From wk at gnupg.org Mon Jul 2 15:52:42 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 02 Jul 2007 15:52:42 +0200
Subject: getting signed text in plain
In-Reply-To: <1183227859.3301.3.camel@etch> (Mario Lenz's message of "Sat, 30
Jun 2007 20:24:19 +0200")
References: <1183227859.3301.3.camel@etch>
Message-ID: <871wfqq5ed.fsf@wheatstone.g10code.de>
On Sat, 30 Jun 2007 20:24, m at riolenz.de said:
> I'm trying to get the "plaintext" out of a signature, but without any
> success :-/
Please run your test program as
GPGME_DEBUG=5:gpgme.log ./testpgm
and show us the gpgme.log file.
Shalom-Salam,
Werner
From wk at gnupg.org Mon Jul 2 15:57:57 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 02 Jul 2007 15:57:57 +0200
Subject: Broken pipe?
In-Reply-To: <4684D32C.7050406@free.fr> (Guillaume Yziquel's message of "Fri,
29 Jun 2007 11:38:52 +0200")
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de>
<4684D32C.7050406@free.fr>
Message-ID: <87wsxioql6.fsf@wheatstone.g10code.de>
On Fri, 29 Jun 2007 11:38, guillaume.yziquel at free.fr said:
> Visibly, purging pcscd does not solve the problem. Concerning
> permissions, I guess I have some work to do:
Indeed. That is your problem. Use lsusb to figure out where the SCR335
is attached and the manually update the ownership for testing. The
HOWTO has hints on how to install the hotplug stuff.
Salam-Shalom,
Werner
From wk at gnupg.org Mon Jul 2 16:01:26 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 02 Jul 2007 16:01:26 +0200
Subject: Broken pipe?
In-Reply-To: <4684CB36.1030005@free.fr> (Guillaume Yziquel's message of "Fri,
29 Jun 2007 11:04:54 +0200")
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr>
<9e0cf0bf0706280752t69bc1677l497099595db00e56@mail.gmail.com>
<4684CB36.1030005@free.fr>
Message-ID: <87sl86oqfd.fsf@wheatstone.g10code.de>
On Fri, 29 Jun 2007 11:04, guillaume.yziquel at free.fr said:
> and I was rather surprised by that: do you still need libpcsclite.so.xxx
> to run the builtin ccid driver? Because I removed these file through
No.
> aptitude. Because I've got the following complaint:
>> gpg: apdu_open_reader: failed to open driver `libpcsclite.so.1': libpcsclite.so.1: Ne peut ouvrir le fichier d'objet partag?: Aucun fichier ou r?pertoire de ce type
Scdaemon falls back to pcsc if it can't open the reader using the
interal ccid driver. This is the reason you see this error message.
Shalom-Salam,
Werner
From wk at gnupg.org Mon Jul 2 17:29:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 02 Jul 2007 17:29:45 +0200
Subject: Broken pipe?
In-Reply-To: <4684D9EF.8090204@free.fr> (Guillaume Yziquel's message of "Fri,
29 Jun 2007 12:07:43 +0200")
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de>
<4684D9EF.8090204@free.fr>
Message-ID: <87ved2n7rq.fsf@wheatstone.g10code.de>
On Fri, 29 Jun 2007 12:07, guillaume.yziquel at free.fr said:
> I apologize for the weight of this message.
As I alrady said: You have no permission to write to the USB device.
Shalom-Salam,
Werner
From bahamut at digital-signal.net Mon Jul 2 20:34:11 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Mon, 02 Jul 2007 13:34:11 -0500
Subject: "algorithm 11 not available"
Message-ID: <46894523.5090300@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
gpg2 -k returns some public keys, then this:
> DBG: md_enable: algorithm 11 not available gpg: Ohhhh jeeee: ...
> this is a bug (sig-check.c:450:check_backsig) Aborted
(GPG 2.0.4)
I'm testing FireGPG in Linux, and entered a lower-case 'k' by mistake.
GPG 1.4.7 doesn't return this error.
BTW, FireGPG fails miserably with gpg2, although it seems to work with
1.4.7.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRolFIfiOA0Bgp4/LAQM3NAf+Jn9lUAxOjJnPe2Za+BuKlz2ew0mIpktp
GmDf6PGb86Mpo5LlNY8i6CNwDc5c7mGvKljT+jkoe/eJQhq4PDfhlVIr0Ooz/vwz
eH4lhYY6bt334d8gOlvp+wRDSxUc+RTlLok3IP9Bjv6XZt1K0EbFLbzAWz3fSY/N
Rfe7JGjGt4md3UKYVux5UQI49HARGVtUmgJ/YBSTTT5SCVFlHN2tD5yV4Smwgmzd
0cNFbmQ4MylqNYx4re/fzq3imyNBSJLL0LPe+yqAdlASyysGR5yQNNWKNhfFuFHJ
RVHLSbJjp3C47+jGcFjLeV41NQISWPEbUQwPitFf/OyzvHxplTVywg==
=y9t3
-----END PGP SIGNATURE-----
From m at riolenz.de Mon Jul 2 20:41:03 2007
From: m at riolenz.de (Mario Lenz)
Date: Mon, 02 Jul 2007 20:41:03 +0200
Subject: getting signed text in plain
In-Reply-To: <871wfqq5ed.fsf@wheatstone.g10code.de>
References: <1183227859.3301.3.camel@etch>
<871wfqq5ed.fsf@wheatstone.g10code.de>
Message-ID: <1183401664.3329.7.camel@etch>
Hi!
I ran the test program with the latest version (1.1.4) and attached the
log.
greez
Mario
Am Montag, den 02.07.2007, 15:52 +0200 schrieb Werner Koch:
> On Sat, 30 Jun 2007 20:24, m at riolenz.de said:
>
> > I'm trying to get the "plaintext" out of a signature, but without any
> > success :-/
>
> Please run your test program as
>
> GPGME_DEBUG=5:gpgme.log ./testpgm
>
> and show us the gpgme.log file.
>
>
> Shalom-Salam,
>
> Werner
>
--
They can tak' oour lives but they cannae tak' oour troousers!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpgme.log
Type: text/x-log
Size: 4969 bytes
Desc: not available
Url : /pipermail/attachments/20070702/285e8160/attachment.bin
From bahamut at digital-signal.net Mon Jul 2 21:04:01 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Mon, 02 Jul 2007 14:04:01 -0500
Subject: FireGPG (correction)
Message-ID: <46894C21.4090905@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
There was a mismatch of GPG versions. I fixed that, and FireGPG makes
valid signatures with GPG 2.0.4.
The "algorithm 11 not available" problem remains, though.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRolMIfiOA0Bgp4/LAQN7jgf6AqShM9yLKWxxgfk2Y2gzQGgXUsbzeEZb
3R509WWYzTfcmadih6Zav+R0RxaVlLh59OK3BWGjGfsK/8emKhOXKd1J7CE18GAj
uQhnEc2d2JcFp+YvEK3IEv9sbc60AzFjO/9F02EQbWvNYPXVwlPH3jwkbHefmKsb
D8rNyTfon1KzFsdwgpX5mIWwX15x+j6TTzKnFZHzqOTXGAGBnr542M1K5OZyy6VR
IGtFyaDrjfgkeZZQkAJJXB8UNCKQY6x54UDChIYFafoAkUpuZqHmGlMVp5QSovi3
C4UCNJPMigFbMQSbhaJzJYhT0ECJcbob0+88TQhbCspIOMBEdvmRbA==
=iI5w
-----END PGP SIGNATURE-----
From jmoore3rd at bellsouth.net Mon Jul 2 22:32:05 2007
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Mon, 02 Jul 2007 16:32:05 -0400
Subject: FireGPG (correction)
In-Reply-To: <46894C21.4090905@digital-signal.net>
References: <46894C21.4090905@digital-signal.net>
Message-ID: <468960C5.9070203@bellsouth.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Andrew Berg wrote:
> There was a mismatch of GPG versions. I fixed that, and FireGPG makes
> valid signatures with GPG 2.0.4.
> The "algorithm 11 not available" problem remains, though.
'Algorithm 11' or S11 is Camellia and *should not* be Enabled except for
those approved for Inter Interoperability TESTing. Therefore S11 should
_not_ appear unless You have Compiled GnuPG with this algorithm enabled. :-\
JOHN ;)
Timestamp: Monday 02 Jul 2007, 16:30 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8-svn4511: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: My Homepage: http://tinyurl.com/yzhbhx
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCgAGBQJGiWDDAAoJEBCGy9eAtCsPHl4H/1e+5mgsyAC7TDW6cGAahbwf
X051+/Njx8elLr7QJY756gOeKN3LA7bhWbyUK/HJcbmfqFBcqwbTBmqxwEBWySc8
gCyIpGMFdlAfnOYCUPj3vCUEW07CIixCOY6WHOK5/U+p/pYkxT5/shT/0W+ISJ0W
Poab1/mIU0HJBJ7dOauTMAcLkAdnxb0kq6lzpOurcdvpN2B17aE1pnUvY1pXJhL5
7VAETU6i6GrfRUPlhmGXLYI1JAXHObtprvgYH+686IuU4Kl2V2cAhsDuLstKoQQO
b/a8GF5B+sQuTKy7fxjuzxAi4ORrlx56ZxtETJ6dKdBi1zs3eSYDLfEebVxPEvU=
=TsSE
-----END PGP SIGNATURE-----
From JPClizbe at tx.rr.com Tue Jul 3 01:55:56 2007
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Mon, 02 Jul 2007 18:55:56 -0500
Subject: FireGPG (correction)
In-Reply-To: <468960C5.9070203@bellsouth.net>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net>
Message-ID: <4689908C.8010006@tx.rr.com>
John W. Moore III wrote:
> Andrew Berg wrote:
>> There was a mismatch of GPG versions. I fixed that, and FireGPG makes
>> valid signatures with GPG 2.0.4.
>> The "algorithm 11 not available" problem remains, though.
>
> 'Algorithm 11' or S11 is Camellia and *should not* be Enabled except for
> those approved for Inter Interoperability TESTing. Therefore S11 should
> _not_ appear unless You have Compiled GnuPG with this algorithm enabled. :-\
Ummm
Except the OP was referring to gpg2 which does not have any of the Camellia code
in it yet. So concluding that it's Camellia is a bit of a stretch.
Since the error occurred in md_enable, it'd be a safer bet to go checking in the
hash functions.
Also, this is a *known error*, see this thread, 'Algorithm 11 not available',
http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030974.html
It stems from the fact that the cipher library in gpg2 does not have SHA-224
(hash algorithm 11) enabled.
Amazing tool, list archives. 8-}\
--
John P. Clizbe Inet: John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
As we know, We know there are some things
There are known knowns. We do not know.
There are things we know we know. But there are also unknown unknowns,
We also know The ones we don?t know
There are known unknowns. We don?t know.
That is to say -The Existential Poetry of Donald H. Rumsfeld
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 663 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070702/55a1aecb/attachment-0001.pgp
From mkallas at schokokeks.org Tue Jul 3 09:13:41 2007
From: mkallas at schokokeks.org (Michael Kesper)
Date: Tue, 3 Jul 2007 09:13:41 +0200 (CEST)
Subject: Broken pipe?
In-Reply-To: <87ved2n7rq.fsf@wheatstone.g10code.de>
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de>
<4684D9EF.8090204@free.fr> <87ved2n7rq.fsf@wheatstone.g10code.de>
Message-ID: <43060.164.61.12.24.1183446821.squirrel@mail.schokokeks.org>
Hi,
Werner Koch schrieb:
> On Fri, 29 Jun 2007 12:07, guillaume.yziquel at free.fr said:
>
>> I apologize for the weight of this message.
>
> As I alrady said: You have no permission to write to the USB device.
This seems to be the result of several half-correct howtos for installing
the cardreader. Recently I wanted to install it on a new machine but got
the same result. For the instant, I "solved" it by installing pcscd and
libpcsclite1.
I think we need a better way for new users to install the reader, maybe a
small installation package or something similar.
Best wishes
Michael
--
Nobody can save your freedom but YOU -
become a fellow of the FSFE! http://www.fsfe.org/en
From guillaume.yziquel at free.fr Tue Jul 3 11:30:01 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Tue, 03 Jul 2007 11:30:01 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <87wsxioql6.fsf@wheatstone.g10code.de>
References: <467FE61A.6050000@free.fr>
<46800621.1060509@freecharity.org.uk> <4680D026.5020000@free.fr>
<4680D1F3.803@freecharity.org.uk> <4683BC7E.9030207@free.fr>
<87ved7b20y.fsf@wheatstone.g10code.de> <4684D32C.7050406@free.fr>
<87wsxioql6.fsf@wheatstone.g10code.de>
Message-ID: <468A1719.3020405@free.fr>
Werner Koch a ?crit :
> On Fri, 29 Jun 2007 11:38, guillaume.yziquel at free.fr said:
>
>> Visibly, purging pcscd does not solve the problem. Concerning
>> permissions, I guess I have some work to do:
>
> Indeed. That is your problem. Use lsusb to figure out where the SCR335
> is attached and the manually update the ownership for testing. The
> HOWTO has hints on how to install the hotplug stuff.
I read the hotplug stuff was deprecated, and that udev should be used
instead. The output of lsusb -v concerning the smart card reader follows.
My main problem is that I do not really understand how udev works. I
understood there was lots of renaming involved. And with all these
renamings, I do not really know how to make ownership changes.
I'd really love to find a good document on how udev works. In particular
with debian.
Thank you.
Guillaume Yziquel.
> Bus 003 Device 003: ID 04e6:5115 SCM Microsystems, Inc. SCR335 SmartCard Reader
> Device Descriptor:
> bLength 18
> bDescriptorType 1
> bcdUSB 2.00
> bDeviceClass 0 (Defined at Interface level)
> bDeviceSubClass 0
> bDeviceProtocol 0
> bMaxPacketSize0 16
> idVendor 0x04e6 SCM Microsystems, Inc.
> idProduct 0x5115 SCR335 SmartCard Reader
> bcdDevice 5.18
> iManufacturer 1 SCM Microsystems Inc.
> iProduct 2 SCR33x USB Smart Card Reader
> iSerial 5 21120706318555
> bNumConfigurations 1
> Configuration Descriptor:
> bLength 9
> bDescriptorType 2
> wTotalLength 93
> bNumInterfaces 1
> bConfigurationValue 1
> iConfiguration 3 CCID Class
> bmAttributes 0xa0
> (Bus Powered)
> Remote Wakeup
> MaxPower 100mA
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 0
> bAlternateSetting 0
> bNumEndpoints 3
> bInterfaceClass 11 Chip/SmartCard
> bInterfaceSubClass 0
> bInterfaceProtocol 0
> iInterface 4 CCID Interface
> ChipCard Interface Descriptor:
> bLength 54
> bDescriptorType 33
> bcdCCID 1.00
> nMaxSlotIndex 0
> bVoltageSupport 1 5.0V
> dwProtocols 3 T=0 T=1
> dwDefaultClock 4000
> dwMaxiumumClock 12000
> bNumClockSupported 0
> dwDataRate 9600 bps
> dwMaxDataRate 307200 bps
> bNumDataRatesSupp. 0
> dwMaxIFSD 252
> dwSyncProtocols 00000000
> dwMechanical 00000000
> dwFeatures 000100BA
> Auto configuration based on ATR
> Auto voltage selection
> Auto clock change
> Auto baud rate change
> Auto PPS made by CCID
> TPDU level exchange
> dwMaxCCIDMsgLen 263
> bClassGetResponse echo
> bClassEnvelope echo
> wlcdLayout none
> bPINSupport 0
> bMaxCCIDBusySlots 1
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x01 EP 1 OUT
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0040 1x 64 bytes
> bInterval 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x82 EP 2 IN
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0040 1x 64 bytes
> bInterval 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x83 EP 3 IN
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0010 1x 16 bytes
> bInterval 16
> Device Status: 0x0000
> (Bus Powered)
From wk at gnupg.org Tue Jul 3 12:54:09 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 03 Jul 2007 12:54:09 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <468A1719.3020405@free.fr> (Guillaume Yziquel's message of "Tue,
03 Jul 2007 11:30:01 +0200")
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de>
<4684D32C.7050406@free.fr> <87wsxioql6.fsf@wheatstone.g10code.de>
<468A1719.3020405@free.fr>
Message-ID: <87sl85kbam.fsf@wheatstone.g10code.de>
On Tue, 3 Jul 2007 11:30, guillaume.yziquel at free.fr said:
> My main problem is that I do not really understand how udev works. I
> understood there was lots of renaming involved. And with all these
> renamings, I do not really know how to make ownership changes.
Nor do I. The whole hotplug stuff just works for me since years and I
frankly don't know what is the difference between udev and hotplug. The
problem is that I only rarely install new machines and that some of mine
are going back to Potato. There is one new box here with a plain Etch
installation. If I find time I will attach a reader to that box and
check it out.
Salam-Shalom,
Werner
From guillaume.yziquel at free.fr Tue Jul 3 13:35:10 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Tue, 03 Jul 2007 13:35:10 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <87sl85kbam.fsf@wheatstone.g10code.de>
References: <467FE61A.6050000@free.fr>
<46800621.1060509@freecharity.org.uk> <4680D026.5020000@free.fr>
<4680D1F3.803@freecharity.org.uk> <4683BC7E.9030207@free.fr>
<87ved7b20y.fsf@wheatstone.g10code.de> <4684D32C.7050406@free.fr>
<87wsxioql6.fsf@wheatstone.g10code.de> <468A1719.3020405@free.fr>
<87sl85kbam.fsf@wheatstone.g10code.de>
Message-ID: <468A346E.40100@free.fr>
Werner Koch a ?crit :
> On Tue, 3 Jul 2007 11:30, guillaume.yziquel at free.fr said:
>
>> My main problem is that I do not really understand how udev works. I
>> understood there was lots of renaming involved. And with all these
>> renamings, I do not really know how to make ownership changes.
>
> Nor do I. The whole hotplug stuff just works for me since years and I
> frankly don't know what is the difference between udev and hotplug. The
> problem is that I only rarely install new machines and that some of mine
> are going back to Potato. There is one new box here with a plain Etch
> installation. If I find time I will attach a reader to that box and
> check it out.
This link describes the udev thingy in an understandable way:
http://www.reactivated.net/writing_udev_rules.html
Maybe it is too specific to Debian. I do not know.
It deals with ownership problems somewhere inside. I think it should be
a good reference for the HOWTO. As it was mentioned in some mail before,
the HOWTO is not completely complete, concerning udev machinery. If you
type the commands somewhat too fast, reading blindly, then you get my
problem. Rights management is mentioned in the GPG Smartacard HOWTO, but
very very quickly, without instructions to follow. It is therefore
somewhat hard to follow.
I think the HOWTO needs this information, because its absence really
makes life complicated for average or below-average users trying to get
the smartacard reader working.
Guillaume Yziquel.
From patrick at mozilla-enigmail.org Tue Jul 3 14:13:36 2007
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Tue, 03 Jul 2007 14:13:36 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <468A1719.3020405__20886.5336528563$1183455306$gmane$org@free.fr>
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk> <4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk> <4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de> <4684D32C.7050406@free.fr> <87wsxioql6.fsf@wheatstone.g10code.de>
<468A1719.3020405__20886.5336528563$1183455306$gmane$org@free.fr>
Message-ID: <468A3D70.9070703@mozilla-enigmail.org>
Guillaume Yziquel wrote:
> Werner Koch a ?crit :
>> On Fri, 29 Jun 2007 11:38, guillaume.yziquel at free.fr said:
>>
>>> Visibly, purging pcscd does not solve the problem. Concerning
>>> permissions, I guess I have some work to do:
>> Indeed. That is your problem. Use lsusb to figure out where the SCR335
>> is attached and the manually update the ownership for testing. The
>> HOWTO has hints on how to install the hotplug stuff.
>
> I read the hotplug stuff was deprecated, and that udev should be used
> instead. The output of lsusb -v concerning the smart card reader follows.
>
> My main problem is that I do not really understand how udev works. I
> understood there was lots of renaming involved. And with all these
> renamings, I do not really know how to make ownership changes.
>
> I'd really love to find a good document on how udev works. In particular
> with debian.
The basic idea with udev is that you define rules for defining the group
and permission of devices (and other actions such as launching
applications). Here is a how-to that explains how these things work:
http://reactivated.net/writing_udev_rules.html
In your case you should create a file containing something like the
example below (everything on one line) and place it into
/etc/udev/rules.d. Check the README in /etc/udev/rules.d for the file
naming conventions.
SYSFS{idProduct}=="5115", SYSFS{idVendor}=="04e6", MODE="660",
GROUP="myspecialgroup"
HTH
-Patrick
From guillaume.yziquel at free.fr Tue Jul 3 15:00:35 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Tue, 03 Jul 2007 15:00:35 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <468A3D70.9070703@mozilla-enigmail.org>
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk> <4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk> <4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de> <4684D32C.7050406@free.fr> <87wsxioql6.fsf@wheatstone.g10code.de> <468A1719.3020405__20886.5336528563$1183455306$gmane$org@free.fr>
<468A3D70.9070703@mozilla-enigmail.org>
Message-ID: <468A4873.4060600@free.fr>
> SYSFS{idProduct}=="5115", SYSFS{idVendor}=="04e6", MODE="660",
> GROUP="myspecialgroup"
In fact, what puzzled me is that I already had all this written down.
The problem was that there was some \newline between two of the keys.
This splitted off the line in two, and it was not parsed correctly at
boot time.
It's now settled. At least for the hardware part. I'm getting error
messages through Thunderbird/Icedove, now, and I hope that it's because
of some wrong pin...
Thank you all very much.
Guillaume Yziquel.
From bahamut at digital-signal.net Tue Jul 3 15:41:09 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Tue, 03 Jul 2007 08:41:09 -0500
Subject: algortihm 11
In-Reply-To: <4689908C.8010006@tx.rr.com>
References: <46894C21.4090905@digital-signal.net> <468960C5.9070203@bellsouth.net>
<4689908C.8010006@tx.rr.com>
Message-ID: <468A51F5.2040901@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
John Clizbe wrote:
> Also, this is a *known error*, see this thread, 'Algorithm 11 not
> available',
> http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030974.html
>
>
> It stems from the fact that the cipher library in gpg2 does not
> have SHA-224 (hash algorithm 11) enabled.
>
> Amazing tool, list archives. 8-}\
I will remember that I need to search archives before posting
something relating to discussions I have earlier ignored.
Anyway, I don't understand. SHA224 is not in my
personal-digest-prefs, and all I did was list keys. Was there
something special about one of the keys?
