-ID: <476AAC2F.1020301@py-soft.co.uk> Adrian Thurston wrote: > I have defined a protocol and described it here: > > http://www.cs.queensu.ca/~thurston/fif/ > I get 404: file not found. Ben From wk at gnupg.org Thu Dec 20 18:56:07 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Dec 2007 18:56:07 +0100 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <476A9FFC.1050109@sixdemonbag.org> (Robert J. Hansen's message of "Thu, 20 Dec 2007 11:01:48 -0600") References: <87tzmdbshn.fsf@wheatstone.g10code.de> <87d4t1727n.fsf@wheatstone.g10code.de> <476A9FFC.1050109@sixdemonbag.org> Message-ID: <87r6hh5jyg.fsf@wheatstone.g10code.de> On Thu, 20 Dec 2007 18:01, rjh at sixdemonbag.org said: > 70 years? 1990 doesn't seem that long ago. I meant 1933-1945. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rjh at sixdemonbag.org Thu Dec 20 20:04:06 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 20 Dec 2007 13:04:06 -0600 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <87r6hh5jyg.fsf@wheatstone.g10code.de> References: <87tzmdbshn.fsf@wheatstone.g10code.de> <87d4t1727n.fsf@wheatstone.g10code.de> <476A9FFC.1050109@sixdemonbag.org> <87r6hh5jyg.fsf@wheatstone.g10code.de> Message-ID: <476ABCA6.70408@sixdemonbag.org> Werner Koch wrote: > I meant 1933-1945. I knew you were referring to the World War Two era; I just thought it was worth mentioning that many Germans lived in a surveillance society until fairly recently. I certainly did not mean to imply the modern-day Germany had any part to play in the GDR's crimes. From thurston at cs.queensu.ca Thu Dec 20 21:20:58 2007 From: thurston at cs.queensu.ca (Adrian Thurston) Date: Thu, 20 Dec 2007 15:20:58 -0500 Subject: using pgp for web-based social networking In-Reply-To: <476AAC2F.1020301@py-soft.co.uk> References: <476950E6.3030405@cs.queensu.ca> <476AAC2F.1020301@py-soft.co.uk> Message-ID: <476ACEAA.1080504@cs.queensu.ca> Hi, Sorry I didn't get the subscribe confirmation until today and had some doubt as to whether or not my message got through. Then later I changed the URL. Anyways, it is now found here: http://www.cs.queensu.ca/~thurston/friendsinfeed/ Thanks, Adrian Benjamin Donnachie wrote: > Adrian Thurston wrote: >> I have defined a protocol and described it here: >> >> http://www.cs.queensu.ca/~thurston/fif/ >> > I get 404: file not found. > > Ben > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071220/a90f1bd8/attachment.pgp From daniel-gnupg-users at rio-grande.ping.de Thu Dec 20 20:48:11 2007 From: daniel-gnupg-users at rio-grande.ping.de (Daniel Hess) Date: Thu, 20 Dec 2007 20:48:11 +0100 Subject: How can I compile the CardMan 4000 driver on Kubuntu 7.10? In-Reply-To: <4768F3C7.2090202@infinito.it> References: <4768F3C7.2090202@infinito.it> Message-ID: <20071220194810.GA14581@rio-grande.ping.de> On Wed, Dec 19, 2007 at 11:34:47AM +0100, Alessandro Bottoni wrote: > I downloaded the CM4000 driver from > http://svn.gnumonks.org/trunk/omnikey_cardman/new/kernel/cm4000/ and I > tried to compile it on both a Kubuntu 7.10 with kernel 2.6.22-14 and a > Linux Mint 3.0 (== Kubuntu 7.04) with kernel 2.6.20-16 (on both machines > I installed both the kernel headers and the kernel sources). Why not use the one which comes with the kernel? packages.ubuntu.com lists cm4000_cs as being contained in the linux-images. > I'm keep on getting a flood of error messages and I'm not able to > compile the driver. It looks like the compiler does not find some header > ("cm4000.h"?) or something like that. I tried to fix it but I was not > lucky... This could be because of changes within the linux kernel. As cm4000_cs is in the vanilla kernel since a while and distributions shipping it I would use the one already in the kernel. > Any suggestion? Use cm4000_cs from the kernel. Last time I've used my cardman 4000 (now replaced by a cardman 4040) I had to use openct together with pcscd to make gnupg make use of it. Greetings Daniel From kloecker at kde.org Thu Dec 20 20:54:11 2007 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu, 20 Dec 2007 20:54:11 +0100 Subject: Looking for missing Lib modules In-Reply-To: <476A624E.9020008@denstarfarm.us> References: <476A624E.9020008@denstarfarm.us> Message-ID: <200712202054.12740@erwin.ingo-kloecker.de> On Thursday 20 December 2007, Robert D. wrote: > I was trying to build 2.0.8 on my Intel mac and came across these > errors and found libassuan and libksba but not "Pth" .... and also > wonder where do I put them so the make-file can find them? I suggest to have a look at the Fink project (www.finkproject.org). With respect to "pth" have a look at http://pdb.finkproject.org/pdb/browse.php?summary=pth Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part. Url : /pipermail/attachments/20071220/81b86435/attachment.pgp From hidekis at gmail.com Thu Dec 20 20:39:02 2007 From: hidekis at gmail.com (Hideki Saito) Date: Thu, 20 Dec 2007 11:39:02 -0800 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <87tzmdbshn.fsf@wheatstone.g10code.de> References: <87tzmdbshn.fsf@wheatstone.g10code.de> Message-ID: Hi Werner, May I translate this into Japanese? Cheers, -- Hideki Saito On Dec 20, 2007 1:55 AM, Werner Koch wrote: > A Short History of the GNU Privacy Guard > ======================================== > > It's been a decade now that the very first version of the GNU Privacy > Guard [0] has been released. This very first version was not yet > known under the name of GnuPG but dubbed "g10" as a reference on the > German constitution article on freedom of telecommunication > (Grundgesetz Artikel 10) and as a pun on the G-10 law which allows the > secret services to bypass these constitutional guaranteed freedoms. > > Version 0.0.0 released on December 20th 1997 [1], was a barely working > replacement of PGP avoiding all patented algorithm by using Elgamal > and Blowfish instead of RSA and IDEA. It was prominently marked as a > test version but nevertheless included most of the features of the > current GnuPG. The data format however was not compatible with > OpenPGP but oriented towards the PGP 2 format with a few extensions > (e.g. to allow streaming of data). The OpenPGP working group was > founded back in fall 1997 and I learned a bit to late about it to > build "g10" according to the then existing draft. For copyright > reasons it was practically not possible to reverse engineer the format > used by PGP-5, so the establishment of the OpenPGP WG was the right > thing at the right time. > > Before talking about GnuPG we need to go some more years back in > history: To help political activists Phil Zimmermann published a > software called Pretty Good Privacy (PGP) in 1991. PGP was designed > as an easy to use encryption tool with no backdoors and disclosed > source code. PGP was indeed intended to be cryptographically strong > and not just pretty good; however it had a couple of inital bugs, most > of all a home designed cipher algorithm. With the availability of the > source code a community of hackers (Branko Lankester, Colin Plumb, > Derek Atkins, Hal Finney, Peter Gutmann and others) helped him to fix > these flaws and a get a solid version 2 out. > > Soon after that the trouble started. As in many counties the use or > export of cryptographic devices and software was also strongly > restricted in the USA. Only weak cryptography was generally allowed. > PGP was much stronger and due to the Usenet and the availability of > FTP servers and BBSs, PGP accidently leaked out of the country and > soon Phil was sued for unlicensed munitions export. Those export > control laws were not quite up to the age of software with the funny > effect that exporting the software in printed form seemed not to be > restricted. MIT Press thus published a book with the PGP source code > which was then scanned outside the USA to form the base of PGP-2i ("i" > for international). Since