From olaf.gellert at intrusion-lab.net Fri Mar 2 09:41:18 2007 From: olaf.gellert at intrusion-lab.net (Olaf Gellert) Date: Fri, 02 Mar 2007 09:41:18 +0100 Subject: Error with encrypting: unusable public key Message-ID: <45E7E32E.4090105@intrusion-lab.net> Hi all, I keep getting an error trying to encrypt to the key 0xCC21E10F. The key is self-signed, gpg --check-sigs does not complain, but still when I try to encrypt I get: gpg: 0xCC21E10F: skipped: unusable public key I am using gpg 1.4.5 on a Linux box (SuSE 10.2). Could this be a matter of algorithms? The key is available on the keyservers. Thanks for help, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services olaf.gellert at intrusion-lab.net From twoaday at gmx.net Fri Mar 2 09:57:50 2007 From: twoaday at gmx.net (Timo Schulz) Date: Fri, 02 Mar 2007 09:57:50 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E7E32E.4090105@intrusion-lab.net> References: <45E7E32E.4090105@intrusion-lab.net> Message-ID: <45E7E70E.8080107@gmx.net> Olaf Gellert wrote: > 0xCC21E10F. The key is self-signed, gpg --check-sigs > does not complain, but still when I try to encrypt > I get: > > gpg: 0xCC21E10F: skipped: unusable public key pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC This is the information given in --edit-key. And the usage is the solution for your problem. It has *no* capability to encrypt data. Timo From olaf.gellert at intrusion-lab.net Fri Mar 2 10:43:28 2007 From: olaf.gellert at intrusion-lab.net (Olaf Gellert) Date: Fri, 02 Mar 2007 10:43:28 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E7E70E.8080107@gmx.net> References: <45E7E32E.4090105@intrusion-lab.net> <45E7E70E.8080107@gmx.net> Message-ID: <45E7F1C0.8010000@intrusion-lab.net> Timo Schulz wrote: > pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC > > This is the information given in --edit-key. And the usage > is the solution for your problem. > It has *no* capability to encrypt data. Thanx, I missed that. So this is one of the "sign only" keys and to enable encryption, one would add an encryption only subkey? Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services olaf.gellert at intrusion-lab.net From twoaday at gmx.net Fri Mar 2 10:57:58 2007 From: twoaday at gmx.net (Timo Schulz) Date: Fri, 02 Mar 2007 10:57:58 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E7F1C0.8010000@intrusion-lab.net> References: <45E7E32E.4090105@intrusion-lab.net> <45E7E70E.8080107@gmx.net> <45E7F1C0.8010000@intrusion-lab.net> Message-ID: <45E7F526.8010500@gmx.net> Olaf Gellert wrote: > keys and to enable encryption, one would add an encryption > only subkey? IIRC, it is not possible to change the capabilities of an existing key with GPG. Somebody might correct me if I'm wrong. And yes, the only way to encrypt to this key is to add an encryption subkey to it. It is also possible that people have separate keys for certifying/signing and encryption. Timo From laurent.jumet at skynet.be Fri Mar 2 11:05:48 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 02 Mar 2007 11:05:48 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E7F1C0.8010000@intrusion-lab.net> Message-ID: Hello Olaf ! Olaf Gellert wrote: >> pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC >> >> This is the information given in --edit-key. And the usage >> is the solution for your problem. >> It has *no* capability to encrypt data. > Thanx, I missed that. So this is one of the "sign only" > keys and to enable encryption, one would add an encryption > only subkey? Not on that one, it's a RSA key. -- Laurent Jumet KeyID: 0xCFAF704C From twoaday at gmx.net Fri Mar 2 13:54:59 2007 From: twoaday at gmx.net (Timo Schulz) Date: Fri, 02 Mar 2007 13:54:59 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: References: Message-ID: <45E81EA3.50904@gmx.net> Laurent Jumet wrote: >> Thanx, I missed that. So this is one of the "sign only" >> keys and to enable encryption, one would add an encryption >> only subkey? > > Not on that one, it's a RSA key. But if I see it correctly, it's _no_ v3 key so you can add a subkey to this key even if it is RSA (which is no limitation in OpenPGP). Timo From dshaw at jabberwocky.com Fri Mar 2 13:58:08 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 2 Mar 2007 07:58:08 -0500 Subject: Error with encrypting: unusable public key In-Reply-To: References: <45E7F1C0.8010000@intrusion-lab.net> Message-ID: <20070302125808.GB3189@jabberwocky.com> On Fri, Mar 02, 2007 at 11:05:48AM +0100, Laurent Jumet wrote: > > Hello Olaf ! > > Olaf Gellert wrote: > > >> pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC > >> > >> This is the information given in --edit-key. And the usage > >> is the solution for your problem. > >> It has *no* capability to encrypt data. > > > Thanx, I missed that. So this is one of the "sign only" > > keys and to enable encryption, one would add an encryption > > only subkey? > > Not on that one, it's a RSA key. It's okay - this is the new sort (i.e. OpenPGP or V4) of RSA key. You can add subkeys and do anything you'd do with any other OpenPGP key. Only the old PGP 2.x (V3) RSA keys cannot carry subkeys. David From laurent.jumet at skynet.be Fri Mar 2 14:49:03 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 02 Mar 2007 14:49:03 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E81EA3.50904@gmx.net> Message-ID: Hello Timo ! Timo Schulz wrote: >>> Thanx, I missed that. So this is one of the "sign only" >>> keys and to enable encryption, one would add an encryption >>> only subkey? >> >> Not on that one, it's a RSA key. > But if I see it correctly, it's _no_ v3 key so you can > add a subkey to this key even if it is RSA (which is > no limitation in OpenPGP). I was (wrongly) thinking that a RSA key wasn't able to hold subkeys. This one is v4: === Begin Windows Clipboard === :public key packet: version 4, algo 1, created 1164120402, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] :user ID packet: "David A. Mundie (Dodo Magnifico) " :signature packet: algo 1, keyid 09F096B7CC21E10F version 4, created 1164120402, md5len 0, sigclass 13 digest algo 2, begin of digest 17 3f hashed subpkt 2 len 4 (sig created 2006-11-21) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID 09F096B7CC21E10F) data: [2045 bits] === End Windows Clipboard === -- Laurent Jumet KeyID: 0xCFAF704C From vedaal at hush.com Fri Mar 2 16:57:15 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Fri, 02 Mar 2007 10:57:15 -0500 Subject: Error with encrypting: unusable public key Message-ID: <20070302155716.1D4F522847@mailserver9.hushmail.com> David Shaw dshaw at jabberwocky.com Fri Mar 2 13:58:08 CET 2007 wrote: >Only the old PGP 2.x (V3) RSA keys cannot carry subkeys. and all v3 rsa keys are both sign and encrypt, but, if anyone prefers not to have subkeys, gnupg allows v4 rsa keys to be generate as a single key with both sign and encrypt functions, similar to v3 keys (but with the capability of adding a subkey at any time) vedaal -- Click to consolidate debt and lower month expenses http://tagline.hushmail.com/fc/CAaCXv1QPxfCRYmrIndXP0tJiSe86TKc/ From sven at radde.name Fri Mar 2 16:32:38 2007 From: sven at radde.name (Sven Radde) Date: Fri, 02 Mar 2007 16:32:38 +0100 Subject: OpenPGP card's RNG Message-ID: <45E84396.90908@radde.name> Hallo! Does GnuPG (1.4.6 / WinXP) use the internal random number generator of the OpenPGP smart card? In other words: Is it useful to keep the card in the reader when running GnuPG even when I am not using the card directly (i.e. encrypt only)? I'm just curious because I noticed the "GET CHALLENGE" command while reading through the card spec... Have fun, Sven Radde From erikvanderhasselt at yahoo.com Fri Mar 2 18:45:21 2007 From: erikvanderhasselt at yahoo.com (Goya) Date: Fri, 2 Mar 2007 09:45:21 -0800 (PST) Subject: GnuPG and libksba-1.0.1 Message-ID: <9274053.post@talk.nabble.com> Hello, I am installing for the first time GnuPG on FreeBSD. I've downloaded GnuGP and all the required libraries and compiled those. I've set the environment variables to (as instructed in the message I got after compiling the libpth library) LD_LIBRARY_PATH /usr/local/lib LD_RUN_PATH /usr/local/lib When I ran the GnuPG configure file and it went all the way to the end but one message caught my eye. It told that libksba-1.0.1 wasn't correct installed. Can anyone tell me what this means? When I installed libksba library I ran configure, make and make install and it gave no messages. Did I do anything wrong? Regards, Goya -- View this message in context: http://www.nabble.com/GnuPG-and-libksba-1.0.1-tf3334911.html#a9274053 Sent from the GnuPG - User mailing list archive at Nabble.com. From wk at gnupg.org Mon Mar 5 12:58:31 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 05 Mar 2007 12:58:31 +0100 Subject: OpenPGP card's RNG In-Reply-To: <45E84396.90908@radde.name> (Sven Radde's message of "Fri\, 02 Mar 2007 16\:32\:38 +0100") References: <45E84396.90908@radde.name> Message-ID: <874pozgavs.fsf@wheatstone.g10code.de> On Fri, 2 Mar 2007 16:32, sven at radde.name said: > Does GnuPG (1.4.6 / WinXP) use the internal random number generator of > the OpenPGP smart card? No, it does not use the card's RNG, Shalom-Salam, Werner From dougb at dougbarton.us Mon Mar 5 23:57:07 2007 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 05 Mar 2007 14:57:07 -0800 Subject: GnuPG and libksba-1.0.1 In-Reply-To: <9274053.post@talk.nabble.com> References: <9274053.post@talk.nabble.com> Message-ID: <45ECA043.4010805@dougbarton.us> Goya wrote: > Hello, > > I am installing for the first time GnuPG on FreeBSD. I've downloaded GnuGP > and all the required libraries and compiled those. Is there any reason you're not using the ports system? It would handle all these issues for you. Doug -- If you're never wrong, you're not trying hard enough From wk at gnupg.org Tue Mar 6 09:02:45 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 06 Mar 2007 09:02:45 +0100 Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME Message-ID: <873b4ibxzu.fsf@wheatstone.g10code.de> Multiple Messages Problem in GnuPG and GPGME ============================================== 2007-03-05 Summary ======= Gerardo Richarte from Core Security Technologies identified a problem when using GnuPG in streaming mode. The problem is actually a variant of a well known problem in the way signed material is presented in a MUA. It is possible to insert additional text before or after a signed (or signed and encrypted) OpenPGP message and make the user believe that this additional text is also covered by the signature. The Core Security advisory describes several variants of the attack; they all boil down to the fact that it might not be possible to identify which part of a message is actually signed if gpg is not used correctly. [ Please do not send private mail in response to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). ] Impact ====== All applications using GnuPG without properly using the status interface to verify signed or signed and encrypted messages. All GPGME versions up to and including 1.1.3. Starting with version 1.4.7 and 2.0.3, GnuPG implements an additional and sufficient protection against this common usage problem. Detached signatures are in no way affected by this problem. Description =========== When using gpg (or gpg2) in a pipeline or with redirected input and output additional data may be inserted into a message. This allows to forge a signed message by prefixing it with arbitrary material. A way to create such a message is: echo "This is my sneaky plaintext message" > foobar.txt gpg -z0 --output prefix.gpg --store foobar.txt cat prefix.gpg original-signed-message.gpg > forged.gpg Using gpg naively this results in: $ gpg " [...] and thus gives the impression that the sneaky message is part of the signed Groucho quote. The correct way to use gpg with redirection is by taking care of the status interface: $ gpg --status-fd 1 gpg: Good signature from "Alfa Test (demo key) " [...] Here the PLAINTEXT status lines clearly identify the start of a new message. Note, that using gpg on the command line is in almost all cases not done with redirection but by letting gpg save the the signed message. In this case gpg will save the message to different files or in case the file names are identical, prompt the over to overwrite the first one again. Because the problem of identifying the actual signed content when mixing the signed data and the signature is very common, the long standing suggestion for all digital signatures is to use a detached signature. A detached signature allows to clearly identify what is signed and what is the signature. This is also the reason why PGP/MIME signed messages are in general to be preferred over the old style clear signed messages. Solution ======== Given that there are many applications in use which are subject to the described problem, we have decided to change GnuPG so that such forged OpenPGP messages are detected and the signature verification will fail. GnuPG 1.4.7 has been released today and is available from the usual places [2]. If you don't want to update, a minimal patch against GnuPG 1.4.6 is available at ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch Many applications are using the library GPGME which implements an easy way to process OpenPGP messages using gpg. We have updated GPGME to make it immune against this problem even if an old version of gpg is being used. GPGME 1.1.4 is available from the usual places [2]. A patch (against version 1.1.3 or 1.1.2) is available at ftp://ftp.gnupg.org/gcrypt/gpgme/patches/gpgme-1.1.3-multiple-message.patch Please note that - after applying one of these patches - some vulnerable applications (mainly MUAs) may fail to handle certain messages which are composed of several OpenPGP messages. To continue the support of such messages fixing the application is required as there is no way for GnuPG to do it. Support ======= g10 Code GmbH [3], a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. Support contracts or other financial backing will greatly help us to improve the quality of GnuPG. Thanks ====== Gerardo Richarte found this problem. David Shaw greatly helped to analyse and describe the core of the problem. [1] See http://lists.gnupg.org/mailman/listinfo/gnupg-devel [2] See http://www.gnupg.org/download/ [3] See http://www.gnupg.org/service.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070306/ce639d51/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From rjh at sixdemonbag.org Tue Mar 6 16:06:55 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 6 Mar 2007 09:06:55 -0600 Subject: 1.4.7 packages for OS X Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I've taken the liberty of packaging up 1.4.7 for OS X. (I apologize to Benjamin if I'm stepping on his toes here; by my recollection, he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.) They haven't been tested broadly, but so far they've worked on every system I've thrown them at (five machines, a smattering of Intel and PowerPC). Please note that these packages include IDEA support, which may (depending on your jurisdiction) give you some patent troubles. Please be responsible and download in accordance with your region's laws and the GNU GPL, and please only use IDEA for reading existing messages and not for creating new ones. Packages: http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg Signatures for the two packages can be found at: http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg Clearly, GnuPG.org is the appropriate site to refer people to for source code. However, to keep everything according to Hoyle, source code is also available from: http://rjhansen.cs.uiowa.edu/~rjh/gnupg-1.4.7.tar.bz2 http://rjhansen.cs.uiowa.edu/~rjh/idea.c.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF7YOPAAoJELcA9IL+r4EJDuoIAOP5dZnUCcXg62rqMcMyoOkS RCiGIy3NGy5q4Y3nTalvScrdI08sjcP3+tlTFIu8+EMnd9iZMhdc1BEH7Pe6tADL jVt34j4sloYVYfa5o58/gaKG3Y/3d9g/yMrfEhIq3pMC/khGiEAXboOg5LkA8dDG b2WeplsiUWXfKKi1vZ7cwiQ7dyqV5AAltqM8JJ8rliIobthcAXHIE8BeNA8dDmhD HAp+O7QF/vf2uMSSVuWQ7g6W30EVzp7UXbJf2YrXdrGQ/JFx5DzH6+gpCvJW5abV mI8Ym9PT2hWjKMEgXTvyUdP/QEh9i4MKam+CTcA0BjYWwd7zAC5N2+VaCXT/oLQ= =Ev4J -----END PGP SIGNATURE----- From svt at teris.de Tue Mar 6 20:26:38 2007 From: svt at teris.de (Sebastian von Thadden) Date: Tue, 06 Mar 2007 20:26:38 +0100 Subject: Restore Smart-Card-Manuel Message-ID: <45EDC06E.1030006@teris.de> Hi, since 2 years, I'm using pgp. It's very nice. Today I've got 2 pgp-smartcards. The frist one works very good. Everything works good. Now, I want to test, what happens when I lost this card or it's broken. I've both cards, the public key and an .pgp-file. I searched google for over 2 hours, but I only found an entry in this lists. But the user did not complete the restore. (http://marc.theaimsgroup.com/?l=gnupg-users&m=115027667302076&w=2) Is here any expert than can post a step-by-step guide to get my backup-card working ? This restore-procedure should be published on any smartcard-howto. Thanks from Germany Bye, Sebastian From johanw at vulcan.xs4all.nl Wed Mar 7 00:44:56 2007 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 7 Mar 2007 00:44:56 +0100 (MET) Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME In-Reply-To: <873b4ibxzu.fsf@wheatstone.g10code.de> Message-ID: <200703062344.l26Niugw018096@vulcan.xs4all.nl> Werner Koch wrote: >GnuPG 1.4.7 has been released today and is available from the >usual places [2]. Compiles and runs OK on Slackware Linux 10.0 with kernel 2.6.17.6. One small point: vulcan:~> gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. [...] The 2006 needs to be updated to 2007. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From reynt0 at cs.albany.edu Wed Mar 7 02:51:10 2007 From: reynt0 at cs.albany.edu (reynt0) Date: Tue, 6 Mar 2007 20:51:10 -0500 (EST) Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: With full appreciation for your and everyone's work, could I ask that, when posting, people be specific which OSX they are talking about? I'm still looking for an easy way to get the latest gnupg but for OS 10.3.9, not OS 10.4.x. That is, a way which doesn't involve having to install extraneous software with its extra level of trust (eg Fink); and which also avoids the Apple trend to asserting Micro$oft-like control over users' computers (cf eg and the links there, about 10.4, and one fears, 10.5 too); and which also I can summarize in a "HowTo" recipe that I can then use to distribute to academic and scientific users who need to start using encryption and IMHO should be encouraged to use open source. Sorry for being wordy. On Tue, 6 Mar 2007, Robert J. Hansen wrote: > I've taken the liberty of packaging up 1.4.7 for OS X. (I apologize > to Benjamin if I'm stepping on his toes here; by my recollection, > he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.) . . . From rjh at sixdemonbag.org Wed Mar 7 05:17:43 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 6 Mar 2007 22:17:43 -0600 Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: <2BE66C3E-4755-4E34-A05E-8213C39B2CAA@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > With full appreciation for your and everyone's work, > could I ask that, when posting, people be specific > which OSX they are talking about? Tiger has been out for two years now; I think it's reasonable to think that, unless specified otherwise, software will be targeting Tiger. > I'm still looking for an easy way to get the latest > gnupg but for OS 10.3.9, not OS 10.4.x. Unfortunately, I can't help you. I would also recommend switching to one of the free Unices if you don't want to upgrade to 10.4 or 10.5. Once 10.5 comes out, 10.3 will probably be EOLed and there will be no further security updates. Please give serious thought to either (a) migrating to a free UNIX or (b) upgrading to 10.4/10.5. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF7jznAAoJELcA9IL+r4EJqYoH/170XHe+wl4PrrhBBi3cXm8R XbWsjDqABTPh5yA7qfchaYFVj7jxzp6mv1G7m471qfIWGNdVsfvT+8bxP9MiL96h guC2C6uv45vRDsOSif54F5LQIwJ1zx9Agaiu3C/k5OpuyALlTrpqJKYwQueTWX82 BneejqLUwYbTGDPOxZR7V0Q3mvBV50PyIPUmfoqRPMo5uJ/eH3iyalImNkCxmzns ZrOD1t6IwZGyLQgOGOYYejrvk2yt9RPcgAHXGpsBkacfpHRtpLW9e+CzpV6EEgaV BEkHobo51GsOiXympmnBwyfty4jG/VNS1wDIOtuvdWK+1zumGrjL8XC1qbh8CvE= =JbXx -----END PGP SIGNATURE----- From wk at gnupg.org Wed Mar 7 09:59:02 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 07 Mar 2007 09:59:02 +0100 Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME In-Reply-To: <200703062344.l26Niugw018096@vulcan.xs4all.nl> (Johan Wevers's message of "Wed\, 7 Mar 2007 00\:44\:56 +0100 \(MET\)") References: <200703062344.l26Niugw018096@vulcan.xs4all.nl> Message-ID: <87ejo14eg9.fsf@wheatstone.g10code.de> On Wed, 7 Mar 2007 00:44, johanw at vulcan.xs4all.nl said: > The 2006 needs to be updated to 2007. Thanks for noting. We can do that, although it is not very important. The term for the copyright is getting longer and longer thanks to Mickey Mouse et al. Shalom-Salam, Werner From shavital at mac.com Wed Mar 7 11:55:28 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 07 Mar 2007 12:55:28 +0200 Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: <45EE9A20.8050009@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 reynt0 wrote the following on 3/7/07 3:51 AM: [...] > I'm still looking > for an easy way to get the latest gnupg but for > OS 10.3.9, not OS 10.4.x. [...] At , please scroll down to 'Files" where you will find: For Mac OS X 10.3.x 1.4.1, MD5: f4eb3c7d233e18fd1bf56d6bb576bbd9 Detached Sig GnuPG 1.4.1 can be downloaded from the hyperlink as a .dmg binary installer. I can't remember whether or which security problems 1.4.1 comported, but you will find complementary information in that site. All the above, until or if you decide to upgrade from 10.3.9. Charly Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRe6aHM3GMi2FW4PvAQjIuwf/VzglXbC0/gg5I3EGU4//8RHn/PZh42lA i2P0fuTvYK4XMb1KEBz+tBdDbXRFin98w2SRoWkyDtUCrvY2DdflRtvmcwUGSt5l CWIyIw4B1ijRYQIFenEppug63R+Wq1XZRM1lPLHDYeq/wWFAwzZP7iar9tKEjOtv fl90YByeQw5DSllJVXD1R+QueVaBPlQA1/CkBCIBqYB771TsLsXQPFSkPBgg6s+W D7R3irNcsvsqZbvJ0gIIlZnygLmA9MhhqQCv1I1LTUzMIjgM4EyhdJHdSbRvt9uN gS7dEvi1fAzUHgciNXZzQwbNP0RJuNBjdTtKW/0xKAUdVk5f5hFCtg== =KqVh -----END PGP SIGNATURE----- From benjamin at py-soft.co.uk Wed Mar 7 12:11:09 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 11:11:09 +0000 Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: <45EE9DCD.6020000@py-soft.co.uk> Robert J. Hansen wrote: > I've taken the liberty of packaging up 1.4.7 for OS X. Take a look at the macgpg project at http://macgpg.sourceforge.net/ > (I apologize to Benjamin if I'm stepping on his toes here; by my recollection, > he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.) I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7 done asap, but you may have saved me the trouble! :) As for the 2.x branch, there hasn't been enough interest for me to devote considerable amounts of my time to getting it packaged up. > Packages: > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg Join macgpg and we'll show you how to make universal binaries. Ben From swelter at mus.ch Wed Mar 7 15:11:05 2007 From: swelter at mus.ch (Sascha Welter) Date: Wed, 7 Mar 2007 15:11:05 +0100 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EE9A20.8050009@mac.com> References: <45EE9A20.8050009@mac.com> Message-ID: <20070307141105.GB6173@betabug.ch> (Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse: > I can't remember whether or which security problems 1.4.1 comported, but > you will find complementary information in that site. Since we've just had a security related update to 1.4.6 and a security related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1. > All the above, until or if you decide to upgrade from 10.3.9. There are Macs that can't upgrade beyond 10.3.9 and that will still work fine with that system for many years to come. Myself I tend to compile gnupg anyway, which IIRC never was much of a problem on 10.3.9 anyway. But I understand that some people don't have the knowledge or confidence to do that. Regards, Sascha From rjh at sixdemonbag.org Wed Mar 7 18:29:22 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 7 Mar 2007 11:29:22 -0600 Subject: 1.4.7 packages for OS X In-Reply-To: <45EE9DCD.6020000@py-soft.co.uk> References: <45EE9DCD.6020000@py-soft.co.uk> Message-ID: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7 done > asap, but you may have saved me the trouble! :) Thank you for being gracious. :) I updated the packages (very slightly) to install into /usr/local, instead of /usr. It seems to be a tradeoff--while I know a few OS X users who have (for reasons inscrutable to me) elected to remove /usr/ local from their PATH, there are a fair number of OS X crypto apps hardwired to expect it in /usr/local. Mulberry, GPGMail, etc. The original links still work; they point to non-IDEA-enabled builds. For completeness' sake, the links are all listed here: http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg Signatures are available at: http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg.asc http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg.asc http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg.asc Warning: these packages still have not been extensively tested. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF7vZzAAoJELcA9IL+r4EJe8wH/35U9JN32iHDdGRX9Z6I1LOy Yeelk1QHPD/QAGMMC+4FTg3v442v4vFQxapYjVAcBJsD0hoBzpKVSQEAH1JqzVc7 1VkAcDGrdCRSYKGovOXhcv/T4bltsGUOV0NlbBX8rz1vX75Pt1UCOZsLUo0TAD7a EtqrpSN7WlD1MjbxJXrlvJ4lWKaLUL0inmD6IG8v/XPhK6N+K2MMpbslwvorsA5d q1+8ic5M5g1kaQDwzkFs0r5CBP2QA8F4zIW6VPNAJFswWtbHTuUR4hL5K8mtCNRN m1Gi/An4P7h2eKurKwcmuGqdCtXl9E5zpatOGuLnsLPXq5uybMDN63dhRWtd9UI= =3E8Y -----END PGP SIGNATURE----- From shavital at mac.com Wed Mar 7 18:35:57 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 07 Mar 2007 19:35:57 +0200 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <20070307141105.GB6173@betabug.ch> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> Message-ID: <45EEF7FD.8040200@mac.com> Sascha Welter wrote the following on 3/7/07 4:11 PM: > (Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse: >> I can't remember whether or which security problems 1.4.1 comported, but >> you will find complementary information in that site. > > Since we've just had a security related update to 1.4.6 and a security > related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1. Quite, but later versions of gnupg, as far as I have read, are not compatible with OS X 10.3.9. See MacGPG's web site , where different versions of GnuPG are posted for OS 10.1.x, 10.2.x, 10.3.x, and now 10.4.x. Apparently the "last" GnuPG version for 10.3.9 is 1.4.1. For better or for worse. > >> All the above, until or if you decide to upgrade from 10.3.9. > > There are Macs that can't upgrade beyond 10.3.9 and that will still work > fine with that system for many years to come. I also have a G3 iMac, running 10.3.9, works fine. I have even a venerable 1998 vintage Wallstreet, where I succeeded to install Panther, but that was a long time ago. > > Myself I tend to compile gnupg anyway, which IIRC never was much of a > problem on 10.3.9 anyway. But I understand that some people don't have > the knowledge or confidence to do that. Till now, I have compiled gnupg from source. I don't have the knowledge, I follow the instructions set in MacGPG's web site. If or when something goes wrong, I ask questions, get answers (most of the time), and try to remedy. Call that confidence? I don't know. I only know it has worked till now, including GnuPG 2.0.2 Charly From rjh at sixdemonbag.org Wed Mar 7 18:50:50 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 7 Mar 2007 11:50:50 -0600 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> Message-ID: <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Why isn't this application packaged like normal OS X apps in an > application bundle? Why the Unix(Linux) bundling and installing? Usually, these "normal" OS X apps are Cocoa apps. If it has a nifty- keen GUI on it, odds are good that it's a Cocoa app and is thus packaged as a .app. But otherwise, odds are good that it's a regular UNIX utility and will be packaged like a regular UNIX utility. For instance, the Apple Developer Tools are packaged both like .apps and like regular UNIX utilities. XCode is a Cocoa apps, and as such, it's packaged as a .app. But Apple's C compiler is a regular UNIX utility, and as such, it's packaged as /usr/bin/gcc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF7vt6AAoJELcA9IL+r4EJmokIAMxwltRifxUIuVfQ7IKcKmiQ uZaIetXMFswVDupBqI5QvCj1tapyQYIdyfrnTaB8vWrJmsDlQsPA3MrZE8OhRbVW lrqmOhbWD4wSTd4+7FqI+K5VEhmaSCo4Rf9F6iXdOiKB0p4FKodgWOsdUvNsCLFk sVpuIzr7XYynqX03rtN30pQRZXl8yVhic9gBQx34S+7y50e8GriHmshAJYaMe779 bIesznJNxNRX4bQ8XjsRGuAZV6aqI2OCKvwlNqge1xJVrWu4tLtn6eCjEvUGj650 2cxMEWXCLw+9x5SwzwKCK4j7MeIlU/6cPvXySSvF4fowv2mB4HLMM2zni03RGvM= =OW5W -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Mar 7 19:08:52 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 7 Mar 2007 13:08:52 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EEF7FD.8040200@mac.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> Message-ID: <20070307180852.GA26993@jabberwocky.com> On Wed, Mar 07, 2007 at 07:35:57PM +0200, Charly Avital wrote: > Sascha Welter wrote the following on 3/7/07 4:11 PM: > > (Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse: > >> I can't remember whether or which security problems 1.4.1 comported, but > >> you will find complementary information in that site. > > > > Since we've just had a security related update to 1.4.6 and a security > > related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1. > > Quite, but later versions of gnupg, as far as I have read, are not > compatible with OS X 10.3.9. Do you mean binary releases from somewhere or building your own? If you're building your own, this is not the case, or at least, should not be the case. If compiling 1.4.7 on Panther doesn't work, report it as a bug. I will fix it. David From shavital at mac.com Wed Mar 7 21:21:22 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 07 Mar 2007 22:21:22 +0200 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <20070307180852.GA26993@jabberwocky.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> Message-ID: <45EF1EC2.4010404@mac.com> David Shaw wrote the following on 3/7/07 8:08 PM: [...] > Do you mean binary releases from somewhere or building your own? If > you're building your own, this is not the case, or at least, should > not be the case. If compiling 1.4.7 on Panther doesn't work, report > it as a bug. I will fix it. > > David Maybe I misunderstood the indications in . I shall try to compile 1.4.7 on Panther (not just right now), and report back. Charly From breen.mullins at gmail.com Wed Mar 7 21:32:33 2007 From: breen.mullins at gmail.com (Breen Mullins) Date: Wed, 7 Mar 2007 12:32:33 -0800 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <20070307180852.GA26993@jabberwocky.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> Message-ID: On 3/7/07, David Shaw wrote: > > Do you mean binary releases from somewhere or building your own? If > you're building your own, this is not the case, or at least, should > not be the case. If compiling 1.4.7 on Panther doesn't work, report > it as a bug. I will fix it. It worked for me. I didn't report success because I didn't think it was an issue. Breen -- Breen Mullins Menlo Park, Calif. From benjamin at py-soft.co.uk Thu Mar 8 00:03:00 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 23:03:00 +0000 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> Message-ID: <45EF44A4.20508@py-soft.co.uk> Ryan R. LaMothe wrote: > How difficult would be it be to package this application as a .app > bundle instead of all over the filesystem like the typical Unix > application (which makes installing/uninstalling/upgrading a pita)? There's nothing stopping you doing it and making the result available to all. Ben From benjamin at py-soft.co.uk Thu Mar 8 00:05:09 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 23:05:09 +0000 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EF1EC2.4010404@mac.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> Message-ID: <45EF4525.90304@py-soft.co.uk> Charly Avital wrote: > Maybe I misunderstood the indications in . My understanding is that the macgpg team decided to stop supporting old versions of Mac OS. However, the recent version of gnupg should (touch wood!) compile from source without any (real) problems. Ben From benjamin at py-soft.co.uk Thu Mar 8 00:12:22 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 23:12:22 +0000 Subject: 1.4.7 packages for OS X In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> Message-ID: <45EF46D6.40406@py-soft.co.uk> Robert J. Hansen wrote: > I updated the packages (very slightly) to install into /usr/local, > instead of /usr. Um, macgpg should install to /usr/local. > Warning: these packages still have not been extensively tested. I haven't had chance to look at them yet. When I get time I'll finish out the macgpg packaging instructions, which includes details on universal binaries. Take care, Ben From dshaw at jabberwocky.com Thu Mar 8 00:21:47 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 7 Mar 2007 18:21:47 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EF4525.90304@py-soft.co.uk> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> Message-ID: <20070307232147.GC26993@jabberwocky.com> On Wed, Mar 07, 2007 at 11:05:09PM +0000, Benjamin Donnachie wrote: > Charly Avital wrote: > > Maybe I misunderstood the indications in . > > My understanding is that the macgpg team decided to stop supporting old > versions of Mac OS. > > However, the recent version of gnupg should (touch wood!) compile from > source without any (real) problems. Yes indeed. Let me reiterate: as far as I'm concerned, if the current GPG doesn't build on a particular version of OSX, that's a bug. And I'll do my best to fix GPG so it does build. David From benjamin at py-soft.co.uk Thu Mar 8 00:40:49 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 23:40:49 +0000 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EF46D6.40406@py-soft.co.uk> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <45EF46D6.40406@py-soft.co.uk> Message-ID: <45EF4D81.5090907@py-soft.co.uk> Benjamin Donnachie wrote: >> Warning: these packages still have not been extensively tested. > I haven't had chance to look at them yet. I've just had a quick look at your installer and I'm afraid that it wouldn't meet the standards set by the macgpg team. Take a look at the documents I've sent you which should hopefully explain all. Take care, Ben From benjamin at py-soft.co.uk Thu Mar 8 02:14:33 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 08 Mar 2007 01:14:33 +0000 Subject: 1.4.7 packages for OS X In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> Message-ID: <45EF6379.6040909@py-soft.co.uk> Robert J. Hansen wrote: > The original links still work; they point to non-IDEA-enabled builds. > For completeness' sake, the links are all listed here: IDEA is generally best implemented as a module. That way you don't need to worry about any patent / copyright issues. GnuPG 1.4.7 universal binaries from the macgpg team are now available on the website - see http://macgpg.sourceforge.net/ Ben From rjh at sixdemonbag.org Thu Mar 8 02:39:50 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 7 Mar 2007 19:39:50 -0600 Subject: 1.4.7 packages for OS X In-Reply-To: <45EF6379.6040909@py-soft.co.uk> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <45EF6379.6040909@py-soft.co.uk> Message-ID: <382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > IDEA is generally best implemented as a module. That way you don't > need > to worry about any patent / copyright issues. I don't see any real difference between the two, really. If it's not legal to distribute the single binary with IDEA, then it's not legal to distribute the module. And going the module way, you wind up getting a large number of support requests saying "I downloaded the module, but I still can't read IDEA traffic", since people tend not to be all that familiar with editing gpg.conf. I should also point out, while I'm at it, that I don't recommend using IDEA. But the old RSA/IDEA legacy is unlikely to go away anytime soon, not as long as there's a ton of poorly-written anonymity software that depends on PGP 2.6. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF72lnAAoJELcA9IL+r4EJfdcH/jTDTWS69AXWA+IduP/gL5G6 QMWsgkRQF/tI0vyG+6jhDsdwbmRUDiFtoL+6Fp2omzq5fuzpEine2E/e/rfwhRRz rdjkrXhpo18qTGMFEDqBw01mzGi6Oz8ZDBeNZeRUCaZzDpYTTRvw7ZbBvNDbWcTF sq98hKUhTsiG6LXko5O7tcoDSgoatfga+HQeZn7hXPENjGWNS1vZhwRX0DoCY99X ov5xv5QRpSlJoziOs5JZRlnCErMIW7x+dfd1SCXqbLYSa/n3UOC0fVL/XYgkdpCQ UY87yrCuhZBVhdqK+EUd0l/J1qSJZ3wZqCPcd8xuHUEj/VQltbagq8yf6DTw8GY= =Xuyh -----END PGP SIGNATURE----- From shavital at mac.com Thu Mar 8 06:21:31 2007 From: shavital at mac.com (Charly Avital) Date: Thu, 8 Mar 2007 07:21:31 +0200 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <20070307232147.GC26993@jabberwocky.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 At 6:21 PM -0500 3/7/07, David Shaw wrote: [...] >Yes indeed. > >Let me reiterate: as far as I'm concerned, if the current GPG doesn't >build on a particular version of OSX, that's a bug. And I'll do my >best to fix GPG so it does build. > >David On an iMac CPU Type: PowerPC 750 (22.14) running MacOS 10.3.9 (code named "Pahther"), compiling from source with idea.c copied to 'Cipher': - ---------------------------- ./configure: [...] Version info: gnupg 1.4.7 Configured for: Darwin (powerpc-apple-darwin7.9.0). All 27 tests passed. % gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 - --------------------------- Therefore, GnuPG 1.4.7 builds correctly under Mac OS 10.3.9. I misunderstood the indications in MacGPG's web site. Thank you David for your feedback. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: GnuPG for Privacy iQEVAwUBRe+dRM3GMi2FW4PvAQjV5QgArePI9tr5+nHHQGwGtE27xJEvzeozlVWc VB9lAc2D/312om6+CBaaL9dTvIIBLh08DG2jJ7PWMWoasLmxy/LaplCPwGnr283C HEkGy0z0sqOTVxfqXE4jua6+LOsBwQE+d/FHphyPq09nMHZD5Iw0U0w6a72uYG5v 0xVwBNE3WoEX0Pr9apRv0DeqCvE81WRqMFK0QjZtor85STG05xXIcqnsVBs9NjWb ccYk98oQqXLLsXrPT5l53BsxoUURYCKdwZWo7oXnqFvSKIDZKeVFbiacOdat4q9f tmuI8SrqaOqQJgNrfMd5aEkuDTnG9rmnT8Tt7vgl9xE3JLhBiG1jdQ== =Hvtf -----END PGP SIGNATURE----- From benjamin at py-soft.co.uk Thu Mar 8 10:13:26 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 08 Mar 2007 09:13:26 +0000 Subject: 1.4.7 packages for OS X In-Reply-To: <382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <45EF6379.6040909@py-soft.co.uk> <382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org> Message-ID: <45EFD3B6.8000005@py-soft.co.uk> Robert J. Hansen wrote: > I don't see any real difference between the two, really. If it's not > legal to distribute the single binary with IDEA, then it's not legal to > distribute the module. And going the module way, you wind up getting a > large number of support requests saying "I downloaded the module, but I > still can't read IDEA traffic", since people tend not to be all that > familiar with editing gpg.conf. Put simply, the module route ensures that any patent / copyright issues are firmly the users "problem". As I understand it, the licence is not compatible with the GPL and therefore should not be distributed with GnuPG. Ben From wk at gnupg.org Thu Mar 8 15:36:30 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 08 Mar 2007 15:36:30 +0100 Subject: [Announce] GnuPG 2.0.3 released Message-ID: <87tzwvvm35.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.3 This is bug fix release. There are also some minor enhancements. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.6) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.3 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and ist mirrors you should find the following files in the *gnupg* directory: gnupg-2.0.3.tar.bz2 (3.8M) gnupg-2.0.3.