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRopR9PiOA0Bgp4/LAQPqbggA39jQmEoQki3walOa480fCuuwaloaSaPu
x88zQOyrLSevPNPUbskGbukNATT1SiDlcsXAfil8bzKPJftS7CrI6jBOgCwyaqrp
fZTTiDSnZwbjI9O7e9s0G7butAdHCwoYoyxIMWV5wZY3SWUxqYaJ3IJP6Z3fw8cF
Iptj+vvS63fva7ggyDsw/5iVW6li1eRU0wya2BofLvOPqMuUH8aSFe45LKt4hO4X
o2cNey/f43uVHmQhM7us9Cs1sk4XRz9JjNZpuGASEzbWeNvLWTU1dxDoWj7an5vq
rI81xgYKOoFywicQ+ROkYhe0m8ONIraBIohMNBjK4719lRfgY5HeEw==
=D2+J
-----END PGP SIGNATURE-----
From shavital at mac.com Tue Jul 3 16:30:55 2007
From: shavital at mac.com (Charly Avital)
Date: Tue, 03 Jul 2007 17:30:55 +0300
Subject: Algorithm 11 [was: FireGPG (correction)]
In-Reply-To: <4689908C.8010006@tx.rr.com>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
Message-ID: <468A5D9F.7060002@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
John Clizbe wrote the following on 7/3/07 2:55 AM:
[...]
> It stems from the fact that the cipher library in gpg2 does not have SHA-224
> (hash algorithm 11) enabled.
Under MacOS 10.4.9, I run gpg2 from a binary installer compiled by Ben
Donnachie:
item 'mac-gpg
2.0.4-2.zip that uses libgcrypt 1.3.0 with support for SHA224:
$ gpg2 -v --version
gpg (GnuPG) 2.0.4
Copyright (C) 2007 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ELG
Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8),
AES256 (S9), TWOFISH (S10)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), TIGER192 (H6), SHA256 (H8),
SHA384 (H9), SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRopdms3GMi2FW4PvAQizEwf6AiwhI2D+xT4Yc4FqB67a6wlZFypWetE1
eFzHA/IcyeCKH5Y8aYTVy6b4vfoOFJRzvnocE7cFAbFH87cYMTNd1sfV2D8Hkwg/
P6oz8kV/SuzPP1A5psXqVWfTl6f30kzzbTZI33eOvpBzR0sQphMF4QeZzbik/wMb
1bXw/86vqET5UJaDe1pegkcRzj59rZAFwMU/SG4umriuL2lq+qkO/22bjgPn5yuw
clRHiQu7Pa2PjhTVX3HQIttMRYLkLcXq9gM0BEmuDulKDeMX/NEnE5J3s05yKhTU
7vEnQrjHpUpm4mbeSEikHHLP/YWkMdQjwjBPZUL9ocdyQfxTROo8nQ==
=9L+o
-----END PGP SIGNATURE-----
From wk at gnupg.org Tue Jul 3 18:15:02 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 03 Jul 2007 18:15:02 +0200
Subject: Algorithm 11
In-Reply-To: <468A5D9F.7060002@mac.com> (Charly Avital's message of "Tue, 03
Jul 2007 17:30:55 +0300")
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A5D9F.7060002@mac.com>
Message-ID: <87hcolihvd.fsf@wheatstone.g10code.de>
On Tue, 3 Jul 2007 16:30, shavital at mac.com said:
> Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), TIGER192 (H6), SHA256 (H8),
> SHA384 (H9), SHA512 (H10), SHA224 (H11)
^^^^^^^^^^^^^^
It depends on the installed version of libgcrypt. 1.3.x comes with
SHA224.
Shalom-Salam,
Werner
From dshaw at jabberwocky.com Tue Jul 3 18:18:36 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 3 Jul 2007 12:18:36 -0400
Subject: algortihm 11
In-Reply-To: <468A51F5.2040901@digital-signal.net>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A51F5.2040901@digital-signal.net>
Message-ID: <20070703161836.GA15775@jabberwocky.com>
On Tue, Jul 03, 2007 at 08:41:09AM -0500, Andrew Berg wrote:
> John Clizbe wrote:
> > Also, this is a *known error*, see this thread, 'Algorithm 11 not
> > available',
> > http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030974.html
> >
> >
> > It stems from the fact that the cipher library in gpg2 does not
> > have SHA-224 (hash algorithm 11) enabled.
> >
> > Amazing tool, list archives. 8-}\
> I will remember that I need to search archives before posting
> something relating to discussions I have earlier ignored.
>
> Anyway, I don't understand. SHA224 is not in my
> personal-digest-prefs, and all I did was list keys. Was there
> something special about one of the keys?
Yes. A key likely used SHA224 for a subkey certification or a
"backsig" certification. When GPG2 tried to verify that subkey, it
needed SHA224, didn't find it, and failed.
David
From bahamut at digital-signal.net Tue Jul 3 18:30:19 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Tue, 03 Jul 2007 11:30:19 -0500
Subject: Algorithm 11
In-Reply-To: <468A5D9F.7060002@mac.com>
References: <46894C21.4090905@digital-signal.net> <468960C5.9070203@bellsouth.net>
<4689908C.8010006@tx.rr.com> <468A5D9F.7060002@mac.com>
Message-ID: <468A799B.4060700@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Charly Avital wrote:
> Under MacOS 10.4.9, I run gpg2 from a binary installer compiled by
> Ben Donnachie:
>
> item
> 'mac-gpg 2.0.4-2.zip that uses libgcrypt 1.3.0 with support for
> SHA224:
>
>
>
> $ gpg2 -v --version gpg (GnuPG) 2.0.4 Copyright (C) 2007 Free
> Software Foundation, Inc. This program comes with ABSOLUTELY NO
> WARRANTY. This is free software, and you are welcome to
> redistribute it under certain conditions. See the file COPYING for
> details.
>
> Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ELG
> Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192
> (S8), AES256 (S9), TWOFISH (S10) Hash: MD5 (H1), SHA1 (H2),
> RIPEMD160 (H3), TIGER192 (H6), SHA256 (H8), SHA384 (H9), SHA512
> (H10), SHA224 (H11) Compression: Uncompressed (Z0), ZIP (Z1), ZLIB
> (Z2), BZIP2 (Z3)
I built it from source from gnupg.org. No SHA224, no bzip2.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRop5m/iOA0Bgp4/LAQMuygf9F1P8Fmxu9wZyItK8+aKJRktHrj2f+pp0
DZEQ+cUko5toSYW064c7oz9b+j3oAXVW0/8HOF3BPm+DFUbm18jHn+ZCQXjZhY+4
4VuWz7g8y75BrA0aXbU/orn2YHfxFykPgjzl8SjoOPp6nGx8kT8dUN3w60+yVVSL
cJm3SwAxpKlDMSt1ePxOAu1nMCodh2AmeqhZyJdVNlLu9b5NPLTeUQHXZp+rfyWW
nSpUBFCL7GLWcyVR9gr4y41dnZQlIM8h3BXHWm+6PkVaddMfHGYEqriBGe9sGZcY
kAbahUWkenbnkVyFiPw52xoeK9SuKoETetc5mll5WS33/ujWIyEirw==
=+hZj
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Jul 3 19:03:02 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 3 Jul 2007 13:03:02 -0400
Subject: algortihm 11
In-Reply-To: <20070703161836.GA15775@jabberwocky.com>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A51F5.2040901@digital-signal.net>
<20070703161836.GA15775@jabberwocky.com>
Message-ID: <20070703170302.GB15775@jabberwocky.com>
On Tue, Jul 03, 2007 at 12:18:36PM -0400, David Shaw wrote:
> On Tue, Jul 03, 2007 at 08:41:09AM -0500, Andrew Berg wrote:
> > John Clizbe wrote:
> > > Also, this is a *known error*, see this thread, 'Algorithm 11 not
> > > available',
> > > http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030974.html
> > >
> > >
> > > It stems from the fact that the cipher library in gpg2 does not
> > > have SHA-224 (hash algorithm 11) enabled.
> > >
> > > Amazing tool, list archives. 8-}\
> > I will remember that I need to search archives before posting
> > something relating to discussions I have earlier ignored.
> >
> > Anyway, I don't understand. SHA224 is not in my
> > personal-digest-prefs, and all I did was list keys. Was there
> > something special about one of the keys?
>
> Yes. A key likely used SHA224 for a subkey certification or a
> "backsig" certification. When GPG2 tried to verify that subkey, it
> needed SHA224, didn't find it, and failed.
I should add, though, that this bug is fixed and will be in the next
gpg2 release.
David
From shavital at mac.com Tue Jul 3 19:42:06 2007
From: shavital at mac.com (Charly Avital)
Date: Tue, 03 Jul 2007 20:42:06 +0300
Subject: Algorithm 11
In-Reply-To: <468A799B.4060700@digital-signal.net>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A5D9F.7060002@mac.com> <468A799B.4060700@digital-signal.net>
Message-ID: <468A8A6E.6080801@mac.com>
Andrew Berg wrote the following on 7/3/07 7:30 PM:
[...]
> I built it from source from gnupg.org. No SHA224, no bzip2.
I believe it is because the src that is posted does not include
libgcrypt 1.3.0
Charly
From wk at gnupg.org Tue Jul 3 20:24:59 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 03 Jul 2007 20:24:59 +0200
Subject: algortihm 11
In-Reply-To: <20070703170302.GB15775@jabberwocky.com> (David Shaw's message of
"Tue, 3 Jul 2007 13:03:02 -0400")
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A51F5.2040901@digital-signal.net>
<20070703161836.GA15775@jabberwocky.com>
<20070703170302.GB15775@jabberwocky.com>
Message-ID: <87wsxh9wg4.fsf@wheatstone.g10code.de>
On Tue, 3 Jul 2007 19:03, dshaw at jabberwocky.com said:
> I should add, though, that this bug is fixed and will be in the next
> gpg2 release.
I hope to get it out this week but I need to sort out some license
problems first.
Salam-Shalom,
Werner
From bahamut at digital-signal.net Tue Jul 3 21:25:57 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Tue, 03 Jul 2007 14:25:57 -0500
Subject: Algorithm 11
In-Reply-To: <468A8A6E.6080801@mac.com>
References: <46894C21.4090905@digital-signal.net> <468960C5.9070203@bellsouth.net>
<4689908C.8010006@tx.rr.com> <468A5D9F.7060002@mac.com>
<468A799B.4060700@digital-signal.net> <468A8A6E.6080801@mac.com>
Message-ID: <468AA2C5.9030106@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Charly Avital wrote:
>> I built it from source from gnupg.org. No SHA224, no bzip2.
> I believe it is because the src that is posted does not include
> libgcrypt 1.3.0
It doesn't include any libgcrypt. The configure script said I didn't
have it, and gave a link to an FTP directory. I got 1.2.4 from there.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRoqixfiOA0Bgp4/LAQMLZQf+Il+UXs904JZoid/kCF58bTOpHwPqKxDp
ecnshUyDiYvPXL2GnD2SrjvaPP8KmtxQjVsWNyZNaMTk+LYyJCIN6VBsvP2rThBL
TJkjy+GgJ3L1cixvhSnuT11tjxnQyYFCBBeu2O/H4vev/6wEEhrJIPZKMBVJ99Os
fp/iAnkcNU1T18u2kSxIHi574rt9r08CBL01bep2RV5u+OvAHsrxXUE7NnuaI6i2
VOC+NSOFFQOb1yozUE4rLxbAyPVjsPUfq8ZcURLXg6mx82A4TluvJqX0aoIXBkyu
uGcM8d3ew6g4nUxaJ77BhXpyEVxayZ5PTSMbcMUwIJA28tlU9I58qg==
=+tb7
-----END PGP SIGNATURE-----
From wk at gnupg.org Wed Jul 4 09:43:53 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 04 Jul 2007 09:43:53 +0200
Subject: Algorithm 11
In-Reply-To: <468AA2C5.9030106@digital-signal.net> (Andrew Berg's message of
"Tue, 03 Jul 2007 14:25:57 -0500")
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A5D9F.7060002@mac.com> <468A799B.4060700@digital-signal.net>
<468A8A6E.6080801@mac.com> <468AA2C5.9030106@digital-signal.net>
Message-ID: <87fy44k406.fsf@wheatstone.g10code.de>
On Tue, 3 Jul 2007 21:25, bahamut at digital-signal.net said:
> It doesn't include any libgcrypt. The configure script said I didn't
> have it, and gave a link to an FTP directory. I got 1.2.4 from there.
Check out ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/
Despite it is called alpha it is pretty usable.
Salam-Shalom,
Werner
From g.dampies at ru.ac.za Mon Jul 2 15:33:15 2007
From: g.dampies at ru.ac.za (Mr Gareth Dampies)
Date: Mon, 02 Jul 2007 15:33:15 +0200
Subject: Enigmail ...
Message-ID: <4688FE9B.7080404@ru.ac.za>
How do I uninstall Enigmail?
Thanks.
From rjh at sixdemonbag.org Wed Jul 4 11:45:49 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 04 Jul 2007 04:45:49 -0500
Subject: Enigmail ...
In-Reply-To: <4688FE9B.7080404@ru.ac.za>
References: <4688FE9B.7080404@ru.ac.za>
Message-ID: <468B6C4D.1000207@sixdemonbag.org>
Mr Gareth Dampies wrote:
> How do I uninstall Enigmail?
First, I would suggest asking on the Enigmail mailing list, instead of
GnuPG-Users.
Second, these instructions will uninstall Enigmail. They will not
uninstall GnuPG. Uninstalling GnuPG is different depending on what
operating system you're running, and we don't know what you're running.
That said: you uninstall Enigmail the same way you uninstall any other
extension.
>From the main Thunderbird window, click "Tools-->Add-ons", then click
"Enigmail" and "Uninstall".
From jharris at widomaker.com Thu Jul 5 00:11:18 2007
From: jharris at widomaker.com (Jason Harris)
Date: Wed, 4 Jul 2007 18:11:18 -0400
Subject: new (2007-06-24) keyanalyze results (+sigcheck
Message-ID: <20070704221118.GA5420@wilma.widomaker.com>
New keyanalyze results are available at:
http://keyserver.kjsl.com/~jharris/ka/2007-06-24/
Signatures are now being checked using keyanalyze+sigcheck:
http://dtype.org/~aaronl/
Earlier reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
SHA-1 hashes and sizes for all the "permanent" files:
693fa8ec79909f3d195d7cd8bc06a99ff6a99aa6 14964552 preprocess.keys
73d4bd2eb5c64c1cf854595f3bbad72a5777127a 8661346 othersets.txt
fdb1a56cfe503d48338489e2340eeebf57a28273 3615016 msd-sorted.txt
159cb81ff86b7504d9f708a25541515492ad4848 2278 keyring_stats
b1321ea5b121e4e68fb95c6c0e753a378ec12071 1420564 msd-sorted.txt.bz2
338c7eb79665fa65a5f42259e4e84446fab2d37b 26 other.txt
018a9e1ebb8bfdaacb161242916bc530febd968b 1882078 othersets.txt.bz2
583fd8ebd8baeb5039b51143f1548e5f78cd9f65 6093727 preprocess.keys.bz2
8eb09cf808d26cb32b63fe365566e2bed4d90418 15279 status.txt
556bed2ac8938c2992df6032d7dd4f59f53dd871 194216 top1000table.html
11dcb21463783d31fa6f66e06fee8b2a042d6545 29469 top1000table.html.gz
cae4113ba50ea044406ea43f943e2d51ff86760c 9712 top50table.html
564551becfcd0ad911704c48b1774a1f118e3015 2529 D3/D39DA0E3
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20070704/c742a180/attachment-0001.pgp
From newton at hammet.net Thu Jul 5 05:13:28 2007
From: newton at hammet.net (Newton Hammet)
Date: Wed, 04 Jul 2007 22:13:28 -0500
Subject: Generated new key and testing it.
In-Reply-To: <87hcolihvd.fsf@wheatstone.g10code.de>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A5D9F.7060002@mac.com> <87hcolihvd.fsf@wheatstone.g10code.de>
Message-ID: <1183605209.8539.3.camel@linux>
Just a test to see how my signature fares (both ascii below and the
gnupg signature packet)
--
pub 4096R/6447518D 2007-07-05
Key fingerprint = 52BF 4EEA 3CD7 5698 EC68 56B7 B196 B8DD 6447 518D
Newton Hammet (Software Engineer and Mathematician)
Key servers: pgp.mit.edu, others...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20070704/06763919/attachment.pgp
From m at riolenz.de Thu Jul 5 18:43:52 2007
From: m at riolenz.de (Mario Lenz)
Date: Thu, 05 Jul 2007 18:43:52 +0200
Subject: getting signed text in plain
In-Reply-To: <1183401664.3329.7.camel@etch>
References: <1183227859.3301.3.camel@etch>
<871wfqq5ed.fsf@wheatstone.g10code.de> <1183401664.3329.7.camel@etch>
Message-ID: <1183653832.3296.3.camel@etch>
Hi!
I've tried around a bit and it looks like the plaintext is already
missing in gpg_verify() in gpgme/rungpg.c :-(
But *should* my code work and it's a bug in gpgme or have I done
anything wrong?
greez
Mario
--
Well is it said: "See a pin and pick it up, and all day long you'll have
a pin."
From wk at gnupg.org Fri Jul 6 12:23:54 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 12:23:54 +0200
Subject: [Announce] GnuPG 2.0.5 released
Message-ID: <87abu925l1.fsf@wheatstone.g10code.de>
Hello!
We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.5.
This is maintenance release with a few bug fixes and support for
building for W32 platforms.
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It can be used to encrypt data, create digital
signatures, help authenticating using Secure Shell and to provide a
framework for public key cryptography. It includes an advanced key
management facility and is compliant with the OpenPGP and S/MIME
standards.
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.7) in that
it splits up functionality into several modules. However, both
versions may be installed alongside without any conflict. In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching. The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time. We will keep maintaining GnuPG-1
versions because they are very useful for small systems and for server
based applications requiring only OpenPGP support.
GnuPG is distributed under the terms of the GNU General Public License
(GPL). GnuPG-2 works best on GNU/Linux or *BSD systems.
What's New
===========
* Switched license to GPLv3.
* Basic support for Windows. Run "./autogen.sh --build-w32" to build
it. As usual the mingw cross compiling toolchain is required.
* Fixed bug when using the --p12-charset without --armor.
* The command --gen-key may now be used instead of the
gpgsm-gencert.sh script.
* Changed key generation to reveal less information about the
machine. Bug fixes for gpg2's card key generation.
Note that we plan to released GnuPG 1.4.8 within the next few weeks.
Getting the Software
====================
Please follow the instructions found at http://www.gnupg.org/download/
or read on:
GnuPG 2.0.5 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
is not available at ftp.gnu.org.
On the FTP server and ist mirrors you should find the following files
in the gnupg/ directory:
gnupg-2.0.5.tar.bz2 (3432k)
gnupg-2.0.5.tar.bz2.sig
GnuPG source compressed using BZIP2 and OpenPGP signature.
gnupg-2.0.4-2.0.5.diff.bz2 (251k)
A patch file to upgrade a 2.0.4 GnuPG source tree. This patch
does not include updates of the language files.
Note, that we don't distribute gzip compressed tarballs.
Checking the Integrity
======================
In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:
* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
signature of the file gnupg-2.0.5.tar.bz2 you would use this command:
gpg --verify gnupg-2.0.5.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by that signing key. Make sure that you have the right key,
either by checking the fingerprint of that key with other sources
or by checking that the key has been signed by a trustworthy other
key. Note, that you can retrieve the signing key using the command
finger wk ,at' g10code.com
or using a keyserver like
gpg --recv-key 1CE0C630
The distribution key 1CE0C630 is signed by the well known key
5B0358A2. If you get an key expired message, you should retrieve a
fresh copy as the expiration date might have been prolonged.
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
* If you are not able to use an old version of GnuPG, you have to verify
the SHA-1 checksum. Assuming you downloaded the file
gnupg-2.0.5.tar.bz2, you would run the sha1sum command like this:
sha1sum gnupg-2.0.5.tar.bz2
and check that the output matches the first line from the
following list:
9435e7fabe525ce943a5818008d412ecad244018 gnupg-2.0.5.tar.bz2
e9ff3b74aaa23e6a8503f7b910e44c0c34eead3b gnupg-2.0.4-2.0.5.diff.bz2
Internationalization
====================
GnuPG comes with support for 27 languages. Due to a lot of new and
changed strings most translations are not entirely complete. The
Swedish, Turkish, German and Russian translations are close to be
complete.
Documentation
=============
We are currently working on an installation guide to explain in more
detail how to configure the new features. As of now the chapters on
gpg-agent and gpgsm include brief information on how to set up the
whole thing. Please watch the GnuPG website for updates of the
documentation. In the meantime you may search the GnuPG mailing list
archives or ask on the gnupg-users mailing lists for advise on how to
solve problems. Many of the new features are around for several years
and thus enough public knowledge is already available. KDE's KMail is
the most prominent user of GnuPG. In fact it has been developed along
with the Kmail folks. Mutt users might want to use the configure
option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make
use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP
support.
The manual is also available online in HTML format at
http://www.gnupg.org/documentation/manuals/gnupg/
and as an PDF at
http://www.gnupg.org/documentation/manuals/gnupg.pdf .
For questions on how to build for W32 you are best advised to ask on the
gnupg-devel mailing list.
Support
=======
Improving GnuPG is costly, but you can help! We are looking for
organizations that find GnuPG useful and wish to contribute back. You
can contribute by reporting bugs, improve the software, or by donating
money.
Commercial support contracts for GnuPG are available, and they help
finance continued maintenance. g10 Code GmbH, a Duesseldorf based
company owned and headed by GnuPG's principal author, is currently
funding GnuPG development. We are always looking for interesting
development projects.
The GnuPG service directory is available at:
http://www.gnupg.org/service.html
Thanks
======
We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word or answering questions on the mailing
lists.
Happy Hacking,
The GnuPG Team (David, Marcus, Werner and all other contributors)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20070706/4ec39c8b/attachment.pgp
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From brian at briansmith.org Fri Jul 6 15:40:01 2007
From: brian at briansmith.org (Brian Smith)
Date: Fri, 6 Jul 2007 20:40:01 +0700
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <87abu925l1.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de>
Message-ID: <003301c7bfd3$2850b110$6501a8c0@Junk>
Werner Koch wrote:
> * Switched license to GPLv3.
Why was the license switched to GPLv3? And, who made this decision?
Thanks,
Brian
From wk at gnupg.org Fri Jul 6 17:10:36 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 17:10:36 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <003301c7bfd3$2850b110$6501a8c0@Junk> (Brian Smith's message of
"Fri, 6 Jul 2007 20:40:01 +0700")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<003301c7bfd3$2850b110$6501a8c0@Junk>
Message-ID: <878x9ty3df.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 15:40, brian at briansmith.org said:
> Why was the license switched to GPLv3? And, who made this decision?
The FSF towers.
Even without being an FSF copyrighted GNU package I would have done
that. The GPLv3 has some weaknesses but it makes some things clearer
and adjusts for the changed legal environment we have encountered over
the last decade. It is a good license.
Salam-Shalom,
Werner
From bahamut at digital-signal.net Fri Jul 6 17:40:40 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Fri, 06 Jul 2007 10:40:40 -0500
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <87abu925l1.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de>
Message-ID: <468E6278.2050801@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Werner Koch wrote:
> * Basic support for Windows.