then that version was used widely. > > The criminal investigations against Phil ended in 1996 and he founded > PGP Inc to write PGP-5. The first public release was done in spring > 1997. The same year at the 39th IETF meeting at Munich in August Phil > Zimmermann and Jon Callas asked the IETF to setup a working group to > publish a standard for the protocol used by PGP-5 under the name > OpenPGP. The main drive behind this was to allow widespread use of > strong encryption even if at some point the new company would decide > to stop selling and supporting PGP. As it turned out PGP Inc was > acquired by Network Associates just a few months later and in 2002 > this company actually ceased support and development of PGP (though > the PGP product was later continued by the new PGP Corporation). > > Also often claimed to be Free Software, PGP has never fulfilled the > requirements for it: PGP-5 is straight proprietary software; the > availability of the source code alonedoes not make it free. PGP-2 has > certain restrictions on commercial use [2] and thus puts restrictions > on the software which makes it also non-free. Another problem with > PGP-2 is that it requires the use of the patented RSA and IDEA > algorithms. The patent on RSA was only valid in the USA but the > patent on IDEA was and is still valid [3] in most countries. > > Although the GNU project listed a requirement for a PGP replacement > for some years on its task list, it was not possible to start > implementing it as long as patents on all public key algorithms were > valid. That changed when in April 1997 the basic patent on public key > algorithms expired (the Diffie-Hellman US patent 4200770) and finally > in August when the broader Hellman-Merkle patent (4218582) expired. > > A month later, at the Individual-Network Betriebstagung at Aachen [4], > Richard Stallman continued his talk with a BoF session where he asked > the European hackers to start implementing public key software. The > arms trafficker laws of the USA prohibited the GNU project to write > such software in their country or even by US citizens working abroad. > Thus he told the European hackers that they are in the unique position > to help the GNU with crypto software. > > Being tired of writing SMGL conversion software and without a current > fun project, I soon found my self hacking on PGP-2 parsing code based > on the description in RFC-1991 and the pgformat.txt file. As this > turned out to be easy I continued and finally came up with code to > decrypt and create PGP-2 data. After I told the GNU towers that I > will take up the PGP replacement implementation I spent the rest of > the year replacing IDEA by Blowfish, RSA by Elgamal, implementing > streaming encryption, adding some key management and getting the code > into a reasonable shape. > > There used to be a plan for a free version of Secure Shell called PSST > (later known as LSH) with a somewhat populated mailing lists > maintained by Martin Hamilton. Martin was the so kind to setup a > mailing list for g10 too and announced it on that list. This way we > got the first subscribers. Eventually I made the first tarball, put > it up to ftp.guug.de, the FTP server of the German Unix User Group, > and wrote an announcement [5]. > > Right the next day Peter Gutmann offered to allow the use of his > random number code for systems without a /dev/random. This eventually > helped a lot to make GnuPG portable to many platforms. The next two > months were filled with code updates and a lengthly discussion on the > name; we finally settled for Anand Kumria's suggestion of GnuPG and > made the first release under this name (gnupg-0.2.8) on Feb 24 [6]. > Just a few days later an experimental version with support for Windows > was released. (That release also fixed an alignment problem on Alpha > boxes which was detected due to kernel log files filling up the hard > disk and an admin asking whether they really need to be backed up. ;-) > > In July 1998 the first more or less OpenPGP draft compliant version > was released. Matthew Skala had contributed Twofish code done cleanly > From scratch (Twofish was at that time a promising AES candidate and > suggested by Schneier as a Blowfish replacement; however we had some > copyright concerns with the reference code). Michael Roth contributed > a Triple-DES implementation later the year and thus completed the > required set of OpenPGP algorithms. Over the next year the usual > problems were solved, features discussed, complaints noticed and > support for gpg in various other software was introduced by their > respective authors. > > Finally, on September 7, 1999 the current code was released as version > 1.0.0 with the major update of including Mike Ashley's GNU Privacy > Handbook [7]. A year later the RSA patent was to expire on September > 20; the patent holder placed the patent into the public domain 3 weeks > earlier and thus we could release 1.0.3 with RSA support already on > September 18. One of the major obstacles on widespread use public > cryptography had gone (far too late of course). > > Also in 1999 the German government decided that strong encryption will > not be regulated in any way and that its use is recommended for > everyone. To publicly support this statement the Ministry of > Economics funded the porting of GnuPG and related software to > Microsoft Windows [8]. The US government was not keen to see that and > tried to urge the German government to revise the decision to allow > unregulated distribution of crypto software [9]. That did not work > out and to the end the USA had no other way than to weaken their own > export rules. > > Although we still develop GnuPG using servers located in Europe the > new US export controls eventually allowed US hackers to contribute to > GnuPG development. In 2001 David Shaw joined the project and since > then he is one of the most active GnuPG hackers and the co-maintainer. > > It's now a long time since GnuPG could be managed as a fun project and > thus I now spend most of my professional life maintaining and extending > GnuPG. In 2001 I founded g10 Code, a Free Software company for the > development and support of GnuPG and related software. The most known > project is probably GnuPG-2 which started under the name NewPG as part > of the broader Aegypten project. The main goal of Aegypten was to > provide support for S/MIME under GNU/Linux and integrate that cleanly > with other mail clients, most notably KMail. Although having been > actively used since 2004, we released 2.0.0 only one years ago. > > It was not that much fun writing X.509/CMS (commonly named S/MIME) > software compared to the elegant and very interoperable OpenPGP > protocol. Having mastered that we meanwhile achieved to provide a > software which is really useful and works nicely with almost any other > S/MIME implementation. It also turned out that we could port GnuPG-2 > to Windows - despite my original claim that a modern POSIX platform > will be needed for GnuPG-2. This development also showed that it is > viable to develop Free Software as a business. > > With the new tools and from a user's perspective S/MIME and OpenPGP > will soon not make much of a difference anymore. However I had to > smile when I today read a report on the last RSA Europe conference > where a quick poll during a talk showed that OpenPGP is the mostly > used encryption protocol. > > Recall that GnuPG is just one tool; there are numerous other tools out > to solve related privacy problems. Kudos to all who worked on writing > and deploying privacy tools over all these years! > > > Happy Hacking, > > Werner > > > [0] http://www/gnupg.org > [1] ftp://ftp.gnupg.org/gcrypt/historic/g10-0.0.0.tar.gz > [2] from pgpdoc2.txt: "Finally, if you want to turn PGP into a > commercial product and make money selling