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.3-2.0.3.diff.bz2 (29k) A patch file to upgrade a 2.0.2 GnuPG source. The patch file does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.3.tar.bz2 you would use this command: gpg --verify gnupg-2.0.3.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.3.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.3.tar.bz2 and check that the output matches the first line from the following list: 4680bcb96873191b331252ae40b35e39589c58ca gnupg-2.0.3.tar.bz2 901b8d9fe430e12c14d16365a08d50389c305f9a gnupg-2.0.2-2.0.3.diff.bz2 What's New =========== * By default, do not allow processing multiple plaintexts in a single stream. Many programs that called GnuPG were assuming that GnuPG did not permit this, and were thus not using the plaintext boundary status tags that GnuPG provides. This change makes GnuPG reject such messages by default which makes those programs safe again. --allow-multiple-messages returns to the old behavior. * New --verify-option show-primary-uid-only. * gpgconf may now reads a global configuration file to select which options are changeable by a frontend. The new applygnupgdefaults tool may be used by an admin to set default options for all users. * The PIN pad of the Cherry XX44 keyboard is now supported. The DINSIG and the NKS applications are now also aware of PIN pads. Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings most translations are not entirely complete. The Swedish, Turkish, German and Russian translations should be complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG. In fact it has been developed along with the Kmail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and as an PDF at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or by donating money. Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. A service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Marcus, Werner and all other contributors) -- Werner Koch The GnuPG Experts http://g10code.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070308/12872c7f/attachment-0001.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From reynt0 at cs.albany.edu Thu Mar 8 17:59:40 2007 From: reynt0 at cs.albany.edu (reynt0) Date: Thu, 8 Mar 2007 11:59:40 -0500 (EST) Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: I apologize if I am wasting the time of some busy and appreciated people, but I'd like to ask for clarification: The latest macgpg.sourceforge.net "HowTo", v4.16, says gcc 4.0.1 is needed. That gcc seems to be Apple-natively available only with OS 10.4, and not installable in 10.3.9 (with reliable result) from currently available XCode; gcc 3.3 seems to be the highest in XCode for 10.3. So..., what gcc do you have and how did you get it? (If the answer is simple, and I'm stupid, that makes me happiest because it is least trouble for me to fix.) On Thu, 8 Mar 2007, Charly Avital wrote: . . . > On an iMac CPU Type: PowerPC 750 (22.14) running MacOS 10.3.9 (code named > "Pahther"), compiling from source with idea.c copied to 'Cipher': . . . > Therefore, GnuPG 1.4.7 builds correctly under Mac OS 10.3.9. > I misunderstood the indications in MacGPG's web site. . . . From wk at gnupg.org Thu Mar 8 19:09:50 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 08 Mar 2007 19:09:50 +0100 Subject: external pinpad, gnupg, SPR532 PinPad SmartCard Reader In-Reply-To: (Alex Mauer's message of "Mon\, 12 Feb 2007 11\:18\:31 -0600") References: <200702111544.37742.MichaelParker@gmx.de> <87d54faach.fsf__14086.0900086865$1171287201$gmane$org@wheatstone.g10code.de> Message-ID: <87lki7txn5.fsf@wheatstone.g10code.de> On Mon, 12 Feb 2007 18:18, hawke at hawkesnest.net said: >> There is no support for PIN pads when using pcscd. > > Is this a limitation of pcscd or of GnuPG? The standard for accessing pinpads using PC/SC is relativley new. However, we won't support it in GnuPG becuase scdaemon is the way we go. Salam-Shalom, Werner From dshaw at jabberwocky.com Thu Mar 8 19:17:24 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 8 Mar 2007 13:17:24 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: <20070308181724.GA338@jabberwocky.com> On Thu, Mar 08, 2007 at 11:59:40AM -0500, reynt0 wrote: > I apologize if I am wasting the time of some busy > and appreciated people, but I'd like to ask for > clarification: > > The latest macgpg.sourceforge.net "HowTo", v4.16, > says gcc 4.0.1 is needed. That gcc seems to be > Apple-natively available only with OS 10.4, and not > installable in 10.3.9 (with reliable result) from > currently available XCode; gcc 3.3 seems to be > the highest in XCode for 10.3. So..., what gcc do > you have and how did you get it? (If the answer is > simple, and I'm stupid, that makes me happiest > because it is least trouble for me to fix.) gcc 4.0.1 is not needed to build GnuPG. You should be able to build it with whatever version is on your Panther box. If it doesn't work, tell me, and I'll make it work. David From shavital at mac.com Thu Mar 8 20:53:45 2007 From: shavital at mac.com (Charly Avital) Date: Thu, 8 Mar 2007 21:53:45 +0200 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: At 11:59 AM -0500 3/8/07, reynt0 wrote: >I apologize if I am wasting the time of some busy >and appreciated people, but I'd like to ask for >clarification: Not that busy, let's try to sort out this issue. > >The latest macgpg.sourceforge.net "HowTo", v4.16, >says gcc 4.0.1 is needed. You are right, that's what the HOWTO indicates: ----- This document describes how to build GnuPG on Mac OS X 10.2+. Please keep in mind that you need to have XCode 2.21 or the latest Developer Tools with gcc 4.0.1 or later as well as the BSD Subsystem installed. Check this by typing 'gcc -v' into the Terminal. -------- I am not sure what happened here; maybe, and I wish to stress 'maybe' an editing error when updating Gordon Worley's instructions. The facts are as follows: 1. On this iMac running OS 10.3.9, I have: Xcode 1.5, and gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1666) As I informed in a previous e-mail, I have compiled GnuPG 1.4.7 on this computer, without any problem. [...] I have included Mr. Alexander Nouak in the distribution of this answer, hoping he will be able to clarify this matter. I know Mr. Nouak will get this message also via macgpg-users, and I apologize for this double posting. Charly From nouak at zeitform.de Fri Mar 9 15:06:31 2007 From: nouak at zeitform.de (Alexander Nouak) Date: Fri, 9 Mar 2007 15:06:31 +0100 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: <75C64B4D-68DA-4F86-9938-A5327F91434F@zeitform.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Am 08.03.2007 um 20:53 schrieb Charly Avital: > Please keep in mind that you need to have XCode 2.21 or the latest > Developer > Tools with gcc 4.0.1 or later as well as the BSD Subsystem > installed. Check > this by typing 'gcc -v' into the Terminal. > -------- > > I have included Mr. Alexander Nouak in the distribution of this > answer, > hoping he will be able to clarify this matter. I know Mr. Nouak > will get > this message also via macgpg-users, and I apologize for this double > posting. may I kindly confirm that I am the right person to be blamed for that and I am terribly sorry for having caused this confusion. I will correct that as soon as possible. It is correct that you can compile gnupg on any Mac OS X >= 10.2 with its appropriate Developer Tools installed. To compile it on an Intel Mac or to receive Universal Binaries you will however need to use gcc 4.0.1 or later which you may find with XCode 2.21 or in the Developer Tools for Mac OS X 10.4 HTH Servus Alexander MacGPG Project Admin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFF8Wnn0HWns9BC0+sRAi0oAKCQy6SjHRoOWit0DCtj69a8zlJITwCguEwL NBrIFwQqd4unitpliKq80Is= =0uFn -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Fri Mar 9 17:25:35 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 09 Mar 2007 17:25:35 +0100 Subject: no-force-v3-sigs Message-ID: -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.7 (MingW32) owNCWmg2MUFZJlNZdJmIEgAAe3///nJoRmAH/Niv/3AAf///6gBYUQJIRKgCBAGA EDAAMkCwANlIioNAGmgAAyAAAaA0aAAB6hoaA0YhwaNGgaDQGTEBkaGQABppkAAA wQAGqZNBPFTbVPQnqaBoNGgZNMZQG1AAG1NAPUNo0IVjWWSuyM1TmmqY8NR90zKy 12jrMdhEbD0z16J17Xgxg4pkASOuseqqEE7yFL5TI0IRut11ZSQlwrO5yqFlRiWI oY3zLE4RvcHjpHWA5AQG3yxrwPgstSoX0dgQSpQbHiPy1Cnr8fbsuCJPXTOehj0Z HY7dPzuHCGoCRUIP72fFyI84UC2j0fkC6L6ds7QadpOXxi5MgNxpy4WHp689ua4Z dcig5SYaqfS4eS3xgx/u8ixjEslqSWAVBKMHlHwHf9KQIGTHAtOgciCS9I1P+LuS KcKEg6TMQJA= =WqE0 -----END PGP MESSAGE----- From dshaw at jabberwocky.com Sat Mar 10 02:10:30 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 9 Mar 2007 20:10:30 -0500 Subject: no-force-v3-sigs In-Reply-To: References: Message-ID: <20070310011030.GB8916@jabberwocky.com> On Fri, Mar 09, 2007 at 05:25:35PM +0100, Laurent Jumet wrote: > Hello ! > > May we assume that no-force-v3-sigs is the default in 1.4.7 ? It is not the default. It should be made the default eventually, but it's not yet. David From laurent.jumet at skynet.be Sat Mar 10 05:13:23 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 10 Mar 2007 05:13:23 +0100 Subject: Armor bis... Message-ID: -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.7 (MingW32) owNCWmg2MUFZJlNZ7oQR9wAA6v///nJhSmCnx5xv/FgAv//faoFA0ojgE8kVIwDA QACgkwQwAU1BBqjT1E1PaJinqAaepoPUZA0AyaAA0AyA9IA9Q2k80ocAA0GhoNAB pkGhkDTQAAGQAZAZAAiYgp6nppEwmR6mhkANAANADQ0NGhkAAAApqqmdGPct1Dqt un6INh4lgErWJRfWsJ7LSSef40GcDvpWZQwlSasmCIUVsmUFZm0e1pCGRdMZAAq4 p7EpqkRqUQmdeMtQwSSBLpl1hETl72NtL4rAUnGLXsVxWcKUH2lQ/CbgG/eWoHkc ki4nHCyE9rKVRdUIg4NZ020LjbKfEk3lL/ZpheWCBogtpnhpxTs4WoWzaAlAsYHE EYhERQQYNQ4IY8Z6wa4jQ0VY1eQkOhcAgxLgcYk4rGbRtqaMtdkJdKFgnwc8iW5j M4kXCwyq0EQTI8ltCUQhORXCsbJk4SRbswWvYQrWkBPYhXeCqjQRbOgn+QG8IUgU ICMlCQppvRN4v5Ei99yuPJFJRLjLJTEuS03KeZgZlUxTfvyaDLplGSusg/hD5LBh PIbrCeQeUBW3C9POj/QRQzfEehHXFMXbmn+Sj7ii/UTHlyZAUkKKiECOfNN/i7ki nChId0II+4A= =2oJ6 -----END PGP MESSAGE----- From laurent.jumet at skynet.be Sat Mar 10 05:09:08 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 10 Mar 2007 05:09:08 +0100 Subject: Armor... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello ! If you see an armored message here, don't assume it's crypted, it's only armored may be. Run GPG against it first, and delete after; and not the contrary. :-) ClearSign signatures may be altered through internet because of LineLenght and Charset translations. Armored, never. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iHsEAREDADsFAkXyMFY0GGh0dHA6Ly91c2Vycy5za3luZXQuYmUvbGF1cmVudC5q dW1ldC8weENGQUY3MDRDLmFzYwAKCRD1HW2gz69wTF07AKDIkySA2wBokc6xA/c1 7qCvuHQekACg0IXdoyel2lQxvbZu8YlmpXx9xj0= =GloY -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Sat Mar 10 05:02:44 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 10 Mar 2007 05:02:44 +0100 Subject: no-force-v3-sigs In-Reply-To: <20070310011030.GB8916@jabberwocky.com> Message-ID: Hello David ! David Shaw wrote: >> May we assume that no-force-v3-sigs is the default in 1.4.7 ? > It is not the default. It should be made the default eventually, but > it's not yet. I was thinking about expiration date of subkeys: should we assume that all people who stamped one were using --no-force-v3-sigs in their gpg.conf? Is --no-force-v3-sigs enough compatible actually to be used as default? -- Laurent Jumet KeyID: 0xCFAF704C From dshaw at jabberwocky.com Sat Mar 10 06:00:45 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 10 Mar 2007 00:00:45 -0500 Subject: no-force-v3-sigs In-Reply-To: References: <20070310011030.GB8916@jabberwocky.com> Message-ID: <20070310050045.GC8916@jabberwocky.com> On Sat, Mar 10, 2007 at 05:02:44AM +0100, Laurent Jumet wrote: > > Hello David ! > > David Shaw wrote: > > >> May we assume that no-force-v3-sigs is the default in 1.4.7 ? > > > It is not the default. It should be made the default eventually, but > > it's not yet. > > I was thinking about expiration date of subkeys: should we assume > that all people who stamped one were using --no-force-v3-sigs in > their gpg.conf? Subkeys get certs, not sigs. force-v3-sigs only applies to data signatures, and never to keys or subkeys. > Is --no-force-v3-sigs enough compatible actually to be used as default? Eventually. David From dshaw at jabberwocky.com Sat Mar 10 06:02:11 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 10 Mar 2007 00:02:11 -0500 Subject: Armor bis... In-Reply-To: References: Message-ID: <20070310050211.GD8916@jabberwocky.com> On Sat, Mar 10, 2007 at 05:13:23AM +0100, Laurent Jumet wrote: > -----BEGIN PGP MESSAGE----- > Version: GnuPG v1.4.7 (MingW32) > > owNCWmg2MUFZJlNZ7oQR9wAA6v///nJhSmCnx5xv/FgAv//faoFA0ojgE8kVIwDA > QACgkwQwAU1BBqjT1E1PaJinqAaepoPUZA0AyaAA0AyA9IA9Q2k80ocAA0GhoNAB > pkGhkDTQAAGQAZAZAAiYgp6nppEwmR6mhkANAANADQ0NGhkAAAApqqmdGPct1Dqt > un6INh4lgErWJRfWsJ7LSSef40GcDvpWZQwlSasmCIUVsmUFZm0e1pCGRdMZAAq4 > p7EpqkRqUQmdeMtQwSSBLpl1hETl72NtL4rAUnGLXsVxWcKUH2lQ/CbgG/eWoHkc > ki4nHCyE9rKVRdUIg4NZ020LjbKfEk3lL/ZpheWCBogtpnhpxTs4WoWzaAlAsYHE > EYhERQQYNQ4IY8Z6wa4jQ0VY1eQkOhcAgxLgcYk4rGbRtqaMtdkJdKFgnwc8iW5j > M4kXCwyq0EQTI8ltCUQhORXCsbJk4SRbswWvYQrWkBPYhXeCqjQRbOgn+QG8IUgU > ICMlCQppvRN4v5Ei99yuPJFJRLjLJTEuS03KeZgZlUxTfvyaDLplGSusg/hD5LBh > PIbrCeQeUBW3C9POj/QRQzfEehHXFMXbmn+Sj7ii/UTHlyZAUkKKiECOfNN/i7ki > nChId0II+4A= > =2oJ6 > -----END PGP MESSAGE----- Please do not send messages like this. Among the various problems it causes, it renders the list archive on the web useless, and that list archive is important for people to find information. This is what this looks like on the web: http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030547.html David From laurent.jumet at skynet.be Sat Mar 10 09:24:57 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 10 Mar 2007 09:24:57 +0100 Subject: Armor bis... In-Reply-To: <20070310050211.GD8916@jabberwocky.com> Message-ID: Hello David ! David Shaw wrote: > Please do not send messages like this. Among the various problems it > causes, it renders the list archive on the web useless, and that list > archive is important for people to find information. This is what > this looks like on the web: OK. -- Laurent Jumet KeyID: 0xCFAF704C From engage at n0sq.us Sat Mar 10 17:27:36 2007 From: engage at n0sq.us (engage) Date: Sat, 10 Mar 2007 09:27:36 -0700 Subject: Armor bis... In-Reply-To: References: Message-ID: <200703100927.36463.engage@n0sq.us> Looks altered to me. On Friday 09 March 2007 21:13, Laurent Jumet wrote: > Hello ! > > If you see an armored message here, don't assume it's crypted, it's > only armored > may be. Run GPG against it first, and delete after; and not the contrary. > :-) ClearSign signatures may be altered through internet because of > LineLenght and > Charset translations. Armored, never. > > -- > Laurent Jumet > KeyID: 0xCFAF704C > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From bahamut at madhatt.com Sat Mar 10 22:18:18 2007 From: bahamut at madhatt.com (Andrew Berg) Date: Sat, 10 Mar 2007 15:18:18 -0600 Subject: no-force-v3-sigs In-Reply-To: References: Message-ID: <45F3209A.8020705@madhatt.com> Laurent Jumet wrote: > Hello Andrew ! > > Andrew Berg wrote: > >>> owNCWmg2MUFZJlNZdJmIEgAAe3///nJoRmAH/Niv/3AAf///6gBYUQJIRKgCBAGA >>> EDAAMkCwANlIioNAGmgAAyAAAaA0aAAB6hoaA0YhwaNGgaDQGTEBkaGQABppkAAA >>> wQAGqZNBPFTbVPQnqaBoNGgZNMZQG1AAG1NAPUNo0IVjWWSuyM1TmmqY8NR90zKy >>> 12jrMdhEbD0z16J17Xgxg4pkASOuseqqEE7yFL5TI0IRut11ZSQlwrO5yqFlRiWI >>> oY3zLE4RvcHjpHWA5AQG3yxrwPgstSoX0dgQSpQbHiPy1Cnr8fbsuCJPXTOehj0Z >>> HY7dPzuHCGoCRUIP72fFyI84UC2j0fkC6L6ds7QadpOXxi5MgNxpy4WHp689ua4Z >>> dcig5SYaqfS4eS3xgx/u8ixjEslqSWAVBKMHlHwHf9KQIGTHAtOgciCS9I1P+LuS >>> KcKEg6TMQJA= >>> =WqE0 > >> No one can read messages if you encrypt them to another's key. ;) > > It's not encrypted, only armored ! > ClearSign signatures not always work, charset problems I suppose. > > Before deciding you can't read a file, just run GPG against it and see. > How was I to know? (I always forget that gnupg-users messages show the original sender and not gnupg-users at gnupg.org or gnupg-users-bounces at gnupg.org as the sender) From jharris at widomaker.com Sun Mar 11 00:43:31 2007 From: jharris at widomaker.com (Jason Harris) Date: Sat, 10 Mar 2007 18:43:31 -0500 Subject: new (2007-03-04) keyanalyze results (+sigcheck) Message-ID: <20070310234331.GA21271@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-03-04/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: ac7e90bbddb67fc93da2fd0dd08ca05f8df3e2e0 14572584 preprocess.keys a0331c0495134854d2772b800ed4827294b8a221 8518083 othersets.txt d85856f699143168fad96ff71d85a059b54b2e9f 3503768 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f 1450 index.html 1d03047862a50c1096baeffb910c45bb6ccaf899 2278 keyring_stats 20041ca7f218a8a647c9a556e3c0ddd75104c680 1378724 msd-sorted.txt.bz2 c75c7bc9b3bc74fcab19df58afea2fb1e8c4c326 26 other.txt fd3d04aecfb2102b06a8edadb0cbc5b37308da59 1849064 othersets.txt.bz2 fbe406e70323704ab5ddbff3dc7f4646c227a77e 5927878 preprocess.keys.bz2 289ae4babebe3dc517e656ffc7ef94bdc7d6e368 14968 status.txt 82bef87a351447412a5381990503a744dae21eb9 194476 top1000table.html 24fd44baa56b935bb2e161133d9f41ff3c70144a 29653 top1000table.html.gz 2dfdcc48bf337724c3de823706c8bdb5d3a53f9b 9785 top50table.html fddf52c615f22c8dccb9161215e76b989c42b48f 2529 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20070310/7d31b1cb/attachment.pgp From wk at gnupg.org Mon Mar 12 13:57:38 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 12 Mar 2007 13:57:38 +0100 Subject: gpgsm and multiple messages Message-ID: <87mz2ivcu5.fsf@wheatstone.g10code.de> Hi, I have been asked how the multiple messages problem, published last week, relates to gpgsm and thus S/MIME messages. Well, there is no problem because S/MIME is based on CMS (formerly known as pkcs#7) and CMS is different from OpenPGP concerning the structure of its messages: * CMS is not packet based but a large binary block completely defined by an ASN.1 specification. Prefixing this data with another CMS message won't give a valid CMS message and more important, gpgsm will only process the first of these messages. * gpgsm needs to be called explicitly for decryption and verification so that the caller needs to take care of passing the decrypted message a second time to gpgsm for signature verification. * gpgsm uses an explicit state machine for processing of CMS data and there is no way to restart this machine to process a second message. Shalom-Salam, Werner From ryan.lamothe at quantumworx.com Wed Mar 7 19:09:03 2007 From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe) Date: Wed, 7 Mar 2007 13:09:03 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> Message-ID: <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you for your reply. Although not all .app bundles are Cocoa apps, Eclipse is a good example. How difficult would be it be to package this application as a .app bundle instead of all over the filesystem like the typical Unix application (which makes installing/uninstalling/upgrading a pita)? Thanks! On Mar 7, 2007, at 12:50 PM, Robert J. Hansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > >> Why isn't this application packaged like normal OS X apps in an >> application bundle? Why the Unix(Linux) bundling and installing? > > Usually, these "normal" OS X apps are Cocoa apps. If it has a > nifty-keen GUI on it, odds are good that it's a Cocoa app and is > thus packaged as a .app. But otherwise, odds are good that it's a > regular UNIX utility and will be packaged like a regular UNIX utility. > > For instance, the Apple Developer Tools are packaged both > like .apps and like regular UNIX utilities. XCode is a Cocoa apps, > and as such, it's packaged as a .app. But Apple's C compiler is a > regular UNIX utility, and as such, it's packaged as /usr/bin/gcc. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > > iQEcBAEBCAAGBQJF7vt6AAoJELcA9IL+r4EJmokIAMxwltRifxUIuVfQ7IKcKmiQ > uZaIetXMFswVDupBqI5QvCj1tapyQYIdyfrnTaB8vWrJmsDlQsPA3MrZE8OhRbVW > lrqmOhbWD4wSTd4+7FqI+K5VEhmaSCo4Rf9F6iXdOiKB0p4FKodgWOsdUvNsCLFk > sVpuIzr7XYynqX03rtN30pQRZXl8yVhic9gBQx34S+7y50e8GriHmshAJYaMe779 > bIesznJNxNRX4bQ8XjsRGuAZV6aqI2OCKvwlNqge1xJVrWu4tLtn6eCjEvUGj650 > 2cxMEWXCLw+9x5SwzwKCK4j7MeIlU/6cPvXySSvF4fowv2mB4HLMM2zni03RGvM= > =OW5W > -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF7v+/zTrtVKxWL8MRAobJAJ9PwwUUddaLmYmWzLKdQcidnUZJvACg329N 1BF0JCgj7lSK/XAbo5VTtCA= =k8+v -----END PGP SIGNATURE----- From ryan.lamothe at quantumworx.com Wed Mar 7 18:36:51 2007 From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe) Date: Wed, 7 Mar 2007 12:36:51 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> Message-ID: <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why isn't this application packaged like normal OS X apps in an application bundle? Why the Unix(Linux) bundling and installing? On Mar 7, 2007, at 12:29 PM, Robert J. Hansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > >> I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7 >> done >> asap, but you may have saved me the trouble! :) > > Thank you for being gracious. :) > > I updated the packages (very slightly) to install into /usr/local, > instead of /usr. It seems to be a tradeoff--while I know a few OS X > users who have (for reasons inscrutable to me) elected to remove /usr/ > local from their PATH, there are a fair number of OS X crypto apps > hardwired to expect it in /usr/local. Mulberry, GPGMail, etc. > > The original links still work; they point to non-IDEA-enabled > builds. For completeness' sake, the links are all listed here: > > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg > > Signatures are available at: > > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg.asc > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg.asc > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg.asc > > Warning: these packages still have not been extensively tested. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > > iQEcBAEBCAAGBQJF7vZzAAoJELcA9IL+r4EJe8wH/35U9JN32iHDdGRX9Z6I1LOy > Yeelk1QHPD/QAGMMC+4FTg3v442v4vFQxapYjVAcBJsD0hoBzpKVSQEAH1JqzVc7 > 1VkAcDGrdCRSYKGovOXhcv/T4bltsGUOV0NlbBX8rz1vX75Pt1UCOZsLUo0TAD7a > EtqrpSN7WlD1MjbxJXrlvJ4lWKaLUL0inmD6IG8v/XPhK6N+K2MMpbslwvorsA5d > q1+8ic5M5g1kaQDwzkFs0r5CBP2QA8F4zIW6VPNAJFswWtbHTuUR4hL5K8mtCNRN > m1Gi/An4P7h2eKurKwcmuGqdCtXl9E5zpatOGuLnsLPXq5uybMDN63dhRWtd9UI= > =3E8Y > -----END PGP SIGNATURE----- > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Macgpg-users mailing list > Macgpg-users at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/macgpg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF7vgzzTrtVKxWL8MRAlFXAJ94/QozVsI+arEPj/kuDYCV3OdF8gCcCY4s i86T1JTseNZJVVCSnErM2ms= =9Yhv -----END PGP SIGNATURE----- From ryan.lamothe at quantumworx.com Thu Mar 8 00:24:00 2007 From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe) Date: Wed, 7 Mar 2007 18:24:00 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EF44A4.20508@py-soft.co.uk> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> <45EF44A4.20508@py-soft.co.uk> Message-ID: It's not a matter of "why not do it yourself" but a matter of "why isn't it being done" kind of question. A graphical installer and uninstaller for the entire suite would be nice. Maybe I will find time to work on it, maybe someone else can too. It is the same kind of question I ask the Mono and MonoDevelop people, who not only did not write MonoDevelop using Windows Forms (they used GTK), but an installation of "MonoDevelop for OS X" requires a plethora of Fink/DarwinPorts Linux libs installed in order to even begin using the entire package. But that is another story for another list. On Mar 7, 2007, at 6:03 PM, Benjamin Donnachie wrote: > Ryan R. LaMothe wrote: >> How difficult would be it be to package this application as a .app >> bundle instead of all over the filesystem like the typical Unix >> application (which makes installing/uninstalling/upgrading a pita)? > > There's nothing stopping you doing it and making the result > available to > all. > > Ben > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Macgpg-users mailing list > Macgpg-users at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/macgpg-users From jbruni at mac.com Mon Mar 12 20:48:36 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Mon, 12 Mar 2007 12:48:36 -0700 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> <45EF44A4.20508@py-soft.co.uk> Message-ID: <11726E4D-4FB9-466F-9ABD-8F9E0B26EDDD@mac.com> It wouldn't make sense to try to package GPG using a .app bundle since GPG itself will most often be used from the command line. As such, you would need to update your PATH environment variable to include a deep reference to something like "/Applications/GnuPG/ Content/MacOS/gpg" instead of the normal location for user-installed tools (/usr/local). In addition, if you did run it by double-clicking what would that give you since there is no graphical user interface and using the tool is done via command-line options? If you really need a GUI to use GPG, trying installing one of the many interfaces referenced from http://macgpg.sourceforge.net/. Those are packaged as .app bundles and make sense to run via the Finder. -Joe PS: I noticed this message thread was being cross-posted to both macgpg-users and gnupg-users. I'm not sure that's good etiquette, but I'm replying to both for continuity. On Mar 7, 2007, at 4:24 PM, Ryan R. LaMothe wrote: > It's not a matter of "why not do it yourself" but a matter of "why > isn't it being done" kind of question. > > A graphical installer and uninstaller for the entire suite would be > nice. Maybe I will find time to work on it, maybe someone else can > too. > > It is the same kind of question I ask the Mono and MonoDevelop > people, who not only did not write MonoDevelop using Windows Forms > (they used GTK), but an installation of "MonoDevelop for OS X" > requires a plethora of Fink/DarwinPorts Linux libs installed in order > to even begin using the entire package. But that is another story > for another list. > > > On Mar 7, 2007, at 6:03 PM, Benjamin Donnachie wrote: > >> Ryan R. LaMothe wrote: >>> How difficult would be it be to package this application as a .app >>> bundle instead of all over the filesystem like the typical Unix >>> application (which makes installing/uninstalling/upgrading a pita)? >> >> There's nothing stopping you doing it and making the result >> available to >> all. >> >> Ben >> >> --------------------------------------------------------------------- >> - >> --- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Macgpg-users mailing list >> Macgpg-users at lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/macgpg-users > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From j.lysdal at gmail.com Mon Mar 12 23:47:37 2007 From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=) Date: Mon, 12 Mar 2007 23:47:37 +0100 Subject: display bug Message-ID: <45F5D889.6000402@gmail.com> When i verify a data signature, isent gpg supposed to show keyserver url with the result when i have "verify-options show-keyserver-urls" in gpg.conf? -- J?rgen Ch. Lysdal -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 368 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070312/e4c5e440/attachment.pgp From svt at teris.de Tue Mar 13 03:39:30 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 03:39:30 +0100 Subject: GnuPG incompatible with windows-vista ? Message-ID: <45F60EE2.4080809@teris.de> Hi, today I've made some tests with gnupg and vista. Everything works fine, but at the moment, gnupg has to communicate with any external keyserver, I get this result: gpg: searching for "svt at teris.de" from hkp server subkeys.pgp.net gpgkeys: this keyserver type only supports key retrieval gpg: keyserver communications error: Dateilesefehler gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler When using the --debug all option, I get the same output (firstline is config-dir, the rest is the same). This error comes very fast. GnuPG does not search for hostnames or any other external recource. While these tests, the firewall was disabled. The same commands on a winXP-System are working correct. Can somebody verify this problem or know how I can solve it ? I know, some people here hates Vista, me to, but as software-developer I have to use it...:-( Thanks Bye, Sebastian From dshaw at jabberwocky.com Tue Mar 13 05:13:36 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 00:13:36 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F60EE2.4080809@teris.de> References: <45F60EE2.4080809@teris.de> Message-ID: <20070313041336.GB24706@jabberwocky.com> On Tue, Mar 13, 2007 at 03:39:30AM +0100, Sebsatian von Thadden wrote: > Hi, > > today I've made some tests with gnupg and vista. > > Everything works fine, but at the moment, gnupg has to communicate with > any external keyserver, I get this result: > > gpg: searching for "svt at teris.de" from hkp server subkeys.pgp.net > gpgkeys: this keyserver type only supports key retrieval > gpg: keyserver communications error: Dateilesefehler > gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler > > When using the --debug all option, I get the same output (firstline is > config-dir, the rest is the same). > > This error comes very fast. GnuPG does not search for hostnames or any > other external recource. > > While these tests, the firewall was disabled. > > The same commands on a winXP-System are working correct. > > Can somebody verify this problem or know how I can solve it ? You are either missing gpgkeys_hkp.exe or GPG can't find it (not in your path). David From dshaw at jabberwocky.com Tue Mar 13 05:02:18 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 00:02:18 -0400 Subject: display bug In-Reply-To: <45F5D889.6000402@gmail.com> References: <45F5D889.6000402@gmail.com> Message-ID: <20070313040218.GA24706@jabberwocky.com> On Mon, Mar 12, 2007 at 11:47:37PM +0100, J?rgen Christiansen Lysdal wrote: > When i verify a data signature, isent gpg supposed to show > keyserver url with the result when i have "verify-options > show-keyserver-urls" in gpg.conf? If there is a keyserver URL in the signature. David From j.lysdal at gmail.com Tue Mar 13 13:37:13 2007 From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=) Date: Tue, 13 Mar 2007 13:37:13 +0100 Subject: display bug In-Reply-To: <20070313040218.GA24706@jabberwocky.com> References: <45F5D889.6000402@gmail.com> <20070313040218.GA24706@jabberwocky.com> Message-ID: <9afe34fe0703130537m5f95ea53oe452278fed738027@mail.gmail.com> 2007/3/13, David Shaw : > > If there is a keyserver URL in the signature. > > David arh, i thought it was ment to display keyserver url from the public key used to verify the signature. Dident know i could store a keyserver url with a signature, but it makes sense. -- J?rgen Ch. Lysdal From svt at teris.de Tue Mar 13 13:44:29 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 13:44:29 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313041336.GB24706@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> Message-ID: <45F69CAD.7080308@teris.de> Hi David, > > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in > your path). > The gpgkeys_hkp.exe is in the same directory as the other files. Here is my directory-listing: 13.03.2007 02:40 Doc 13.03.2007 02:40 gnupg.nls 05.03.2007 11:53 865.792 gpg.exe 05.03.2007 11:53 59.392 gpgkeys_curl.exe 05.03.2007 11:53 51.712 gpgkeys_finger.exe 05.03.2007 11:53 63.488 gpgkeys_hkp.exe 05.03.2007 11:53 33.280 gpgkeys_ldap.exe 05.03.2007 11:53 107.520 gpgsplit.exe 05.03.2007 11:53 371.200 gpgv.exe 14.01.2004 01:56 892.928 iconv.dll 13.03.2007 02:40 Src 13.03.2007 02:40 70.380 uninst-gnupg.exe Can I set the path to this file in the config-file or set any global_system_var to help gpg to find this file ? Thanks Bye, Sebastian From j.lysdal at gmail.com Tue Mar 13 13:42:03 2007 From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=) Date: Tue, 13 Mar 2007 13:42:03 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313041336.GB24706@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> Message-ID: <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> 2007/3/13, David Shaw : > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in > your path). > > David > Anyway, even if gpg can find it, it will still not work. Gives me a "socket error" something.. The message flashes for a very short time so i dont have time enough to rest of it. -- J?rgen Ch. Lysdal From dshaw at jabberwocky.com Tue Mar 13 14:36:48 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 09:36:48 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> Message-ID: <20070313133648.GB28721@jabberwocky.com> On Tue, Mar 13, 2007 at 01:42:03PM +0100, J?rgen Lysdal wrote: > 2007/3/13, David Shaw : > > > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in > > your path). > > > > David > > > > Anyway, even if gpg can find it, it will still not work. Gives me a > "socket error" something.. > The message flashes for a very short time so i dont have time enough > to rest of it. What did you do so GPG would find it? David From dshaw at jabberwocky.com Tue Mar 13 14:29:35 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 09:29:35 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F69CAD.7080308@teris.de> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> Message-ID: <20070313132935.GA28721@jabberwocky.com> On Tue, Mar 13, 2007 at 01:44:29PM +0100, Sebsatian von Thadden wrote: > Hi David, > > > > > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in > > your path). > > > > The gpgkeys_hkp.exe is in the same directory as the other files. Here is > my directory-listing: > > 13.03.2007 02:40 Doc > 13.03.2007 02:40 gnupg.nls > 05.03.2007 11:53 865.792 gpg.exe > 05.03.2007 11:53 59.392 gpgkeys_curl.exe > 05.03.2007 11:53 51.712 gpgkeys_finger.exe > 05.03.2007 11:53 63.488 gpgkeys_hkp.exe > 05.03.2007 11:53 33.280 gpgkeys_ldap.exe > 05.03.2007 11:53 107.520 gpgsplit.exe > 05.03.2007 11:53 371.200 gpgv.exe > 14.01.2004 01:56 892.928 iconv.dll > 13.03.2007 02:40 Src > 13.03.2007 02:40 70.380 uninst-gnupg.exe > > > Can I set the path to this file in the config-file or set any > global_system_var to help gpg to find this file ? Interesting that GPG was able to find gpgkeys_curl.exe but not gpgkeys_hkp.exe. Hmm. What version of GPG is this? Can you send the output of your keyserver request with "--debug 1024" added? David From j.lysdal at gmail.com Tue Mar 13 16:27:31 2007 From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=) Date: Tue, 13 Mar 2007 16:27:31 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313133648.GB28721@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> Message-ID: <45F6C2E3.9040404@gmail.com> David Shaw skrev: > > What did you do so GPG would find it? > > David > Hmm, dident do anything.. Maybe it is because i have User Account Control turned off? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 368 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070313/87748b94/attachment.pgp From svt at teris.de Tue Mar 13 17:54:18 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 17:54:18 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313132935.GA28721@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> Message-ID: <45F6D73A.7020601@teris.de> Hi David, here is the output of gpg --debug 1024 --search-key --keyserver subkeys.pgp.net test" gpg: Optionen werden aus 'C:/Users/Sebsatian/AppData/Roaming/gnupg\gpg.conf' gel esen gpg: DBG: expanding string "C:\gnupg\gpgkeys_curl.exe -o "%O" "%I"" gpg: DBG: args expanded to "C:\gnupg\gpgkeys_curl.exe -o "C:\Users\SEBSAT~1\AppD ata\Local\Temp\gpg-53654A\tempout.txt" "C:\Users\SEBSAT~1\AppData\Local\Temp\gpg -53654A\tempin.txt"", use 1, keep 1 gpg: DBG: using temp file `C:\Users\SEBSAT~1\AppData\Local\Temp\gpg-53654A\tempi n.txt' gpg: searching for "test" from hkp server subkeys.pgp.net gpg: DBG: system() command is C:\gnupg\gpgkeys_curl.exe -o "C:\Users\SEBSAT~1\Ap pData\Local\Temp\gpg-53654A\tempout.txt" "C:\Users\SEBSAT~1\AppData\Local\Temp\g pg-53654A\tempin.txt" gpgkeys: this keyserver type only supports key retrieval gpg: keyserver communications error: Dateilesefehler gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 I set this in config keyserver-options keep-temp-files to keep the files: tempin.txt --> # This is a GnuPG 1.4.7 keyserver communications file VERSION 1 PROGRAM 1.4.7 SCHEME hkp HOST subkeys.pgp.net PATH / COMMAND SEARCH test --> tempout.txt is empty (0bytes) I hope you can help. Bye, Sebastian David Shaw schrieb: > On Tue, Mar 13, 2007 at 01:44:29PM +0100, Sebsatian von Thadden wrote: >> Hi David, >> >>> You are either missing gpgkeys_hkp.exe or GPG can't find it (not in >>> your path). >>> >> The gpgkeys_hkp.exe is in the same directory as the other files. Here is >> my directory-listing: >> >> 13.03.2007 02:40 Doc >> 13.03.2007 02:40 gnupg.nls >> 05.03.2007 11:53 865.792 gpg.exe >> 05.03.2007 11:53 59.392 gpgkeys_curl.exe >> 05.03.2007 11:53 51.712 gpgkeys_finger.exe >> 05.03.2007 11:53 63.488 gpgkeys_hkp.exe >> 05.03.2007 11:53 33.280 gpgkeys_ldap.exe >> 05.03.2007 11:53 107.520 gpgsplit.exe >> 05.03.2007 11:53 371.200 gpgv.exe >> 14.01.2004 01:56 892.928 iconv.dll >> 13.03.2007 02:40 Src >> 13.03.2007 02:40 70.380 uninst-gnupg.exe >> >> >> Can I set the path to this file in the config-file or set any >> global_system_var to help gpg to find this file ? > > Interesting that GPG was able to find gpgkeys_curl.exe but not > gpgkeys_hkp.exe. Hmm. What version of GPG is this? > > Can you send the output of your keyserver request with "--debug 1024" > added? > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From bahamut at madhatt.com Tue Mar 13 18:12:58 2007 From: bahamut at madhatt.com (Andrew Berg) Date: Tue, 13 Mar 2007 11:12:58 -0600 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6C2E3.9040404@gmail.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> Message-ID: <45F6DB9A.3030300@madhatt.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I think that this problem came up before, and that one has to rename gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I can't remember). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9tuZQkZZy5xsw6MRA4WBAKCRy9wV7k3r9HadSFSMS3QtGv7hTACgtCT7 BxNDJ4e8ZLe4UeIXAaxx6ks= =w9Ee -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Mar 13 19:35:04 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 14:35:04 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6D73A.7020601@teris.de> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> Message-ID: <20070313183504.GB29210@jabberwocky.com> On Tue, Mar 13, 2007 at 05:54:18PM +0100, Sebsatian von Thadden wrote: > Hi David, > > here is the output of > > gpg --debug 1024 --search-key --keyserver subkeys.pgp.net test" > > gpg: Optionen werden aus > 'C:/Users/Sebsatian/AppData/Roaming/gnupg\gpg.conf' gel > esen > gpg: DBG: expanding string "C:\gnupg\gpgkeys_curl.exe -o "%O" "%I"" Interesting. Can you tell me the settings of these values in config.h when you compiled: HAVE_DRIVE_LETTERS DISABLE_KEYSERVER_PATH HAVE_W32_SYSTEM Also, do note that I don't think anyone has done a strong check of the random number code on Vista yet, so be warned about that. I'm just debugging the keyserver access stuff here. David From j.lysdal at gmail.com Tue Mar 13 19:49:17 2007 From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=) Date: Tue, 13 Mar 2007 19:49:17 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6DB9A.3030300@madhatt.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> <45F6DB9A.3030300@madhatt.com> Message-ID: <45F6F22D.8010007@gmail.com> Andrew Berg skrev: > I think that this problem came up before, and that one has to rename > gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I > can't remember). Renaming gpgkeys_hkp.exe to gpgkeys_curl.exe seems to be working. Thanks for the tip. What is the difference between the two? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 368 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070313/3d1b931e/attachment.pgp From dshaw at jabberwocky.com Tue Mar 13 19:59:31 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 14:59:31 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6DB9A.3030300@madhatt.