Could you be more specific?
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo5id/iOA0Bgp4/LAQM5TAgA21HYGzTfNvYFI7k+1EtiX/5Dcllt1SGD
ELdY6zcisntExHjfcih29dVuRVMywaff8v9ZYnbwx3sIabVyVukUAE3ENdcQEsdP
G0ubQC4VPE8/0Trki9eOnTOUlSmq7GXlUY71IXHdiXbyEXrP57VMh32MXi7Uuw3W
3s4oAK/gSZPbXcfecydODzN3a8NUgXzpF7Jf6mk7ue9P0j7XNusjd7pr59KIM1Oh
iO+SsNowlvUKjCJMPzoQvhdtR6wNZ5Z/Mf3p6xqyuau2NhhqRI0jr+Ul0nqMlaFt
MS6o2Wkydtp7U8+2ryE37W8PjHZbuufny38K63PAAAX+tM/xhF23MA==
=sVbs
-----END PGP SIGNATURE-----
From rjh at sixdemonbag.org Fri Jul 6 18:13:53 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 06 Jul 2007 11:13:53 -0500
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <878x9ty3df.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de> <003301c7bfd3$2850b110$6501a8c0@Junk>
<878x9ty3df.fsf@wheatstone.g10code.de>
Message-ID: <468E6A41.6090402@sixdemonbag.org>
Werner Koch wrote:
> Even without being an FSF copyrighted GNU package I would have done
> that.
Speaking of, Werner, I always thought it was a FSF requirement that all
GNU packages have copyright signed over to the FSF. Is GnuPG an
exception to the rule, was some special accomodation reached, what?
From wk at gnupg.org Fri Jul 6 18:24:04 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 18:24:04 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <468E6A41.6090402@sixdemonbag.org> (Robert J. Hansen's message of
"Fri, 06 Jul 2007 11:13:53 -0500")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<003301c7bfd3$2850b110$6501a8c0@Junk>
<878x9ty3df.fsf@wheatstone.g10code.de>
<468E6A41.6090402@sixdemonbag.org>
Message-ID: <87ir8xwlej.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 18:13, rjh at sixdemonbag.org said:
> Speaking of, Werner, I always thought it was a FSF requirement that all
> GNU packages have copyright signed over to the FSF. Is GnuPG an
> exception to the rule, was some special accomodation reached, what?
Well, not all GNU packages but those that make up the core OS. For some
reasons RMS counts GnupG as a core apckage so I assigned the copyright
to the FSF back in 1998.
The only exception is that we host in Europe and used to have only
European developers due to the former US export controls.
Shalom-Salam,
Werner
From alon.barlev at gmail.com Fri Jul 6 18:32:20 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Fri, 6 Jul 2007 19:32:20 +0300
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <87abu925l1.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de>
Message-ID: <9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
On 7/6/07, Werner Koch wrote:
> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG-2
> release: Version 2.0.5.
Hello Werner,
It will be nice if you publish dependency like libassuan and libskba
version requirements (if changed).
Also, you have parallel make issue.
At:
common/Makefile.am you include $(top_srcdir)/am/cmacros.am which defines:
libcommon = ../common/libcommon.a
libcommonpth = ../common/libcommonpth.a
This causes dependency of t-convert to be out of subdir thus fail parallel make.
The following temporary solves the issue:
sed -i 's#\.\./common/libcommon#libcommon#g' common/Makefile.in
Best Regards,
Alon Bar-Lev.
From wk at gnupg.org Fri Jul 6 18:30:03 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 18:30:03 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <468E6278.2050801@digital-signal.net> (Andrew Berg's message of
"Fri, 06 Jul 2007 10:40:40 -0500")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<468E6278.2050801@digital-signal.net>
Message-ID: <87ejjlwl4k.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 17:40, bahamut at digital-signal.net said:
>> * Basic support for Windows.
> Could you be more specific?
Well, you can run gpgsm and also gpg2 on Windows (tested with XPpro).
gpg-agent is fired up as required, gpg-connect-agent works and we will
eventually also make dirmngr work. scdaemon should also work but I have
not tested it. There is a basic pinentry port for native Windows
(pinentry 0.7.3, released today). It not stable enough for production
use but we expect to have the major bugs squished out by November.
Building it is just the usual "./autogen.sh --build-w32" with all libs
already in place. We will do a Gpg4win release next week which includes
all this stuff, although at that time only be useful at the command
line.
Salam-Shalom,
Werner
From wk at gnupg.org Fri Jul 6 19:07:31 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 19:07:31 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
(Alon Bar-Lev's message of "Fri, 6 Jul 2007 19:32:20 +0300")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
Message-ID: <87tzshtq98.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 18:32, alon.barlev at gmail.com said:
> It will be nice if you publish dependency like libassuan and libskba
> version requirements (if changed).
Yeah I know I should have done it. However configure tells you about
this and where to get it. I was pretty busy to release all these other
libs.
> Also, you have parallel make issue.
Yeah, I noticed this but it was too late to fix it. There is a reason
why make does not do parallel builds by default ;-). Will be fixed with
the next released as I have now a dual core box dedicated to testing.
Salam-Shalom,
Werner
From shavital at mac.com Fri Jul 6 19:21:34 2007
From: shavital at mac.com (Charly Avital)
Date: Fri, 06 Jul 2007 20:21:34 +0300
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
References: <87abu925l1.fsf@wheatstone.g10code.de>
<9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
Message-ID: <468E7A1E.8010206@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Alon Bar-Lev wrote the following on 7/6/07 7:32 PM:
[...]
> Hello Werner,
>
> It will be nice if you publish dependency like libassuan and libskba
> version requirements (if changed).
- -------
configure:
*** You need libassuan with Pth support to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version 1.0.2 (API 1) is required).
***
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libksba/
*** (at least version 1.0.2 using API 1 is required).
- -------
After installing the above libraries,
- ---
GnuPG v2.0.5 has been configured as follows:
Platform: Darwin (i386-apple-darwin8.10.1)
OpenPGP: yes
S/MIME: yes
Agent: yes
Smartcard: yes (without internal CCID driver)
Protect tool: (default)
Default agent: (default)
Default pinentry: (default)
Default scdaemon: (default)
Default dirmngr: (default)
PKITS based tests: no
- -------
But, make:
- ------
gcc -DHAVE_CONFIG_H -I. -I.. -I../intl -I/usr/local/include
- -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -Wpointer-arith -MT
utf8conv.o -MD -MP -MF .deps/utf8conv.Tpo -c -o utf8conv.o utf8conv.c
utf8conv.c: In function 'native_to_utf8':
utf8conv.c:386: error: 'ICONV_CONST' undeclared (first use in this function)
utf8conv.c:386: error: (Each undeclared identifier is reported only once
utf8conv.c:386: error: for each function it appears in.)
utf8conv.c:386: error: parse error before 'char'
utf8conv.c: In function 'do_utf8_to_native':
utf8conv.c:652: error: 'ICONV_CONST' undeclared (first use in this function)
utf8conv.c:652: error: parse error before 'char'
utf8conv.c: In function 'jnlib_iconv':
utf8conv.c:727: warning: passing argument 2 of 'libiconv' from
incompatible pointer type
make[2]: *** [utf8conv.o] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
- --------
>
> Also, you have parallel make issue.
> At:
> common/Makefile.am you include $(top_srcdir)/am/cmacros.am which defines:
>
> libcommon = ../common/libcommon.a
> libcommonpth = ../common/libcommonpth.a
>
> This causes dependency of t-convert to be out of subdir thus fail parallel make.
>
> The following temporary solves the issue:
> sed -i 's#\.\./common/libcommon#libcommon#g' common/Makefile.in
The above is way above and beyond my very limited comprehension and
capability.
S.S.
Charly
MacOS 10.4.10 - MacBook Intel C2Duo - GnuPG 1.4.7 - GPG2 2.0.4 -
Thunderbird 2.0.0.0 - Enigmail 0.95.2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo56Gs3GMi2FW4PvAQiZgAf/RaqJFkUlgymDe72CEGlsHspv0rfSKGmD
SO1ZYRJVH+UXQH5GvCJcjUGly/AblZG4GbFLf8QDyV5xgtVgsLSMionmBQe6Qyz2
Ct5Tw6QN/sesSUrbzalL0x9HoAWrm1JSPZROKiK2Jq+gDyhzprLTU5BeQw1RCPOg
cbr1aGrE7AYBLE3Y2ttbe2RcOntkbURvht9sTTRE0req1eaeOfYip1c+MTI/o4HF
jB6GhiQeVX1h13giphmoaQikr7Wd3t7DTi538Ix/EnkPJz8iCtg3tHY03jsjbun6
IU/mUmLi9HrT96gqjyx4Q4ovfbRmnyTO6j7yjjtVzTq/QxdNiOEglg==
=cm9x
-----END PGP SIGNATURE-----
From alon.barlev at gmail.com Fri Jul 6 20:40:29 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Fri, 6 Jul 2007 21:40:29 +0300
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <87ejjlwl4k.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de>
<468E6278.2050801@digital-signal.net>
<87ejjlwl4k.fsf@wheatstone.g10code.de>
Message-ID: <9e0cf0bf0707061140n4ab6747i905fb2662169632e@mail.gmail.com>
On 7/6/07, Werner Koch wrote:
> (pinentry 0.7.3, released today). It not stable enough for production
Any more surprises?
BTW: You ignored all patches from:
https://bugs.g10code.com/gnupg/issue798
Alon.
From bahamut at digital-signal.net Fri Jul 6 22:40:23 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Fri, 06 Jul 2007 15:40:23 -0500
Subject: Not sure how to build w32pth
Message-ID: <468EA8B7.8020300@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
If I run ./configure, it tells me it can only build for w32.
If I run ./autogen.sh --build-w32, it tells me to run make distclean.
If I run make distclean, it tells me there is no rule for distclean
and stops.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo6otviOA0Bgp4/LAQM4zAgAqr4tXNpnLoVIx2pBOe6dUBG+hvMeLPH7
r/d32Bd0fKntsRdA96ABOX+NKsRH5iVpeY/ZttxThyTNn0hkB0QNZ3mxO1hpr/x6
5cXczhoN8gU+QnTG2q6FkOkmfk8wZtW+n8A5YiM9lI/ThxozqiQUBv+7yOYY0wEN
nJ/AuvgFTgvUWyRmU4FUcl1sKwMfYZoov19LPVT254AFgLnu1jLC3Cyt+EQnGUJl
MHMl79fH8ZlM4r52iPElov/bhn5WsiAm9xkLYG0+C8t/V5i8J8UJ8wtViAM2XkiT
UieL98OGSyLmYclhigSNzlqOhLUMVoQpwSsryYy+zB0hBpMWyieRVw==
=fYbH
-----END PGP SIGNATURE-----
From mlisten at hammernoch.net Fri Jul 6 23:12:53 2007
From: mlisten at hammernoch.net (=?ISO-8859-15?Q?Ludwig_H=FCgelsch=E4fer?=)
Date: Fri, 06 Jul 2007 23:12:53 +0200
Subject: Cross Compile gnupg 1.4.7 on a Mac PPC for Mac Intel?
Message-ID: <468EB055.7050205@hammernoch.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
did sombody succeed in cross compiling gnupg 1.4-series on a PPC-Mac for
an Intel Mac? (both run Mac OS X 10.4.10)?
If yes, what would I have to consider? Any specific configure-switches?
TIA
Ludwig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo6wVFYnpxVXVowdAQrB3ggAxxzwSNxUherrL/JUrZCHCuZVA9G6CRw9
5YglcdDF4ufNLL5bFhRAyidSutdD5GzQAl7uuu86GdEnxI8vtIbhHxFIX2j/F0x2
ebUd45g/NRX7vrAs4w2tVEE6C6IhV86pmrnesBGPMW7gP+6nx/OBqHVTtV+eKOV/
6aBLzceHUxvMK7gC/Tz7qpP/orNSQcUV0cy/7J2whHReMjYze74RU6Yo4SffdXoX
Y5klh3LRByo0YDxZYa2bXopUEQg4WJ4ji1jJnSkkXJI9bFgrEfs6w4nzVcD8665q
CQ9ww8Hd8Ia26UG3/fTcupODjymr82sahcjBF1ug/0Ara0EKr2sU3w==
=jn5w
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Sat Jul 7 01:37:56 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 6 Jul 2007 19:37:56 -0400
Subject: Cross Compile gnupg 1.4.7 on a Mac PPC for Mac Intel?
In-Reply-To: <468EB055.7050205@hammernoch.net>
References: <468EB055.7050205@hammernoch.net>
Message-ID: <20070706233756.GB2896@jabberwocky.com>
On Fri, Jul 06, 2007 at 11:12:53PM +0200, Ludwig H?gelsch?fer wrote:
> Hi,
>
> did sombody succeed in cross compiling gnupg 1.4-series on a PPC-Mac for
> an Intel Mac? (both run Mac OS X 10.4.10)?
>
> If yes, what would I have to consider? Any specific configure-switches?
It's in the README:
Building Universal Binaries on Apple OS X
-----------------------------------------
You can build a universal ("fat") binary that will work on both
PPC and Intel Macs with something like:
./configure CFLAGS="-arch ppc -arch i386" --disable-endian-check \
--disable-dependency-tracking --disable-asm
If you are doing the build on a OS X 10.4 (Tiger) PPC machine you
may need to add "-isysroot /Developer/SDKs/MacOSX10.4u.sdk" to
those CFLAGS. Note that any third-party libraries you may link
with need to be universal as well. All Apple-supplied libraries
(even libraries not originally written by Apple like curl, zip,
and BZ2) are universal.
David
From mlisten at hammernoch.net Sat Jul 7 15:37:34 2007
From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=)
Date: Sat, 07 Jul 2007 15:37:34 +0200
Subject: Cross Compile gnupg 1.4.7 on a Mac PPC for Mac Intel?
In-Reply-To: <20070706233756.GB2896@jabberwocky.com>
References: <468EB055.7050205@hammernoch.net>
<20070706233756.GB2896@jabberwocky.com>
Message-ID: <468F971E.1000600@hammernoch.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
David Shaw wrote on 07.07.2007 1:37 Uhr:
> On Fri, Jul 06, 2007 at 11:12:53PM +0200, Ludwig H?gelsch?fer wrote:
>> Hi,
>>
>> did sombody succeed in cross compiling gnupg 1.4-series on a PPC-Mac for
>> an Intel Mac? (both run Mac OS X 10.4.10)?
>>
>> If yes, what would I have to consider? Any specific configure-switches?
>
> It's in the README:
> (...)
Thanks a lot, configure and make ran smoothly and the binaries are
running on both platforms!
Ludwig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo+XHVYnpxVXVowdAQrbTAf+KHT8cDgUZ5p4VLZAJrEv5dRWYvO16mlC
UGm2zurTZ/tglZ7GX1y4J6C5yWq/Yzvngr8fQo0LKARMtiU19ILRHMdtqzawbA58
zt+EZIo51/L8urhp1mRLWyLvNHxvB3XETuTu18xt5W7nvyHrNekxZ2iiCuqQnfEz
myEttkcJfnkiuTjsVJMkA4iQFOHfVZPKE70+SsBBkO74lZ30oOd+y04/S9uoEx89
bhIrDGqWjmZKcK+hkR7GLy5zWx6imQIKO0YKYHyUFIlgpD5nuXo1NnAJV1TwCVPW
EFDLr8/E98tiHOhxmhRLXi2D6prDNmBm/qQYKtaMTUtUtHVB5yMkNA==
=C+zx
-----END PGP SIGNATURE-----
From wk at gnupg.org Mon Jul 9 08:55:08 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 09 Jul 2007 08:55:08 +0200
Subject: Not sure how to build w32pth
In-Reply-To: <468EA8B7.8020300@digital-signal.net> (Andrew Berg's message of
"Fri, 06 Jul 2007 15:40:23 -0500")
References: <468EA8B7.8020300@digital-signal.net>
Message-ID: <87myy6t6b7.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 22:40, bahamut at digital-signal.net said:
> If I run ./configure, it tells me it can only build for w32.
> If I run ./autogen.sh --build-w32, it tells me to run make distclean.
> If I run make distclean, it tells me there is no rule for distclean
> and stops.
It is a very simple test to avoid bulding with an unclean tree. Just
remove config.log .
Shalom-Salam,
Werner
From wk at gnupg.org Mon Jul 9 09:39:51 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 09 Jul 2007 09:39:51 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <9e0cf0bf0707061140n4ab6747i905fb2662169632e@mail.gmail.com>
(Alon Bar-Lev's message of "Fri, 6 Jul 2007 21:40:29 +0300")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<468E6278.2050801@digital-signal.net>
<87ejjlwl4k.fsf@wheatstone.g10code.de>
<9e0cf0bf0707061140n4ab6747i905fb2662169632e@mail.gmail.com>
Message-ID: <877ipaja9k.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 20:40, alon.barlev at gmail.com said:
> BTW: You ignored all patches from:
> https://bugs.g10code.com/gnupg/issue798
Sorry. Applied right now.
Shalom-Salam,
Werner
From wk at gnupg.org Mon Jul 9 09:47:02 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 09 Jul 2007 09:47:02 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <468E7A1E.8010206@mac.com> (Charly Avital's message of "Fri, 06
Jul 2007 20:21:34 +0300")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
<468E7A1E.8010206@mac.com>
Message-ID: <873azyj9xl.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 19:21, shavital at mac.com said:
> utf8conv.c:386: error: 'ICONV_CONST' undeclared (first use in this function)
Ah yes, you build without NLS (gettext) support. Probably because GNU
gettext is not installed on your machine. I have removed the included
copy of gettext as it is not justified anymore (there are so many
requirements now that this extra one does not really make it worse).
Unfortunately, the test for iconv is only run if gettext support is
requested. I have changed that now.
The workaround is to add a line
/* Define as const if the declaration of iconv() needs const. */
#define ICONV_CONST
to config.h after running configure.
Salam-Shalom,
Werner
From guillaume.yziquel at free.fr Mon Jul 9 11:14:06 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Mon, 09 Jul 2007 11:14:06 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
Message-ID: <4691FC5E.1010803@free.fr>
Hello list.
I'm into trouble again. I'm still on this svn+ssh+gpg-agent+smartcard
problem. I'm not using pcscd any more, but scdaemon, which used to work
fine. I do not recall having done anything special that might have
broken things up.
However, I get the following kind of error messages while trying to use
svn + ssh + gnupg-agent + smartcard:
> yziquel at seldon:~/svn$ svn update
It then pops some gtk pinentry program, and I entered my pin inside.
> Agent admitted failure to sign using the key.
> gyzmo at server.domain.org's password:
Below are some logs. gpg-agent.log and scdaemon.log.
Some interesting error messages in these logs are:
> 2007-07-09 10:44:20 gpg-agent[3881] starting a new PIN Entry
> 2007-07-09 10:44:20 gpg-agent[3881] DBG: connection to PIN entry established
> 2007-07-09 10:44:25 gpg-agent[3881] smartcard signing failed: ?l?ment manquant dans l'objet
and
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: usb_bulk_read error: Ressource temporairement non disponible
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bulk-in seqno does not match (1/0)
and
> 2007-07-09 10:44:25 scdaemon[4315] verify CHV2 failed: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 scdaemon[4315] operation auth result: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 scdaemon[4315] app_auth_sign failed: ?l?ment manquant dans l'objet
> scdaemon[4315.0] DBG: -> ERR 100663364 ?l?ment manquant dans l'objet
I thank you for all the help you guys have and might lend me.
Guillaume Yziquel.
> yziquel at seldon:~/var/log$ tail -n 50 gpg-agent.log
> 2007-07-09 10:36:09 gpg-agent[3876] listening on socket `/tmp/gpg-qkcjVL/S.gpg-agent'
> 2007-07-09 10:36:09 gpg-agent[3876] listening on socket `/tmp/gpg-k5aAuE/S.gpg-agent.ssh'
> 2007-07-09 10:37:14 gpg-agent[3877] ssh handler 0x651790 for fd 8 started
> 2007-07-09 10:37:14 gpg-agent[3877] ssh request handler for request_identities (11) started
> 2007-07-09 10:37:14 gpg-agent[3877] no running SCdaemon - starting it
> 2007-07-09 10:37:15 gpg-agent[3877] DBG: first connection to SCdaemon established
> 2007-07-09 10:37:15 gpg-agent[3877] DBG: additional connections at `/tmp/gpg-VXmdX8/S.scdaemon'
> 2007-07-09 10:37:16 gpg-agent[3877] ssh request handler for request_identities (11) ready
> 2007-07-09 10:37:16 gpg-agent[3877] ssh handler 0x651790 for fd 8 terminated
> 2007-07-09 10:37:16 gpg-agent[3877] SIGUSR2 received - checking smartcard status
> 2007-07-09 10:37:25 gpg-agent[3877] ssh handler 0x65c540 for fd 8 started
> 2007-07-09 10:37:25 gpg-agent[3877] ssh request handler for request_identities (11) started
> 2007-07-09 10:37:25 gpg-agent[3877] new connection to SCdaemon established (reusing)
> 2007-07-09 10:37:25 gpg-agent[3877] ssh request handler for request_identities (11) ready
> 2007-07-09 10:37:25 gpg-agent[3877] ssh request handler for sign_request (13) started
> 2007-07-09 10:37:25 gpg-agent[3877] DBG: detected card with S/N D2760001240101010001000007180000
> 2007-07-09 10:37:25 gpg-agent[3877] starting a new PIN Entry
> 2007-07-09 10:37:26 gpg-agent[3877] DBG: connection to PIN entry established
> 2007-07-09 10:37:28 gpg-agent[3877] smartcard signing failed: Erreur d'entr?e/sortie
> 2007-07-09 10:37:28 gpg-agent[3877] ssh request handler for sign_request (13) ready
> 2007-07-09 10:37:33 gpg-agent[3877] ssh handler 0x65c540 for fd 8 terminated
> 2007-07-09 10:37:36 gpg-agent[3877] ssh handler 0x65c540 for fd 8 started
> 2007-07-09 10:37:36 gpg-agent[3877] ssh request handler for request_identities (11) started
> 2007-07-09 10:37:36 gpg-agent[3877] new connection to SCdaemon established (reusing)
> 2007-07-09 10:37:36 gpg-agent[3877] ssh request handler for request_identities (11) ready
> 2007-07-09 10:37:37 gpg-agent[3877] ssh request handler for sign_request (13) started
> 2007-07-09 10:37:37 gpg-agent[3877] DBG: detected card with S/N D2760001240101010001000007180000
> 2007-07-09 10:37:37 gpg-agent[3877] starting a new PIN Entry
> 2007-07-09 10:37:37 gpg-agent[3877] DBG: connection to PIN entry established
> 2007-07-09 10:37:39 gpg-agent[3877] smartcard signing failed: Erreur d'entr?e/sortie
> 2007-07-09 10:37:39 gpg-agent[3877] ssh request handler for sign_request (13) ready
> 2007-07-09 10:37:52 gpg-agent[3877] ssh handler 0x65c540 for fd 8 terminated
> 2007-07-09 10:38:54 gpg-agent[3877] SIGTERM received - shutting down ...