it, then we must agree > on a way for me to also make money on it. [...] Under no > circumstances may PGP be distributed without the PGP > documentation, including this PGP User's Guide." > [3] "valid" is meant in the sense the patent holders use it and does > not imply that I regard patents on software a valid concept. See > http://www.fsfeurope.org/projects/swpat/background.en.html . > [4] http://www.dascon.de/IN-BT97/programm.html > [5] http://lists.gnupg.org/pipermail/gnupg-devel/1997-December/014131.html > There are just a few mails in December mainly discussing patent things. > [6] http://lists.gnupg.org/pipermail/gnupg-devel/1998-February/014208.html > [7] http://lists.gnupg.org/pipermail/gnupg-announce/1999q3/000037.html > [8] http://partners.nytimes.com/library/tech/99/11/cyber/articles/19encrypt.html > [9] http://www.heise.de/tp/r4/artikel/5/5124/1.html > > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > _______________________________________________ > Gnupg-announce mailing list > Gnupg-announce at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-announce > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From aldolat at gmail.com Thu Dec 20 21:56:35 2007 From: aldolat at gmail.com (Aldo Latino) Date: Thu, 20 Dec 2007 21:56:35 +0100 Subject: Hi to the mailing list Message-ID: <1198184195.6043.13.camel@gutsy> Hi, I am a new user of this mailing list and I am very happy to meet all of you. I am a Italian Linux user and enjoyed this Operating System for 2 years. Coming from Windows where I used PGP from vers. 6 to 8, now in Linux I am a very enthusiastic user of GnuPG. I hope to improve my use of GnuPG reading your threads and, why not?, to help someone of you in something... :) Bye, Aldo P.S. Sorry for my English!! -- Aldo Latino www.aldolat.it -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Questa =?ISO-8859-1?Q?=E8?= una parte del messaggio firmata digitalmente Url : /pipermail/attachments/20071220/1de56aaa/attachment.pgp From rjh at sixdemonbag.org Fri Dec 21 00:46:40 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 20 Dec 2007 17:46:40 -0600 Subject: Hi to the mailing list In-Reply-To: <1198184195.6043.13.camel@gutsy> References: <1198184195.6043.13.camel@gutsy> Message-ID: <1198194400.1830.1.camel@localhost.localdomain> Welcome, Aldo! > P.S. Sorry for my English!! Your English is perfectly understandable. Don't worry about it at all. :) From aolsen at standard.com Fri Dec 21 00:46:43 2007 From: aolsen at standard.com (Alan Olsen) Date: Thu, 20 Dec 2007 15:46:43 -0800 Subject: Looking for missing Lib modules In-Reply-To: <871w9h9zz8.fsf@wheatstone.g10code.de> Message-ID: <92A893260738B0408497A64189BC1E62032CE3D9@MSEXCHANGE305.corp.standard.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 [Sorry for the top posting. Crappy Outlook makes anything else difficult/impossible.] If you are using OS X, don't use Fink. Just build the packages yourself from source. (The compilers are on the devel disc that comes with OS X.) It works fine and does not suffer from the bjorked dependancies that Fink create. I have built many many packages from gnu source with little or no problems without using Fink. It is a good idea, I am just not happy with how it turned out. - -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Werner Koch Sent: Thursday, December 20, 2007 6:56 AM To: Robert D. Cc: GnuPG Users Group Subject: Re: Looking for missing Lib modules On Thu, 20 Dec 2007 13:38, 210525p42015 at denstarfarm.us said: > I was trying to build 2.0.8 on my Intel mac and came across these > errors and found libassuan and libksba but not "Pth" .... and also > wonder where do I put them so the make-file can find them? I can't tell you how to get PTh for your system but in general the soruces available at ftp.gnu.org build just fine. GNU/Linux systems you just need to install the pth(-dev) package. You need to properly install these libraries inluding the development files (*.h and *.a). Then configure gnupg. IT is also possible to install these libraries locally; you then need to use the diverse --with-foo-prefix configure options. Shalom-Salam, Werner - -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: 9.5.3 (Build 5003) wsBVAwUBR2r+9Wqdmbpu7ejzAQpoKQgAoLOVV3nSQDbBmFW4f2/NJvNPWAzgMmn8 Fv8VNZz4EPewIzqgiRINX929P0EkB5GokMv1XgkASAUqL53LTGtmMe/0igfxKm+P lrWLJodG8iGhlzVSVejowRAaqXdUYGJCcVqve3YDr7N8x5os1kxKWPyrhvZO5JfB uRL1u+wLYweI2DzQKIM3MlPZx+lSKwYPFDzVIfw8l3plsvUm9ati6HZ1UbpggS7v X+iOzwABfgzeZXK85C2sLHeMBM2KXV5O/VStRNDYfyh4VQTS/cdSJMxtSqX9LR7X 0g7XcwJfhsh/TY3l/Z/o79iSFhKon+W2wNHjgpa7X2g9WnIuPsS4uQ== =kBV1 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Fri Dec 21 03:08:37 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 20 Dec 2007 20:08:37 -0600 Subject: Looking for missing Lib modules In-Reply-To: <92A893260738B0408497A64189BC1E62032CE3D9@MSEXCHANGE305.corp.standard.com> References: <92A893260738B0408497A64189BC1E62032CE3D9@MSEXCHANGE305.corp.standard.com> Message-ID: <476B2025.6000001@sixdemonbag.org> Alan Olsen wrote: > If you are using OS X, don't use Fink. Why not? > It works fine and does not suffer from the bjorked > dependancies that Fink create. Which bjorked dependencies are this? And are you certain that comparing Fink to the lead singer of the Sugarcubes is the right way to condemn it? I mean, Bj?rk's got some fine music, I'm a big fan of "Human Behavior". :) Anyway. From 'fink show-deps gnupg': To install the compiled package... The following other packages (and their dependencies) must be installed: bzip2-shlibs libgettext3-shlibs libiconv libusb-shlibs openldap23-shlibs readline5-shlibs None of these strike me as ridiculous dependencies. The requirements to build from source via Fink are identical to the above, with the addition of the correct -dev package, as well as texinfo. I have not heard of anyone having problems with GnuPG in Fink. If you're having problems, I'm sure that Benjamin Reed would love to hear them. From hidekis at gmail.com Fri Dec 21 04:24:07 2007 From: hidekis at gmail.com (Hideki Saito) Date: Thu, 20 Dec 2007 19:24:07 -0800 Subject: [Slightly OT] Just to celebrate GnuPG's 10th birthday! Message-ID: http://www.flickr.com/photos/hsaito/2125495667/ -- Hideki Saito From rjh at sixdemonbag.org Fri Dec 21 07:49:55 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 21 Dec 2007 00:49:55 -0600 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <87tzmdbshn.fsf@wheatstone.g10code.de> References: <87tzmdbshn.fsf@wheatstone.g10code.de> Message-ID: <476B6213.7080702@sixdemonbag.org> Werner Koch wrote: > Also often claimed to be Free Software, PGP has never fulfilled the > requirements for it: I seem to recall PGP 2.3 was distributed under the GNU GPL, but I believe that was the only version that had proper license provenance. 