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> <45F6DB9A.3030300@madhatt.com> Message-ID: <20070313185931.GC29210@jabberwocky.com> On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote: > I think that this problem came up before, and that one has to rename > gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I > can't remember). This will fix HKP, but remove the ability to use HTTP. Better to fix the bug here. David From rjh at sixdemonbag.org Tue Mar 13 20:51:56 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 13 Mar 2007 14:51:56 -0500 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313183504.GB29210@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> Message-ID: <920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org> > Interesting. Can you tell me the settings of these values in config.h > when you compiled: For what it's worth, Vista appears to have major problems with any program which depends on there being a libexec prefix. Whenever using a program that uses libexec helper programs, you're going to have problems--at least, I always did. I had Vista installed for a few weeks (work-related development) and ultimately said to hell with it, based on the incredible difficulties I faced in getting Cygwin, MinGW, GnuPG, etc., to work. For an example of this affecting MinGW, please see: http://www.qtforum.org/article/19748/QT-422-Opensource-on-Vista.html ... For now, I think it would be prudent to say that GnuPG on Vista is unsupported and not recommended. From dshaw at jabberwocky.com Tue Mar 13 21:12:56 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 16:12:56 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> <920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org> Message-ID: <20070313201256.GD29210@jabberwocky.com> On Tue, Mar 13, 2007 at 02:51:56PM -0500, Robert J. Hansen wrote: > > Interesting. Can you tell me the settings of these values in config.h > > when you compiled: > > For what it's worth, Vista appears to have major problems with any > program which depends on there being a libexec prefix. Whenever > using a program that uses libexec helper programs, you're going to > have problems--at least, I always did. > > I had Vista installed for a few weeks (work-related development) and > ultimately said to hell with it, based on the incredible difficulties > I faced in getting Cygwin, MinGW, GnuPG, etc., to work. > > For an example of this affecting MinGW, please see: > > http://www.qtforum.org/article/19748/QT-422-Opensource-on-Vista.html > > > > ... For now, I think it would be prudent to say that GnuPG on Vista > is unsupported and not recommended. I don't disagree, but we're going to have to get this working on Vista eventually. The only way it's going to get supported and usable is to fix the problems. David From svt at teris.de Tue Mar 13 22:34:23 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 22:34:23 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313183504.GB29210@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> Message-ID: <45F718DF.9000408@teris.de> Hi David, > Interesting. Can you tell me the settings of these values in config.h > when you compiled: > > HAVE_DRIVE_LETTERS > DISABLE_KEYSERVER_PATH > HAVE_W32_SYSTEM > > Also, do note that I don't think anyone has done a strong check of the > random number code on Vista yet, so be warned about that. I'm just > debugging the keyserver access stuff here. > I don't have any enviroment on this system, to compile gnupg. So I can't tell you these informations. Bye, Sebastian From dshaw at jabberwocky.com Tue Mar 13 22:46:14 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 17:46:14 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F718DF.9000408@teris.de> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> <45F718DF.9000408@teris.de> Message-ID: <20070313214614.GE29210@jabberwocky.com> On Tue, Mar 13, 2007 at 10:34:23PM +0100, Sebsatian von Thadden wrote: > Hi David, > > > Interesting. Can you tell me the settings of these values in config.h > > when you compiled: > > > > HAVE_DRIVE_LETTERS > > DISABLE_KEYSERVER_PATH > > HAVE_W32_SYSTEM > > > > Also, do note that I don't think anyone has done a strong check of the > > random number code on Vista yet, so be warned about that. I'm just > > debugging the keyserver access stuff here. > > > > I don't have any enviroment on this system, to compile gnupg. So I can't > tell you these informations. Oh, you're using the precompiled Windows binary. David From svt at teris.de Tue Mar 13 22:46:58 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 22:46:58 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6F22D.8010007@gmail.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> <45F6DB9A.3030300@madhatt.com> <45F6F22D.8010007@gmail.com> Message-ID: <45F71BD2.1040308@teris.de> Hi J?rgen, > Renaming gpgkeys_hkp.exe to gpgkeys_curl.exe seems to be working. > Thanks for the tip. > What is the difference between the two? yes, it seems to work for me. But I hope I can help to fix the problem completely. In the next month there will be thousands of users with new hardware, where vista is preinstalled. Bye, Sebastian From svt at teris.de Tue Mar 13 22:53:00 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 22:53:00 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313214614.GE29210@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> <45F718DF.9000408@teris.de> <20070313214614.GE29210@jabberwocky.com> Message-ID: <45F71D3C.4060302@teris.de> Hi, > Oh, you're using the precompiled Windows binary. I hope, I'm not the noob of the year, but yes, I've just downloaded the 1.4.7 in installed it. Bye, Sebastian From hhhobbit at securemecca.net Wed Mar 14 00:50:29 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Tue, 13 Mar 2007 17:50:29 -0600 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: References: Message-ID: <45F738C5.1080708@securemecca.net> David Shaw wrote: > > On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote: > >>>I think that this problem came up before, and that one has to rename >>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I >>can't remember). > > > This will fix HKP, but remove the ability to use HTTP. Better to > fix the bug here. I don't know whether that is so much of a bug as a %PATH% problem. Try adding the following to your %PATH% variable: REM ADD THIS TO YOUR %PATH% HKLM entry (copy & paste): ;%ProgramFiles%\GNU\GnuPG Getting to where to do it (just hope Vista is same): Start -> Control Panel -> System (double click) {Advanced} (tab) [Environment Variables] (button) Select PATH in the System variables and tack the addition suggested on to the end of it and see if that works. The fine points of these instructions go for W2K, XP, and 2003 Server. Vista may have changed how to get to things. It will NOT change the fact that adding stuff to the %PATH% cures LOTS of problems. If you do that, and the problem still isn't fixed, THEN we have a bug. A lot of people have been saying this or that won't work with Vista. The appropriate additions to the %PATH% or the setting of other environment variables usually fixes their problem. OTOH, I haven't seen their changes to the Registry. I am still using REG4 *.reg files (which will work up through 2003 Server) if that tells you anything. HHH From me at psmay.com Tue Mar 13 23:41:36 2007 From: me at psmay.com (Peter S. May) Date: Tue, 13 Mar 2007 18:41:36 -0400 Subject: gpgsm doesn't recognize certs are related to secret keys Message-ID: <45F728A0.4010002@psmay.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 (This message is a dupe of one sent earlier under the wrong address; admins, please deny the previous version.) I've extracted some Thawte and CAcert keys and certs from my browser and imported them into gpgsm (from gnupg-2.0.3, with it and all of its dependencies downloaded and compiled in their latest versions over the weekend). ls -l ~/.gnupg/private-keys-v1.d/ lists the three private keys that I imported, and all of the corresponding certs show up in - --list-keys: $ gpgsm --list-keys psmay /home/psmay/.gnupg/pubring.kbx - ---------------------------- Serial number: 067A86EB7BA000EF5E6F6341D8070D7E Issuer: /CN=Thawte Personal Freemail Issuing CA/O=Thawte Consulting (Pty) Ltd./C=ZA Subject: /CN=Peter Samuel May/EMail=psmay at halfgeek.org/GN=Peter Samuel/SN=May aka: psmay at halfgeek.org validity: 2006-10-09 18:39:01 through 2007-10-09 18:39:01 key type: 2048 bit RSA fingerprint: 96:D2:E8:44:1D:7B:31:8B:C8:CC:07:ED:E3:A0:C2:73:41:A3:56:E9 Serial number: 02C4AD Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org Subject: /EMail=me at psmay.com/EMail=psmay at halfgeek.org aka: psmay at halfgeek.org aka: me at psmay.com validity: 2006-10-12 14:24:50 through 2007-10-12 14:24:50 key type: 2048 bit RSA fingerprint: 43:F3:E6:0B:1B:25:4E:BA:3A:69:DA:56:8E:F8:35:08:CD:4B:A7:52 Serial number: 02C5B0 Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org Subject: /CN=Peter Samuel May/EMail=me at psmay.com/EMail=psmay at halfgeek.org aka: psmay at halfgeek.org aka: me at psmay.com validity: 2006-10-13 05:52:09 through 2007-10-13 05:52:09 key type: 2048 bit RSA fingerprint: 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 (The CAs' certs also show up when I don't qualify this with my name.) However, it doesn't seem to realize that it has the secret keys for these certs: $ gpgsm --list-secret-keys /home/psmay/.gnupg/pubring.kbx - ---------------------------- $ And since it doesn't, I also can't use the private keys: $ gpgsm --local-user 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 --sign somefile gpgsm: can't sign using `26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8': No secret key Anyone have any ideas? Thanks PSM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9yieei6R+3iF2vwRCsVGAKCLrGNyodcF8MkKdfdp7z/F/CsjJACfZFOM ayzMVgX+QgKbz1p0UqgBjTk= =JhYa -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Mar 14 03:41:29 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 22:41:29 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070314015211.GB30707@jabberwocky.com> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> Message-ID: <20070314024129.GC30707@jabberwocky.com> On Tue, Mar 13, 2007 at 09:52:11PM -0400, David Shaw wrote: > On Tue, Mar 13, 2007 at 05:50:29PM -0600, Henry Hertz Hobbit wrote: > > David Shaw wrote: > > > > > > On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote: > > > > > >>>I think that this problem came up before, and that one has to rename > > >>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I > > >>can't remember). > > > > > > > > > This will fix HKP, but remove the ability to use HTTP. Better to > > > fix the bug here. > > > > I don't know whether that is so much of a bug as a %PATH% problem. > > Try adding the following to your %PATH% variable: > > I doubt this is a path problem. gpgkeys_hkp.exe and gpgkeys_curl.exe > are in the same directory. If it was a path problem, both wouldn't > work. > > It's an access() problem. I'm not sure exactly what I want to do > about it though. If anyone is building on Vista (or building elsewhere but using it on Vista), try this patch. David -------------- next part -------------- Index: keyserver.c =================================================================== --- keyserver.c (revision 4459) +++ keyserver.c (working copy) @@ -41,6 +41,14 @@ #include "keyserver-internal.h" #include "util.h" +#ifdef HAVE_W32_SYSTEM +/* It seems Vista doesn't grok X_OK and so fails access() tests. + Previous versions interpreted X_OK as F_OK anyway, so we'll just + use F_OK directly. */ +#undef X_OK +#define X_OK F_OK +#endif /* HAVE_W32_SYSTEM */ + struct keyrec { KEYDB_SEARCH_DESC desc; From lfittl at ubuntu.com Wed Mar 14 02:26:52 2007 From: lfittl at ubuntu.com (Lukas Fittl) Date: Wed, 14 Mar 2007 02:26:52 +0100 Subject: Pinpad problem with SCM SPR532 Message-ID: <1173835612.4606.9.camel@tenjin> I recently bought an SCM SPR532 for testing purposes, and "gpg --card-status" works (without pcscd running), but when pinentry asks me to enter the PIN on the pinpad (tested with decryption, signing, and verify pin) it gives the following error in the log file of scdaemon, in the case of signing: 2007-03-14 02:20:11 scdaemon[4455] DBG: send apdu: c=00 i=CA p0=00 p1=7A lc=-1 le=256 2007-03-14 02:20:11 scdaemon[4455] DBG: APDU_data: 00 CA 00 7A 00 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 6F 09 00 00 00 00 11 04 00 00 00 40 05 00 CA 00 7A 00 F5 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 40 07 93 03 00 04 69 90 00 2A 2007-03-14 02:20:11 scdaemon[4455] DBG: response: sw=9000 datalen=5 2007-03-14 02:20:11 scdaemon[4455] DBG: dump: 93 03 00 04 69 2007-03-14 02:20:11 scdaemon[4455] signatures created so far: 1129 2007-03-14 02:20:11 scdaemon[4455] DBG: prompting for keypad entry '|| Please enter your PIN at the reader's keypad%0A[sigs done: 1129]' 2007-03-14 02:20:11 scdaemon[4455] DBG: send apdu: c=00 i=20 p0=00 p1=81 lc=0 le=-1 2007-03-14 02:20:11 scdaemon[4455] DBG: APDU_data: 00 20 00 81 00 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending escape sequence to switch to a case 1 APDU 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 6B 03 00 00 00 00 12 00 00 00 80 02 00 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 69 13 00 00 00 00 13 00 00 00 00 00 82 00 00 19 06 02 FF 04 09 00 00 00 00 00 20 00 81 2007-03-14 02:20:16 scdaemon[4455] DBG: ccid-driver: status: 40 error: EF octet[9]: 00 data: 2007-03-14 02:20:16 scdaemon[4455] DBG: ccid-driver: CCID command failed: PIN cancelled 2007-03-14 02:20:16 scdaemon[4455] ccid_transceive failed: (0x1000d) 2007-03-14 02:20:16 scdaemon[4455] apdu_send_simple(0) failed: aborted 2007-03-14 02:20:16 scdaemon[4455] DBG: dismiss keypad entry prompt 2007-03-14 02:20:16 scdaemon[4455] verify CHV1 failed: Operation cancelled 2007-03-14 02:20:16 scdaemon[4455] operation sign result: Operation cancelled 2007-03-14 02:20:16 scdaemon[4455] card_sign failed: Operation cancelled gpg output: gpg: sending command `SCD PKSIGN' to agent failed: ec=6.99 gpg: signing failed: general error gpg: file.txt: clearsign failed: general error gpg version is 1.4.6, gpg2 version is 2.0.3, OS is Debian on i386. Full scdaemon.log can be found at http://www.ixios-software.com/~lfittl/misc/scdaemon.log Thanks, Lukas -- Lukas Fittl -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20070314/7f13f3d0/attachment.pgp From dshaw at jabberwocky.com Wed Mar 14 02:52:11 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 21:52:11 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F738C5.1080708@securemecca.net> References: <45F738C5.1080708@securemecca.net> Message-ID: <20070314015211.GB30707@jabberwocky.com> On Tue, Mar 13, 2007 at 05:50:29PM -0600, Henry Hertz Hobbit wrote: > David Shaw wrote: > > > > On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote: > > > >>>I think that this problem came up before, and that one has to rename > >>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I > >>can't remember). > > > > > > This will fix HKP, but remove the ability to use HTTP. Better to > > fix the bug here. > > I don't know whether that is so much of a bug as a %PATH% problem. > Try adding the following to your %PATH% variable: I doubt this is a path problem. gpgkeys_hkp.exe and gpgkeys_curl.exe are in the same directory. If it was a path problem, both wouldn't work. It's an access() problem. I'm not sure exactly what I want to do about it though. David From svt at teris.de Wed Mar 14 04:46:26 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Wed, 14 Mar 2007 04:46:26 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F738C5.1080708@securemecca.net> References: <45F738C5.1080708@securemecca.net> Message-ID: <45F77012.2080000@teris.de> Hi Henry, > REM ADD THIS TO YOUR %PATH% HKLM entry (copy & paste): > > ;%ProgramFiles%\GNU\GnuPG > > Getting to where to do it (just hope Vista is same): > > Start -> Control Panel -> System (double click) > {Advanced} (tab) > [Environment Variables] (button) > > Select PATH in the System variables and tack the addition suggested > on to the end of it and see if that works. The fine points of these > instructions go for W2K, XP, and 2003 Server. Vista may have > changed how to get to things. It will NOT change the fact that > adding stuff to the %PATH% cures LOTS of problems. > > If you do that, and the problem still isn't fixed, THEN we have a bug. > A lot of people have been saying this or that won't work with Vista. > The appropriate additions to the %PATH% or the setting of other > environment variables usually fixes their problem. OTOH, I haven't > seen their changes to the Registry. I am still using REG4 *.reg > files (which will work up through 2003 Server) if that tells you > anything. > I had already added the gnupg-directory to my path-variables and I've tested it. The path-variable works correct. I think, gpg can find the program correct, because "gpg: DBG: system() command is C:\gnupg\gpgkeys_curl.exe" is in the output. I've installed gpg in this dir, to test, if the vista-roaming-function make problems (The auto-roaming of vista does only work in system-dirs like program_files or windows, but not in other dirs on a partition. To analyse the problem, I've tried to change the props of the exe-files in vista: Run as admin, win2000 compatibility, winxpSP2 compatibility... All of these probs don't have any positive effect. Thanks for your idea! Bye, Sebastian From svt at teris.de Wed Mar 14 05:03:28 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Wed, 14 Mar 2007 05:03:28 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070314024129.GC30707@jabberwocky.com> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> Message-ID: <45F77410.4090008@teris.de> Hi David, I can't build it now, because, I don't have installed the software to build it. If you know a website, where I can find out, how to build the package, I will try it. I've some experience in building packages like apache, php... on a linux system. Under windows, I've never built anything. - But, I can learn it:-) > If anyone is building on Vista (or building elsewhere but using it on > Vista), try this patch. Thanks a lot for your very fast work. I hope, you and the gpg-community can solve it. Bye, Sebastian From jmoore3rd at bellsouth.net Wed Mar 14 05:57:04 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 14 Mar 2007 00:57:04 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F77410.4090008@teris.de> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> <45F77410.4090008@teris.de> Message-ID: <45F780A0.6000606@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sebsatian von Thadden wrote: > Under windows, I've never built anything. - But, I can learn it:-) > > >> If anyone is building on Vista (or building elsewhere but using it on >> Vista), try this patch. > > Thanks a lot for your very fast work. I hope, you and the gpg-community > can solve it. I cannot guarantee a Vista Build; but I am going to send You an Invite to My Y! Group where Compiling is discussed and assisted. This would also be an excellent Forum in which to discuss Your desires and receive some assistance from those who have gone before. :) JOHN 8-) Timestamp: Wednesday 14 Mar 2007, 00:55 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4459: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJF94CaAAoJEBCGy9eAtCsPsr8IAJgA2Bh+/hhKyYafHroxqsi6 GpO12JUnpDI7pd/42pPFGKZUoses7Cm06xX7KyMbymPJTuQvn9I/XSZgN7ufpGZo EomnLRMXqKMB8JAnUWkj/aq5bhWvdLkZpYJxRAUs0kHxcGFugeXAaED51L5++4CE 1O7RwE81O51VJ7XS1TTE9QzPNiRUIfIkkyn4IfYHAXciwhgfVA+ZW6mYGrHBhi+S qh5pdgFRA2fONwjj+53DBvM8cf5JVn9nvpQb1nKw6KbvgSi0xO3dRK63W3SiVHlu u5ObOyvmlqS8ProDtc27kKlIM0s6MKY65BIDxpGZx7CvZKtWO3RyWrbtuSjogbg= =TPh6 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Mar 14 05:47:35 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 13 Mar 2007 23:47:35 -0500 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F77410.4090008@teris.de> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> <45F77410.4090008@teris.de> Message-ID: > I can't build it now, because, I don't have installed the software to > build it. The software needed to build it doesn't exist for Vista. Either Cygwin or the MinGW compilers are needed, and neither of them work with Vista at this point. (MinGW fails with the same problem that's afflicting GnuPG, it appears.) It's possible to build trivial apps with Cygwin/MinGW on Vista. It's not possible to do serious work. For now, the only real solution is to cross-compile for Vista or else mangle the GnuPG source enough to make it work with MSVC2005. Neither solution appears optimal. > If you know a website, where I can find out, how to build the > package, I > will try it. I think John Moore's the go-to guy for building GnuPG on Windows XP. I don't know if he has any insights into compiling GnuPG on Vista, however. From wk at gnupg.org Wed Mar 14 09:05:28 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 09:05:28 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070314024129.GC30707@jabberwocky.com> (David Shaw's message of "Tue\, 13 Mar 2007 22\:41\:29 -0400") References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> Message-ID: <873b48jlmf.fsf@wheatstone.g10code.de> A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070314/9de3a1ad/attachment.pgp From wk at gnupg.org Wed Mar 14 09:20:27 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 09:20:27 +0100 Subject: gpgsm doesn't recognize certs are related to secret keys In-Reply-To: <45F728A0.4010002@psmay.com> (Peter S. May's message of "Tue\, 13 Mar 2007 18\:41\:36 -0400") References: <45F728A0.4010002@psmay.com> Message-ID: <87y7m0i6d0.fsf@wheatstone.g10code.de> On Tue, 13 Mar 2007 23:41, me at psmay.com said: > > $ gpgsm --list-secret-keys > /home/psmay/.gnupg/pubring.kbx > ---------------------------- > $ There might be a problem with the gpg-agent. Make sure that gpg-agent is running and add verbose debug 1024 log-file /for/bar/agent.log to gpg-agent.conf. Give a running gpg-agent a HUP or start it again. You may also use gpg-agent --daemon sh and do your test within this shell. You should see lines like DBG: <- HAVEKEY D6B7B913F20010E8A68DC14B7B72C296C79C773A DBG: -> ERR 67108881 No secret key DBG: <- HAVEKEY 0DEB2ED35B879151B1EDA067B0F290116C7915EB DBG: -> OK No OK lines? Run gpgsm --dump-keys which will show you the keygrip. The keygrip is what you see in the gpg-agent requests and they are also the basenames of the files below private-keys-v1.d/ Salam-Shalom, Werner From wk at gnupg.org Wed Mar 14 09:31:35 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 09:31:35 +0100 Subject: Pinpad problem with SCM SPR532 In-Reply-To: <1173835612.4606.9.camel@tenjin> (Lukas Fittl's message of "Wed\, 14 Mar 2007 02\:26\:52 +0100") References: <1173835612.4606.9.camel@tenjin> Message-ID: <87tzwoi5ug.fsf@wheatstone.g10code.de> On Wed, 14 Mar 2007 02:26, lfittl at ubuntu.com said: > I recently bought an SCM SPR532 for testing purposes, and "gpg > --card-status" works (without pcscd running), but when pinentry asks me > to enter the PIN on the pinpad (tested with decryption, signing, and > verify pin) it gives the following error in the log file of scdaemon, in I can confirm that there is a regression. Currently checking what I did wrong. Shalom-Salam, Werner From wk at gnupg.org Wed Mar 14 10:28:55 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 10:28:55 +0100 Subject: Pinpad problem with SCM SPR532 In-Reply-To: <1173835612.4606.9.camel@tenjin> (Lukas Fittl's message of "Wed\, 14 Mar 2007 02\:26\:52 +0100") References: <1173835612.4606.9.camel@tenjin> Message-ID: <87ps7ci36w.fsf@wheatstone.g10code.de> Hi, It does not seem to be a regression. After connecting the reader and running scdaemon as: gpg-agent --daemon sh gpgsm --edit-key I entered the command "verify" and got the same error as you. ThenI stopped scdaemon (exit from the shell) and run the same comamnds again. Now it works. However the right LED (enter pin) keeps lit after the PIN has been entered. Thus there is something wrong with the internal state of the reader. I can't recall whether I noticed that in the past. This needs further investigation. As a workaround I would kill scdaemon so that gpg-agent starts a new one - which should then work as described above. [tracked as bug 773] Salam-Shalom, Werner From patrick at mozilla-enigmail.org Wed Mar 14 09:33:43 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Wed, 14 Mar 2007 09:33:43 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <873b48jlmf.fsf__28062.0411308066$1173860404$gmane$org@wheatstone.g10code.de> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> <873b48jlmf.fsf__28062.0411308066$1173860404$gmane$org@wheatstone.g10code.de> Message-ID: <45F7B367.3060309@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: > On Wed, 14 Mar 2007 03:41, dshaw at jabberwocky.com said: > >> If anyone is building on Vista (or building elsewhere but using it on >> Vista), try this patch. > > I have build a version with that patch. The upx packed gpg.exe binary > is available at: > > ftp://ftp.g10code.com/g10code/scratch/gpg.exe > > $ sha1sum gpg.exe > 9dbde44dc9275e2b4918839c7a789040dda0a64b gpg.exe I happen to have a Vista installation. I tried to download and upload keys from hkp servers -- the patched version of gpg is working fine here :-) - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRfezZ3cOpHodsOiwAQJXngf/V3QLMugZvIPLNSfhcO8iCnqcsirak5XI gRkYLhiJ7YLM19Acw3GjkPtVzgXwC0NmD5Txki++0bQ0723bgBKQC+bdEEHxwziC K32bHQ9SDsnZl6bRvMU+19g/7UPG7wvltoZBwNtphppq9FwVKg4ab2WrqE4HyvuZ SX6Zb9EN6FCTUnKNPkGJ+pPupYdYUSwnt5WBTo/pMB+NZWcxt34T9X0F9yAUb1Q2 l3sEA88XJD9/G0dJQn3xSi9x4Au9nHQqofdBW4vgtSdmBnOYsivAVpkICtnmrjK5 2xg5l4Do/SrWlwF/4l+vT/jHbGeEU8HEhykFIoCLPmPA0CWnDX6vpA== =V+C2 -----END PGP SIGNATURE----- From svt at teris.de Wed Mar 14 12:54:27 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Wed, 14 Mar 2007 12:54:27 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <873b48jlmf.fsf@wheatstone.g10code.de> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> <873b48jlmf.fsf@wheatstone.g10code.de> Message-ID: <45F7E273.30601@teris.de> Hi, > ftp://ftp.g10code.com/g10code/scratch/gpg.exe > > $ sha1sum gpg.exe > 9dbde44dc9275e2b4918839c7a789040dda0a64b gpg.exe it seems, it works perfect! Thanks a lot! Bye, Sebastian From dshaw at jabberwocky.com Wed Mar 14 13:40:34 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 14 Mar 2007 08:40:34 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <873b48jlmf.fsf@wheatstone.g10code.de> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> <873b48jlmf.fsf@wheatstone.g10code.de> Message-ID: <20070314124034.GA2338@jabberwocky.com> On Wed, Mar 14, 2007 at 09:05:28AM +0100, Werner Koch wrote: > On Wed, 14 Mar 2007 03:41, dshaw at jabberwocky.com said: > > > If anyone is building on Vista (or building elsewhere but using it on > > Vista), try this patch. > > I have build a version with that patch. The upx packed gpg.exe binary > is available at: > > ftp://ftp.g10code.com/g10code/scratch/gpg.exe > > $ sha1sum gpg.exe > 9dbde44dc9275e2b4918839c7a789040dda0a64b gpg.exe Thanks for building this. It looks good, so I'll commit the patch for the next releases. David From me at psmay.com Wed Mar 14 14:52:52 2007 From: me at psmay.com (Peter S. May) Date: Wed, 14 Mar 2007 09:52:52 -0400 Subject: gpgsm doesn't recognize certs are related to secret keys) In-Reply-To: <87y7m0i6d0.fsf@wheatstone.g10code.de> References: <45F728A0.4010002@psmay.com> <87y7m0i6d0.fsf@wheatstone.g10code.de> Message-ID: <45F7FE34.3030603@psmay.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On the one hand, yes, it was a gpg-agent problem. It turned out that seahorse-daemon was running and screwing up the whole thing. - --list-secret-keys started working once I unset GPG_AGENT_INFO. It still complained that there was no gpg-agent running, though. Does gpgsm require a gpg-agent running? I don't recall gpg2 requiring it. Anyway, I got a gpg-agent up and running and tried again. This is what happened: $ gpgsm --sign somefile dirmngr[4522]: error opening `/home/psmay/.gnupg/dirmngr_ldapservers.conf': No such file or directory dirmngr[4522]: permanently loaded certificates: 0 dirmngr[4522]: runtime cached certificates: 0 dirmngr[4522]: no CRL available for issuer id dirmngr[4522]: crl_fetch via issuer failed: Configuration error dirmngr[4522]: command ISVALID failed: Configuration error gpgsm: certificate #/CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA gpgsm: checking the CRL failed: Configuration error gpgsm: error creating signature: Configuration error I figured that this was a sign that I should disable some checking--it's my own private key, so there shouldn't be any trust issues, right? So I tried this: $ gpgsm --verbose --disable-crl-checks --disable-ocsp --sign somefile gpgsm: no key usage specified - assuming all usages gpgsm: no key usage specified - assuming all usages gpgsm: certificate is good gpgsm: certificate is good gpgsm: checking the trust list failed: No such file or directory gpgsm: error creating signature: No such file or directory The agent log says this: 2007-03-14 09:21:28 gpg-agent[5376] handler 0x808c820 for fd 7 started gpg-agent[5376.7] DBG: -> OK Pleased to meet you gpg-agent[5376.7] DBG: <- RESET gpg-agent[5376.7] DBG: -> OK gpg-agent[5376.7] DBG: <- OPTION display=:0.0 gpg-agent[5376.7] DBG: -> OK gpg-agent[5376.7] DBG: <- OPTION ttyname=/dev/pts/0 gpg-agent[5376.7] DBG: -> OK gpg-agent[5376.7] DBG: <- OPTION ttytype=xterm gpg-agent[5376.7] DBG: -> OK gpg-agent[5376.7] DBG: <- OPTION lc-ctype=en_US.UTF-8 gpg-agent[5376.7] DBG: -> OK gpg-agent[5376.7] DBG: <- OPTION lc-messages=en_US.UTF-8 gpg-agent[5376.7] DBG: -> OK gpg-agent[5376.7] DBG: <- HAVEKEY gpg-agent[5376.7] DBG: -> OK gpg-agent[5376.7] DBG: <- ISTRUSTED 2007-03-14 09:21:28 gpg-agent[5376] error opening `/usr/local/etc/gnupg/trustlist.txt': No such file or directory 2007-03-14 09:21:28 gpg-agent[5376] error reading list of trusted root certificates 2007-03-14 09:21:28 gpg-agent[5376] command is_trusted failed: No such file or directory gpg-agent[5376.7] DBG: -> ERR 67141713 No such file or directory gpg-agent[5376.7] DBG: <- [EOF] 2007-03-14 09:21:28 gpg-agent[5376] handler 0x808c820 for fd 7 terminated Not knowing what to put in trustlist.txt, I gave it a touch just to see what would happen. $ gpgsm --verbose --disable-crl-checks --disable-ocsp --sign somefile gpgsm: no key usage specified - assuming all usages gpgsm: no key usage specified - assuming all usages gpgsm: certificate is good gpgsm: certificate is good gpgsm: root certificate is not marked trusted gpgsm: fingerprint=20:99:00:B6:3D:95:57:28:14:0C:D1:36:22:D8:C6:87:A4:EB:00:85 gpgsm: DBG: BEGIN Certificate `issuer': gpgsm: DBG: serial: 00 gpgsm: DBG: notBefore: 1996-01-01 00:00:00 gpgsm: DBG: notAfter: 2020-12-31 23:59:59 gpgsm: DBG: issuer: 1.2.840.113549.1.9.1=#,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA gpgsm: DBG: subject: 1.2.840.113549.1.9.1=#,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA gpgsm: DBG: hash algo: 1.2.840.113549.1.1.4 gpgsm: DBG: SHA1 Fingerprint: 20:99:00:B6:3D:95:57:28:14:0C:D1:36:22:D8:C6:87:A4:EB:00:85 gpgsm: DBG: END Certificate gpgsm: after checking the fingerprint, you may want to add it manually to the list of trusted certificates. gpgsm: interactive marking as trusted not enabled in gpg-agent gpgsm: error creating signature: Not trusted I added that fingerprint as a line to trustlist.txt, fixed the gpg-agent config (apparently it didn't have a default pinentry), restarted gpg-agent (kill -HUP pid didn't do the trick), and suddenly everything worked. All this said, here are my questions: * Why does gpgsm do all of this trust checking just to use a private key? Why don't private keys already have (the S/MIME equivalent to) ultimate trust? * Why didn't I already have a trustlist.txt? Shouldn't the source install process at least touch the file? * Is gpg-agent actually necessary for all this? What's wrong with accepting my passphrase at the console if it's not running? (All right, I've already gathered that gpg-agent does way more than password caching, in which case the real question is, why is so much of this functionality in gpg-agent instead of gpgsm?) * Is there a user trustlist.txt that can be used instead, or do I need to edit trustlist.txt as root every time a change needs to be made? In the meantime, I guess I should figure out how to configure dirmngr, though it seems a little superfluous. Yet another reason I'll always prefer OpenPGP to S/MIME, I guess... Thanks PSM Werner Koch wrote: > On Tue, 13 Mar 2007 23:41, me at psmay.com said: > >> $ gpgsm --list-secret-keys >> /home/psmay/.gnupg/pubring.kbx >> ---------------------------- >> $ > > There might be a problem with the gpg-agent. Make sure that gpg-agent > is running and add > > verbose > debug 1024 > log-file /for/bar/agent.log > > to gpg-agent.conf. Give a running gpg-agent a HUP or start it again. > You may also use > > gpg-agent --daemon sh > > and do your test within this shell. You should see lines like > > > DBG: <- HAVEKEY D6B7B913F20010E8A68DC14B7B72C296C79C773A > DBG: -> ERR 67108881 No secret key > DBG: <- HAVEKEY 0DEB2ED35B879151B1EDA067B0F290116C7915EB > DBG: -> OK > > No OK lines? Run > > gpgsm --dump-keys > > which will show you the keygrip. The keygrip is what you see in the > gpg-agent requests and they are also the basenames of the files below > private-keys-v1.d/ > > > Salam-Shalom, > > Werner > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9/4wei6R+3iF2vwRChc3AKCAK//p7THk6fIBE26AMIGTdRQhlwCfRWqP sSpy7w2sMerPOUr/qWrVPic= =50DP -----END PGP SIGNATURE----- From me at psmay.com Wed Mar 14 15:09:20 2007 From: me at psmay.com (Peter S. May) Date: Wed, 14 Mar 2007 10:09:20 -0400 Subject: gpg-agent: Different TTLs for different keys Message-ID: <45F80210.60508@psmay.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 In the stupid gpg-agent tricks department: Say I have two signing keys. One of them signs e-mails and one of them is used by an automated backup process; admittedly not as trustworthy (which is why I don't want to use my e-mail key) but better than nothing if my access control holds up otherwise. I want to set gpg-agent to handle both, but the TTL on the e-mail key should be 5 minutes and the TTL on the backup key should be indefinite (I should only have to enter it every time I boot). Is there a way to do this? Thanks PSM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+AILei6R+3iF2vwRCmBxAKCmd1MZfmVmC/4wEuV4QFNxgXxyJQCghnIM zkuPXK7azzq5OVXQkgSH0t8= =K1xt -----END PGP SIGNATURE----- From me at psmay.com Wed Mar 14 15:12:37 2007 From: me at psmay.com (Peter S. May) Date: Wed, 14 Mar 2007 10:12:37 -0400 Subject: gpgsm doesn't recognize certs are related to secret keys) In-Reply-To: <45F7FE34.3030603@psmay.com> References: <45F728A0.4010002@psmay.com> <87y7m0i6d0.fsf@wheatstone.g10code.de> <45F7FE34.3030603@psmay.com> Message-ID: <45F802D5.9060306@psmay.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > * Is there a user trustlist.txt that can be used instead, or do I need > to edit trustlist.txt as root every time a change needs to be made? I realize now this one was an RTFM. Problem was, I expected this information in man gpgsm, not man gpg-agent... Thanks PSM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+ALPei6R+3iF2vwRCggiAKCjuXNNBJ7J9jccgqoBY8VkkQwJbACfdh+m ONgbmeE0StEwXHk159R0YDQ= =kbMU -----END PGP SIGNATURE----- From chikin.yeung at synergis.com.hk Wed Mar 14 09:04:34 2007 From: chikin.yeung at synergis.com.hk (aloha) Date: Wed, 14 Mar 2007 01:04:34 -0700 (PDT) Subject: GNUPG, how to set the passphrase as parameter in comment line Message-ID: <9469929.post@talk.nabble.com> Hi all, I m new in this forum and new in GnuPG. I m now writing a program which need to encrypt the outputted csv with GnuPG. I've wrote a batch file in windows xp to execute the gnu to encrypt, everything goes fine. But when the gnu start to encrypt, it will as me to input the passphrase. How to "automate" this? Does gnupg provide a parameter which allow use to input the passphrase that user doesn't need to input everytime? thanks a lot Aloha -- View this message in context: http://www.nabble.com/GNUPG%2C-how-to-set-the-passphrase-as-parameter-in-comment-line-tf3400686.html#a9469929 Sent from the GnuPG - User mailing list archive at Nabble.com. From nsmith297 at gmail.com Tue Mar 13 03:02:17 2007 From: nsmith297 at gmail.com (Nathan Smith) Date: Mon, 12 Mar 2007 19:02:17 -0700 (PDT) Subject: signing source code with gpg Message-ID: <9447180.post@talk.nabble.com> Does anyone know if there's a solution to signing source code (using gpg), in a way which will still allow the source code to function. For example for a Java file if the GPG signature code be placed within the comments embedded within the Java source (ie /* */ ), of within XML comments (ie ) for an XML file. We are trying to impliment a source signing policy at our company, where a developers source code is signed before it is checked into our source control system. But of course, the source must still be able to compile, and signing must not effect the functionality of the source. Thanks.. Nate -- View this message in context: http://www.nabble.com/signing-source-code-with-gpg-tf3393462.html#a9447180 Sent from the GnuPG - User mailing list archive at Nabble.com. From psmay at halfgeek.org Tue Mar 13 18:11:44 2007 From: psmay at halfgeek.org (Peter S. May) Date: Tue, 13 Mar 2007 13:11:44 -0400 Subject: gpgsm doesn't recognize certs are related to secret keys Message-ID: <45F6DB50.7080408@halfgeek.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I've extracted some Thawte and CAcert keys and certs from my browser and imported them into gpgsm. ls -l ~/.gnupg/private-keys-v1.d/ lists the three private keys that I imported, and all of the corresponding certs show up in --list-keys: $ gpgsm --list-keys psmay /home/psmay/.gnupg/pubring.kbx - ---------------------------- Serial number: 067A86EB7BA000EF5E6F6341D8070D7E Issuer: /CN=Thawte Personal Freemail Issuing CA/O=Thawte Consulting (Pty) Ltd./C=ZA Subject: /CN=Peter Samuel May/EMail=psmay at halfgeek.org/GN=Peter Samuel/SN=May aka: psmay at halfgeek.org validity: 2006-10-09 18:39:01 through 2007-10-09 18:39:01 key type: 2048 bit RSA fingerprint: 96:D2:E8:44:1D:7B:31:8B:C8:CC:07:ED:E3:A0:C2:73:41:A3:56:E9 Serial number: 02C4AD Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org Subject: /EMail=me at psmay.com/EMail=psmay at halfgeek.org aka: psmay at halfgeek.org aka: me at psmay.com validity: 2006-10-12 14:24:50 through 2007-10-12 14:24:50 key type: 2048 bit RSA fingerprint: 43:F3:E6:0B:1B:25:4E:BA:3A:69:DA:56:8E:F8:35:08:CD:4B:A7:52 Serial number: 02C5B0 Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org Subject: /CN=Peter Samuel May/EMail=me at psmay.com/EMail=psmay at halfgeek.org aka: psmay at halfgeek.org aka: me at psmay.com validity: 2006-10-13 05:52:09 through 2007-10-13 05:52:09 key type: 2048 bit RSA fingerprint: 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 (The CAs' certs also show up when I don't qualify this with my name.) However, it doesn't seem to realize that it has the secret keys for these certs: $ gpgsm --list-secret-keys /home/dro/.gnupg/pubring.kbx - ---------------------------- $ And since it doesn't, I also can't use the private keys: $ gpgsm --local-user 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 --sign somefile gpgsm: can't sign using `26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8': No secret key Anyone have any ideas? Thanks PSM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9ttMei6R+3iF2vwRCpSmAKCtzXFUV7aTvcX2ARdKrx356EYJwwCfdjNg UG4JdsPUQkIkEBBaA/jZxfA= =peA+ -----END PGP SIGNATURE----- From psmay at halfgeek.org Tue Mar 13 18:24:47 2007 From: psmay at halfgeek.org (Peter S. May) Date: Tue, 13 Mar 2007 13:24:47 -0400 Subject: gpgsm doesn't recognize certs are related to secret keys In-Reply-To: <45F6DB50.7080408@halfgeek.org> References: <45F6DB50.7080408@halfgeek.org> Message-ID: <45F6DE5F.5090400@halfgeek.