> 2007-07-09 10:38:54 gpg-agent[3877] gpg-agent (GnuPG) 2.0.4 stopped
> 2007-07-09 10:40:56 gpg-agent[3880] listening on socket `/tmp/gpg-wayu32/S.gpg-agent'
> 2007-07-09 10:40:56 gpg-agent[3880] listening on socket `/tmp/gpg-vRKsdY/S.gpg-agent.ssh'
> 2007-07-09 10:44:17 gpg-agent[3881] ssh handler 0x651790 for fd 8 started
> 2007-07-09 10:44:17 gpg-agent[3881] ssh request handler for request_identities (11) started
> 2007-07-09 10:44:17 gpg-agent[3881] no running SCdaemon - starting it
> 2007-07-09 10:44:18 gpg-agent[3881] DBG: first connection to SCdaemon established
> 2007-07-09 10:44:18 gpg-agent[3881] DBG: additional connections at `/tmp/gpg-FUmNMV/S.scdaemon'
> 2007-07-09 10:44:19 gpg-agent[3881] ssh request handler for request_identities (11) ready
> 2007-07-09 10:44:20 gpg-agent[3881] SIGUSR2 received - checking smartcard status
> 2007-07-09 10:44:20 gpg-agent[3881] ssh request handler for sign_request (13) started
> 2007-07-09 10:44:20 gpg-agent[3881] DBG: detected card with S/N D2760001240101010001000007180000
> 2007-07-09 10:44:20 gpg-agent[3881] starting a new PIN Entry
> 2007-07-09 10:44:20 gpg-agent[3881] DBG: connection to PIN entry established
> 2007-07-09 10:44:25 gpg-agent[3881] smartcard signing failed: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 gpg-agent[3881] ssh request handler for sign_request (13) ready
> 2007-07-09 10:44:30 gpg-agent[3881] ssh handler 0x651790 for fd 8 terminated
> yziquel at seldon:~/var/log$
> yziquel at seldon:~/var/log$ tail -n 150 scdaemon.log
> 2007-07-09 10:38:51 scdaemon[4174] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-09 10:38:53 scdaemon[4174] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-09 10:38:54 scdaemon[4174] SIGTERM received - shutting down ...
> scdaemon[4174.0] DBG: <- [EOF]
> 2007-07-09 10:38:54 scdaemon[4174] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-09 10:38:54 scdaemon[4174] handler for fd -1 terminated
> 2007-07-09 10:38:55 scdaemon[4174] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-09 10:38:55 scdaemon[4174] scdaemon (GnuPG) 2.0.0 stopped
> 2007-07-09 10:44:17 scdaemon[4315] listening on socket `/tmp/gpg-FUmNMV/S.scdaemon'
> 2007-07-09 10:44:17 scdaemon[4315] handler for fd -1 started
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:21120706318555:0)
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0518
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: ChipCard Interface Descriptor:
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bLength 54
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bDescriptorType 33
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bcdCCID 1.00
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: nMaxSlotIndex 0
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bVoltageSupport 1 5.0V
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwProtocols 3 T=0 T=1
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwDefaultClock 4000
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMaxiumumClock 12000
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bNumClockSupported 0
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwDataRate 9600 bps
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMaxDataRate 307200 bps
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bNumDataRatesSupp. 0
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMaxIFSD 252
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwSyncProtocols 00000000
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMechanical 00000000
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwFeatures 000100BA
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto configuration based on ATR
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto voltage selection
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto clock change
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto baud rate change
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto PPS made by CCID
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: TPDU level exchange
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMaxCCIDMsgLen 263
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bClassGetResponse echo
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bClassEnvelope echo
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: wlcdLayout none
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bPINSupport 0
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bMaxCCIDBusySlots 1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: usb_bulk_read error: Ressource temporairement non disponible
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bulk-in seqno does not match (1/0)
> 2007-07-09 10:44:18 scdaemon[4315] reader slot 0: using ccid driver
> scdaemon[4315.0] DBG: -> OK GNU Privacy Guard's Smartcard server ready
> scdaemon[4315.0] DBG: <- GETINFO socket_name
> scdaemon[4315.0] DBG: -> D /tmp/gpg-FUmNMV/S.scdaemon
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- OPTION event-signal=12
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- GETATTR $AUTHKEYID
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
> data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
> data: 11 10 00 45 00 80 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 04 00 00 01 11 10 00 45 00 80 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: protocol ..........: T=1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bmFindexDindex ....: 11
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bmTCCKST1 .........: 10
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bGuardTimeT1 ......: 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bmWaitingIntegersT1: 45
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bClockStop ........: 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bIFSC .............: 128
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bNadValue .........: 0
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 61 07 00 00 00 00 05 01 00 00 11 10 00 45 00 80 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
> data: 11 10 00 45 00 80 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 05 00 00 00 00 06 00 00 00 00 C1 01 FC 3C
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
> data: 00 E1 01 FC 1C
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: IFSD has been set to 252
> 2007-07-09 10:44:18 scdaemon[4315] reader slot 0: using ccid driver
> 2007-07-09 10:44:18 scdaemon[4315] slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 0B 00 00 00 00 07 04 00 00 00 00 07 00 A4 00 0C 02 3F 00 92
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 02 6B 00 69
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 0F 00 00 00 00 08 04 00 00 00 40 0B 00 A4 04 00 06 D2 76 00 01 24 01 6D
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 40 16 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00 00 07 18 00 00 90 00 B1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 09 00 00 00 00 09 04 00 00 00 00 05 00 CA 00 4F 00 80
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 12 D2 76 00 01 24 01 01 01 00 01 00 00 07 18 00 00 90 00 1C
> 2007-07-09 10:44:18 scdaemon[4315] AID: D2 76 00 01 24 01 01 01 00 01 00 00 07 18 00 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 09 00 00 00 00 0A 04 00 00 00 40 05 00 CA 00 C4 00 4B
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 40 09 00 FE FE FE 03 03 03 90 00 24
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 09 00 00 00 00 0B 04 00 00 00 00 05 00 CA 00 6E 00 A1
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 CB 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 07 18 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 4F A3 06 33 5A 23 5A 0F 63 33 A8 51 1D 09 F4 65 40 EC 28 AA C6 EC 8D 12 06 3A BF 38 6B EB 08 1C E2 8C 31 A5 64 27 AB B6 8A B1 09 98 8F 69 59 24 46 AC 1E EF F9 BB EF 44 06 CA D9 AE C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 46 0A 3E 14 46 0A 3E 29 46 0A 3E 27 5E 07 79 7A 69 71 75 65 6C 90 00 AB
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: sending 6F 09 00 00 00 00 0C 04 00 00 00 40 05 00 CA 00 5E 00 D1
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 40 09 79 7A 69 71 75 65 6C 90 00 BE
> scdaemon[4315.0] DBG: -> S $AUTHKEYID OPENPGP.3
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- GETATTR SERIALNO
> scdaemon[4315.0] DBG: -> S SERIALNO D2760001240101010001000007180000
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- READKEY OPENPGP.3
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: sending 6F 0B 00 00 00 00 0D 04 00 00 00 00 07 00 47 81 00 02 A4 00 67
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 8F 7F 49 81 89 81 81 80 BE E5 C7 82 2C 36 7D 9B 25 6D BB 97 40 BD AD B4 61 97 DC 15 D7 5F 85 90 53 16 E1 A4 90 D2 82 C6 B0 C7 73 51 CA 30 10 16 C2 3D 7E 00 77 11 C1 74 A6 03 45 60 7A 6A 8B 16 55 C8 26 1B 5A D7 07 EB 2F 29 E8 39 35 0E 00 C4 38 B3 8C D8 0D BE 69 5C C0 00 D8 6E F5 EF 20 60 BE 0B EE 94 9E 4B AA AB F5 B0 30 E9 8D 99 DD 0C 6B 0F B2 9C ED B7 1E 25 E8 A7 0B 6B 95 24 E5 7F 80 E9 DB 66 14 F1 43 09 82 04 E1 A9 D5 BD 90 00 BD
> scdaemon[4315.0] DBG: -> [ 44 20 28 31 30 3a 70 75 62 6c 69 63 ...(168 bytes skipped) ]
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- GETATTR $DISPSERIALNO
> scdaemon[4315.0] DBG: -> S $DISPSERIALNO 000100000718
> scdaemon[4315.0] DBG: -> OK
> 2007-07-09 10:44:19 scdaemon[4315] updating status of slot 0 to 0x0007
> 2007-07-09 10:44:20 scdaemon[4315] client pid is 3881, sending signal 12
> scdaemon[4315.0] DBG: <- SERIALNO
> scdaemon[4315.0] DBG: -> S SERIALNO D2760001240101010001000007180000 0
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- SETDATA 3021300906052B0E03021A0500041443C3B6F3A1D73168E08A9E2EC4D73938A73FC282
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- PKAUTH OPENPGP.3
> 2007-07-09 10:44:20 scdaemon[4315] DBG: asking for PIN 'PIN'
> scdaemon[4315.0] DBG: -> INQUIRE NEEDPIN PIN
> scdaemon[4315.0] DBG: <- [ 44 20 34 30 36 31 34 32 00 00 00 00 ...(80 bytes skipped) ]
> scdaemon[4315.0] DBG: <- END
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
> data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
> data: 11 10 00 45 00 80 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 13 00 00 01 11 10 00 45 00 80 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: protocol ..........: T=1
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bmFindexDindex ....: 11
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bmTCCKST1 .........: 10
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bGuardTimeT1 ......: 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bmWaitingIntegersT1: 45
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bClockStop ........: 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bIFSC .............: 128
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bNadValue .........: 0
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: sending 61 07 00 00 00 00 14 01 00 00 11 10 00 45 00 80 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
> data: 11 10 00 45 00 80 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: sending 6F 05 00 00 00 00 15 00 00 00 00 C1 01 FC 3C
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
> data: 00 E1 01 FC 1C
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: IFSD has been set to 252
> 2007-07-09 10:44:25 scdaemon[4315] reader slot 0: using ccid driver
> 2007-07-09 10:44:25 scdaemon[4315] slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: sending 6F 0F 00 00 00 00 16 04 00 00 00 00 0B 00 20 00 82 06 34 30 36 31 34 32 AA
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 02 6A 88 E0
> 2007-07-09 10:44:25 scdaemon[4315] verify CHV2 failed: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 scdaemon[4315] operation auth result: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 scdaemon[4315] app_auth_sign failed: ?l?ment manquant dans l'objet
> scdaemon[4315.0] DBG: -> ERR 100663364 ?l?ment manquant dans l'objet
> scdaemon[4315.0] DBG: <- RESTART
> scdaemon[4315.0] DBG: -> OK
> yziquel at seldon:~/var/log$
From guillaume.yziquel at free.fr Mon Jul 9 11:24:42 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Mon, 09 Jul 2007 11:24:42 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <4691FC5E.1010803@free.fr>
References: <4691FC5E.1010803@free.fr>
Message-ID: <4691FEDA.7060008@free.fr>
Guillaume Yziquel a ?crit :
> Hello list.
>
> I'm into trouble again. I'm still on this svn+ssh+gpg-agent+smartcard
> problem. I'm not using pcscd any more, but scdaemon, which used to work
> fine. I do not recall having done anything special that might have
> broken things up.
Sorry. Made a mistake. Everything is now fine. The smartcard was not
correctly inserted, and even plugging out and back in, it was
incorrectly inserted in the smartcard reader. False negatives...
Guillaume Yziquel.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 370 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070709/d77cef95/attachment.pgp
From marcus.brinkmann at ruhr-uni-bochum.de Mon Jul 9 15:46:30 2007
From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann)
Date: Mon, 09 Jul 2007 15:46:30 +0200
Subject: [Announce] GPGME 1.1.5 released
Message-ID: <87myy5heq1.wl%marcus.brinkmann@ruhr-uni-bochum.de>
Hi,
We are pleased to announce version 1.1.5 of GnuPG Made Easy,
a library designed to make access to GnuPG easier for applications.
It may be found in the file (about 907 KB/697 KB compressed)
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5.tar.gz
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5.tar.bz2
The following files are also available:
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5.tar.gz.sig
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5.tar.bz2.sig
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.4-1.1.5.diff.gz
It should soon appear on the mirrors listed at:
http://www.gnupg.org/mirrors.html
Bug reports and requests for assistance should be sent to:
gnupg-devel at gnupg.org
The sha1sum checksums for this distibution are
364399bb53ba93373c64b9270a567dcb263fdf3c gpgme-1.1.4-1.1.5.diff.bz2
dc2744b4555192546566bba754e708991677badc gpgme-1.1.5.tar.bz2
cdc16881e84ba475b761225707e2f198352395dd gpgme-1.1.5.tar.bz2.sig
428d0faee47509e69ce95620d5075579296cb884 gpgme-1.1.5.tar.gz
34968a0b335d876c4ab05899b23078badedd319e gpgme-1.1.5.tar.gz.sig
Noteworthy changes in version 1.1.5 (2007-07-09)
------------------------------------------------
* Bug and portability fixes (mainly for W32).
Marcus Brinkmann
mb at g10code.de
--
g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459
H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch
D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From james at freecharity.org.uk Mon Jul 9 16:52:34 2007
From: james at freecharity.org.uk (James Davis)
Date: Mon, 09 Jul 2007 15:52:34 +0100
Subject: Generating an authentication key for smart card
Message-ID: <46924BB2.9010309@freecharity.org.uk>
I've been playing with generating keys for transferal to a smart card.
This way I can make backups of my keys by exporting them before placing
them on the card.
Creating 1024-bit RSA keys for signing and encryption is straight
forward enough but what do I need to do to generate a (sub?)key to use
for authentication which I can later transfer to the card? Or am I
forced to create an authentication key on the card?
Thanks,
James
--
http://www.freecharity.org.uk/ - Free IT services for charities
http://www.freecharity.org.uk/wiki/ - The VCSWiki
From wk at gnupg.org Mon Jul 9 18:53:01 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 09 Jul 2007 18:53:01 +0200
Subject: Generating an authentication key for smart card
In-Reply-To: <46924BB2.9010309@freecharity.org.uk> (James Davis's message of
"Mon, 09 Jul 2007 15:52:34 +0100")
References: <46924BB2.9010309@freecharity.org.uk>
Message-ID: <87hcodcydu.fsf@wheatstone.g10code.de>
On Mon, 9 Jul 2007 16:52, james at freecharity.org.uk said:
> Creating 1024-bit RSA keys for signing and encryption is straight
> forward enough but what do I need to do to generate a (sub?)key to use
> for authentication which I can later transfer to the card? Or am I
> forced to create an authentication key on the card?
Use "addkey" to create a new subkey, select "RSA (set your own
capabilities)", toggle the capabilities until they are as you want them.
after the key has been created, save start --edit-key again, select that
subkey and use the "keytocard" command to store the key on the card.
You need to do this in --export mode of course.
Salam-Shalom,
Werner
From danielkaminsky at web.de Tue Jul 10 10:47:49 2007
From: danielkaminsky at web.de (Daniel Kaminsky)
Date: Tue, 10 Jul 2007 10:47:49 +0200
Subject: gpgsm - "middle"-certificates
Message-ID: <200707101047.50545.danielkaminsky@web.de>
Hello,
I am able to sign and or encrpyt my mails. To do this, I have ordered an
demonstration certificate from GlobalSign. Their root certificate is
installed in most browsers and mail readers.
The problem I have, is that the "middle"-certificates, i.e. the certificates
in the chain between my user certificate and the root certificate, are not
sent along. This results in complaints about not being able to verify my
signature.
Is there any possibility to send these certificates along?
I use KMail (which uses Kleopatra) and gpgsm.
Thanks a lot in advance for any answer.
Regards, Daniel
From wk at gnupg.org Tue Jul 10 16:40:54 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 10 Jul 2007 16:40:54 +0200
Subject: [Announce] Gpg4win 1.1.1 released
Message-ID: <87644s724p.fsf@wheatstone.g10code.de>
Hi!
We are pleased to announce the availability of Gpg4win, version 1.1.1.
This is a maintenance release. It fixes a bug introduced with the last
release (problems using gpg via %PATH%), prepares the road for future
support of the S/MIME protocol and updates Sylpheed-Claws to its current
stable version.
About Gpg4win
-------------
The Gpg4win project aims at updating the Gpg4win Windows installation
package with GnuPG encryption tool, associated applications and
documentation on a regular basis. Especially the documentation
(handbooks "Novices", "Einsteiger" and "Durchblicker") are directly
maintained as part of the gpg4win project.
It is an international project. Due to the origin of the project the
German language is fully supported. People helping with translations
are very welcome!
The main difference compared to all other similar approaches (mainly
GnuPP, GnuPT, Windows Privacy Tools and GnuPG-Basics) is that the first
thing developed was the Gpg4win-Builder. This builder allows to easily
create new gpg4win.exe installers with updated components.
The builder runs on any decent Unix system, preferable Debian GNU/Linux.
Almost all products are automatically cross-compiled for integration
into the installer. With this concept it is hoped to prevent quick
aging of the installer package. This is due to easier updating and less
dependancy on single developers.
Noteworthy changes in version 1.1.1 (2007-07-10)
------------------------------------------------
* Replaced Sylpheed-Claws by a current Claws-Mail package.
* Add command line tools for CMS (S/MIME) to the standard installer.
* Translations of the installer are now done in the usual GNU gettext
way.
* Fixed a couple of bugs.
* Included components are:
GnuPG: 1.4.7
GnuPG2: 2.0.5 [*]
GPA: 0.7.6
GPGol: 0.9.91
GPGee: 1.3.1
WinPT: 1.2.0
Claws-Mail: 2.10.0 [*]
Novices: 1.0.0
Einsteiger: 2.0.2
Durchblicker: 2.0.2
(Marked packages are updated since the last release)
Future Work
-----------
* We are currently working on integrating S/MIME support into Claws-Mail.
* IMAP support for Claws-Mail is also in the works.
Using GPG via %PATH%
--------------------
As of version 1.1.0, Gpg4win updates the PATH variable to include a new
public directory containing the command line tools of Gpg4win. To avoid
having a bunch of DLLs in the PATH a special wrapper is used to access
these tools. With this release the wrapper should actually work and
allows access to gpg, gpgsm and gpg-connect-agent from anywhere in the
system without the need to know where Gpg4win has been installed.
Developers of frontends making use of Gpg4win might want to avoid the
use of these wrappers. A hidden option in the wrapper makes the actual
used binary available. For example, running "gpg --version --version"
will print the following to stdout if the wrapper is being used:
gpgwrap (Gpg4win) 1.1.1 ;C:\Programme\GNU\GnuPG\gpg.exe
gpg (GnuPG) 1.4.7
....
The string after the semicolon to the end of the first line may be used
for future invocations of gpg.exe.
Installation
------------
For installation instructions, please visit http://www.gpg4win.org or
read on.
Developers who want to *build an installer* need to get the following
files from http://wald.intevation.org/projects/gpg4win/ :
gpg4win-1.1.1.tar.bz2 (4.3M)
gpg4win-1.1.1.tar.bz2.sig
The second file is a digital signature of the the first file. Either
check that this signature is fine or compare with the checksums given
below. (see also http://www.gnupg.org/download/integrity_check.html)
The *ready to use installer* is available at:
http://ftp.gpg4win.org/gpg4win-1.1.1.exe (9.0M)
http://ftp.gpg4win.org/gpg4win-1.1.1.exe.sig
Or using the ftp protocol at:
ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.1.0.exe (9.0M)
ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.1.0.exe.sig
SHA1 and MD5 checksums for these files are given below.
If you don't need the manuals or the GnuPG2 command line tools for
S/MIME, you might alternatively download the "light" version of the
installer:
http://ftp.gpg4win.org/gpg4win-light-1.1.1.exe (5.7M)
http://ftp.gpg4win.org/gpg4win-light-1.1.1.exe.sig
or using FTP at:
ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.1.1.exe (5.7M)
ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.1.1.exe.sig
A separate installer with the the sources used to build the above
installer is available at:
ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.1.1.exe (57M)
ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.1.1.exe.sig
Most people don't need this source installer; it is merely stored on
that server to satisfy the conditions of the GPL. In general it is
better to get the gpg4win builder tarball (see above) and follow the
instructions in the README to build new installers; building the
installer is not possible on Windows machines and works best on
current Debian GNU/Linux systems (we use the mingw32 package from
Sid).
SHA1 checksums are:
14ce65038cc6814649bf17be136271da7dd6bbeb gpg4win-1.1.1.exe
7bc5dea3eb3b1f90898dc881fbc882fb04aa44af gpg4win-light-1.1.1.exe
6ce77994eb181cca823d9c28444cd7b95f0c1af3 gpg4win-src-1.1.1.exe
8ffcaac64751f4df6e4e8f42be682845ee7da579 gpg4win-1.1.1.tar.bz2
MD5 checksums are:
b7d78ac0fadf49725dcb99e764a99bd3 gpg4win-1.1.1.exe
bb80feedfeb8bd5187bd43d53bfdf4d5 gpg4win-light-1.1.1.exe
9e565ffd67eeb66fed78fada3c92260d gpg4win-src-1.1.1.exe
b6c4fb52319b1d10b0fde01b71297218 gpg4win-1.1.1.tar.bz2
If you have problems downloading the above files, you may try the mirror
server http://ftp.no.gpg4win.org/pub/gpg4win/ .
We like to thank the authors of the included packages, the NSIS authors,
all other contributors and first of all, those folks who stayed with us
and tested the early releases of gpg4win.
To help furthering this project, please consider to sponsor the
development. See http://www.gpg4win.org .
Happy hacking,
The Gpg4win hackers
--
g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459
H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch
D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20070710/ac700c15/attachment.pgp
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From wk at gnupg.org Tue Jul 10 17:48:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 10 Jul 2007 17:48:45 +0200
Subject: gpgsm - "middle"-certificates
In-Reply-To: <200707101047.50545.danielkaminsky@web.de> (Daniel Kaminsky's
message of "Tue, 10 Jul 2007 10:47:49 +0200")
References: <200707101047.50545.danielkaminsky@web.de>
Message-ID: <87fy3w5kf6.fsf@wheatstone.g10code.de>
On Tue, 10 Jul 2007 10:47, danielkaminsky at web.de said:
> I am able to sign and or encrpyt my mails. To do this, I have ordered an
> demonstration certificate from GlobalSign. Their root certificate is
> installed in most browsers and mail readers.
> The problem I have, is that the "middle"-certificates, i.e. the certificates
> in the chain between my user certificate and the root certificate, are not
> sent along. This results in complaints about not being able to verify my
> signature.
They should install these certificates or you can end them along; Kmail
has an option in the crypto backend for this which is actually
@item --include-certs @var{n}
@opindex include-certs
Using @var{n} of -2 includes all certificate except for the root cert,
-1 includes all certs, 0 does not include any certs, 1 includes only
the signers cert (this is the default) and all other positive
values include up to @var{n} certificates starting with the signer cert.