2.6.3i used MPILIB, which was GPLed; however, I don't recall offhand whether 2.6.3i was an official release. It's certainly true that no recent PGP has ever qualified as free software. I had hopes for it in the beginning, though. From y-ooshima at hitachi-system.co.jp Fri Dec 21 07:22:46 2007 From: y-ooshima at hitachi-system.co.jp (y-ooshima at hitachi-system.co.jp) Date: Fri, 21 Dec 2007 15:22:46 +0900 Subject: Has Vista been already included in support OS? Message-ID: Hi, Congratulation for 10th birthday! I got GnuPG 1.4.8 for Windows(gnupg-w32cli-1.4.8.exe) now, and in the README-W32 file: | This is a binary package with GnuPG for MS-Windows 95, 98, WNT, W2000 | and XP. No Vista in supported system. Any problem still remain on Vista? ( I know one problem has already fixed by following: http://lists.gnupg.org/pipermail/gnupg-users/2007-November/032094.html ) It seems that installing GnuPG on Vista is OK. Thanks. From JPClizbe at tx.rr.com Fri Dec 21 09:35:45 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Fri, 21 Dec 2007 02:35:45 -0600 Subject: Has Vista been already included in support OS? In-Reply-To: References: Message-ID: <476B7AE1.3090603@tx.rr.com> y-ooshima at hitachi-system.co.jp wrote: > I got GnuPG 1.4.8 for Windows(gnupg-w32cli-1.4.8.exe) now, and in the README-W32 file: > > | This is a binary package with GnuPG for MS-Windows 95, 98, WNT, W2000 and XP. > > No Vista in supported system. Any problem still remain on Vista? > > ( I know one problem has already fixed by following: > http://lists.gnupg.org/pipermail/gnupg-users/2007-November/032094.html ) > > It seems that installing GnuPG on Vista is OK. Oversight in the README. The problem that Vista had with launching the keyserver helper programs was corrected in the 1.4.8 release. -- John P. Clizbe Inet: JPClizbe(a) tx DAWT rr DAHT con Ginger Bear Networks Keyserver.gingerbear.net "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 658 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071221/f8002d94/attachment.pgp From wk at gnupg.org Fri Dec 21 13:22:42 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Dec 2007 13:22:42 +0100 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <476ABCA6.70408@sixdemonbag.org> (Robert J. Hansen's message of "Thu, 20 Dec 2007 13:04:06 -0600") References: <87tzmdbshn.fsf@wheatstone.g10code.de> <87d4t1727n.fsf@wheatstone.g10code.de> <476A9FFC.1050109@sixdemonbag.org> <87r6hh5jyg.fsf@wheatstone.g10code.de> <476ABCA6.70408@sixdemonbag.org> Message-ID: <87sl1w44q5.fsf@wheatstone.g10code.de> On Thu, 20 Dec 2007 20:04, rjh at sixdemonbag.org said: > I knew you were referring to the World War Two era; I just thought it > was worth mentioning that many Germans lived in a surveillance society > until fairly recently. Alas soon again. The new surveillance laws are pretty close to what they did in the GDR. That is why some people here are talking about Stasi-2.0 [1]. Our hope is in the Federal Constitutional Court which is busily correcting these new laws of our parliament. Shalom-Salam, Werner [1] Stasi = "Ministerium fuer Staatssicherheit" in the former GDR, their surveilance and citizen control agenecy. -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Dec 21 13:23:29 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Dec 2007 13:23:29 +0100 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: (Hideki Saito's message of "Thu, 20 Dec 2007 11:39:02 -0800") References: <87tzmdbshn.fsf@wheatstone.g10code.de> Message-ID: <87odck44ou.fsf@wheatstone.g10code.de> On Thu, 20 Dec 2007 20:39, hidekis at gmail.com said: > May I translate this into Japanese? Sure, no problem. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20071221/28b91ad8/attachment-0001.pgp From wk at gnupg.org Fri Dec 21 13:28:01 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Dec 2007 13:28:01 +0100 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <476B6213.7080702@sixdemonbag.org> (Robert J. Hansen's message of "Fri, 21 Dec 2007 00:49:55 -0600") References: <87tzmdbshn.fsf@wheatstone.g10code.de> <476B6213.7080702@sixdemonbag.org> Message-ID: <87k5n844ha.fsf@wheatstone.g10code.de> On Fri, 21 Dec 2007 07:49, rjh at sixdemonbag.org said: > I seem to recall PGP 2.3 was distributed under the GNU GPL, but I > believe that was the only version that had proper license provenance. Right. However the documentation had a paragraph similiar to the one I quoted which contradicted the GPL. I can't remember the details anymore; its too long ago since I looked at it. It was a bit questionable at least. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Dec 21 13:31:21 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Dec 2007 13:31:21 +0100 Subject: Has Vista been already included in support OS? In-Reply-To: <476B7AE1.3090603@tx.rr.com> (John Clizbe's message of "Fri, 21 Dec 2007 02:35:45 -0600") References: <476B7AE1.3090603@tx.rr.com> Message-ID: <87fxxw44bq.fsf@wheatstone.g10code.de> On Fri, 21 Dec 2007 09:35, JPClizbe at tx.rr.com said: >> It seems that installing GnuPG on Vista is OK. > > Oversight in the README. The problem that Vista had with launching the keyserver Right. I have not tocuhed that README for a long time. Will chnage it for the next release. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Dec 21 13:41:09 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Dec 2007 13:41:09 +0100 Subject: [Slightly OT] Just to celebrate GnuPG's 10th birthday! In-Reply-To: (Hideki Saito's message of "Thu, 20 Dec 2007 19:24:07 -0800") References: Message-ID: <877ij843ve.fsf@wheatstone.g10code.de> On Fri, 21 Dec 2007 04:24, hidekis at gmail.com said: > http://www.flickr.com/photos/hsaito/2125495667/ Yum-Yum. The question is just how we cut the slices for all users. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From aolsen at standard.com Fri Dec 21 17:54:48 2007 From: aolsen at standard.com (Alan Olsen) Date: Fri, 21 Dec 2007 08:54:48 -0800 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <87k5n844ha.fsf@wheatstone.g10code.de> Message-ID: <92A893260738B0408497A64189BC1E62032CE3DD@MSEXCHANGE305.corp.standard.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 There were other issues back in those days. MIT was forced to use the RSAREF library which had a non free license. At first they used the RSAREF2 library, but then they were told to use the RSAREF1 library. (I diffed the two libraries and determined that the only difference was that RSAREF2 had fixed a number of buffer overflows and other security flaws. There were no added features.) If I remember correctly, 2.5 had RSAREF2 and 2.6 had RSAREF1. One of the main reasons for the creation of the "International version" was the use of RSAREF. (Besides the security issues, it was pretty damn slow. In the days of the i386 people cared about speed.) Now get off my lawn you young wippersnappers! - -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Werner Koch Sent: Friday, December 21, 2007 4:28 AM To: Robert J. Hansen Cc: gnupg-users at gnupg.org Subject: Re: [Announce] GnuPG's 10th birthday On Fri, 21 Dec 2007 07:49, rjh at sixdemonbag.org said: > I seem to recall PGP 2.3 was distributed under the GNU GPL, but I > believe that was the only version that had proper license provenance. Right. However the documentation had a paragraph similiar to the one I quoted which contradicted the GPL. I can't remember the details anymore; its too long ago since I looked at it. It was a bit questionable at least. Shalom-Salam, Werner - -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: 9.5.3 (Build 5003) wsBVAwUBR2vv2Gqdmbpu7ejzAQpX7ggAqoXiZ9HfultXS2rU4N/KlL+/QFUbSO2n B2N/mfyWutjtqYMjj+G70cc5HSG8TJPFZ63q1HWIafJZ1HbAWC5AnR4f6ODnAOar CvewZo68abyGcXyAZFZVYUiALCd4ywXa8nsZ6grctXZKgJw4PhehodBIvPPcG98z H7knBARRnN/ScaZ9wXBSa8LTBP/6T341pTo4vRbiDomzPII09Rdy9MhVpBmMmKtV BsdapWcCsYYNNfZM/ewM1rK7oPlr2EMi6geyiU8xHcdADLyodnpBBCds/LjC3b6W Gsg0odOeUwLEiqmZWu72DiWr15LGesvW4xq5ZUXCFarLlmdMcapfMQ== =BRpx -----END PGP SIGNATURE----- From dacrick at gmail.com Fri Dec 21 17:55:06 2007 From: dacrick at gmail.com (David Crick) Date: Fri, 21 Dec 2007 16:55:06 +0000 Subject: [Slightly OT] Just to celebrate GnuPG's 10th birthday! Message-ID: <117bad160712210855g58863637v225f16c3047b4131@mail.gmail.com> > On Fri, 21 Dec 2007 04:24, hidekis at gmail.com said: > > http://www.flickr.com/photos/hsaito/2125495667/ > > Yum-Yum. The question is just how we cut the slices for all users. > > > Salam-Shalom, > > Werner surely this is an example of the dining cryptographers problem! From hidekis at gmail.com Fri Dec 21 20:35:30 2007 From: hidekis at gmail.com (Hideki Saito) Date: Fri, 21 Dec 2007 11:35:30 -0800 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <87odck44ou.fsf@wheatstone.g10code.de> References: <87tzmdbshn.fsf@wheatstone.g10code.de> <87odck44ou.fsf@wheatstone.g10code.de> Message-ID: And...here it is! :-) http://hp.vector.co.jp/authors/VA019487/shgnupg.html On Dec 21, 