So might want to set this to 2.
Salam-Shalom,
Werner
From dara.parsavand at boeing.com Tue Jul 10 23:21:15 2007
From: dara.parsavand at boeing.com (Parsavand, Dara)
Date: Tue, 10 Jul 2007 14:21:15 -0700
Subject: gpg --gen-key fails with "invalid packet (c2b=2d)" using
gpg4win-1.1.1 and XP Pro
Message-ID: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
I tried searching this list and found a few others having problems with
key generation, but I haven't figured out the solution for me. I've
tried downloading GnuPG for windows by itself (gnupg-w32cli-1.4.7.exe)
as well as part of the latest gpg4win package. Trying to generate a new
key by using GPA gives the following feedback:
The GPGME library returned an unexpected error. The error was:
General error
This is probably a bug in GPA. GPA will now try to recover from this
error.
When I run at a Command Prompt gpg --gen-key, I get (after a bunch of
+^.> characters and two messages saying to type to generate random
bytes):
gpg: [don't know]: invalid packet (ctb=2d)
I only want to install GnuPG, generate a private key, import a few
public keys, and use gpgee to encrypt and decrypt a few files - I don't
need Outlook integration or anything fancy. I was a bit surprised to be
shut down so fast. I have administrator rights (or I couldn't have
installed). Anything I could be missing?
Thanks,
Dara
From danielkaminsky at web.de Wed Jul 11 07:56:27 2007
From: danielkaminsky at web.de (Daniel Kaminsky)
Date: Wed, 11 Jul 2007 07:56:27 +0200
Subject: gpgsm - "middle"-certificates
In-Reply-To: <87fy3w5kf6.fsf@wheatstone.g10code.de>
References: <200707101047.50545.danielkaminsky@web.de>
<87fy3w5kf6.fsf@wheatstone.g10code.de>
Message-ID: <200707110756.28588.danielkaminsky@web.de>
Hello,
Thanks for your reply.
> They should install these certificates
That's right, but I want to avoid this. This is also the reason why I have
chosen a CA whose certificates are pre-installed.
> or you can end them along; Kmail
> has an option in the crypto backend for this which is actually
>
> @item --include-certs @var{n}
> @opindex include-certs
> Using @var{n} of -2 includes all certificate except for the root cert,
> -1 includes all certs, 0 does not include any certs, 1 includes only
> the signers cert (this is the default) and all other positive
> values include up to @var{n} certificates starting with the signer cert.
>
> So might want to set this to 2.
This is just the option I needed. Unfortunately I cannot set it in KMail, as I
am not able to find it there. (Ubuntu with KDE 3.5.6 and KMail 1.9.6).
But setting the option directly in gpgsm.conf works perfectly.
Regards, Daniel
From Charles.Thomas at pfpc.com Fri Jul 6 18:17:29 2007
From: Charles.Thomas at pfpc.com (Charles.Thomas at pfpc.com)
Date: Fri, 6 Jul 2007 12:17:29 -0400
Subject: Strange experience with diskperf
Message-ID:
We have had a strange experience with gnupg and diskperf. It seems right
that it should be publicized.
We installed gnupg in our development and QA environments and all went
well. When we went to promote the application and supporting code to
production we had a rude awakening. We found that we could not encrypt.
gnupg would hang in the encryption phase.
QA and production are identical windows servers running Windows Servers OS,
Version 5.2.3790.
Eventually we noticed that diskperf was off in the QA environment, but
active in production. We turned it off in production, and the problem
went away. We turned it back on, but the problem stayed away (for now?).
It is not clear if this is a Windows or a gnupg bug. Either way it does
not give one a warm a cosy feeling. Has anyone else had a similar
experience? Should it be brought to the attention of developers?
Thanks,
Chip Thomas
The contents of this email are the property of the sender. If it was not addressed to you, you have no legal right to read it. If you think you received it in error, please notify the sender. Do not forward or copy without permission of the sender.
From dshaw at jabberwocky.com Wed Jul 11 17:30:11 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 11 Jul 2007 11:30:11 -0400
Subject: Strange experience with diskperf
In-Reply-To:
References:
Message-ID: <20070711153011.GA10876@jabberwocky.com>
On Fri, Jul 06, 2007 at 12:17:29PM -0400, Charles.Thomas at pfpc.com wrote:
>
> We have had a strange experience with gnupg and diskperf. It seems right
> that it should be publicized.
>
> We installed gnupg in our development and QA environments and all went
> well. When we went to promote the application and supporting code to
> production we had a rude awakening. We found that we could not encrypt.
> gnupg would hang in the encryption phase.
>
> QA and production are identical windows servers running Windows Servers OS,
> Version 5.2.3790.
>
> Eventually we noticed that diskperf was off in the QA environment, but
> active in production. We turned it off in production, and the problem
> went away. We turned it back on, but the problem stayed away (for now?).
>
> It is not clear if this is a Windows or a gnupg bug. Either way it does
> not give one a warm a cosy feeling. Has anyone else had a similar
> experience? Should it be brought to the attention of developers?
Consider it brought to their attention.
What you are seeing is probably related to the fact that GnuPG can use
diskperf as one of its random number sources.
Can you give more information - specifically what version of GnuPG?
Also, on your system without diskperf, do you get a message like
"NOTE: you should run 'diskperf -y' to enable the disk statistics" ?
David
From wk at gnupg.org Wed Jul 11 08:27:36 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 11 Jul 2007 08:27:36 +0200
Subject: gpg --gen-key fails with "invalid packet (c2b=2d)" using
gpg4win-1.1.1 and XP Pro
In-Reply-To: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
(Dara Parsavand's message of "Tue, 10 Jul 2007 14:21:15 -0700")
References: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
Message-ID: <87k5t7v4iv.fsf@wheatstone.g10code.de>
On Tue, 10 Jul 2007 23:21, dara.parsavand at boeing.com said:
> When I run at a Command Prompt gpg --gen-key, I get (after a bunch of
> +^.> characters and two messages saying to type to generate random
> bytes):
>
> gpg: [don't know]: invalid packet (ctb=2d)
Please check your pubring.gpg and secring.gpg. You find these files in
the home directory as printed by "gpg --version".
I guess that these files are ASCII armored key files taken from
somewhere else. Make a backup of these files, delete them and try
again (best on the command line).
Salam-Shalom,
Werner
From dara.parsavand at boeing.com Wed Jul 11 20:27:19 2007
From: dara.parsavand at boeing.com (Parsavand, Dara)
Date: Wed, 11 Jul 2007 11:27:19 -0700
Subject: gpg --gen-key fails with "invalid packet (c2b=2d)" using
gpg4win-1.1.1 and XP Pro
In-Reply-To: <87k5t7v4iv.fsf@wheatstone.g10code.de>
References: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
<87k5t7v4iv.fsf@wheatstone.g10code.de>
Message-ID: <3E613C6ECD7A144F87E077F5EEA1BF8B072BADA4@XCH-SW-40.sw.nos.boeing.com>
Thanks Werner,
That was exactly the issue - after moving pubring.gpg and secring.gpg to
a backup directory, key generation works fine. Would it be worth
modifying the code so that it checks for existence of these files and
asks for permission to overwrite them or simply exits with a message
saying that these files must be deleted in order to generate new keys?
(Perhaps GnuPG 2.05 already does this - I haven't had a chance to try it
on Windows yet).
Dara
From guillaume.yziquel at free.fr Thu Jul 12 10:31:00 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Thu, 12 Jul 2007 10:31:00 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <4691FEDA.7060008@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
Message-ID: <4695E6C4.6030403@free.fr>
Guillaume Yziquel a ?crit :
> Guillaume Yziquel a ?crit :
>> Hello list.
>>
>> I'm into trouble again. I'm still on this svn+ssh+gpg-agent+smartcard
>> problem. I'm not using pcscd any more, but scdaemon, which used to work
>> fine. I do not recall having done anything special that might have
>> broken things up.
>
> Sorry. Made a mistake. Everything is now fine. The smartcard was not
> correctly inserted, and even plugging out and back in, it was
> incorrectly inserted in the smartcard reader. False negatives...
Well, no. In fact, I'm still having a problem...
Everything's working, but after a while, everything fails again. I get
these kind of messages from the smartcard daemon. And unplugging and
replugging everything does not change the result.
> 2007-07-12 10:23:07 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:09 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:11 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:13 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:15 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:17 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:19 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:21 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:23 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:25 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:27 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:29 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:31 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:33 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:35 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:37 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> scdaemon[7546.0] DBG: <- SERIALNO openpgp
> scdaemon[7546.0] DBG: -> S SERIALNO D2760001240101010001000007180000 0
> scdaemon[7546.0] DBG: -> OK
> scdaemon[7546.0] DBG: <- SETDATA 470E49C4E9044608AEE2C7994415DA21859FD0DD
> scdaemon[7546.0] DBG: -> OK
> scdaemon[7546.0] DBG: <- PKSIGN D2760001240101010001000007180000/4FA306335A235A0F6333A8511D09F46540EC28AA
> 2007-07-12 10:23:38 scdaemon[7546] DBG: ccid-driver: sending 6F 09 00 00 00 00 11 04 00 00 00 40 05 00 CA 00 6E 00 E1
> 2007-07-12 10:23:38 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:38 scdaemon[7546] ccid_transceive failed: (0x1000a)
> 2007-07-12 10:23:38 scdaemon[7546] apdu_send_simple(0) failed: card I/O error
> 2007-07-12 10:23:38 scdaemon[7546] error reading application data
> 2007-07-12 10:23:38 scdaemon[7546] operation sign result: Erreur g?nerale
> 2007-07-12 10:23:38 scdaemon[7546] card_sign failed: Erreur g?nerale
> scdaemon[7546.0] DBG: -> ERR 100663297 Erreur g?nerale
> scdaemon[7546.0] DBG: <- RESTART
> scdaemon[7546.0] DBG: -> OK
> 2007-07-12 10:23:39 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:41 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:43 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:45 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:47 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:49 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:51 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:53 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:55 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:57 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:59 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:24:01 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:24:03 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:24:05 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
I'd appreciate comments, and I'd like to understand what this log could
mean.
Guillaume Yziquel.
From lofi at freebsd.org Wed Jul 11 13:10:15 2007
From: lofi at freebsd.org (Michael Nottebrock)
Date: Wed, 11 Jul 2007 13:10:15 +0200
Subject: How to change passphrase for ssh-keys?
Message-ID: <200707111310.16217.lofi@freebsd.org>
I'm using the ssh-agent function of gpg-agent. When I recently changed all the
passwords on my system, I noticed that gpg-agent uses its own passphrase to
protect the ssh-keys added to it - however, I couldn't find a way to change
that passphrase in the documentation.
What is the recommended way to do this? Note well, I'm not talking about the
passphrase protecting the ssh-keys themselves, I'm talking about the
passphrase that gpg-agent uses to protect them *after* they have been added
to gpg-agent through ssh-add.
Cheers,
--
,_, | Michael Nottebrock | lofi at freebsd.org
(/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
\u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : /pipermail/attachments/20070711/6ddcd532/attachment.pgp
From wk at gnupg.org Thu Jul 12 12:41:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 12 Jul 2007 12:41:45 +0200
Subject: gpg --gen-key fails with "invalid packet (c2b=2d)" using
gpg4win-1.1.1 and XP Pro
In-Reply-To: <3E613C6ECD7A144F87E077F5EEA1BF8B072BADA4@XCH-SW-40.sw.nos.boeing.com>
(Dara Parsavand's message of "Wed, 11 Jul 2007 11:27:19 -0700")
References: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
<87k5t7v4iv.fsf@wheatstone.g10code.de>
<3E613C6ECD7A144F87E077F5EEA1BF8B072BADA4@XCH-SW-40.sw.nos.boeing.com>
Message-ID: <87644p52fq.fsf@wheatstone.g10code.de>
On Wed, 11 Jul 2007 20:27, dara.parsavand at boeing.com said:
> That was exactly the issue - after moving pubring.gpg and secring.gpg to
> a backup directory, key generation works fine. Would it be worth
> modifying the code so that it checks for existence of these files and
> asks for permission to overwrite them or simply exits with a message
> saying that these files must be deleted in order to generate new keys?
No that does not make sense. These files make up the key database used
to store all keys. In general you don't want to delete them. Your
system was messed up for some reason.
From wk at gnupg.org Thu Jul 12 12:49:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 12 Jul 2007 12:49:45 +0200
Subject: How to change passphrase for ssh-keys?
In-Reply-To: <200707111310.16217.lofi@freebsd.org> (Michael Nottebrock's
message of "Wed, 11 Jul 2007 13:10:15 +0200")
References: <200707111310.16217.lofi@freebsd.org>
Message-ID: <871wfd522e.fsf@wheatstone.g10code.de>
On Wed, 11 Jul 2007 13:10, lofi at freebsd.org said:
> What is the recommended way to do this? Note well, I'm not talking about the
I just realized that there is no tool for this. However there is a way:
Look into the ~/.gnupg/sshcontrol file. There you find the keygrip of
all allowed ssh keys. Take that keygrip (actually a SHA-1 hash) and run
echo passwd 11223344556677889900 | gpg-connect-agent
The pinentry then pops up and asks for the old and the new passphrase.
You can use this command for any key stored by gpg-agent.
Shalom-Salam,
Werner
From wk at gnupg.org Thu Jul 12 12:53:38 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 12 Jul 2007 12:53:38 +0200
Subject: gpgsm - "middle"-certificates
In-Reply-To: <200707110756.28588.danielkaminsky@web.de> (Daniel Kaminsky's
message of "Wed, 11 Jul 2007 07:56:27 +0200")
References: <200707101047.50545.danielkaminsky@web.de>
<87fy3w5kf6.fsf@wheatstone.g10code.de>
<200707110756.28588.danielkaminsky@web.de>
Message-ID: <87sl7t3nbh.fsf@wheatstone.g10code.de>
On Wed, 11 Jul 2007 07:56, danielkaminsky at web.de said:
> This is just the option I needed. Unfortunately I cannot set it in KMail, as I
> am not able to find it there. (Ubuntu with KDE 3.5.6 and KMail 1.9.6).
Just check it and indeed kmail does not list it. It should actually
list that as gpgconf clearly knows about it:
$ gpgconf --list-options gpgsm | grep include-certs
include-certs:16:2:number of certificates to include:2:2:N:1::
Salam-Shalom,
Werner
From alon.barlev at gmail.com Thu Jul 12 17:05:06 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Thu, 12 Jul 2007 18:05:06 +0300
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <4695E6C4.6030403@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
Message-ID: <9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
On 7/12/07, Guillaume Yziquel wrote:
> Well, no. In fact, I'm still having a problem...
If you have PKCS#11 enabled token, you can use:
http://gnupg-pkcs11.sourceforge.net/
Alon.
From wk at gnupg.org Thu Jul 12 21:15:49 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 12 Jul 2007 21:15:49 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <4695E6C4.6030403@free.fr> (Guillaume Yziquel's message of "Thu,
12 Jul 2007 10:31:00 +0200")
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
Message-ID: <87ejjdzb4q.fsf@wheatstone.g10code.de>
On Thu, 12 Jul 2007 10:31, guillaume.yziquel at free.fr said:
> Everything's working, but after a while, everything fails again. I get
> these kind of messages from the smartcard daemon. And unplugging and
> replugging everything does not change the result.
There are some weird things going on. Are you still in Zurich? You
might want to ask Georg, what's going on. My guess is that either your
reader is broken or some hotplug stuff covertly changes the permission.
Shalom-Salam,
Werner
From guillaume.yziquel at free.fr Thu Jul 12 22:34:16 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Thu, 12 Jul 2007 22:34:16 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
Message-ID: <46969048.4090902@free.fr>
Alon Bar-Lev a ?crit :
> On 7/12/07, Guillaume Yziquel wrote:
>> Well, no. In fact, I'm still having a problem...
>
> If you have PKCS#11 enabled token, you can use:
> http://gnupg-pkcs11.sourceforge.net/
>
> Alon.
No.
http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031409.html
Guillaume.
From guillaume.yziquel at free.fr Thu Jul 12 22:21:05 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Thu, 12 Jul 2007 22:21:05 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <87ejjdzb4q.fsf@wheatstone.g10code.de>
References: <4691FC5E.1010803@free.fr>
<4691FEDA.7060008@free.fr> <4695E6C4.6030403@free.fr>
<87ejjdzb4q.fsf@wheatstone.g10code.de>
Message-ID: <46968D31.106@free.fr>
> There are some weird things going on. Are you still in Zurich? You
> might want to ask Georg, what's going on. My guess is that either your
> reader is broken or some hotplug stuff covertly changes the permission.
>
> Shalom-Salam,
>
> Werner
Hi, Werner.
Georg is quite busy... I'll ask. But what worries me is that I seem
somehow to get in the same kind of problem that made me change from
pcscd to scdaemon.
http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031391.html
I'm afraid I'll have to revert to pcscd.
Therefore, one small question: Should I use pcscd or scdaemon. What are
the major pros and cons between these two solutions?
And how does one usually attempt to localise the "bug" in this situation?
Thanks, Werner.
Guillaume.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 370 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070712/d639273e/attachment.pgp
From alon.barlev at gmail.com Fri Jul 13 08:06:29 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Fri, 13 Jul 2007 09:06:29 +0300
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <46969048.4090902@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
<46969048.4090902@free.fr>
Message-ID: <9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
On 7/12/07, Guillaume Yziquel wrote:
> No.
>
> http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031409.html
>
> Guillaume.
>
Hmm... maybe if you switch to one all your problems will be gone :)
Selecting the right card to use is a key factor in peace of mine.
Alon.
From wk at gnupg.org Fri Jul 13 10:00:03 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 13 Jul 2007 10:00:03 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <46968D31.106@free.fr> (Guillaume Yziquel's message of "Thu, 12
Jul 2007 22:21:05 +0200")
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr> <87ejjdzb4q.fsf@wheatstone.g10code.de>
<46968D31.106@free.fr>
Message-ID: <87lkdkybr0.fsf@wheatstone.g10code.de>
On Thu, 12 Jul 2007 22:21, guillaume.yziquel at free.fr said:
> somehow to get in the same kind of problem that made me change from
> pcscd to scdaemon.
This is not related. scdaemon uses either its internal driver of pcscd.
If you are working _without gpg-agent_ than scdaemon does not come into
the game; gpg then uses either its internal driver or pcscd. The code
is more or less identical.
> Therefore, one small question: Should I use pcscd or scdaemon. What are
> the major pros and cons between these two solutions?
With the internal driver (i.e. without pcscd running) everything works.
pcscd has sometimes problem for long runnging operations like key
generation.
> And how does one usually attempt to localise the "bug" in this situation?
In a seperate xterms you may run
strace -p | less
to watch the interaction between scdaemon and the kernel.
Salam-Shalom,
Werner
From guillaume.yziquel at free.fr Fri Jul 13 10:47:58 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Fri, 13 Jul 2007 10:47:58 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
<46969048.4090902@free.fr>
<9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
Message-ID: <46973C3E.6060300@free.fr>
Alon Bar-Lev a ?crit :
> On 7/12/07, Guillaume Yziquel wrote:
>> No.
>>
>> http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031409.html
>>
>> Guillaume.
>
> Hmm... maybe if you switch to one all your problems will be gone :)
> Selecting the right card to use is a key factor in peace of mine.
>
> Alon.
And to what extent is your solution free software and free hardware?
Guillaume.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 370 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070713/cdf0f908/attachment.pgp
From alon.barlev at gmail.com Fri Jul 13 11:08:24 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Fri, 13 Jul 2007 12:08:24 +0300
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <46973C3E.6060300@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
<46969048.4090902@free.fr>
<9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
<46973C3E.6060300@free.fr>
Message-ID: <9e0cf0bf0707130208u3ff652fbq1eae869c4cec7e51@mail.gmail.com>
On 7/13/07, Guillaume Yziquel wrote:
> > Hmm... maybe if you switch to one all your problems will be gone :)
> > Selecting the right card to use is a key factor in peace of mine.
> >
> > Alon.
>
> And to what extent is your solution free software and free hardware?
There is no such thing as free hardware!
There are many types of card supported by MUSCLE, OpenSC and CoolKey
all with free opened source licenses.
Alon.
From guillaume.yziquel at free.fr Fri Jul 13 11:21:21 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Fri, 13 Jul 2007 11:21:21 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <9e0cf0bf0707130208u3ff652fbq1eae869c4cec7e51@mail.gmail.com>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
<46969048.4090902@free.fr>
<9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
<46973C3E.6060300@free.fr>
<9e0cf0bf0707130208u3ff652fbq1eae869c4cec7e51@mail.gmail.com>
Message-ID: <46974411.304@free.fr>
Alon Bar-Lev a ?crit :
> On 7/13/07, Guillaume Yziquel wrote:
>> > Hmm... maybe if you switch to one all your problems will be gone :)
>> > Selecting the right card to use is a key factor in peace of mine.
>> >
>> > Alon.
>>
>> And to what extent is your solution free software and free hardware?
>
> There is no such thing as free hardware!
That's one point of view...
> There are many types of card supported by MUSCLE, OpenSC and CoolKey
> all with free opened source licenses.
>
> Alon.
I'm afraid I do not see an answer to my question, here.
Guillaume.
From guillaume.yziquel at free.fr Sat Jul 14 05:00:09 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Sat, 14 Jul 2007 05:00:09 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <87lkdkybr0.fsf@wheatstone.g10code.de>
References: <4691FC5E.1010803@free.fr>
<4691FEDA.7060008@free.fr> <4695E6C4.6030403@free.fr>
<87ejjdzb4q.fsf@wheatstone.g10code.de> <46968D31.106@free.fr>
<87lkdkybr0.fsf@wheatstone.g10code.de>
Message-ID: <46983C39.1060608@free.fr>
Werner Koch a ?crit :
> On Thu, 12 Jul 2007 22:21, guillaume.yziquel at free.fr said:
>
> With the internal driver (i.e. without pcscd running) everything works.
> pcscd has sometimes problem for long runnging operations like key
> generation.
Well, I followed the following howto:
http://www.fsfe.org/en/fellows/tyrael/fsfe_card_complete_how_to_ubuntu_feisty
and it now works fine. Quite stable.
A few comments on the howto:
- This howto is not really the first thing that pops up when you
search for things on the smartcard, unfortunately.
- poldi's documentation is rather hard to find on the web. For now, I
found it only in the source of the poldi, and in the the source itself
was not that easy to find. It's here:
ftp://ftp.gnupg.org/gcrypt/alpha/poldi/
- in gpg-agent.conf, the line write-env-file
/home/tyrael/.gpg-agent-info may perhaps work on Ubuntu, but on my
Debian distribution, with a rather standard setup, this file looks more
like ~/.gnupg/.gpg-agent-info-.
- there's a confusion between the documentation of poldi and the
output of gpg --card-status concerning the expressions "serial number"
and "application ID". The wording should be consistent in order to avoid
confusion.
Glad to have it working and stable,
Guillaume Yziquel.
From juuso.alasuutari at gmail.com Sun Jul 15 19:31:36 2007
From: juuso.alasuutari at gmail.com (Juuso Alasuutari)
Date: Sun, 15 Jul 2007 20:31:36 +0300
Subject: GPGME: checking message recipient
Message-ID: <200707152031.36410.juuso.alasuutari@gmail.com>
Hi.
When decrypting a PGP message using the GPGME library, is it possible to see
in advance who the recipient is? I've studied the documentation, but the best
I've come up with is to parse the key ID from the hint and info strings in
the passphrase callback function. Is there another way to accomplish this?
Best regards,
Juuso Alasuutari
From ged at solace.miun.se Mon Jul 16 11:50:20 2007
From: ged at solace.miun.se (Sten Lindgren)
Date: Mon, 16 Jul 2007 11:50:20 +0200 (CEST)
Subject: Openpgp card serial numbers
Message-ID:
Hi
Im currently working on an implementation of openpgp card on java card
(Currently working for signing, encryption with 1024 bit keys, trying to
get it work with 2048 bit key).
The specification for Openpgp card states that the serial number
(+ manufacturers ID) must be globally unique. I wonder if this is truly
needed or if "unique enough" would be ok.
The reason being that while organistaions could register a manufacrurer id
for issuing cards using the java card applet, it might not be practical
for smaller organisations or single individuals to do so in order to use
the Java card implementation.
If it is only used to identify cards from secret key stub in the secret
keyring wouldn't it be enough to register a single manufacturers ID for
use of javacard openpgp card and create a random serial number at applet
instantiation?
I know this would be a breach of the specification but if it is unlikely
to do any "harm" it might be a working compromise.
--
Sten Lindgren ged at solace.miun.se
From wk at gnupg.org Mon Jul 16 15:24:30 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 16 Jul 2007 15:24:30 +0200
Subject: Openpgp card serial numbers
In-Reply-To: (Sten
Lindgren's message of "Mon, 16 Jul 2007 11:50:20 +0200 (CEST)")
References:
Message-ID: <87r6n8a3ch.fsf@wheatstone.g10code.de>
On Mon, 16 Jul 2007 11:50, ged at solace.miun.se said:
> The specification for Openpgp card states that the serial number
> (+ manufacturers ID) must be globally unique. I wonder if this is truly
> needed or if "unique enough" would be ok.
Use a 0x0000 as manufacturer ID. Thisis declared as a test card.
> keyring wouldn't it be enough to register a single manufacturers ID for
> use of javacard openpgp card and create a random serial number at applet
> instantiation?
I also thought about this and we should reserve a range of manufacturer
IDs just for this purpose. For example 0x8000..0xfffe + the serial
number would give enough space for this. Let me check with Achim what
we can put into the specs.
Salam-Shalom,
Werner
From fmaswvjy at trashmail.net Tue Jul 17 01:11:00 2007
From: fmaswvjy at trashmail.net (redstar)
Date: Mon, 16 Jul 2007 23:11:00 +0000 (UTC)
Subject: where i can download gpgsm?
Message-ID:
hi everybody,,,,,i want to find a gpgsm....i didnt see him in ftp site of gnupg
or intevation, i missed it?? can somebody please explain where, i can get this
gpgsm?? thanks you
From ceprn at hotmail.com Tue Jul 17 02:16:22 2007
From: ceprn at hotmail.com (the dragon)
Date: Mon, 16 Jul 2007 19:16:22 -0500
Subject: where i can download gpgsm?
In-Reply-To:
Message-ID:
google is your friend.
I'd look here
http://packages.debian.org/unstable/utils/gpgsm
peace,
clark 'the dragon' willis
PSA: Salary <> Slavery. If you earn a salary, your employer is renting your
services for 40 hours a week, not purchasing your soul. Your time is the
only real finite asset that you have, and once used it can never be
recovered, so don't waste it by giving it away.
I work to live; I don't live to work.
"Time is the coin of your life. It is the only coin you have, and only you
can determine how it will be spent. Be careful lest you let other people
spend it for you." -- Carl Sandburg (1878 - 1967)
It is impossible to defeat an ignorant man in argument. -- William G. McAdoo
Religion is regarded by the common people as true, by the wise as false, and
by the rulers as useful. -- Seneca
"I distrust those people who know so well what God wants them to do because
I notice it always coincides with their own desires." - Susan B. Anthony
----Original Message Follows----
hi everybody,,,,,i want to find a gpgsm....i didnt see him in ftp site of
gnupg
or intevation, i missed it?? can somebody please explain where, i can get
this
gpgsm?? thanks you
_________________________________________________________________
http://liveearth.msn.com
From web at tristanwilliams.com Fri Jul 13 16:31:09 2007
From: web at tristanwilliams.com (Tristan Williams)
Date: Fri, 13 Jul 2007 15:31:09 +0100
Subject: openpgp card sharing violation
Message-ID: <20070713143109.GA253@g4dual.spring.org>
Hi,
I have started to get these errors when trying to use my openpgp card.
g4dual:~ tw$ gpg --card-status
gpg: detected reader `OMNIKEY CardMan 3121 0 0'
gpg: pcsc_connect failed: sharing violation (0x8010000b)
gpg: card reader not available
gpg: OpenPGP card not available: general error
They do not happen all the time, but always when the machine has just
booted up. Removing and replacing the card in the reader often
persuades the set up to work. I have tried it with my other scmart
card reader SCR335 and get the same. Also with various gpg from 1.42 up.
This started to occur after I moved to a dual cpu machine - I can't
ever having had it on my old machine.
Any wisdom gratefully received.
Kind regards
Tristan Williams
--
Tristan Williams web at tristanwilliams.com
http://www.tristanwilliams.com GPG: 0xD5794B10
From stefan-oltmanns at gmx.net Fri Jul 13 22:42:37 2007
From: stefan-oltmanns at gmx.net (Stefan Oltmanns)
Date: Fri, 13 Jul 2007 22:42:37 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
Message-ID: <4697E3BD.2090701@gmx.net>
Hello,
I got a problem with GnuPG and PGP 5.0:
Also PGP 5 accepts my key, it is not possible for PGP 5 to encrypt with
my key. It?s not even displayed in the selection dialog when I try to
encrypt something (it shows identities correct in key list (but
expiration not)).
I read in the FAQ that PGP 5.0 does not accept ElGamal keys of type 20,
but my key doesn?t seem to be of that type (--list-packets says "version
4, algo 16, created 1153340019, expires 0")
There seem to be another problem, do you have any idea how to solve it?
In case you?re wondering, I do have PGP only for testing purpose,
because I can?t get EUMEL of the 1822direkt bank (a system that sends
you a OpenPGP encrypted mail with financial transactions on your
account) to work, they use PGP 5.0.
Sincerely,
Stefan
From wk at gnupg.org Tue Jul 17 15:06:21 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 17 Jul 2007 15:06:21 +0200
Subject: Openpgp card serial numbers
In-Reply-To: (Sten
Lindgren's message of "Mon, 16 Jul 2007 11:50:20 +0200 (CEST)")
References:
Message-ID: <87wswz18oi.fsf@wheatstone.g10code.de>
On Mon, 16 Jul 2007 11:50, ged at solace.miun.se said:
> The specification for Openpgp card states that the serial number
> (+ manufacturers ID) must be globally unique. I wonder if this is truly
> needed or if "unique enough" would be ok.
I have assigned the unmanaged S/N range:
FF00..FFFE - Range reserved for randomly assigned serial numbers.
Serialnumbers with manufacturer ID in this range are an
exception to the rule that they should be unique. It is
expected that such a serialnumber is assigned using a true
random function which generates 5 bytes (4 for the actual
serial number and one to select a manufacturer ID out of this
range). Note, that the 0xffff is not part of this range.
Implementers using serial numbers as a unique ID should keep in
mind that duplicates may happen. Using the of manufacturer IDs
out of this range should only be done if no other way of
obtaining a manufacturer ID is possible.
[Assigned 2007-07-17]
I hope this satisfies your need. As written, it is an expection and
should be avoided. In particular, if you target one specific card type
it might be possible to use its native S/N and map it to a a proper
serial number. We can then ask for a manufacturer ID to be used with
this card and application.
Salam-Shalom,
Werner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 204 bytes
Desc: not available
Url : /pipermail/attachments/20070717/5c7b4e5d/attachment.pgp
From rjh at sixdemonbag.org Tue Jul 17 16:31:01 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 17 Jul 2007 09:31:01 -0500
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <4697E3BD.2090701@gmx.net>
References: <4697E3BD.2090701@gmx.net>
Message-ID: <86084E83-746D-4836-81FE-B41AF97D7EB0@sixdemonbag.org>
> I got a problem with GnuPG and PGP 5.0:
PGP 5.0 substantially predates RFC2440, the IETF standard which GnuPG
implements. In fact, GnuPG doesn't even have a PGP 5 compatibility
mode. (It has --pgp6, --pgp7 and --pgp8, but nothing for PGP 5.)
PGP 5.0 is very, _very_ out of date. Please consider upgrading to
something more recent and standards-conformant.
> In case you?re wondering, I do have PGP only for testing purpose,
> because I can?t get EUMEL of the 1822direkt bank (a system that sends
> you a OpenPGP encrypted mail with financial transactions on your
> account) to work, they use PGP 5.0.
To me, this would cause me to doubt whether I wanted them to have my
financial information at all.
--
Robert J. Hansen
"Most people are never thought about after they're gone. 'I wonder
where Rob got the plutonium?' is better than most get." -- Phil Munson
From dshaw at jabberwocky.com Tue Jul 17 18:13:13 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 17 Jul 2007 12:13:13 -0400
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <4697E3BD.2090701@gmx.net>
References: <4697E3BD.2090701@gmx.net>
Message-ID: <20070717161313.GA2285@jabberwocky.com>
On Fri, Jul 13, 2007 at 10:42:37PM +0200, Stefan Oltmanns wrote:
> Hello,
>
> I got a problem with GnuPG and PGP 5.0:
> Also PGP 5 accepts my key, it is not possible for PGP 5 to encrypt with
> my key. It?s not even displayed in the selection dialog when I try to
> encrypt something (it shows identities correct in key list (but
> expiration not)).
>
> I read in the FAQ that PGP 5.0 does not accept ElGamal keys of type 20,
> but my key doesn?t seem to be of that type (--list-packets says "version
> 4, algo 16, created 1153340019, expires 0")
>
> There seem to be another problem, do you have any idea how to solve it?
We'd have to track down what the problem was first. Understand that
PGP 5.0 predates the OpenPGP standard that modern PGP and GnuPG use by
quite a while. It's not massively insecure (though there were some
bugs reported), but it just doesn't follow the same "rule book" as
everyone else.
The usual PGP 5 behavior when it doesn't understand something is to
ignore it, as you saw.
David
From fmaswvjy at trashmail.net Tue Jul 17 18:26:24 2007
From: fmaswvjy at trashmail.net (redstar)
Date: Tue, 17 Jul 2007 16:26:24 +0000 (UTC)
Subject: where i can download gpgsm?
References:
Message-ID:
the dragon hotmail.com> writes:
>
> google is your friend.
>
> I'd look here
>
> http://packages.debian.org/unstable/utils/gpgsm
>
> peace,
> clark 'the dragon' willis
thanks but where is official site of gpgsm downloads? its made by werner koch
right or its debian application???
From tmz at pobox.com Tue Jul 17 18:52:13 2007
From: tmz at pobox.com (Todd Zullinger)
Date: Tue, 17 Jul 2007 12:52:13 -0400
Subject: where i can download gpgsm?
In-Reply-To:
References:
Message-ID: <20070717165213.GC12135@psilocybe.teonanacatl.org>
redstar wrote:
> thanks but where is official site of gpgsm downloads? its made by
> werner koch right or its debian application???
No, it's not a Debian app.
See http://www.gnupg.org/(en)/download/index.html
"GnuPG 2.0
GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP
and S/MIME"
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can make it illegal, but you can't make it unpopular.
-- Anonymous
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : /pipermail/attachments/20070717/8687418d/attachment.pgp
From rjh at sixdemonbag.org Tue Jul 17 19:11:51 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 17 Jul 2007 12:11:51 -0500
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <469CF223.40604@gmx.net>
References: <4697E3BD.2090701@gmx.net>
<86084E83-746D-4836-81FE-B41AF97D7EB0@sixdemonbag.org>
<469CF223.40604@gmx.net>
Message-ID: <469CF857.1060700@sixdemonbag.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Stefan wrote:
> But that doesn?t mean PGP 5 is insecure in any way, it?s just outdated
> and not RFC2440 conform, right?
GnuPG is an RFC2440-conformant application.
PGP 5.0 is not RFC2440-conformant. It far predates RFC2440. The two
applications do not work together well.
That's not to say they can't be finessed into working together. They
clearly can be. However, I would not trust my financial data to a
communications system that was built of parts that did not interoperate
well.
That said, your security model is your own lookout.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iQEcBAEBCgAGBQJGnPhXAAoJELcA9IL+r4EJPYEH/i689ewuA+F3lnGomQULd0/z
UO+tM/Cpxkvdpbo8Pmx3dz4HznjobVZajEicuT0MRSbGtgWBNB0lDm7rN6mwPFl1
QHDBZlYSGjTu6wSc0f/G2j8wGHzWjJWKIUlknfENd3KAsNBiQ6gebVDdyUY4WGf5
ZfnOkM6YYfzRicVHGG6uNrGrFJ0dUSQ2YBrblYgxeBOCI3IsuGvrND3rG8CjNzvK
llXgA4j8Hy9DG5u+DoU5lMxJP5oSUfeHO+81lbAchhz0dijY9HgeY0EG25vR75OB
anopJrc3byST4c2csPC7z2K/tKEM0355VaMqRUYg4c2N/7d2+3YWTxKpJHFH9Bw=
=VSvJ
-----END PGP SIGNATURE-----
From rjh at sixdemonbag.org Tue Jul 17 18:57:24 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 17 Jul 2007 11:57:24 -0500
Subject: where i can download gpgsm?
In-Reply-To:
References:
Message-ID: <469CF4F4.9030009@sixdemonbag.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
redstar wrote:
> thanks but where is official site of gpgsm downloads? its made by werner koch
> right or its debian application???
Authenticate the source code, not the site you're downloading it from.
Check to make sure the source code is signed by someone you trust
(whether it be the Debian project, wk, or someone else). If it is, and
the signature is valid, then use it with confidence.
That said, I don't think gpgsm has an "official site". It was, IIRC,
part of Project ?gypten, which has since been supplanted by ?gypten2.
Try:
http://www.gnupg.org/aegypten2/index.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iQEcBAEBCgAGBQJGnPT0AAoJELcA9IL+r4EJgNoH/1oGUTQOUBKK/vBafz78vAVw
GI1ryUzU00z2YkLLmWSLJH04VaM3gZkKwWjhvVvOtxl6VrM8Ct4wyLJrm3j7GNQP
pG3hNh9i9OLruHMxjVM85A1R9fgRDezLfUjLLbFVvnqVB5sP9ivyBjIUtjxf6R2I
5hHpamv6FEqb2ryMNzgBZAhi73xlSSdMSk3Ybz+esybFLK/OJdgAN6aUm+2enI/d
QdJafdLbI72RBsOFd4H4T+ADOXPqTb3IEZwxx5PxQhEhj9sUxl9BSmz6yBKGLLv1
k5p1Nw5vb67ql5ZIkbTKpDhhqpCw/kZGkAPMm+uZhmHRu6Te6deVmvGaYGvJpH4=
=COzO
-----END PGP SIGNATURE-----
From wk at gnupg.org Tue Jul 17 20:21:31 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 17 Jul 2007 20:21:31 +0200
Subject: where i can download gpgsm?
In-Reply-To: <469CF4F4.9030009@sixdemonbag.org> (Robert J. Hansen's message of
"Tue, 17 Jul 2007 11:57:24 -0500")
References:
<469CF4F4.9030009@sixdemonbag.org>
Message-ID: <87zm1uzyac.fsf@wheatstone.g10code.de>
On Tue, 17 Jul 2007 18:57, rjh at sixdemonbag.org said:
> That said, I don't think gpgsm has an "official site". It was, IIRC,
> part of Project ?gypten, which has since been supplanted by ?gypten2.
Let me add that gpgsm is just one module from GnuPG2. Much like rmail
and mailq are parts of sendmail.
It does not make sense to distribute gpgsm alone. Debian has only
splitted GnuPG2 up into several binary packages whereas the source
package for all of them is gnupg2.
Shalom-Salam,
Werner
From wk at gnupg.org Tue Jul 17 20:26:40 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 17 Jul 2007 20:26:40 +0200
Subject: openpgp card sharing violation
In-Reply-To: <20070713143109.GA253@g4dual.spring.org> (Tristan Williams's
message of "Fri, 13 Jul 2007 15:31:09 +0100")
References: <20070713143109.GA253@g4dual.spring.org>
Message-ID: <87vecizy1r.fsf@wheatstone.g10code.de>
On Fri, 13 Jul 2007 16:31, web at tristanwilliams.com said:
> booted up. Removing and replacing the card in the reader often
> persuades the set up to work. I have tried it with my other scmart
> card reader SCR335 and get the same. Also with various gpg from 1.42 up.
Is there some background process running gpg too? Is gpg-agent
installed or a PAM wwith card support?
Or a pcscd problem? Disable pcscd and setup gpg so that it can use its
internal ccid driver. Basically setup permissions in the USB file
system
Salam-Shalom,
Werner
From wk at gnupg.org Tue Jul 17 20:30:02 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 17 Jul 2007 20:30:02 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <46983C39.1060608@free.fr> (Guillaume Yziquel's message of "Sat,
14 Jul 2007 05:00:09 +0200")
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr> <87ejjdzb4q.fsf@wheatstone.g10code.de>
<46968D31.106@free.fr> <87lkdkybr0.fsf@wheatstone.g10code.de>
<46983C39.1060608@free.fr>
Message-ID: <87r6n6zxw5.fsf@wheatstone.g10code.de>
On Sat, 14 Jul 2007 05:00, guillaume.yziquel at free.fr said:
> - poldi's documentation is rather hard to find on the web. For now, I
> found it only in the source of the poldi, and in the the source itself
> was not that easy to find. It's here:
Ahh, you are using Poldi. I was not aware of that as it opens another
case of potential problems.
> - in gpg-agent.conf, the line write-env-file
> /home/tyrael/.gpg-agent-info may perhaps work on Ubuntu, but on my
> Debian distribution, with a rather standard setup, this file looks more
> like ~/.gnupg/.gpg-agent-info-.
This is distribution specific. You should find a note about this in the
README.Debian file.
> - there's a confusion between the documentation of poldi and the
> output of gpg --card-status concerning the expressions "serial number"
> and "application ID". The wording should be consistent in order to avoid
> confusion.
Poldi is not yet that matured
> Glad to have it working and stable,
Good to hear.
Shalom-Salam,
Werner
From fmaswvjy at trashmail.net Tue Jul 17 22:38:47 2007
From: fmaswvjy at trashmail.net (redstar)
Date: Tue, 17 Jul 2007 20:38:47 +0000 (UTC)
Subject: where i can download gpgsm?
References:
<469CF4F4.9030009@sixdemonbag.org>
<87zm1uzyac.fsf@wheatstone.g10code.de>
Message-ID:
Werner Koch gnupg.org> writes:
>
> On Tue, 17 Jul 2007 18:57, rjh sixdemonbag.org said:
>
> > That said, I don't think gpgsm has an "official site". It was, IIRC,
> > part of Project ?gypten, which has since been supplanted by ?gypten2.
>
> Let me add that gpgsm is just one module from GnuPG2. Much like rmail
> and mailq are parts of sendmail.
>
> It does not make sense to distribute gpgsm alone. Debian has only
> splitted GnuPG2 up into several binary packages whereas the source
> package for all of them is gnupg2.
>
> Shalom-Salam,
>
> Werner
thanks Todd and Robert and Werner....i didnt realize it, gpgsm is part of
gnupg2!! now i see why, i cant find this module on gpg downloads site! i will
try to build this application of gnupg2 thanks everybody.
From j.lysdal at gmail.com Wed Jul 18 00:08:22 2007
From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=)
Date: Wed, 18 Jul 2007 00:08:22 +0200
Subject: gpg2 for windows?
Message-ID: <469D3DD6.9010603@gmail.com>
Hi,
Are there any plans to provide a gpg2 installer for windows?
as i am not interested in using the gpg4win package.
In particular, does anyone know why the gpg4win gpg builds
does not come with bzip2 support?
--
Jorgen Ch. Lysdal / 0xAFFD23A6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 282 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070718/860f1bd0/attachment.pgp
From wk at gnupg.org Wed Jul 18 09:04:31 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 18 Jul 2007 09:04:31 +0200
Subject: gpg2 for windows?
In-Reply-To: <469D3DD6.9010603@gmail.com> (=?utf-8?Q?=22J=C3=B8rgen?=
Christiansen Lysdal"'s
message of "Wed, 18 Jul 2007 00:08:22 +0200")
References: <469D3DD6.9010603@gmail.com>
Message-ID: <87odiaxke8.fsf@wheatstone.g10code.de>
On Wed, 18 Jul 2007 00:08, j.lysdal at gmail.com said:
> Are there any plans to provide a gpg2 installer for windows?
> as i am not interested in using the gpg4win package.
Actually gpg4win 1.1.1 already features gnupg2. However it is at this
point not very usabable some command line actions do work but there are
quite some bugs.
We are working on this, yesterday I achieved to sent the first S/MIME
mail using Claws and gnupg2. Stay tuned.
> In particular, does anyone know why the gpg4win gpg builds
> does not come with bzip2 support?
Because it is an optional part of OpenPGP and iirc even PGP does not
support bzip2. I'll see whether we can include it into the gpg4win
build.
Shalom-Salam,
Werner
From vedaal at hush.com Wed Jul 18 16:39:05 2007
From: vedaal at hush.com (vedaal at hush.com)
Date: Wed, 18 Jul 2007 10:39:05 -0400
Subject: GnuPG and PGP 5.0 compatibility problem
Message-ID: <20070718143906.9F460DA820@mailserver8.hushmail.com>
>Message: 6
>Date: Fri, 13 Jul 2007 22:42:37 +0200
>From: Stefan Oltmanns
>Subject: GnuPG and PGP 5.0 compatibility problem
>I got a problem with GnuPG and PGP 5.0:
>Also PGP 5 accepts my key, it is not possible for PGP 5 to encrypt
>with
>my key. It?s not even displayed in the selection dialog when I try
>to
>encrypt something (it shows identities correct in key list (but
>expiration not)).