2007 4:23 AM, Werner Koch wrote: > On Thu, 20 Dec 2007 20:39, hidekis at gmail.com said: > > > May I translate this into Japanese? > > Sure, no problem. > > > Salam-Shalom, > > Werner > > -- > > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > -- Hideki Saito From mwood at IUPUI.Edu Fri Dec 21 19:26:40 2007 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Fri, 21 Dec 2007 13:26:40 -0500 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <476AA3F9.7020208@sixdemonbag.org> References: <87tzmdbshn.fsf@wheatstone.g10code.de> <200712201558.lBKFwhF4022855@shards.monkeyblade.net> <476AA3F9.7020208@sixdemonbag.org> Message-ID: <20071221182640.GA2956@IUPUI.Edu> On Thu, Dec 20, 2007 at 11:18:49AM -0600, Robert J. Hansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Graham wrote: > > we are faced with the use of these very strong encryption tools by > > those who would attack the very heart of our way of life. > > Prove it. > > You're asserting "the right to privacy and the means to enforce that > right are so dangerous to our way of life that they must be restricted > in their scope." > > That's an extraordinary claim, and it needs extraordinary evidence to > back it up... extraordinary evidence I have never seen from anyone who > has made this claim. Hear, hear. Consider the asymmetric nature of the conflict. A small, loosely-knit organization with few, simple operations in the works is much more likely to prefer the superior security of a handful of arbitrary single-use codes agreed to in face-to-face meetings to the use of algorithmic encryption. PGP and the like are most useful to a large, busy organization because the sheer volume of traffic makes other types of secrecy impractical and relatively insecure. If terrorists are using PGP it is probably because they haven't thought about it very much. Any systematic method can be broken sooner or later. But, if "how is uncle George" means "attack at dawn", how could you possibly calculate that if you weren't in on the secret already? What good would it do you to learn that after the fact, if that meaning is abandoned after a single operation? I use PGP because it provides more than enough protection for my personal and professional business and allows me to easily communicate in reasonable security with large numbers of people I've never personally met. I require a meager amount of secrecy and a good deal of ease-of-use. This is just about the opposite of the requirements of a guerilla, who risks lives and The Cause on communicating sparingly with a very few well-known partners who already know most of the message. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Typically when a software vendor says that a product is "intuitive" he means the exact opposite. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20071221/66259e00/attachment.pgp From kloecker at kde.org Fri Dec 21 21:16:15 2007 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Fri, 21 Dec 2007 21:16:15 +0100 Subject: [Slightly OT] Just to celebrate GnuPG's 10th birthday! In-Reply-To: <877ij843ve.fsf@wheatstone.g10code.de> References: <877ij843ve.fsf@wheatstone.g10code.de> Message-ID: <200712212116.15506@erwin.ingo-kloecker.de> On Friday 21 December 2007, Werner Koch wrote: > On Fri, 21 Dec 2007 04:24, hidekis at gmail.com said: > > http://www.flickr.com/photos/hsaito/2125495667/ > > Yum-Yum. The question is just how we cut the slices for all users. That depends on the license of the cake. If it's released under a Free Cake license, there's no need to cut the cake into slices. ;-) Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part. Url : /pipermail/attachments/20071221/9a9f4f45/attachment.pgp From j.lysdal at gmail.com Fri Dec 21 19:38:28 2007 From: j.lysdal at gmail.com (Jorgen Christiansen Lysdal) Date: Fri, 21 Dec 2007 19:38:28 +0100 Subject: dokuwiki for gpg Message-ID: <476C0824.3040605@gmail.com> Hi, and happy birthday! For some time now, 1 or 2 years, I have followed this list. Followed this small, but very responsive group of people, willing to spend their spare time, helping complete idiots (like me) into understanding, just what gpg is all about. I have been pleased with the very informative and competent replies,(my brain fries when you guys bring up the math though!) I and others have got from this community. Thanks! Now, I feel the need to give something back, to the community, something many gpg users can benefit from. My friend suggested to setup a dokuwiki to hold the documentation. Making it a bit more easy to maintain and add new stuff. I think its a brilliant idea, but what do you guys have to say about it? Is there a need for at? is it worth it? --- Jorgen Ch. Lysdal From hidekis at gmail.com Fri Dec 21 22:02:12 2007 From: hidekis at gmail.com (Hideki Saito) Date: Fri, 21 Dec 2007 13:02:12 -0800 Subject: [Slightly OT] Just to celebrate GnuPG's 10th birthday! In-Reply-To: <200712212116.15506@erwin.ingo-kloecker.de> References: <877ij843ve.fsf@wheatstone.g10code.de> <200712212116.15506@erwin.ingo-kloecker.de> Message-ID: Free Cake license! The picture, BTW, is licensed under Creative Commons, although, I'm not 100% sure if it is appropriate. (it uses GnuPG logo.) On Dec 21, 2007 12:16 PM, Ingo Kl?cker wrote: > On Friday 21 December 2007, Werner Koch wrote: > > On Fri, 21 Dec 2007 04:24, hidekis at gmail.com said: > > > http://www.flickr.com/photos/hsaito/2125495667/ > > > > Yum-Yum. The question is just how we cut the slices for all users. > > That depends on the license of the cake. If it's released under a Free > Cake license, there's no need to cut the cake into slices. ;-) > > > Regards, > Ingo > -- Hideki Saito From jmoore3rd at bellsouth.net Fri Dec 21 22:40:51 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 21 Dec 2007 16:40:51 -0500 Subject: [Slightly OT] Just to celebrate GnuPG's 10th birthday! In-Reply-To: <117bad160712210855g58863637v225f16c3047b4131@mail.gmail.com> References: <117bad160712210855g58863637v225f16c3047b4131@mail.gmail.com> Message-ID: <476C32E3.6050703@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Crick wrote: tp://www.flickr.com/photos/hsaito/2125495667/ >> Yum-Yum. The question is just how we cut the slices for all users. >> Werner > > surely this is an example of the dining cryptographers problem! Perhaps the 'Birthday Cake' algorithm will suffice. We will then be able to calculate the precise size for every potential User. JOHN ;) Timestamp: Friday 21 Dec 2007, 16:40 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4658: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHbDLhAAoJEBCGy9eAtCsPLtgH/2qQxWJ8n0IpgBCOm4kTpEg0 u6EuTxChywXzSqJw0HBsQm++DC+LG9rakqCLdtAQ005QdbJovIImZkqQTa9l8njO nOlwgbxVO7CtO22SHgJYHaHT+BYsnXzwAVc9FixEOppIwTWv1qI5d//No88Pdr+Q MeZTamWINDNpb69ymG0xFjHkQ+5+cqjpH7lyHi/Ylqvyn769awDz/yUvt+aWvLwC 5FjRZ2RxkM5maf+4QNh9FxpsE6evZILIgQadiLV0CIXzGoyz/Yk3L4jQUcAwXWF5 G/8Hxu9IVFJ6zqcGFtuw2uuKs7WwS1KpE0tZfI5+qorMIQ/TJOlA5oLhnKlGbk0= =tx8k -----END PGP SIGNATURE----- From aolsen at standard.com Fri Dec 21 22:51:07 2007 From: aolsen at standard.com (Alan Olsen) Date: Fri, 21 Dec 2007 13:51:07 -0800 Subject: [Slightly OT] Just to celebrate GnuPG's 10th birthday! In-Reply-To: <200712212116.15506@erwin.ingo-kloecker.de> Message-ID: <92A893260738B0408497A64189BC1E62032CE3E1@MSEXCHANGE305.corp.standard.