>
>I read in the FAQ that PGP 5.0 does not accept ElGamal keys of
>type 20,
>but my key doesn?t seem to be of that type (--list-packets says
>"version
>4, algo 16, created 1153340019, expires 0")
____^^^^^^^^
what is algo 16?
standard current open pgp algorithms go up to algo 10 (twofish)
for cipher algorithms, and algo 11 (sha224) for hash algorithms
>There seem to be another problem, do you have any idea how to
>solve it?
just in case the algo '16' was a typo,
maybe consider the following:
am assuming the key was generated under the gnupg default settings,
which would mean it would use cast5 as the cipher algo, which 'is'
compatible with pgp 5
*but*
the default setting for gnupg is to use the newer secret key
protection,
which is not compatible with any (standard) pgp version before 8
try:
[1] delete the key from pgp 5
[2] remove the passphrase from the key in gnupg
[3] re-import the key into pgp5, and set the passphrase in pgp5
[4] re-set the passphrase in gnupg
and see if that works
also,
pgp5 accepts rsa keys only up to 2048
so if your key is a bigger rsa key, that is another reason why it
won't work
vedaal
--
Click to get a free credit repair consultation, raise your FICO score
http://tagline.hushmail.com/fc/Ioyw6h4d7lw7nDSkAhHbDcPnEmxtJjWVdXcHMYC5vjIzxnx5cpygj1/
From rjh at sixdemonbag.org Wed Jul 18 18:35:03 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 18 Jul 2007 11:35:03 -0500
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <20070718143906.9F460DA820@mailserver8.hushmail.com>
References: <20070718143906.9F460DA820@mailserver8.hushmail.com>
Message-ID: <2061D1FC-0FDF-4F73-A0F9-AF42EBEAD43F@sixdemonbag.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Jul 18, 2007, at 9:39 AM, wrote:
>
> what is algo 16?
>
> standard current open pgp algorithms go up to algo 10 (twofish)
> for cipher algorithms, and algo 11 (sha224) for hash algorithms
From RFC2440, section 9.1, public key algorithm 16 represents an
encrypt-only Elgamal key.
- --
Robert J. Hansen
"Most people are never thought about after they're gone. 'I wonder
where Rob got the plutonium?' is better than most get." -- Phil Munson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iFYEAREIAAYFAkaeQTcACgkQf2XByo0Cu7O1JwDZAZrkQU/4J9eXpuHo3RJvaZEK
QuaSEv5jaglJtQDghEP0959FJkxp5hj/2frjn8kg/rDw+X+rYinex4kBHAQBAQgA
BgUCRp5BNwAKCRC3APSC/q+BCX6GB/oDCO+oVHS9WrhCzMbGtgw4k2RK0mIm3kGM
1TzduN8x1ARvY/b4FP8sRWrboOhI6eauU6j2qQN3KpOr1v/lhpDxGBfBIjPswvwm
L4Q424pn+fIP8ZRO2VC0wYso2UDoKZXqo80cCa4Lo4cmS9Z1JnvmUfbutgMVdLny
U5mL5ox3nJaaQU38on2ju/wqHczRlSVdhmJ5QpwiCOWNCrUVER3cTXpnG+V0OsME
025WEgDsnSd0MBrO6vzVKVwHEnIqAQg78ajz1w1vPnNAYOrdk9j1w5p1EwC/F9wQ
jhvn+9qrfmK5lAv99zXcY9ZcVHHaxkapqh1I06LJ/PCiQU8SSGNc
=T2Tv
-----END PGP SIGNATURE-----
From rjh at sixdemonbag.org Wed Jul 18 18:41:52 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 18 Jul 2007 11:41:52 -0500
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <20070718143906.9F460DA820@mailserver8.hushmail.com>
References: <20070718143906.9F460DA820@mailserver8.hushmail.com>
Message-ID: <8B499330-8700-4A70-969C-EBE4C1C97399@sixdemonbag.org>
> standard current open pgp algorithms go up to algo 10 (twofish)
> for cipher algorithms, and algo 11 (sha224) for hash algorithms
Also, be careful when you say "standard OpenPGP algorithms". You're
citing RFC2440bis22 here, which is a draft revision of RFC2440. It's
still a work in progress, so citing it as a canonical reference is
probably unwise.
The canonical RFC2440 (dating from November 1998) only has symmetric
cipher entries from 0-9 and hash algorithms up to 7.
--
Robert J. Hansen
"Most people are never thought about after they're gone. 'I wonder
where Rob got the plutonium?' is better than most get." -- Phil Munson
From hhhobbit at securemecca.net Wed Jul 18 20:41:01 2007
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Wed, 18 Jul 2007 12:41:01 -0600
Subject: gpg2 for windows?
In-Reply-To:
References:
Message-ID: <1184784061.13943.21.camel@sirius.brigham.net>
On Wed, 2007-07-18 at 00:08 +0200, Werner Koch wrote:
> On Wed, 18 Jul 2007 00:08, j.lysdal at gmail.com said:
>
> > Are there any plans to provide a gpg2 installer for windows?
> > as i am not interested in using the gpg4win package.
Nevertheless, use it. It is what they are standardizing on and
you can pick and choose what you want. I have no problems with
them doing it this way either. Now that they have done it you
can go to GnuPG2 on Windows. That makes me a happy camper! Or
you can stay with 1.4.X. It is your choice. I think you are
demanding too much of the GnuPG team (no, I don't have anything
to do with the effort). But until you really look at the
gpg4win package you don't know what you are missing.
> Actually gpg4win 1.1.1 already features gnupg2. However it is at this
> point not very usabable some command line actions do work but there are
> quite some bugs.
>
> We are working on this, yesterday I achieved to sent the first S/MIME
> mail using Claws and gnupg2. Stay tuned.
All ears 8^).
> > In particular, does anyone know why the gpg4win gpg builds
> > does not come with bzip2 support?
>
> Because it is an optional part of OpenPGP and iirc even PGP does not
> support bzip2. I'll see whether we can include it into the gpg4win
> build.
I would say it a little differently than that Werner. bzip2 is NOT part
of Windows. It sounds to me like you are asking for the world. Which
ZIP add on program do you want the GnuPG team to standardize on? On
the 'nix systems they just call bzip2 natively via pipes. On Windows
that becomes a problem with anything other than ZIP, because everything
else is an add-on. In other words, yes they could demand that you use
7-Zip
http://www.7-zip.org
In that case, they may be able to handle it, but ONLY if Windows were
as polite as the 'nix machines are in piping (you sometimes run into
problems). But people will use WinZip or a dozen other utilities
instead, or nothing at all. That means that the GnuPG team are
responsible for bzipping on their own. Does that help you
to understand some of the problems? That is why for a long time
I listed bzip2 as the last resort, and ZIP first. But the way
Windows implemented the ZIP was to transparently allow users to
see into a ZIP file, thus infecting people's computers.
In short, to Werner and the others - THANKS FOR GPG2 on MS WINDOWS!
HHH
From hhhobbit at securemecca.net Wed Jul 18 21:16:48 2007
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Wed, 18 Jul 2007 13:16:48 -0600
Subject: gpg2 for windows?
In-Reply-To: <1184784061.13943.21.camel@sirius.brigham.net>
References:
<1184784061.13943.21.camel@sirius.brigham.net>
Message-ID: <1184786208.13943.33.camel@sirius.brigham.net>
On Wed, 2007-07-18 at 12:41 -0600, Henry Hertz Hobbit wrote:
> On Wed, 2007-07-18 at 00:08 +0200, Werner Koch wrote:
> I would say it a little differently than that Werner. bzip2 is NOT part
> of Windows. It sounds to me like you are asking for the world. Which
> ZIP add on program do you want the GnuPG team to standardize on? On
> the 'nix systems they just call bzip2 natively via pipes. On Windows
> that becomes a problem with anything other than ZIP, because everything
> else is an add-on. In other words, yes they could demand that you use
> 7-Zip
Or they use the libraries. Either way, it is there natively on 'nix
systems. What I am trying to tell you is that bzip2 is NOT there
natively on Windows. Oh yes, the 7-Zip produces a substantial more
amount of compression than bzip2.
$ 7z a OutBox.7z ./OutBox
$ tar -cjf OutBox.tbz ./OutBox
$ chmod 644 OutBox.7z
$ ls -l OutBox.*
-rw-r--r-- 1 hhhobbit hhhobbit 6916234 Jul 18 13:10 OutBox.7z
-rw-r--r-- 1 hhhobbit hhhobbit 9947335 Jul 18 13:11 OutBox.tbz
Need I say more? I have shifted to 7-zip when I can. It is too
bad they didn't add enough information for UID:GID in 7-zip. The
way around it is to tar first and pipe that to 7z. That isn't bad
for an algorithm that was created on Windows. Keep that in mind
people.
But be sympathetic to the GnuPG team (all of them). They are
working their little hearts for us and I for one MUST say ...
THANK YOU!
HHH
From wk at gnupg.org Thu Jul 19 09:34:39 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 19 Jul 2007 09:34:39 +0200
Subject: gpg2 for windows?
In-Reply-To: <1184784061.13943.21.camel@sirius.brigham.net> (Henry Hertz
Hobbit's message of "Wed, 18 Jul 2007 12:41:01 -0600")
References:
<1184784061.13943.21.camel@sirius.brigham.net>
Message-ID: <87odi8voc0.fsf@wheatstone.g10code.de>
On Wed, 18 Jul 2007 20:41, hhhobbit at securemecca.net said:
> ZIP add on program do you want the GnuPG team to standardize on? On
> the 'nix systems they just call bzip2 natively via pipes. On Windows
Actually we are using libzip2. Support for bzip2 is thus compiled in if
this library and its corresponding development files are installed on
the build system. Same goes for Windows; here the development files
need to be installed ion the cross-build environment.
> else is an add-on. In other words, yes they could demand that you use
> 7-Zip
That one is not specified by OpenPGP.
Shalom-Salam,
Werner
From guillaume.yziquel at free.fr Thu Jul 19 15:17:03 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Thu, 19 Jul 2007 15:17:03 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <46983C39.1060608@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr> <4695E6C4.6030403@free.fr> <87ejjdzb4q.fsf@wheatstone.g10code.de> <46968D31.106@free.fr> <87lkdkybr0.fsf@wheatstone.g10code.de>
<46983C39.1060608@free.fr>
Message-ID: <469F644F.307@free.fr>
Guillaume Yziquel a ?crit :
> Werner Koch a ?crit :
>> On Thu, 12 Jul 2007 22:21, guillaume.yziquel at free.fr said:
>
> Well, I followed the following howto:
>
> http://www.fsfe.org/en/fellows/tyrael/fsfe_card_complete_how_to_ubuntu_feisty
>
> and it now works fine. Quite stable.
Well, it still is bothersome... Signing and decrypting emails is no
problem. But svn+ssh still gets the same problems I have described on
this mail:
http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031391.html
So I guess it's not resolved. I'd like to know from anyone using
smartcard for ssh authentification is they have similar problems, or am
I alone. Could this be some amd64 problem?
Thank for any help into this.
Guillaume.
From j.lysdal at gmail.com Thu Jul 19 16:34:09 2007
From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=)
Date: Thu, 19 Jul 2007 16:34:09 +0200
Subject: gpg2 for windows?
In-Reply-To: <1184784061.13943.21.camel@sirius.brigham.net>
References:
<1184784061.13943.21.camel@sirius.brigham.net>
Message-ID: <469F7661.9000905@gmail.com>
Henry Hertz Hobbit wrote:
> Nevertheless, use it. It is what they are standardizing on and
> you can pick and choose what you want. I have no problems with
> them doing it this way either. Now that they have done it you
> can go to GnuPG2 on Windows. That makes me a happy camper! Or
> you can stay with 1.4.X. It is your choice. I think you are
> demanding too much of the GnuPG team
What i am trying to say, is that, there are some of the software in the
gpg4win package, that i dont like (Actually all the addons, that i
think is too incomplete) But that is just, my highly personal opinion!
I am not trying to demand anything. If people could read it that way, it
was not my intension.
--
Jorgen Ch. Lysdal / 0xAFFD23A6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 282 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070719/da20505a/attachment.pgp
From mkallas at schokokeks.org Thu Jul 19 16:44:47 2007
From: mkallas at schokokeks.org (Michael Kesper)
Date: Thu, 19 Jul 2007 16:44:47 +0200 (CEST)
Subject: gpg2 for windows?
In-Reply-To: <469F7661.9000905@gmail.com>
References:
<1184784061.13943.21.camel@sirius.brigham.net>
<469F7661.9000905@gmail.com>
Message-ID: <6013.164.61.12.24.1184856287.squirrel@mail.schokokeks.org>
Hi,
J?rgen Christiansen Lysdal schrieb:
> What i am trying to say, is that, there are some of the software in the
> gpg4win package, that i dont like (Actually all the addons, that i
> think is too incomplete)
Well, you're not forced to install them.
Best wishes
Michael
--
Nobody can save your freedom but YOU -
become a fellow of the FSFE! http://www.fsfe.org/en
From wk at gnupg.org Fri Jul 20 09:24:34 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 20 Jul 2007 09:24:34 +0200
Subject: gpg2 for windows?
In-Reply-To: <469F7661.9000905@gmail.com> (=?utf-8?Q?=22J=C3=B8rgen?=
Christiansen Lysdal"'s
message of "Thu, 19 Jul 2007 16:34:09 +0200")
References:
<1184784061.13943.21.camel@sirius.brigham.net>
<469F7661.9000905@gmail.com>
Message-ID: <87hcnzsfkd.fsf@wheatstone.g10code.de>
On Thu, 19 Jul 2007 16:34, j.lysdal at gmail.com said:
> What i am trying to say, is that, there are some of the software in the
> gpg4win package, that i dont like (Actually all the addons, that i
The interesting thing with gpg4win is that this is a meta installer.
Thus anyone with a little bit of development experience can build an
installer with just the components he likes. gpg4win decides what to
include by looking for the package available in its package directory.
Shalom-Salam,
Werner
From timotheus at tstotts.net Sat Jul 21 22:26:59 2007
From: timotheus at tstotts.net (timotheus)
Date: Sat, 21 Jul 2007 16:26:59 -0400
Subject: pinentry-gtk-2 IPC issue
Message-ID:
Hi. The following issue just appeared for me, without upgrading kernel,
changing keyring, etc. No change in file permissions or rebooting seems
to resolve it.
% gpg --sign --detach-sign myfile.txt
You need a passphrase to unlock the secret key for
user: .........
1024-bit DSA key, ..............
gpg: problem with the agent: Invalid IPC response
gpg: no default secret key: General error
gpg: signing failed: General error
Problem appears to be with misbehaving /usr/bin/pinentry-gtk-2 .
Changing pinentry version to qt or curses in ~/.gnupg/gpg-agent.conf
works-around the issue.
% /bin/ls -lh /usr/bin/pinentry*
lrwxrwxrwx 1 root root 11 2007-07-21 16:13 /usr/bin/pinentry -> pinentry-qt
-rwxr-xr-x 1 root root 35K 2007-07-21 16:08 /usr/bin/pinentry-curses
-rwxr-xr-x 1 root root 80K 2007-07-21 16:08 /usr/bin/pinentry-gtk-2
-rwxr-xr-x 1 root root 117K 2007-07-21 16:08 /usr/bin/pinentry-qt
The behavior does not change when downgrading, upgrading, or recompiling
libassuan or pinentry. Pinentry is compiled with Linux POSIX
capabilities.
% zgrep '[V_]IPC[_=]' /proc/config.gz
CONFIG_SYSVIPC=y
# CONFIG_IPC_NS is not set
CONFIG_SYSVIPC_SYSCTL=y
libassuan 1.0.2
gnupg 2.0.5
dirmngr 1.0.0
libgcrypt 1.2.4
libksba 1.0.2
libgpg-error 1.5
curl 7.15.5
pinentry 0.7.3
Any recommendations on how to debug?
Regards,
-timotheus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : /pipermail/attachments/20070721/72a5cb01/attachment-0001.pgp
From guitarbench at Safe-mail.net Sun Jul 22 07:16:21 2007
From: guitarbench at Safe-mail.net (guitarbench at Safe-mail.net)
Date: Sun, 22 Jul 2007 01:16:21 -0400
Subject: How Do I Export Secring & Pubring Armored Files?
Message-ID:
I've wasted about seven hours trying to do this, with no luck.
I want exportable secring.asc and pubring.asc armored text files of my entire public and private keyrings. None of the graphical front ends seem to do it, nor can I find a command line _anywhere_ that says how to do it. Incredible!
I am operating in Windows XP.
Could someone please provide me with command lines to:
1: Extract an armored text pubring.asc from pubring.pkr
2: Extract an armored text secring.asc from secring.skr
Many thanks for a quick solution!
From rjh at sixdemonbag.org Sun Jul 22 20:48:20 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 22 Jul 2007 13:48:20 -0500
Subject: How Do I Export Secring & Pubring Armored Files?
In-Reply-To:
References:
Message-ID: <46A3A674.50201@sixdemonbag.org>
guitarbench at Safe-mail.net wrote:
> I've wasted about seven hours trying to do this, with no luck.
I suppose you've tried looking at the manpage?
> 1: Extract an armored text pubring.asc from pubring.pkr
This looks like a PGP keyfile, not a GnuPG keyfile. GnuPG uses the .gpg
extension.
Assuming that it's really a GPG keyfile, just:
gpg --armor --export > pubring.asc
> 2: Extract an armored text secring.asc from secring.skr
Again, it looks like a PGP keyfile, not a GnuPG keyfile.
gpg --armor --export-secret-key > secring.asc
From guitarbench at Safe-mail.net Mon Jul 23 03:45:41 2007
From: guitarbench at Safe-mail.net (guitarbench at Safe-mail.net)
Date: Sun, 22 Jul 2007 21:45:41 -0400
Subject: How Do I Export Secring & Pubring Armored Files?
Message-ID:
> This looks like a PGP keyfile, not a GnuPG keyfile
> GnuPG uses the .gpg extension.
At this point, I'm completely flummoxed. I have PGP and GPG keyrings scattered all over this computer, and I have no way of telling which ones are actually the GPG keyrings being used and maintained by WinPT, nor under which identifying extension. There's a window in WinPT that nominally tells this, but it's too short to display the path & filename and doesn't expand.
By searching, the most recently modified keyrings are those I mentioned.
I'm trying to import a keyring into Quicksilver's PGPed nym function, and on top of all this, it will not import GnuPG secure keys, apparently.
I've figured out a kludgy workaround for this, namely blowing off the GPG keys and making a new set in PGP, but most of my problem seems to be from the various PGP/GPG incompatibilities. With luck, I can import the PGP keys into GPG.
Thanks for your help.
From wk at gnupg.org Mon Jul 23 07:11:40 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 23 Jul 2007 07:11:40 +0200
Subject: pinentry-gtk-2 IPC issue
In-Reply-To: (timotheus@tstotts.net's message of
"Sat, 21 Jul 2007 16:26:59 -0400")
References:
Message-ID: <87lkd7puur.fsf@wheatstone.g10code.de>
On Sat, 21 Jul 2007 22:26, timotheus at tstotts.net said:
> Any recommendations on how to debug?
What I usually do is to create a wrapper /foo/pinentry-wrapper:
=========
#!/bin/sh
printenv >/tmp/pinentry.env
exec strace -o /tmp/pinentry.trc -e read=0 \
/somewhere/pinentry/gtk+-2/pinentry-gtk-2 -e -d "$@" 2>/tmp/pinentry.err
=======
add
pinentry-program /foo/pinentry-wrapper
to gpg-agent.conf, and give gpg-agent a HUP. Then check the log files.
Shalom-Salam,
Werner
From JPClizbe at tx.rr.com Mon Jul 23 07:23:42 2007
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Mon, 23 Jul 2007 00:23:42 -0500
Subject: How Do I Export Secring & Pubring Armored Files?
In-Reply-To:
References:
Message-ID: <46A43B5E.5060400@tx.rr.com>
>> This looks like a PGP keyfile, not a GnuPG keyfile
>> GnuPG uses the .gpg extension.
>=20
> At this point, I'm completely flummoxed. I have PGP and GPG keyrings=20
> scattered all over this computer, and I have no way of telling which on=
es are
> actually the GPG keyrings being used and maintained by WinPT, nor unde=
r
> which identifying extension. There's a window in WinPT that nominally t=
ells
> this, but it's too short to display the path & filename and doesn't exp=
and.
If I recall correctly, WinPT uses the default GnuPG keyring location, sub=
ject to
any redirection by gpg.conf.
The default location is %APPDATA%\GnuPG. %APPDATA% usually expands to
C:\Documents and Settings\\Application Data. So the default loc=
ation
for the three keyring files, pubring.gpg, secring.gpg, and trustdb.gpg is=
C:\Documents and Settings\\Application Data\GnuPG.
> By searching, the most recently modified keyrings are those I mentioned=
=2E
>=20
> I'm trying to import a keyring into Quicksilver's PGPed nym function, a=
nd on
> top of all this, it will not import GnuPG secure keys, apparently.
PGP wants the secret and public key parts in one file. GPGshell will do t=
his if
the 'Add public key to exported secret keys (PGP-style)' option is select=
ing in
GPGshell's preferences.
Or at the command line:
gpg --export 0xdecafbad > 0xdecafbad.asc
gpg --export-secret-key 0xdecafbad >> 0xdecafbad.asc
=46rom your email, you have PGP installed. Let PGP do the work for you - =
don't try
to import the keys. For the time being, PGPkeys will open GnuPG keyring f=
iles.
Open PGPkeys - this will open your default PGP keyring files. Now, from t=
he File
menu, select Open and specify the GnuPG public and secret keyring files; =
eg,
C:\Documents and Settings\\Application Data\GnuPG\pubring.g=
pg
C:\Documents and Settings\\Application Data\GnuPG\secring.g=
pg
when the window with your GnuPG keys opens, just select and drag&drop the=
key(pair)s you wish to copy to the PGP keyring window.
Key pairs you move will probably need to be set to 'Implicit Trust' in th=
e key's
Properties window.
> I've figured out a kludgy workaround for this, namely blowing off the G=
PG=20
> keys and making a new set in PGP, but most of my problem seems to be fr=
om the
> various PGP/GPG incompatibilities. With luck, I can import the PGP keys=
into
> GPG.
gpg --import \path\to\secring.skr
gpg --import \path\to\pubring.pkr
Key pairs imported should be checked that they are set to 'Ultimate trust=
'. This
is analogous to PGP's Implicit Trust setting.
You may set the key's trust setting with a GUI such as GPGshell or WinPT =
or from
the command line, eg. gpg --edit-key 0xdecafbad trust.
--=20
John P. Clizbe Inet: John (a) Mozilla-Enigmail.org=
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?" / "two words: good decisions."
"what's the key to good decisions?" / "one word: experience."
"how do i get experience?" / "two words: bad decisions."
"Just how do the residents of Haiku, Hawai'i hold conversations?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 663 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070723/21c8fd0c/attachment.pgp
From stefan-oltmanns at gmx.net Tue Jul 17 18:45:23 2007
From: stefan-oltmanns at gmx.net (Stefan)
Date: Tue, 17 Jul 2007 18:45:23 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <86084E83-746D-4836-81FE-B41AF97D7EB0@sixdemonbag.org>
References: <4697E3BD.2090701@gmx.net>
<86084E83-746D-4836-81FE-B41AF97D7EB0@sixdemonbag.org>
Message-ID: <469CF223.40604@gmx.net>
Robert J. Hansen schrieb:
>> I got a problem with GnuPG and PGP 5.0:
>
> PGP 5.0 substantially predates RFC2440, the IETF standard which GnuPG
> implements. In fact, GnuPG doesn't even have a PGP 5 compatibility
> mode. (It has --pgp6, --pgp7 and --pgp8, but nothing for PGP 5.)