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >From: Ingo Kl?cker >On Friday 21 December 2007, Werner Koch wrote: >> On Fri, 21 Dec 2007 04:24, hidekis at gmail.com said: >> > http://www.flickr.com/photos/hsaito/2125495667/ >> >> Yum-Yum. The question is just how we cut the slices for all users. >That depends on the license of the cake. If it's released under a Free >Cake license, there's no need to cut the cake into slices. ;-) The cake is a lie. (Sorry. Too much video games.) -----BEGIN PGP SIGNATURE----- Version: 9.5.3 (Build 5003) wsBVAwUBR2w1X2qdmbpu7ejzAQoldAf/T/7ItRDOjweT8AzK+Hk3Wn8CPijDTtSb AX3t3tF4na9P1rD0BN18kdOE4UF5yD/9Gf982zlNznXkE7+z+IQ5DpImvhfkyHbk 1a+Kq/um6jNgu981kN2EWKFNaPDZWM82NesT7Lbdap2a10nHAqhqOGZxSWmYuE32 paT4LzwKFxbs5NHYgs5FTBbeRFpbBQpl+6qETxsYd1IdXk3/x0Xp48V+fu5s7ag0 Ur2cRzF/rCBLC7bRilYDNAbZ5CcFh9ftQEQRLnh30ekiJVajwVCsa9+E8AQoe0kt CuQXTMOBASQZmT3dabQkbdxGWsW2hocjSolvl5bsv1DyBacUJNUV3Q== =pJAt -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sat Dec 22 01:30:51 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 21 Dec 2007 18:30:51 -0600 Subject: [Announce] GnuPG's 10th birthday In-Reply-To: <20071221182640.GA2956@IUPUI.Edu> References: <87tzmdbshn.fsf@wheatstone.g10code.de> <200712201558.lBKFwhF4022855@shards.monkeyblade.net> <476AA3F9.7020208@sixdemonbag.org> <20071221182640.GA2956@IUPUI.Edu> Message-ID: <476C5ABB.70305@sixdemonbag.org> Mark H. Wood wrote: > If terrorists are using PGP it is probably because they haven't > thought about it very much. To agree with Mark and add a bit more detail-- The United States government has two major intelligence goals for people of such extreme interest as bin Laden. They're not picky about which goal is achieved, so long as one of them is achieved. 1. Intercept their communications and learn of future plans 2. Find where they are and send the Marines over to gatecrash the party In the early days of the Afghan campaign the Taliban commanders were coordinating their troops with satellite phones. We coordinated our satellite-guided bombs with their satellite phones. Problem solved. The survivors have undoubtedly learned not to trust any technology more complex than a frying pan. Electronic cryptography is almost certainly not being used in a substantial way by terror groups. It will help keep the content of your communications secure. It will not help hide who you are, where you are, nor with whom you're communicating. From bob.henson at galen.org.uk Sat Dec 22 13:07:21 2007 From: bob.henson at galen.org.uk (Bob Henson) Date: Sat, 22 Dec 2007 12:07:21 +0000 Subject: Server problem? Message-ID: <476CFDF9.7010502@galen.org.uk> Is there a problem with the server sending messages to the list? Headers are appearing in Thunderbird as usual, but clicking on any message in the list gives a delay (presumably in downloading) of a couple of minutes at least, during which Thunderbird reports that it is not responding - eventually it does. All my other mailing lists from other sources are working just fine and at normal speed, and I've just checked my broadband speed which is also OK. Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071222/a220e9e3/attachment.pgp From shavital at mac.com Sat Dec 22 14:18:22 2007 From: shavital at mac.com (Charly Avital) Date: Sat, 22 Dec 2007 08:18:22 -0500 Subject: Server problem? In-Reply-To: <476CFDF9.7010502@galen.org.uk> References: <476CFDF9.7010502@galen.org.uk> Message-ID: <476D0E9E.9010706@mac.com> Bob Henson wrote the following on 12/22/07 7:07 AM: > Is there a problem with the server sending messages to the list? Headers > are appearing in Thunderbird as usual, but clicking on any message in > the list gives a delay (presumably in downloading) of a couple of > minutes at least, during which Thunderbird reports that it is not > responding - eventually it does. All my other mailing lists from other > sources are working just fine and at normal speed, and I've just checked > my broadband speed which is also OK. > > Regards, > > Bob Your e-mail is the first one I have received from the list's server since yesterday evening. There was no problem downloading and opening it, and verifying its signature. Mere seconds. Are you running some kind of firewall or network monitoring software that might be interfering specifically with the list's server? I am duplicating this message directly to your e-mail address; maybe this will enable you to compare. Charly From sattva at pgpru.com Sat Dec 22 15:25:50 2007 From: sattva at pgpru.com (Vlad "SATtva" Miller) Date: Sat, 22 Dec 2007 20:25:50 +0600 Subject: [Announce] GnuPG's 10th birthday Message-ID: <476D1E6E.8030906@pgpru.com> I'd like to now publicly congratulate Werner, David and all other contributors and developers with the remarkable achievement GnuPG is! Kudos from me personally and from all "openPGP in Russia" community. For those interested I've published our Russian translation of Werner's "A Short History of the GNU Privacy Guard" on the website: https://www.pgpru.com/biblioteka/statji/kratkajaistorijagpg -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 505 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071222/1a1c2603/attachment.pgp From jmoore3rd at bellsouth.net Sat Dec 22 17:44:17 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat, 22 Dec 2007 11:44:17 -0500 Subject: Unable to Decrypt Message-ID: <476D3EE1.8010908@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I have 1 Recipient who Updated Ubuntu [Gutsy Gibbon] yesterday from GnuPG 1.4.7 to 1.4.8 and now cannot decrypt My messages. Both of Us are using T-Bird/Enigmail and the Enigmail De-Bug Log shows: Unable to decrypt: Decrypted message gpg command line and output: /usr/local/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 -d - --passphrase-fd 0 --no-use-agent gpg: encrypted with 3072-bit ELG-E key, ID 684C50FA, created 2005-09-23 "JOHN W. MOORE III" gpg: encrypted with 4096-bit ELG-E key, ID 2215D1C7, created 2002-07-23 "???? ???????" *gpg: uncompressing failed: unknown compress algorithm* [Recipient's Name removed] Can anyone offer an explanation for this? My Key is RSA 2048/El Gamal 3072. To My knowledge this is the only individual who cannot Decrypt My messages. :-\ Their Key is a standard/default DSA 1024. JOHN :-\ Timestamp: Saturday 22 Dec 2007, 11:44 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4658: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHbT7fAAoJEBCGy9eAtCsPJG8H/0wYINSZ1lpgFUfWydLI+5/i QnTcOSs9hkCVcEd/msrmVziMMxZo9h7kC6sCt2OzkY2tg8SNj6Gfa6OG8vjHXWxu LFMItruk+JNPtNj8cKz5V3m3OTGkezJgKE2aL2oMTDJTxnj0dZFP8p6Eljy1aVNs ENQtSBNJlTqcNu3G2NhPUTwKD4YJPp1IrUF0r+O8Nkf+6XIJmhzdRKHyQUfm7vmM SU2QQ0dztjHLOaqsv1/nAsAVVSLFcXNpPxjxVG2cWCGmG0x1i7ve42mAoXCCxROk +ay+NOWlmz5ZGdV8tplhlfC3yzri737DFAJXFNOrWnyltTcpZBSC6JZrTFVyOrM= =VkHj -----END PGP SIGNATURE----- From bob.henson at galen.org.uk Sat Dec 22 18:31:32 2007 From: bob.henson at galen.org.uk (Bob Henson) Date: Sat, 22 Dec 2007 17:31:32 +0000 Subject: Server problem? In-Reply-To: <476D0E9E.9010706@mac.com> References: <476CFDF9.7010502@galen.org.uk> <476D0E9E.9010706@mac.com> Message-ID: <476D49F4.9070902@galen.org.uk> Charly Avital wrote:- > Bob Henson wrote the following on 12/22/07 7:07 AM: >> Is there a problem with the server sending messages to the list? Headers >> are appearing in Thunderbird as usual, but clicking on any message in >> the list gives a delay (presumably in downloading) of a couple of >> minutes at least, during which Thunderbird reports that it is not >> responding - eventually it does. All my other mailing lists from other >> sources are working just fine and at normal speed, and I've just checked >> my broadband speed which is also OK. > Your e-mail is the first one I have received from the list's server > since yesterday evening. > > There was no problem downloading and opening it, and verifying its > signature. Mere seconds. > > Are you running some kind of firewall or network monitoring software > that might be interfering specifically with the list's server? Hmm, quite odd, all seems to be OK now - don't you just love intermittent problems! I'm not running any firewall type software at all (apart from windows firewall, buts that has always been there) - but I did wonder if my ISP might be doing something odd with mail connected with OpenPGP. Encrypted messages (to myself, as tests) normally tend to take a a little longer than normal to return here (maybe while their anti-virus software gives them a good going-over), but signed or plain text ones have never had a problem before. After I posted the message, and before reading yours, I deleted everything in the directory that gnupg-user messages are stored in, so it may be that a grunged message was causing the problem and I've now cleared it by deleting and compacting. It was unlikely to be at my ISPs server end, because all other mailing list were OK. Anyway, so long as it stays this way, I'm not going to spend much time on it. However, thanks for spending some of your time to reply - as my Grandma used to say "a bit of help's worth a lot of pity". Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071222/3d3c19fa/attachment.pgp From shavital at mac.com Sat Dec 22 18:59:12 2007 From: shavital at mac.com (Charly Avital) Date: Sat, 22 Dec 2007 12:59:12 -0500 Subject: Server problem? In-Reply-To: <476D49F4.9070902@galen.org.uk> References: <476CFDF9.7010502@galen.org.uk> <476D0E9E.9010706@mac.com> <476D49F4.9070902@galen.org.uk> Message-ID: <476D5070.50200@mac.com> Bob Henson wrote the following on 12/22/07 12:31 PM: [...] > > After I posted the message, and before reading yours, I deleted > everything in the directory that gnupg-user messages are stored in, so > it may be that a grunged message was causing the problem and I've now > cleared it by deleting and compacting. Good guess. There's something that I can't remember now, related to gpg stalling because of some missing or incompatible digest-algo, but I don't believe it is applicable here. > However, thanks for spending some of your time to reply - as my Grandma used to > say "a bit of help's worth a lot of pity". What with the Christmas spirit and all, "one tries to be of service". Take care, Charly From jmoore3rd at bellsouth.net Fri Dec 28 05:46:31 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 27 Dec 2007 23:46:31 -0500 Subject: BZIP2 in 1.4.8 Message-ID: <47747FA7.5060603@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I have a Correspondent who has built 1.4.8 from the tar.gz for use on Ubuntu. For some reason the Build, even after passing all 27 tests does not list BZIP2 as an available for of compression. :-\ Since the PK is distributed with BZIP2 in the Preference string this has resulted in receiving messages which cannot be decrypted. :( The tar ball was downloaded from the gnu.org Site and the checksum verified. I have been building from the SVN commits and BZIP2 is available but I was wondering if it had been dropped for some reason in the 'Official Release'? If BZIP2 has been omitted from the Release then there are a lot of folks who have this compression method listed in their Keys and even more who have it set in their 'personal-compress-preferences' string. I see the Options for --bzip2-compress-level n & - --bzip2-decompress-lowmem in the 1.4.8 Manual. How & when are they supposed to be utilized to compensate for the lack of BZIP2? Which file should I advise Her to add to Her Build? It is good to see the Server back Online again. :-D JOHN ;) Timestamp: Thursday 27 Dec 2007, 23:46 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4658: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue iQEcBAEBCgAGBQJHdH+kAAoJEBCGy9eAtCsPkjsH/3JZTn0idiUeUpRSVOv3Z4ol mXIIhfxfEq5Sw+02hFIx54sTIgxz4sexwslf/94JKsOasEf9k9Dfeiih5qeCAocQ YrO8TpC6rzfmN937fJPrQeLAVZ0+TojXSlLzB+4vcJfMzCgjCLV3dxqd0mNjF6lz zsiJPuYolPKAUzs4byQkTnjvxJHudWenxItRLcntN20MTsltCZpT9QRfx/HKJjRZ ZlS6CHIanN9lCGNbc+YjjEKDav/A8E4kS0nDJQoeUFhSW9rGwhEFdCmBdA7ZMYTm F5pI+jLFmNSAzd/fs1IA+AKAdybwsXSzRZuDTiyX1+wklLdo8vgtg6W2QA4BXy8= =pNhn -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Fri Dec 28 06:13:16 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 27 Dec 2007 23:13:16 -0600 Subject: BZIP2 in 1.4.8 In-Reply-To: <47747FA7.5060603@bellsouth.net> References: <47747FA7.5060603@bellsouth.net> Message-ID: <477485EC.4080903@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III wrote: > I have a Correspondent who has built 1.4.8 from the tar.gz for use on > Ubuntu. First, I can't recreate this (on Gutsy Gibbon/x86_64). Probably because I have libbz2-dev installed; see below. Second, Ubuntu ships with 1.4.6. It's a little bit old, but serviceable, and Ubuntu is tracking upstream security bugfixes. If your correspondent is just interested in security fixes, tell him/her to use the Ubuntu-supplied GnuPG. Third, most Linux distros (including Ubuntu) separate files into two different groups: the files you need to run programs that need a certain feature, and the files you need to compile programs that need a certain feature. With bz2 the package "libbz2-1.0" contains what you need to run programs that use bz2; the package "libbz2-dev" contains what you need to compile programs that use bz2. I would suggest the following course of action: 1. sudo apt-get update 2. sudo apt-get upgrade 3. sudo apt-get install libbz2-dev Then try to recompile GnuPG 1.4.8 and see if that fixes the problem. (Normally I don't sign my mailing group posts here. Given that I'm giving sudo commands, though, I think this time it's probably appropriate.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iFYEAREIAAYFAkd0hewACgkQf2XByo0Cu7N9wwDcDUp7lAtlLAlBHZ9cDkh6Nlz6 LlOMx1CVaC05jADcCZuiNazcLzR9k3Z/KxDgtcJE5nzkbFQFm6qRcokBHAQBAQgA BgUCR3SF7AAKCRC3APSC/q+BCa2HCACalHSEupBzXSgkdhHHQp80sI1oK+zR2QvU rY16+6+tF2PKOjRTzbjQP2u5vdJKEGYkK8D2wCE/fioSquBLwnqqvrXCyj846MqU vUl/+/hAvgLzDDs+LC0hMOuKG9D9G8EOnKH9vfBOCmI2e3oRAoWvNq3105hGs5Ni 04Hqyqnmxh3YfWlcb5kxcaYQLHVZFEGfvbCoRvo0h1Asmb7R65ZdfKZLj7flwJG7 INZ5rep1V6R7o4Ahz3QT76jn71RkXXNQeR6e7wx2+7OHKU7f4L71PKHfpYm40Su6 j11TJVPMhtalRErsF1dvq9C3CXqp38aMnnSnjZAt2722IMrcDpt/ =HYkg -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Mon Dec 24 14:25:27 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Mon, 24 Dec 2007 14:25:27 +0100 Subject: Manual 1.4.8... Message-ID: Hello ! If you'd like to have the Manual in a condensed mode (ten pages) for GnuPG1.4.8, you are welcome to download it in PDF: http://www.pointdechat.net/MyMan_GnuPG-148.pdf or in .DOC: http://www.pointdechat.net/MyMan_GnuPG-148.doc -- Laurent Jumet KeyID: 0xCFAF704C From shavital at mac.com Fri Dec 28 15:28:48 2007 From: shavital at mac.com (Charly Avital) Date: Fri, 28 Dec 2007 09:28:48 -0500 Subject: Manual 1.4.8... In-Reply-To: References: Message-ID: <47750820.3070006@mac.com> Laurent Jumet wrote the following on 12/24/07 8:25 AM: > Hello ! > > If you'd like to have the Manual in a condensed mode (ten pages) for GnuPG1.4.8, you are welcome to download it in PDF: > http://www.pointdechat.net/MyMan_GnuPG-148.pdf > > or in .DOC: > http://www.pointdechat.net/MyMan_GnuPG-148.doc > Merci Laurent, Excellent travail! Bonne et Heureuse Ann?e 2008 Charly From shavital at mac.com Fri Dec 28 15:29:54 2007 From: shavital at mac.com (Charly Avital) Date: Fri, 28 Dec 2007 09:29:54 -0500 Subject: Manual 1.4.8... In-Reply-To: References: Message-ID: <47750862.8040306@mac.com> Laurent Jumet wrote the following on 12/24/07 8:25 AM: > Hello ! > > If you'd like to have the Manual in a condensed mode (ten pages) for GnuPG1.4.8, you are welcome to download it in PDF: > http://www.pointdechat.net/MyMan_GnuPG-148.pdf > > or in .DOC: > http://www.pointdechat.net/MyMan_GnuPG-148.doc > Merci Laurent, Excellent travail! Bonne et Heureuse Ann?e 2008 Charly From at120 at hushmail.com Fri Dec 28 23:47:44 2007 From: at120 at hushmail.com (at120 at hushmail.com) Date: Sat, 29 Dec 2007 00:47:44 +0200 Subject: [Announce] GnuPG 1.4.8 released Message-ID: <20071228224744.CC644D0038@mailserver10.hushmail.com> Has this been implemented in 1.4.8? -AT David Shaw wrote: > > > > Is there any way to manually set the time that will be used for the > > > > creation time? Or do I have to change the system time if I don't want to > > > > use the current time? I'm a bit of a perfectionist, and think 00:00:00 > > > > looks much better than something like 01:42:57. > > > > > > As it happens, this will probably be possible in an upcoming version, > > > but for other reasons. > > > > Nice! I'm curious about what these reasons are. > > Mainly the use of GPG inside anonymous remailers and similar proxies. > In cases like that you may want to randomize or force the internal -- Click for a free comparison on life insurance policies and save 100's. http://tagline.hushmail.com/fc/Ioyw6h4d8MK4z6NUPPiHgVpoTlFrZ7s6r5kWGYgUyilRb6dYEpKC6b/ > timestamps to hide the original values. From mueen at nawaz.org Sat Dec 29 19:59:30 2007 From: mueen at nawaz.org (Mueen Nawaz) Date: Sat, 29 Dec 2007 12:59:30 -0600 Subject: Privacy Handbook down Message-ID: <20071229185930.GB7856@beetle_b> Hi, The GnuPG Privacy Handbook is giving me a 404. I've tried a number of mirrors as well, along with a number of languages. None exists. Just in case you didn't know. I've found the handbook to be a useful introduction to the whole topic of public key cryptography, and was hoping to introduce some people to it - hence my searching for the link... -- The first piece of luggage out of the chute doesn't belong to anyone, ever. /\ /\ /\ / / \/ \ u e e n / \/ a w a z >>>>>>mueen at nawaz.org<<<<<< anl From jharris at widomaker.com Mon Dec 31 00:18:10 2007 From: jharris at widomaker.com (Jason Harris) Date: Sun, 30 Dec 2007 18:18:10 -0500 Subject: new (2007-12-09) keyanalyze results (+sigcheck) Message-ID: <20071230231810.GA4008@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-12-09/ Signatures are now being checked using keyanalyze+sigcheck: http://keyserver.kjsl.com/~jharris/aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 573ed138b5877ae55852ff1c577dd4fafcda49b4 15508800 preprocess.keys 35ac99ee5c11a932ee8d3d7b39fc8388f78ac490 8920943 othersets.txt ad356b40fdc6ca88dff821b6cf369da5ad1cc6aa 3747276 msd-sorted.txt 97d10a3317044d912ea66645f36eb32b47cd2127 2282 keyring_stats 3f097ce2d384222762318e0266ccea688dfca9e4 1472118 msd-sorted.txt.bz2 5157cc711adc5d24306502040c312ed16963e753 2975778 msd.txt ea3615bdb3a8001aee9bd843a80d08aac094b3f6 26 other.txt b570c3d65da6ed2b542488e2bc8f65df28163198 1941797 othersets.txt.bz2 82c9651fd781fc47bf41820af043d4399d8e5375 6341320 preprocess.keys.bz2 2a2b047e22925160eac22e113403b078fb87d253 16023 status.txt d93e2f4e0e1770b7f8614779d39cb6d859cdb224 194402 top1000table.html b120c020a7c843fc7a76cc60ffceaddb13a9353d 29491 top1000table.html.gz 029b559b576e6f3e5a46854db50fb7c66f5ff0e9 9707 top50table.html 9bcd31ce12d03bcd9b2e83fd5310704940fd107d 2489 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available URL: From mahralex at gmx.de Fri Dec 28 23:48:05 2007 From: mahralex at gmx.de (Alexander Mahr) Date: Fri, 28 Dec 2007 23:48:05 +0100 Subject: savety vs. decryption failed: bad key Message-ID: <20071228224805.162470@gmx.net> I use GnuPG to encrypt a file locally symmetric encryption An attempt to decrypt the encrypted version of the file with a wrong passphrase results - to my suprise - in the following error message gpg: decryption failed: bad key instead of decrypting the file into a corrupted (due to the wrong passphrase) version of the original file. I am now wondering how GnuPG can judge that the entered passphrase to decrypt the file is -indeed- a bad key (as to say a wrong passphrase provided)? Actually I think of the result (though it didn't reveal the contained information) still as bad because the attacker can somehow be sure that tried passphrase is wrong. Background to my question is that if you'd use the encryption of GnuPG to encrypt some data that is less easy to be verified as beeing correctly decrypted (i. e because it is itself another key to unlock some other encryption) then the fact of not knowing that the decryption failed can facilitate the attacker the work because he can then keep on trying to crack the encryption without having to consider that the result he otherwise would have got is actually already the truth. Best regards, Alexander -- Psssst! Schon vom neuen GMX MultiMessenger geh?rt? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger?did=10 From byte8bits at gmail.com Sat Dec 29 04:03:15 2007 From: byte8bits at gmail.com (Brad Tilley) Date: Fri, 28 Dec 2007 22:03:15 -0500 Subject: pipes cgi and gnupg Message-ID: <3ac86fa70712281903o4e41f56ex8bb366d7a893610a@mail.gmail.com> I can do this from a python cgi script from a browser: os.system("gpg --version > gpg.out") However, I cannot do this from a browser: os.system("echo %s | gpg --batch --password-fd 0 -d %s > d.out" %(pass, filename)) The output file is produced, but it's zero byte. I want the decrypted file's content, but the pipe seems to mess things up. The script works fine when executed from command line. The output file is produced as expected. When executed by a browser, it does not work as expected... only produces a zero byte output file. Any tips? I've googled a bit and experimented for a few nights, still no go. Thanks, Brad Here's the entire script: #!/usr/local/bin/python import cgi import cgitb; cgitb.enable() import os import tempfile print "Content-Type: text/html" print print "T" print "

H

" form = cgi.FieldStorage() if not form.has_key("pass"): print "Enter password" filename = "test.gpg" pass = form.getvalue("pass").strip() os.system("gpg --version > gpg.out") os.system("echo %s | gpg --batch --password-fd 0 --decrypt %s > d.out" %(pass,filename)) From hs2412 at gmail.com Mon Dec 31 17:46:09 2007 From: hs2412 at gmail.com (Hardeep Singh) Date: Mon, 31 Dec 2007 22:16:09 +0530 Subject: Offtopic: Compiling a Windows program for Linux Message-ID: Hi This is offtopic, but since all I am seeking is broad guidelines and a lot of people here compile programs on Linux, I thought it easier than to join a new list. I have the source of a program about 2000 lines big, written for windows. How much of an effort would it be, and what would be the major changes needed in the source to have it compile for Linux. Also, if someone could show me the command line needed to compile it, given the source, the resource header and the .RC file that would be great using GCC. The following code needs changes in my opinion: 1. The program uses the registry to store persistent values. It would need to change to use a config file. 2. The file access path needs to use the unix file structure 3. The code to access the save and other standard dialogs needs to change? 4. Can I continue to use windows.h? If not, what would it be replaced with? 5. The program allows saving a part of the screen to a bitmap. Can someone tell me if that part of the code needs to change? And if so, how. Thanks & Regards Hardeep Singh From hs2412 at gmail.com Mon Dec 31 17:40:11 2007 From: hs2412 at gmail.com (Hardeep Singh) Date: Mon, 31 Dec 2007 22:10:11 +0530 Subject: Social networking Message-ID: Hi All Current social networking sites have a major problem: anybody can download your photograph and related details, edit them to his wish, and repost on the same site. I would suggest the following: building of, or using an existing WOT and each person wishing to join the social networking site be asked to get his profile (photo, name, DOB and some basic details) signed by three people already in the WOT. Once this is done, a centralised identity, sign the profile having verified the signatures by the other three people. Uploads of the photo and profile to any social networking site would then require a profile signed by the centralised authority. An exchange of any secret can be done to ensure that the person uploading the profile is the owner, and the basic details entered by the uploader verified against those in the profile. Does this make sense? Is there a way to make this work without the centralised identity? Regards Hardeep