>
> PGP 5.0 is very, _very_ out of date. Please consider upgrading to
> something more recent and standards-conformant.
I got the latest GnuPG. The bank uses "PGP 5.0 for OS/2", unfortunately
I can?t change that.
But I possibly found out the problem: I exported several public keys I
had to PGP 5 and tried to use them for encryption. Some of them worked,
and some (including mine) not. I analyzed the keys with --list-packets
and found out, that the keys that doesn?t work, contain "key flags"
(subpacket 27).
Unfortunately I haven?t found out how to remove this from my key, is
there a (simple) way to do that?
>
>> In case you?re wondering, I do have PGP only for testing purpose,
>> because I can?t get EUMEL of the 1822direkt bank (a system that sends
>> you a OpenPGP encrypted mail with financial transactions on your
>> account) to work, they use PGP 5.0.
>
> To me, this would cause me to doubt whether I wanted them to have my
> financial information at all.
But that doesn?t mean PGP 5 is insecure in any way, it?s just outdated
and not RFC2440 conform, right?
From wk at gnupg.org Thu Jul 26 11:45:33 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 26 Jul 2007 11:45:33 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <469CF223.40604@gmx.net> (stefan-oltmanns@gmx.net's message of
"Tue, 17 Jul 2007 18:45:23 +0200")
References: <4697E3BD.2090701@gmx.net>
<86084E83-746D-4836-81FE-B41AF97D7EB0@sixdemonbag.org>
<469CF223.40604@gmx.net>
Message-ID: <87bqdzh51e.fsf@wheatstone.g10code.de>
On Tue, 17 Jul 2007 18:45, stefan-oltmanns at gmx.net said:
> I got the latest GnuPG. The bank uses "PGP 5.0 for OS/2", unfortunately
> I can?t change that.
[ Wow, still a bank using OS/2. Some years ago I heard that IBM dropped
OS/2 support for the 4758 and thus required the banks to switch to
Windows. ]
> Unfortunately I haven?t found out how to remove this from my key, is
> there a (simple) way to do that?
Keyflags are required for RSA and are in general a very good idea. If
you want to get rid of them, you need to patch gpg. Point your editor
to g10/keygen.c and search for the function do_add_key_flags. Comment
out the last line and compile again. Then you need to update the
self-signatures of your key: Setting the primary flag or changing the
expire time will do the trick.
> But that doesn?t mean PGP 5 is insecure in any way, it?s just outdated
> and not RFC2440 conform, right?
The GNU/Linux version is definitly insecure as the RNG has a major flaw.
All keys created with this version and possible all signing keys used
with this versions should be considered compromised. I have also great
doubts that they are much safer with an OS/2 version.
Salam-Shalom,
Werner
From timotheus at tstotts.net Fri Jul 27 01:48:19 2007
From: timotheus at tstotts.net (timotheus)
Date: Thu, 26 Jul 2007 19:48:19 -0400
Subject: CRL checks with gpgsm
Message-ID:
Hi. How do I automate CRL checking with gpgsm? I understand the
following:
CRLs are loaded / retrieved by dirmngr
gpgsm invokes dirmngr, providing some information
dirmngr could be standalone per user, or system daemon
As user, dirmngr attempts to use the config file:
~/.gnupg/dirmngr_ldapservers.conf
What should go into this file? According to other posts, perhaps:
server:port:::o=organization,c=domain
How do I determine what server(s) should be in this list?
Any assistance would be appreciated. I have gpgsm working for Thawte
email S/MIME, but requiring the option `disable-crl-checks'.
-timotheus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : /pipermail/attachments/20070726/26fee7ef/attachment.pgp
From timotheus at tstotts.net Fri Jul 27 02:45:30 2007
From: timotheus at tstotts.net (timotheus)
Date: Thu, 26 Jul 2007 20:45:30 -0400
Subject: CRL checks with gpgsm
References:
Message-ID:
timotheus writes:
> Hi. How do I automate CRL checking with gpgsm? I understand the
> following:
> CRLs are loaded / retrieved by dirmngr
> gpgsm invokes dirmngr, providing some information
> dirmngr could be standalone per user, or system daemon
>
> As user, dirmngr attempts to use the config file:
> ~/.gnupg/dirmngr_ldapservers.conf
>
> What should go into this file? According to other posts, perhaps:
> server:port:::o=organization,c=domain
>
> How do I determine what server(s) should be in this list?
>
> Any assistance would be appreciated. I have gpgsm working for Thawte
> email S/MIME, but requiring the option `disable-crl-checks'.
>
> -timotheus
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
OK. The signing x509 certificate has:
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail at thawte.com
Subject: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Personal Freemail Issuing CA
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 CRL Distribution Points:
URI:http://crl.thawte.com/ThawtePersonalFreemailCA.crl
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
DirName:/CN=PrivateLabel2-138
This issue is that gpgsm does not appear to handle auto fetching of
multiple levels of CRLs; or that Thawte did not specifiy them correctly
within the x509 format.
The freemail certificate requires that
http://crl.thawte.com/ThawtePersonalFreemailCA.crl
be fetched and checked. But also,
http://crl.thawte.com/ThawtePersonalFreemailIssuingCA.crl
must be fetched for the intermediate certificate.
The chain is:
MY CERTIFICATE HERE.
Serial number: 3A0D29
Issuer: /CN=Thawte Personal Freemail CA/OU=Certification Services Division/O=Thawte Consulting/L=Cape Town/ST=Western Cape/C=ZA/EMail=personal-freemail at thawte.com
Subject: /CN=Thawte Personal Freemail Issuing CA/O=Thawte Consulting (Pty) Ltd./C=ZA
validity: 2003-07-17 00:00:00 through 2013-07-16 23:59:59
key type: 1024 bit RSA
key usage: certSign crlSign
chain length: 0
fingerprint: BC:F0:3A:B1:BD:9A:08:9B:EB:46:8D:AF:99:47:5E:83:18:39:99:0F
Certified by
Serial number: 3A
Issuer: /CN=Thawte Personal Freemail CA/OU=Certification Services Division/O=Thawte Consulting/L=Cape Town/ST=Western Cape/C=ZA/EMail=personal-freemail at thawte.com
Subject: /CN=Thawte Personal Freemail CA/OU=Certification Services Division/O=Thawte Consulting/L=Cape Town/ST=Western Cape/C=ZA/EMail=personal-freemail at thawte.com
validity: 1996-01-01 00:00:00 through 2020-12-31 23:59:59
key type: 1024 bit RSA
chain length: unlimited
fingerprint: 20:99:00:B6:3D:95:57:28:14:0C:D1:36:22:D8:C6:87:A4:EB:00:85
With any empty dirmngr cache, I have to manually:
# wget http://crl.thawte.com/ThawtePersonalFreemailIssuingCA.crl
# gpgsm --call-dirmngr loadcrl ThawtePersonalFreemailIssuingCA.crl
# rm -f ThawtePersonalFreemailIssuingCA.crl
And then gpgsm can auto fetch and verify with the other CRL.
Why doesn't gpgsm know to fetch both of these by recursively inspecting
the certificates?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : /pipermail/attachments/20070726/a042c5f2/attachment-0001.pgp
From wk at gnupg.org Fri Jul 27 10:22:33 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 27 Jul 2007 10:22:33 +0200
Subject: CRL checks with gpgsm
In-Reply-To: (timotheus@tstotts.net's message of
"Thu, 26 Jul 2007 20:45:30 -0400")
References:
Message-ID: <87lkd2cl2u.fsf@wheatstone.g10code.de>
On Fri, 27 Jul 2007 02:45, timotheus at tstotts.net said:
>> What should go into this file? According to other posts, perhaps:
>> server:port:::o=organization,c=domain
>From the dirmngr manual:
`--ldapserverlist-file FILE'
Read the list of LDAP servers to consult for CRLs and certificates
from file instead of the default per-user ldap server list file.
The default value for FILE is `dirmngr_ldapservers.conf' or
`ldapservers.conf' when running in `--daemon' mode.
This server list file contains one LDAP server per line in the
format
HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN
Lines starting with a `#' are comments.
Note that as usual all strings entered are expected to be UTF_8
encoded. Obviously this will lead to problems if the password has
orginally been encoded as Latin-1. There is no other solution here
than to put such a password in the binary encoding into the file
(i.e. non-ascii characters won't show up readable).(1)
> The freemail certificate requires that
> http://crl.thawte.com/ThawtePersonalFreemailCA.crl
> be fetched and checked. But also,
> http://crl.thawte.com/ThawtePersonalFreemailIssuingCA.crl
> must be fetched for the intermediate certificate.
Does the intermediate CA specify this one as a DP? Use gpgsm
--dump-chain to check.
Salam-Shalom,
Werner
From wk at gnupg.org Fri Jul 27 10:31:41 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 27 Jul 2007 10:31:41 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <46A922EB.1070702@gmx.net> (Stefan Oltmanns's message of "Fri, 27
Jul 2007 00:40:43 +0200")
References: <4697E3BD.2090701@gmx.net>
<86084E83-746D-4836-81FE-B41AF97D7EB0@sixdemonbag.org>
<469CF223.40604@gmx.net> <87bqdzh51e.fsf@wheatstone.g10code.de>
<46A922EB.1070702@gmx.net>
Message-ID: <87hcnqcknm.fsf@wheatstone.g10code.de>
On Fri, 27 Jul 2007 00:40, stefan-oltmanns at gmx.net said:
> (and PGP 5 accepted all of them), but I wasn?t able to remove them
> from my key, I changed the expire time several times, but no luck.
Enter debug in the edit menu to see what packets you have in your
keyblock. You may also use
gpg --export yourkeyid | gpg --list-packets
to get a detailed listing.
Shalom-Salam,
Werner
From timotheus at tstotts.net Fri Jul 27 13:28:27 2007
From: timotheus at tstotts.net (timotheus)
Date: Fri, 27 Jul 2007 07:28:27 -0400
Subject: CRL checks with gpgsm
References:
<87lkd2cl2u.fsf@wheatstone.g10code.de>
Message-ID:
Werner Koch writes:
> On Fri, 27 Jul 2007 02:45, timotheus at tstotts.net said:
>
>>> What should go into this file? According to other posts, perhaps:
>>> server:port:::o=organization,c=domain
>
>>From the dirmngr manual:
>
Got it.
>
>> The freemail certificate requires that
>> http://crl.thawte.com/ThawtePersonalFreemailCA.crl
>> be fetched and checked. But also,
>> http://crl.thawte.com/ThawtePersonalFreemailIssuingCA.crl
>> must be fetched for the intermediate certificate.
>
> Does the intermediate CA specify this one as a DP? Use gpgsm
> --dump-chain to check.
>
Apparently the root certificate is missing crlDP; and the issuing CA
specifies the crlDP for its parent.... Silly Thawte...
-timotheus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : /pipermail/attachments/20070727/2d370977/attachment.pgp
From dirk.traulsen at lypso.de Sat Jul 28 17:22:49 2007
From: dirk.traulsen at lypso.de (Dirk Traulsen)
Date: Sat, 28 Jul 2007 17:22:49 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <87hcnqcknm.fsf@wheatstone.g10code.de>
References: <4697E3BD.2090701@gmx.net>,
<46A922EB.1070702@gmx.net> (Stefan Oltmanns's message of "Fri,
27 Jul 2007 00:40:43 +0200"),
<87hcnqcknm.fsf@wheatstone.g10code.de>
Message-ID: <46AB7B69.28417.2A55E807@dirk.traulsen.lypso.de>
Am 27 Jul 2007 um 10:31 hat Werner Koch geschrieben:
> Enter debug in the edit menu to see what packets you have in your
> keyblock.
Is debug and its output format documented somewhere?
Dirk
From dirk.traulsen at lypso.de Sat Jul 28 17:22:49 2007
From: dirk.traulsen at lypso.de (Dirk Traulsen)
Date: Sat, 28 Jul 2007 17:22:49 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <87hcnqcknm.fsf@wheatstone.g10code.de>
References: <4697E3BD.2090701@gmx.net>,
<46A922EB.1070702@gmx.net> (Stefan Oltmanns's message of "Fri,
27 Jul 2007 00:40:43 +0200"),
<87hcnqcknm.fsf@wheatstone.g10code.de>
Message-ID: <46AB7B69.28417.2A55E807@dirk.traulsen.lypso.de>
Am 27 Jul 2007 um 10:31 hat Werner Koch geschrieben:
> Enter debug in the edit menu to see what packets you have in your
> keyblock.
Is debug and its output format documented somewhere?
Dirk
From sacha.net at gmail.com Sat Jul 28 17:57:30 2007
From: sacha.net at gmail.com (Sacha)
Date: Sat, 28 Jul 2007 17:57:30 +0200
Subject: Windows / Linux encoding issues
Message-ID: <46AB676A.7090504@gmail.com>
Hello,
I've created my key pair using WinPT under Windows 2000. I used special
characters (like ?, ?, ?, ?, etcetera) in my passphrase.
Since a hard drive crash, I've installed Gentoo Linux on the computer
and I can not found my Windows 2000 installation CD. I've successfully
imported my private key in GnuPG from a backup, but when I type my
passphrase, GnuPG says that it's a bad passphrase.
My idea is that there is a charset encoding issue, because under Linux I
have UTF-8 in my X server and ISO-859-1 in the console. And what under
Windows 2000 used is, I really don't know (Windows-1252 ? perhaps...).
Can you suggest me something to found the right passphrase ?
Thank you - very much.
--
Sasha
From wk at gnupg.org Mon Jul 30 09:16:40 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 30 Jul 2007 09:16:40 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <46AB7B69.28417.2A55E807@dirk.traulsen.lypso.de> (Dirk Traulsen's
message of "Sat, 28 Jul 2007 17:22:49 +0200")
References: <4697E3BD.2090701@gmx.net> <46A922EB.1070702@gmx.net>
<87hcnqcknm.fsf@wheatstone.g10code.de>
<46AB7B69.28417.2A55E807@dirk.traulsen.lypso.de>
Message-ID: <87d4ya8ip3.fsf@wheatstone.g10code.de>
On Sat, 28 Jul 2007 17:22, dirk.traulsen at lypso.de said:
> Is debug and its output format documented somewhere?
No, it is to help debugging. g10/kbnode.c has the code.
Salam-Shalom,
Werner
From stefan-oltmanns at gmx.net Fri Jul 27 13:16:09 2007
From: stefan-oltmanns at gmx.net (Stefan Oltmanns)
Date: Fri, 27 Jul 2007 13:16:09 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <87hcnqcknm.fsf@wheatstone.g10code.de>
References: <4697E3BD.2090701@gmx.net> <86084E83-746D-4836-81FE-B41AF97D7EB0@sixdemonbag.org> <469CF223.40604@gmx.net>
<87bqdzh51e.fsf@wheatstone.g10code.de> <46A922EB.1070702@gmx.net>
<87hcnqcknm.fsf@wheatstone.g10code.de>
Message-ID: <46A9D3F9.7090005@gmx.net>
Werner Koch schrieb:
> On Fri, 27 Jul 2007 00:40, stefan-oltmanns at gmx.net said:
>
>> (and PGP 5 accepted all of them), but I wasn?t able to remove them
>> from my key, I changed the expire time several times, but no luck.
>
> Enter debug in the edit menu to see what packets you have in your
> keyblock. You may also use
> gpg --export yourkeyid | gpg --list-packets
> to get a detailed listing.
That?s exactly what I did to see what I have in my key, and the key
flags won?t be removed no matter what I do.
I also added "tty_printf(_("do_add_key_flags was called.\n"));"
at the begin of the function (the only command in the function at all).
I see this message only during the creation of a new key (two times),
but never when I edit one.
Regards,
Stefan
From nospam at ofloo.org Sat Jul 28 11:49:57 2007
From: nospam at ofloo.org (Wouter Snels)
Date: Sat, 28 Jul 2007 11:49:57 +0200
Subject: Windows Vista
Message-ID: <46AB1145.3000108@ofloo.org>
Hi,
I currently bought a new laptop and it has windows vista on it, I've
always used GPG, it works on it only one problem though,
C:\Users\Ofloo>gpg --send-key --keyserver pool.sks-keyservers.net 0x3503FFC0
gpg: versturen van sleutel 3503FFC0 naar hkp server
pool.sks-keyservers.net // sending key 3503FFC0 to hkp server
pool.sks-keyservers.net
gpgkeys: this keyserver type only supports key retrieval
gpg: communicatie fout met de sleutelserver: file read error // english:
communication error with keyserver
gpg: sleutelserver verzending is mislukt: file read error //english:
keyserver sending has failed file read error
C:\Users\Ofloo>
C:\Users\Ofloo>gpg --version
gpg (GnuPG) 1.4.7
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: C:/Users/Ofloo/AppData/Roaming/gnupg
Ondersteunde algoritmen:
Publike sleutel: RSA, RSA-E, RSA-S, ELG-E, DSA
Versleutel algoritme: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Samenvattings algoritme: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512,
SHA224
Compressie: Ongecomprimeerd, ZIP, ZLIB, BZIP2
C:\Users\Ofloo>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070728/e3957d94/attachment-0001.pgp
From stefan-oltmanns at gmx.net Fri Jul 27 00:40:43 2007
From: stefan-oltmanns at gmx.net (Stefan Oltmanns)
Date: Fri, 27 Jul 2007 00:40:43 +0200
Subject: GnuPG and PGP 5.0 compatibility problem
In-Reply-To: <87bqdzh51e.fsf@wheatstone.g10code.de>
References: <4697E3BD.2090701@gmx.net> <86084E83-746D-4836-81FE-B41AF97D7EB0@sixdemonbag.org> <469CF223.40604@gmx.net>
<87bqdzh51e.fsf@wheatstone.g10code.de>
Message-ID: <46A922EB.1070702@gmx.net>
Werner Koch schrieb:
> On Tue, 17 Jul 2007 18:45, stefan-oltmanns at gmx.net said:
>
> Keyflags are required for RSA and are in general a very good idea. If
> you want to get rid of them, you need to patch gpg. Point your editor
> to g10/keygen.c and search for the function do_add_key_flags. Comment
> out the last line and compile again. Then you need to update the
> self-signatures of your key: Setting the primary flag or changing the
> expire time will do the trick.
I patched gpg and was able to create several keys without key flags (and
PGP 5 accepted all of them), but I wasn?t able to remove them from my
key, I changed the expire time several times, but no luck.
Any ideas?
Regards,
Stefan
From sysspoof at ng-lab.org Sun Jul 29 17:56:11 2007
From: sysspoof at ng-lab.org (sysspoof)
Date: Sun, 29 Jul 2007 17:56:11 +0200
Subject: Invalid Pin
Message-ID: <46ACB89B.6080809@ng-lab.org>
Hello
I have a problem with my scard from fsfe.
I can access the card:
pgr$ gpg --card-edit
gpg: detected reader `CCID Smart Card Reader 0 0'
Application ID ...: D2760001240101010001000007760000
Version ..........: 1.1
Manufacturer .....: PPC Card Systems
Serial number ....: 00000776
Name of cardholder: Patrick Grieshaber
Language prefs ...: de
Sex ..............: male
URL of public key : [not set]
Login data .......: pgr
Private DO 1 .....: [not set]
Private DO 2 .....: [946] Patrick Grieshaber <pgr at fsfe.org>
CA fingerprint 1 .: C485 A6CD 7EC6 6E9E EC33 65F2 70F2 75E4 C32F 6CA5
Signature PIN ....: not forced
Max. PIN lengths .: 254 254 254
PIN retry counter : 3 0 3
Signature counter : 0
General key info..: [none]
Command:
But if i know want to create subkeys as the tutorials says:
pgr$ gpg --edit-key Patrick Grieshaber
gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Secret key is available.
pub 1024D/2DBAE103 created: 2007-07-14 expires: never usage: SC
trust: ultimate validity: ultimate
sub 4096g/CB84563C created: 2007-07-14 expires: never usage: E
[ultimate] (1). Patrick Grieshaber (Nickname: Sysspoof) <sysspoof at ng-lab.org>
Invalid command (try "help")
Command> addcardkey
gpg: detected reader `CCID Smart Card Reader 0 0'
Please select the type of key to generate:
(1) Signature key
(2) Encryption key
(3) Authentication key
Your selection? 3
gpg: WARNING: such a key has already been stored on the card!
Replace existing key? (y/N) y
PIN
gpg: verify CHV2 failed: invalid passphrase
gpg: error checking the PIN: invalid passphrase
And i don't know why. I tried the admin pin and the normal/user pin.
I already once tried to write down some subkeys as you see. But unfortunately, the gpg software broke due a segfault :S
So may the card is corrupt?
Is there a way to change the pin (?)... i still have the admin pin, also still the default one, i received with a letter from fsfeurope.
Thanks in advance,
Patrick Grieshaber
From hhhobbit at securemecca.net Mon Jul 30 21:42:13 2007
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Mon, 30 Jul 2007 13:42:13 -0600
Subject: Windows / Linux encoding issues
In-Reply-To:
References:
Message-ID: <46AE3F15.4070605@securemecca.net>
Sacha wrote:
> I've created my key pair using WinPT under Windows 2000. I used special
> characters (like ?, ?, ?, ?, etcetera) in my passphrase.
>
> Since a hard drive crash, I've installed Gentoo Linux on the computer
> and I can not found my Windows 2000 installation CD. I've successfully
> imported my private key in GnuPG from a backup, but when I type my
> passphrase, GnuPG says that it's a bad passphrase.
>
> My idea is that there is a charset encoding issue, because under Linux I
> have UTF-8 in my X server and ISO-859-1 in the console. And what under
> Windows 2000 used is, I really don't know (Windows-1252 ? perhaps...).
>
> Can you suggest me something to find the right passphrase ?
>
> Thank you - very much.
Find somebody who has Windows system similar to what you had that
will let you use it, install GnuPG on it and import your keys on
to it. If your keys work there (do a simple test with a file or
something), then change the password on your keys on that platform
to something much simpler with just ASCII characters (subset of
ISO-859-1). I haven't used WinPT for a long while so if you can't
change the passwd in WinPT you will have to do a gpg --edit-key
and then passwd in a cmd.exe. BTW, I just COPY the pubring.gpg,
secring.gpg, and trustdb.gpg files as long as the chip is the
same, e.g., 32 bit Wintel -> 32 bit Wintel. It doesn't matter what
the OS is. I don't know how you backed up your keys though.
Did Windows-1252 precede ISO-859-1 like MacRoman? I have a feeling
it did which of course doesn't help you.
http://en.wikipedia.org/wiki/ISO_8859-1#The_ISO-8859-1.2FWindows-1252_mixup
Do you want to throw in EBCDIC to make matters worse? Hope that
helps, but ...
HHH