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Neglected to mention that the aforementioned problem was in gpgsm from gnupg-2.0.3, with it and its four dependencies at latest release versions, freshly compiled this weekend. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9t5cei6R+3iF2vwRCt0vAKCtl9qzxozXH46TWEmjc9gzi7PgbwCfaffS sx50+75QbrRIJpH5ZTghTmc= =M0Hf -----END PGP SIGNATURE----- From me at psmay.com Wed Mar 14 18:02:23 2007 From: me at psmay.com (Peter S. May) Date: Wed, 14 Mar 2007 13:02:23 -0400 Subject: signing source code with gpg In-Reply-To: <9447180.post@talk.nabble.com> References: <9447180.post@talk.nabble.com> Message-ID: <45F82A9F.4000509@psmay.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 There are certainly some hacks you could try out, but they would be somewhat error-prone. The easiest and most secure way to go about this would probably be to --detach-sign instead of doing a cleartext signature. If you require a cleartext signature, reconsider your design. If you still require a cleartext signature, _reconsider your design_. If you _still_ require a cleartext signature, here's something that would clearsign a (slightly modified) Java file and still compile: echo "/*" > startcomment.tmp echo "*/" > endcomment.tmp cat endcomment.tmp HelloWorld.java startcomment.tmp | \ gpg --not-dash-escaped --no-escape-from-lines --clearsign | \ cat startcomment.tmp - endcomment.tmp > HelloWorld.signed.java The signed part itself is not valid Java, but the result of the message after signing is. If you were to actually use this, anyone who verifies your code will be required to make sure nothing substantive occurs before or after the signed part (i.e., nothing before the start line except /* and nothing after the end line except */); it would be easy to sneak in some bad code. Additionally, your verifiers would need GnuPG to verify since the NotDashEscaped extension is included. Between these two factors it's really just way better to --detach-sign the code. HTH PSM Nathan Smith wrote: > Does anyone know if there's a solution to signing source code (using gpg), in > a way which will still allow the source code to function. For example for a > Java file if the GPG signature code be placed within the comments embedded > within the Java source (ie /* */ ), of within XML comments (ie ) > for an XML file. We are trying to impliment a source signing policy at our > company, where a developers source code is signed before it is checked into > our source control system. But of course, the source must still be able to > compile, and signing must not effect the functionality of the source. > Thanks.. Nate -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+CqVei6R+3iF2vwRCu8eAJ4syVjBDxg/QHlSUiUAF/oI6gpwfgCeKbhl v3wwib/RPRWchIT7BUEn7Xk= =RJd8 -----END PGP SIGNATURE----- From jbruni at mac.com Wed Mar 14 18:06:03 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Wed, 14 Mar 2007 10:06:03 -0700 Subject: signing source code with gpg In-Reply-To: <9447180.post@talk.nabble.com> References: <9447180.post@talk.nabble.com> Message-ID: <5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com> In this case a detached signature would be your best bet. You would check the detached sig in with the source code. When the source is checked out, you could then validate that the source has not changed since it was signed. Be careful, though, if you use any embedded keywords with your revision control system ($Id$, et al). If the revision control system changes the content of the files it will invalidate the signature. -Joe On Mar 12, 2007, at 7:02 PM, Nathan Smith wrote: > > Does anyone know if there's a solution to signing source code > (using gpg), in > a way which will still allow the source code to function. For > example for a > Java file if the GPG signature code be placed within the comments > embedded > within the Java source (ie /* */ ), of within XML comments (ie ) > for an XML file. We are trying to impliment a source signing > policy at our > company, where a developers source code is signed before it is > checked into > our source control system. But of course, the source must still be > able to > compile, and signing must not effect the functionality of the source. > Thanks.. Nate > -- > View this message in context: http://www.nabble.com/signing-source- > code-with-gpg-tf3393462.html#a9447180 > Sent from the GnuPG - User mailing list archive at Nabble.com. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2508 bytes Desc: not available Url : /pipermail/attachments/20070314/5d25716c/attachment.bin From wk at gnupg.org Wed Mar 14 18:09:01 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 18:09:01 +0100 Subject: gpg-agent: Different TTLs for different keys In-Reply-To: <45F80210.60508@psmay.com> (Peter S. May's message of "Wed\, 14 Mar 2007 10\:09\:20 -0400") References: <45F80210.60508@psmay.com> Message-ID: <87tzwnda6q.fsf@wheatstone.g10code.de> On Wed, 14 Mar 2007 15:09, me at psmay.com said: > I want to set gpg-agent to handle both, but the TTL on the e-mail key > should be 5 minutes and the TTL on the backup key should be indefinite > (I should only have to enter it every time I boot). Is there a way to > do this? No. Or not yet. It is related to https://bugs.g10code.com/gnupg/issue672. Shalom-Salam, Werner From wk at gnupg.org Wed Mar 14 18:09:34 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 18:09:34 +0100 Subject: gpgsm doesn't recognize certs are related to secret keys) In-Reply-To: <45F802D5.9060306@psmay.com> (Peter S. May's message of "Wed\, 14 Mar 2007 10\:12\:37 -0400") References: <45F728A0.4010002@psmay.com> <87y7m0i6d0.fsf@wheatstone.g10code.de> <45F7FE34.3030603@psmay.com> <45F802D5.9060306@psmay.com> Message-ID: <87ps7bda5t.fsf@wheatstone.g10code.de> On Wed, 14 Mar 2007 15:12, me at psmay.com said: > I realize now this one was an RTFM. Problem was, I expected this > information in man gpgsm, not man gpg-agent... Yeah, I should really write the setup chapter for the manual. Salam-Shalom, Werner From jbruni at mac.com Wed Mar 14 18:16:50 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Wed, 14 Mar 2007 10:16:50 -0700 Subject: GNUPG, how to set the passphrase as parameter in comment line In-Reply-To: <9469929.post@talk.nabble.com> References: <9469929.post@talk.nabble.com> Message-ID: <1ECF6990-7C6A-4CA3-9AEF-BC344B136D49@mac.com> You have a few choices: 1) remove the passphrase from the private key 2) pass the passphrase to gpg using the --passphase-fd option 3) supply the passphrase using the --pasephrase-file option 4) supply the passphrase using the --passphrase option On Mar 14, 2007, at 1:04 AM, aloha wrote: > > Hi all, > > I m new in this forum and new in GnuPG. I m now writing a program > which need > to encrypt the outputted csv with GnuPG. > > I've wrote a batch file in windows xp to execute the gnu to encrypt, > everything goes fine. > But when the gnu start to encrypt, it will as me to input the > passphrase. > > How to "automate" this? Does gnupg provide a parameter which allow > use to > input the passphrase that user doesn't need to input everytime? > > thanks a lot > > Aloha > > -- > View this message in context: http://www.nabble.com/GNUPG%2C-how-to- > set-the-passphrase-as-parameter-in-comment-line- > tf3400686.html#a9469929 > Sent from the GnuPG - User mailing list archive at Nabble.com. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2508 bytes Desc: not available Url : /pipermail/attachments/20070314/be3455ee/attachment.bin From wk at gnupg.org Wed Mar 14 18:21:24 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 18:21:24 +0100 Subject: signing source code with gpg In-Reply-To: <45F82A9F.4000509@psmay.com> (Peter S. May's message of "Wed\, 14 Mar 2007 13\:02\:23 -0400") References: <9447180.post@talk.nabble.com> <45F82A9F.4000509@psmay.com> Message-ID: <87hcsnd9m3.fsf@wheatstone.g10code.de> On Wed, 14 Mar 2007 18:02, me at psmay.com said: > two factors it's really just way better to --detach-sign the code. I 100% agree. The problem with non-detached signatuires is that it is very hard to know what you exactly signed. Having two files makes it obvious what is the signature and what is the signed data. And there is no need to change the data in any way. Shalom-Salam, Werner p.s. In this regard PGP/MIME message (not using the combined option) are also better and any other way to sign mails. That is also why you should never use the inline PDF signatures - a separate signature file is far better. Only XML signatures are worde than inline PDF signatures. From me at psmay.com Wed Mar 14 19:03:06 2007 From: me at psmay.com (Peter S. May) Date: Wed, 14 Mar 2007 14:03:06 -0400 Subject: gpg-agent: Different TTLs for different keys In-Reply-To: <87tzwnda6q.fsf@wheatstone.g10code.de> References: <45F80210.60508@psmay.com> <87tzwnda6q.fsf@wheatstone.g10code.de> Message-ID: <45F838DA.2090108@psmay.com> I had a workaround in mind that involved using multiple homedirs (one in ~/.gnupg and the other in ~/.backup-system2/crypto/gnupg) and then spinning up one gpg-agent for each, using the first one's GPG_AGENT_INFO in the normal shells and the other in the backup scripts only. To get the passphrase cached the first time, I'd steal this page from Gentoo's keychain script: # The alternate GPG_AGENT_INFO and GNUPGHOME have already been imported echo | gpg --use-agent --no-tty --sign --local-user backup \ -o - >/dev/null 2>&1 I'll be working on that. In the meantime, it would be kind of a nice option, and I don't think it's quite as complex as the issue you mentioned (though I could be wrong). Thanks PSM Werner Koch wrote: > On Wed, 14 Mar 2007 15:09, me at psmay.com said: > >> I want to set gpg-agent to handle both, but the TTL on the e-mail key >> should be 5 minutes and the TTL on the backup key should be indefinite >> (I should only have to enter it every time I boot). Is there a way to >> do this? > > No. Or not yet. It is related to https://bugs.g10code.com/gnupg/issue672. > > > > Shalom-Salam, > > Werner > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070314/aef69d97/attachment.pgp From wk at gnupg.org Wed Mar 14 18:42:48 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 18:42:48 +0100 Subject: signing source code with gpg In-Reply-To: <5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com> (Joseph Oreste Bruni's message of "Wed\, 14 Mar 2007 10\:06\:03 -0700") References: <9447180.post@talk.nabble.com> <5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com> Message-ID: <87veh3bu1z.fsf@wheatstone.g10code.de> On Wed, 14 Mar 2007 18:06, jbruni at mac.com said: > revision control system changes the content of the files it will > invalidate the signature. FWIW, I use this with some files and Subversion: # Note: The subversion copy of this file carries a gpg:signature # property with its OpenPGP signature. Check this signature before # adding entries: # f=foo; svn pg gpg:signature $f | gpg --verify - $f # to create a new signature: # f=foo; gpg -sba $f && svn ps gpg:signature -F $f.asc $f Shalom-Salam, Werner From johns at netfriends.com Tue Mar 13 16:11:58 2007 From: johns at netfriends.com (starsipping) Date: Tue, 13 Mar 2007 08:11:58 -0700 (PDT) Subject: Enabling GPGRelay passphrase prompt on e-mail startup Message-ID: <9456583.post@talk.nabble.com> GPGRelay works great in our current 15 user setup. However, some of my users miss the opportunity to enter in their GPGRelay passphrase when their mail client first notifies them to enter in their passphrase upon receipt of encrypted mail. If they don't see that they need to enter in their passphrase, then after about 30 seconds GPGRelay times out and relays the e-mail in it's encrypted for into their inbox. While this isn't the end of the world since they can still copy the body of the e-mail to the clipboard, decrypt it and then past the decrypted contents into Notepad or something similar, we're hoping that we can find a way to make GPGRelay prompt for the passphrase immediately upon startup or when their mail client first checks e-mail so they have some consistency. As it is now, the users may not get prompted to enter in their password until some random time in the middle of the day when they first receive some encrypted e-mail. Does anyone know how to modify when GPGRelay can prompt for the passphrase to force it to prompt upon initial startup or upon initial receipt of email? For full disclosure, all the clients are running on Windows 2000/XP, Outlook 2003 as the mail client, GPG client 1.4.1 and GPGRelay 0.959. Thanks so much! -- View this message in context: http://www.nabble.com/Enabling-GPGRelay-passphrase-prompt-on-e-mail-startup-tf3396593.html#a9456583 Sent from the GnuPG - User mailing list archive at Nabble.com. From jharris at widomaker.com Wed Mar 14 22:32:14 2007 From: jharris at widomaker.com (Jason Harris) Date: Wed, 14 Mar 2007 17:32:14 -0400 Subject: signing source code with gpg In-Reply-To: <87veh3bu1z.fsf@wheatstone.g10code.de> References: <9447180.post@talk.nabble.com> <5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com> <87veh3bu1z.fsf@wheatstone.g10code.de> Message-ID: <20070314213214.GA67082@wilma.widomaker.com> On Wed, Mar 14, 2007 at 06:42:48PM +0100, Werner Koch wrote: > On Wed, 14 Mar 2007 18:06, jbruni at mac.com said: > > revision control system changes the content of the files it will > > invalidate the signature. I've read opinions that keyword expansion is deprecated, and seeing things like: $MBSDlabs: portmk/bsd.ocaml.mk,v 1.18 2006/08/06 18:47:23 stas Exp $ $FreeBSD: ports/Mk/bsd.ocaml.mk,v 1.1 2007/03/14 04:05:25 linimon Exp $ makes me tend to agree. While this shows the origin of the file in multiple repositories, does it really help the upstream author when merging patches from downstream? Also, CVS (and probably other systems) doesn't update keywords until after a checkin+checkout cycle, so any signatures you [re]generate before the next checkout will be[come] broken. Thus, using keyword expansion means you have to trust the server to give back your files with hopefully only the keywords modified before you can [re-]sign them. Of course, this requires two checkins and is particularly noticeable (i.e., ugly) and even more problematic (i.e., "The sigs are broken in -r5, get -r6.") on newer systems with atomic commits that would otherwise prevent this (keyword-expansion-race) problem. > FWIW, I use this with some files and Subversion: > > # Note: The subversion copy of this file carries a gpg:signature > # property with its OpenPGP signature. Check this signature before > # adding entries: > # f=foo; svn pg gpg:signature $f | gpg --verify - $f > # to create a new signature: > # f=foo; gpg -sba $f && svn ps gpg:signature -F $f.asc $f Finally! :) But (for those who may be unaware), unfortunately this will allow valid sigs from _any key_ you happen to have in _any of the keyrings_ GPG accesses during this step. Now seems like a good time to ask for an option like: --require-sig-from [ ...] to make sure sigs are only from particular signers. As an add-on to the FreeBSD ports system, I've already had to employ --status-fd to make sure I get a signature from an expected signer: ===> Verifying PGP signature gnupg-1.4.7.tar.bz2.sig gpg: assuming signed data in `/usr/ports/distfiles//gnupg-1.4.7.tar.bz2' gpg: Signature made Mon Mar 5 04:54:17 2007 EST using RSA key ID 1CE0C630 gpg: please do a --check-trustdb gpg: Good signature from "Werner Koch (dist sig) " Primary key fingerprint: 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 gpg: binary signature, digest algorithm SHA1 ===> Valid sig. from expected ID 0x7B96D396E6471601754BE4DB53B620D01CE0C630. versus a key ID that differs even by only one bit: ===> Verifying PGP signature gnupg-1.4.7.tar.bz2.sig gpg: assuming signed data in `/usr/ports/distfiles//gnupg-1.4.7.tar.bz2' gpg: Signature made Mon Mar 5 04:54:17 2007 EST using RSA key ID 1CE0C630 gpg: please do a --check-trustdb gpg: Good signature from "Werner Koch (dist sig) " Primary key fingerprint: 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 gpg: binary signature, digest algorithm SHA1 => error: File wasn't signed by ID 0x7B96D396E6471601754BE4DB53B620D01CE0C631. => error: Make sure sigs. from ID 0x7B96D396E6471601754BE4DB53B620D01CE0C630 => error: are legitimate before adjusting FP_SIG_000 in Makefile.csig *** Error code 1 or several expected signers: ===> Verifying PGP signature subversion-1.4.3.tar.bz2.asc gpg: armor header: Version: GnuPG v1.4.5 (Cygwin) gpg: armor header: Version: GnuPG v1.4.3 (GNU/Linux) gpg: armor header: Version: GnuPG v1.4.5 (GNU/Linux) gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux) gpg: armor header: Version: GnuPG v1.4.6 (Darwin) gpg: assuming signed data in `/usr/ports/distfiles/subversion/subversion-1.4.3.tar.bz2' [snip] ===> Valid sig. from expected ID 0x03341CF464A23E9416E76B1EA1FCE25133D38008 23885E64C64E981E4884834D7C535299C0F2C580 332480DA0F8CA37DAEE6D0840B03AE6E4E24517C 3C016F2B764621BB549C66B516A96495E2226795 AAFF6033364F02BB1239907567D9B249674F05E0. (As implemented, this requires at least one VALIDSIG from every fingerprint in the list.) NB: This facilitates [re]fetching the key(s) in advance of the signature check to help catch any revocations _and_ removes the need to --[l]sign keys to "memorize" them as "expected" signers and/or to juggle keyrings, esp. with gpgv. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20070314/72ee98a2/attachment.pgp From bdc at topenergy.co.nz Wed Mar 14 22:45:27 2007 From: bdc at topenergy.co.nz (Bruce Cowin) Date: Thu, 15 Mar 2007 10:45:27 +1300 Subject: PGP Desktop and GPG Message-ID: If I have generated a key using PGP Desktop, would I be able to import and use that key with GnuPG? Our subscription to PGP Desktop is about to expire and it says the functionality will be reduced to that of PGP Freeware. All we do with it is encrypt files (not emails), so I think this is ok. I'm not sure if the PGP Desktop gui interface will stop working or not, so thought we could use GnuPG and Gpg4Win which we currently use on another project to replace PGP Desktop. Thanks for any help. Regards, Bruce From jmoore3rd at bellsouth.net Wed Mar 14 23:59:28 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 14 Mar 2007 18:59:28 -0400 Subject: PGP Desktop & GnuPG Message-ID: <45F87E50.3010703@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Bruce Cowin wrote: > If I have generated a key using PGP Desktop, would I be able to import and use that key with GnuPG? Our subscription to PGP Desktop is about to expire and it says the functionality will be reduced to that of PGP Freeware. All we do with it is encrypt files (not emails), so I think this is ok. I'm not sure if the PGP Desktop gui interface will stop working or not, so thought we could use GnuPG and Gpg4Win which we currently use on another project to replace PGP Desktop. > > Thanks for any help. I was unable to 'trim' this Reply cause You have a word wrap issue. However; for what You are doing, the Freeware version should perform just Fine. Answer to Main Question; YES, You can Import your PGP Keyrings into GnuPG. Fact of the matter; I know several individuals using *one* Keyring for both PGP & GPG. Personally, I prefer GnuPG over PGP for several reasons; the most primary being that I find more functionality in GnuPG. HTH! JOHN 8-) Timestamp: Wednesday 14 Mar 2007, 18:59 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4459: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJF+H5OAAoJEBCGy9eAtCsPnzwH/2jdPMkNNuHjtWBiQ1HkDki8 4S2sfMCJGbZfeObM5+sEaA2/520mXrVcrXD1W7kkhqz/gV9D1X0dPkJFblo3LMHk MiA2ttEvoN+gQlHLbbaEVLB+oO5F0Hy7oCe05Tgh+BxeasIJ4OQkGBWudQZzdx25 nAki/itIgLoHrRhqJ6NZMKM5QRsHV0uittbfJq4b2Er9FVUwbZTJCNlAvCTtyngM vG+tVqanDX59azz/f8h1sTr6b72umT/pFr1cwvxW81Ye9MpqhfBnD+PmnIbVoYBI XDyWGjdbK73eKY2zUAK+Su5ut/PFXsfaJdT2OoeOqRIu2gT/E4i+VEV4Cs4mlOo= =7s6U -----END PGP SIGNATURE----- From svt at teris.de Thu Mar 15 01:20:04 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Thu, 15 Mar 2007 01:20:04 +0100 Subject: Cardreader Pinpad only on linux ? Message-ID: <45F89134.8030805@teris.de> Hi, this community is one of the best, I've ever seen. Now, I've a little question: Is the smartcard-reader-pinpad function only available under linux-system or should this work under windows ? I'm using a SCM-Card-Reader: Chipdrive Pinpad 532. The cardreader works perfectly with gpg, just the pinpad is unused. Thanks a lot! Bye, Sebastian From dshaw at jabberwocky.com Thu Mar 15 02:00:40 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 14 Mar 2007 21:00:40 -0400 Subject: PGP Desktop and GPG In-Reply-To: References: Message-ID: <20070315010040.GA4917@jabberwocky.com> On Thu, Mar 15, 2007 at 10:45:27AM +1300, Bruce Cowin wrote: > If I have generated a key using PGP Desktop, would I be able to > import and use that key with GnuPG? Our subscription to PGP Desktop > is about to expire and it says the functionality will be reduced to > that of PGP Freeware. All we do with it is encrypt files (not > emails), so I think this is ok. I'm not sure if the PGP Desktop gui > interface will stop working or not, so thought we could use GnuPG > and Gpg4Win which we currently use on another project to replace PGP > Desktop. The short answer is yes, any key you generate with a roughly recent PGP Desktop can be used with GnuPG, and vice versa. Just export it from one (remember to export the secret key too) and import it into the other. David From bdc at topenergy.co.nz Thu Mar 15 02:28:31 2007 From: bdc at topenergy.co.nz (Bruce Cowin) Date: Thu, 15 Mar 2007 14:28:31 +1300 Subject: PGP Desktop and GPG Message-ID: Thanks David. But if I'm only encrypting files for others (and not decrypting any), then I only need to export their public key, right? My private key doesn't come into it, does it? Thanks again. Regards, Bruce >>> David Shaw 15/03/2007 2:00 p.m. >>> On Thu, Mar 15, 2007 at 10:45:27AM +1300, Bruce Cowin wrote: > If I have generated a key using PGP Desktop, would I be able to > import and use that key with GnuPG? Our subscription to PGP Desktop > is about to expire and it says the functionality will be reduced to > that of PGP Freeware. All we do with it is encrypt files (not > emails), so I think this is ok. I'm not sure if the PGP Desktop gui > interface will stop working or not, so thought we could use GnuPG > and Gpg4Win which we currently use on another project to replace PGP > Desktop. The short answer is yes, any key you generate with a roughly recent PGP Desktop can be used with GnuPG, and vice versa. Just export it from one (remember to export the secret key too) and import it into the other. David _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From dshaw at jabberwocky.com Thu Mar 15 03:04:19 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 14 Mar 2007 22:04:19 -0400 Subject: PGP Desktop and GPG In-Reply-To: References: Message-ID: <20070315020419.GB4917@jabberwocky.com> On Thu, Mar 15, 2007 at 02:28:31PM +1300, Bruce Cowin wrote: > Thanks David. But if I'm only encrypting files for others (and not > decrypting any), then I only need to export their public key, right? > My private key doesn't come into it, does it? That's correct. Most people do need to decrypt stuff sent to them, and so they'd need a private key. If you are strictly encrypting to others, then all you need is their public key. David From hira at atlas-is.co.jp Thu Mar 15 01:50:31 2007 From: hira at atlas-is.co.jp (HIRA, Shuichi) Date: Thu, 15 Mar 2007 09:50:31 +0900 Subject: GNUPG, how to set the passphrase as parameter in comment line In-Reply-To: <1ECF6990-7C6A-4CA3-9AEF-BC344B136D49@mac.com> References: <1ECF6990-7C6A-4CA3-9AEF-BC344B136D49@mac.com> Message-ID: <200703150050.AA01105@vela.sun.atlas-is.co.jp> Hi, >You have a few choices: >1) remove the passphrase from the private key >2) pass the passphrase to gpg using the --passphase-fd option >3) supply the passphrase using the --pasephrase-file option >4) supply the passphrase using the --passphrase option 5) use GPGME library I think this is the best way to "automate". I built dll, but cannot post "howto" yet, sorry. I found, 1: to send passphrase in passphrase_cb, must not "write" to fd, use "_gpgme_io_write" 2: GPGME has some memory leak, need to free some object debug_lock, notify_table_lock, reader_table_lock, writer_table_lock, ... ...and so on -- HIRA, Shuichi Atlas Information Service Inc. IT Development Room hira at atlas-is.co.jp From bdc at topenergy.co.nz Thu Mar 15 04:15:07 2007 From: bdc at topenergy.co.nz (Bruce Cowin) Date: Thu, 15 Mar 2007 16:15:07 +1300 Subject: PGP Desktop and GPG Message-ID: Cool, thanks everyone! Regards, Bruce >>> John Clizbe 15/03/2007 4:10 p.m. >>> Bruce Cowin wrote: > If I have generated a key using PGP Desktop, would I be able to import and > use that key with GnuPG? Our subscription to PGP Desktop is about to expire and it > says the functionality will be reduced to that of PGP Freeware. All we do with > it is encrypt files (not emails), so I think this is ok. I'm not sure if the PGP > Desktop gui interface will stop working or not, so thought we could use GnuPG > and Gpg4Win which we currently use on another project to replace PGP Desktop. The PGP GUI in freeware mode should continue working. The paid elements include the email plugins and PGPdisk. It is fairly easy to import your entire keyring set to GnuPG gpg --import \path\to\secring.skr gpg --import \path\to\pubring.pkr The above works at this time (PGP 9.x and GnuPG 1.4). It will quire possibly change at some future date. The canonical method is to export the keys from PGP and import them into GnuPG. Adding '--import-options import-local-sigs' to the command line will import local signatures. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" From vedaal at hush.com Thu Mar 15 14:56:20 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Thu, 15 Mar 2007 09:56:20 -0400 Subject: PGP Desktop & GnuPG Message-ID: <20070315135620.EBC1622821@mailserver9.hushmail.com> >Message: 3 >Date: Wed, 14 Mar 2007 18:59:28 -0400 >From: "John W. Moore III" >Subject: PGP Desktop & GnuPG >To: gnupg-users at gnupg.org >Message-ID: <45F87E50.3010703 at bellsouth.net> >Content-Type: text/plain; charset=UTF-8 >using *one* Keyring for both PGP & GPG. caveat: if there is only one keyring, it should be the *gnupg* one, which pgp can read, but should *not* write to, or it can corrupt the gnupg keyring all key editing funnctions should be done through gnupg vedaal -- Click to lower your debt and consolidate your monthly expenses http://tagline.hushmail.com/fc/CAaCXv1QPROseHenOtTJD8L0v7BSRYLD/ From wk at gnupg.org Thu Mar 15 08:23:18 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 15 Mar 2007 08:23:18 +0100 Subject: Cardreader Pinpad only on linux ? In-Reply-To: <45F89134.8030805@teris.de> (Sebsatian von Thadden's message of "Thu\, 15 Mar 2007 01\:20\:04 +0100") References: <45F89134.8030805@teris.de> Message-ID: <87zm6fug0p.fsf@wheatstone.g10code.de> On Thu, 15 Mar 2007 01:20, svt at teris.de said: > Is the smartcard-reader-pinpad function only available under > linux-system or should this work under windows ? Yes. There are no plans to support it for Windows. Unless we decide to really port GnuPG-2 to Windows. That may or may not happen. Salam-Shalom, Werner From wk at gnupg.org Thu Mar 15 09:13:12 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 15 Mar 2007 09:13:12 +0100 Subject: signing source code with gpg In-Reply-To: <20070314213214.GA67082@wilma.widomaker.com> (Jason Harris's message of "Wed\, 14 Mar 2007 17\:32\:14 -0400") References: <9447180.post@talk.nabble.com> <5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com> <87veh3bu1z.fsf@wheatstone.g10code.de> <20070314213214.GA67082@wilma.widomaker.com> Message-ID: <87ird2vs9z.fsf@wheatstone.g10code.de> On Wed, 14 Mar 2007 22:32, jharris at widomaker.com said: > Now seems like a good time to ask for an option like: > > --require-sig-from [ ...] > > to make sure sigs are only from particular signers. You can do the same by using gpgv it verifies only if the key is in a special keyring. I am not sure whether adding the suggested option is really a good idea. Other folks will come and demand further customization. > As an add-on to the FreeBSD ports system, I've already had to employ > --status-fd to make sure I get a signature from an expected signer: Scripts are the way we do it in Unix ;-) Shalom-Salam, Werner From wk at gnupg.org Thu Mar 15 18:32:09 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 15 Mar 2007 18:32:09 +0100 Subject: PGP Desktop & GnuPG In-Reply-To: <20070315135620.EBC1622821@mailserver9.hushmail.com> (vedaal@hush.com's message of "Thu\, 15 Mar 2007 09\:56\:20 -0400") References: <20070315135620.EBC1622821@mailserver9.hushmail.com> Message-ID: <87odmutnty.fsf@wheatstone.g10code.de> On Thu, 15 Mar 2007 14:56, vedaal at hush.com said: > if there is only one keyring, it should be the *gnupg* one, > which pgp can read, > but should *not* write to, or it can corrupt the gnupg keyring You probably can guess my usual remark: The format gpg's keyring is not a standard but an interal format of gpg. It is just coincidence that PGP uses the same format and that it resembles the defined transport format. So don't blame gpg if the format of the keyring changes at one point in time and messes up all your scripts. Salam-Shalom, Werner From lists at kcoates.com Thu Mar 15 21:22:58 2007 From: lists at kcoates.com (Kevin Coates) Date: Thu, 15 Mar 2007 16:22:58 -0400 Subject: Enabling GPGRelay passphrase prompt on e-mail startup In-Reply-To: <9456583.post@talk.nabble.com> References: <9456583.post@talk.nabble.com> Message-ID: <45F9AB22.7080406@kcoates.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 2007/03/13 11:11:58 AM -0400, starsipping wrote: > Does anyone know how to modify when GPGRelay can prompt for the > passphrase to force it to prompt upon initial startup or upon initial > receipt of email? Click on the GPGrelay icon and select the Keyrules tab. Select and right click your e-mail address which would be your private key(s). Select the Edit Keyrule submenu. Highlite the "Ask for Passphrase and remember for" and "until GPGrelay terminates" options. Optionally you could select and enter a value for the "Always use this passphrase" option, if you feel comfortable doing so. - -- Kevin Coates Dewitt, NY USA ________________________________________________________________ (see kludges for my pgp key) -----BEGIN PGP SIGNATURE----- iD8DBQFF+asivZSrVDqOXK0RA3DRAJ4gygtt7YSokoY0q/n026hdoSy9BQCgsbFA W+rTj+tJalzIi+yl7ZU+bNQ= =N44k -----END PGP SIGNATURE----- From kfitzner at excelcia.org Thu Mar 15 23:14:13 2007 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Thu, 15 Mar 2007 16:14:13 -0600 Subject: Deleting a designated revoker Message-ID: <45F9C535.4000108@excelcia.org> In PGP desktop 9.5, I can delete a designated revoker from my keyring. Having used GnuPG pretty much exclusively, I was under the impression this was impossible. It wouldn't be an issue, but having torn my hair out for several days over why CACert's OpenPGP signature system wouldn't sign my key, I finally figured out it doesn't handle keys with revokers on it. Since deleting a revoker is possible, might I suggest that GPG incorporate this ability. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 305 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070315/89f3e339/attachment.pgp From John at Mozilla-Enigmail.org Thu Mar 15 04:10:19 2007 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 14 Mar 2007 22:10:19 -0500 Subject: PGP Desktop and GPG In-Reply-To: References: Message-ID: <45F8B91B.2000800@Mozilla-Enigmail.org> Bruce Cowin wrote: > If I have generated a key using PGP Desktop, would I be able to import and > use that key with GnuPG? Our subscription to PGP Desktop is about to expire and it > says the functionality will be reduced to that of PGP Freeware. All we do with > it is encrypt files (not emails), so I think this is ok. I'm not sure if the PGP > Desktop gui interface will stop working or not, so thought we could use GnuPG > and Gpg4Win which we currently use on another project to replace PGP Desktop. The PGP GUI in freeware mode should continue working. The paid elements include the email plugins and PGPdisk. It is fairly easy to import your entire keyring set to GnuPG gpg --import \path\to\secring.skr gpg --import \path\to\pubring.pkr The above works at this time (PGP 9.x and GnuPG 1.4). It will quire possibly change at some future date. The canonical method is to export the keys from PGP and import them into GnuPG. Adding '--import-options import-local-sigs' to the command line will import local signatures. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070314/de078b2b/attachment.pgp From dshaw at jabberwocky.com Fri Mar 16 15:13:08 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 16 Mar 2007 10:13:08 -0400 Subject: Deleting a designated revoker In-Reply-To: <45F9C535.4000108@excelcia.org> References: <45F9C535.4000108@excelcia.org> Message-ID: <20070316141308.GB29687@jabberwocky.com> On Thu, Mar 15, 2007 at 04:14:13PM -0600, Kurt Fitzner wrote: > In PGP desktop 9.5, I can delete a designated revoker from my keyring. > Having used GnuPG pretty much exclusively, I was under the impression > this was impossible. It wouldn't be an issue, but having torn my hair > out for several days over why CACert's OpenPGP signature system wouldn't > sign my key, I finally figured out it doesn't handle keys with revokers > on it. > > Since deleting a revoker is possible, might I suggest that GPG > incorporate this ability. This is not exactly true. You can certainly delete the packet that says "this key has a designated revoker", but note that there is no way to undo the designation if the key has been distributed. It's like a signature from a key you don't own: you could delete the signature packet, but you can't revoke it. Designated revoker signatures are irrevocable as part of the OpenPGP protocol, even though they are issued from your own key. What PGP is doing is just deleting the packet. If you sync with a keyserver that has your key, the packet will just come back. All that said, yes, GPG has no way to delete designated revoker packets. The only way to do it is export your public key and run 'gpgsplit' on it. Then delete the packet you want to get rid of and 'cat' the packets back together. David From me at psmay.com Fri Mar 16 17:29:58 2007 From: me at psmay.com (Peter S. May) Date: Fri, 16 Mar 2007 12:29:58 -0400 Subject: Deleting a designated revoker In-Reply-To: <20070316141308.GB29687@jabberwocky.com> References: <45F9C535.4000108@excelcia.org> <20070316141308.GB29687@jabberwocky.com> Message-ID: <45FAC606.7030300@psmay.com> > All that said, yes, GPG has no way to delete designated revoker > packets. The only way to do it is export your public key and run > 'gpgsplit' on it. Then delete the packet you want to get rid of and > 'cat' the packets back together. See below for all the support for revoker removal that you need. I had to do it. :-) Question for Werner: Will there ever be a --with-colons for --list-packets? This script might not be friendly to non-English versions. Good luck PSM The following script is hereby public domain. usage: strip-revokers < public.key > public-stripped.key #!/bin/bash umask 077 DIR=`mktemp -d` PREFIX="$DIR/packet-" IFS=$'\n' gpgsplit -p "$PREFIX" "$@" <&0 && for i in $( find "$DIR" -name 'packet-*' ); do if [ `echo -n "$i" | grep -cEe '002[.]sig'` != 0 ]; then COUNT=`gpg --list-packets "$i" \ | grep -cEe '^[[:space:]]*hashed subpkt 12 len'` if [ $COUNT == 0 ]; then echo "Adding `basename "$i"`" >&2 cat "$i" else echo "Omitting `basename "$i"`: contains revocation" >&2 fi else echo "Adding `basename "$i"`" >&2 cat "$i" fi shred -uz "$i" done rmdir "$DIR" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070316/0c91aa1f/attachment-0001.pgp From me at psmay.com Fri Mar 16 17:45:54 2007 From: me at psmay.com (Peter S. May) Date: Fri, 16 Mar 2007 12:45:54 -0400 Subject: strip-revokers script In-Reply-To: <45FAC606.7030300@psmay.com> References: <45F9C535.4000108@excelcia.org> <20070316141308.GB29687@jabberwocky.com> <45FAC606.7030300@psmay.com> Message-ID: <45FAC9C2.7030801@psmay.com> Caught a couple of glitches. Ignore the previous version. #!/bin/bash umask 077 DIR=`mktemp -d` PREFIX="packet-" PREFIXPAT="$PREFIX*" IFS=$'\n' gpgsplit -p "$DIR/$PREFIX" "$@" <&0 && for i in $( find "$DIR" -name "$PREFIXPAT" ); do if [ `echo -n "$i" | grep -cEe '-002[.]sig$'` != 0 ]; then COUNT=`gpg --list-packets "$i" \ | grep -cEe '^[[:space:]]*hashed subpkt 12 len'` if [ $COUNT == 0 ]; then echo "Adding `basename "$i"`" >&2 cat "$i" else echo "Omitting `basename "$i"`: contains revocation" >&2 fi else echo "Adding `basename "$i"`" >&2 cat "$i" fi shred -uz "$i" done rmdir "$DIR" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070316/204a80dd/attachment.pgp From johns at netfriends.com Fri Mar 16 23:56:35 2007 From: johns at netfriends.com (starsipping) Date: Fri, 16 Mar 2007 15:56:35 -0700 (PDT) Subject: Enabling GPGRelay passphrase prompt on e-mail startup In-Reply-To: <9456583.post@talk.nabble.com> References: <9456583.post@talk.nabble.com> Message-ID: <9523961.post@talk.nabble.com> Dirk Zemisch provided the following information which successfully resolved our issue: > > "On the Keyrules tab you can edit properties for each key. In > this dialog for secret keys you have some options to check. There > is one option 'Prompt at startup'. Check it and all will be fine." > starsipping wrote: > > Does anyone know how to modify when GPGRelay can prompt for the passphrase > to force it to prompt upon initial startup or upon initial receipt of > email? > > -- View this message in context: http://www.nabble.com/Enabling-GPGRelay-passphrase-prompt-on-e-mail-startup-tf3396593.html#a9523961 Sent from the GnuPG - User mailing list archive at Nabble.com. From svt at teris.de Sat Mar 17 01:04:55 2007 From: svt at teris.de (Sebastian von Thadden) Date: Sat, 17 Mar 2007 01:04:55 +0100 Subject: HowTo make a donation to gpg... Message-ID: <45FB30A7.1060806@teris.de> Hi, I'm really exaltet about gpg and want to support the project with a little donation. I think, if I can't help to develop such a good project, the team should get a little bit support. The most OS-projects are better than commercial products. A donation is the least, that I (and other users) can do. On the gpg-website I've searched for a paypal-donation button or something else... Nothing. I think, the gpg-team should install a possibility for this on the website. Bye, Sebastian From rjh at sixdemonbag.org Sat Mar 17 01:52:29 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 16 Mar 2007 19:52:29 -0500 Subject: HowTo make a donation to gpg... In-Reply-To: <45FB30A7.1060806@teris.de> References: <45FB30A7.1060806@teris.de> Message-ID: > On the gpg-website I've searched for a paypal-donation button or > something else... Nothing. > > I think, the gpg-team should install a possibility for this on the > website. This has been asked a few times. The last time it was asked, the developers said that it would create a lot of problems. How should the money be split up? While the developers certainly deserve credit, so too do people on mailing lists who help newbies, so too do people who search through the code and find bugs, so too do... etcetera, etcetera. However, GnuPG is--as you can guess from its name--a GNU project, which means it's closely affiliated with the Free Software Foundation. The FSF is a non-profit charity headquartered in the United States, and gratefully accepts donations. https://www.fsf.org/associate/support_freedom/donate From lists_de at zemisch.de Sat Mar 17 04:09:22 2007 From: lists_de at zemisch.de (Dirk Zemisch) Date: Sat, 17 Mar 2007 10:09:22 +0700 Subject: HowTo make a donation to gpg... In-Reply-To: References: <45FB30A7.1060806@teris.de> Message-ID: <441175334.20070317100922@zemisch.de> Hello Sebastian, hi all On Friday, March 16, 2007, at 19:52 GMT -05 (Saturday, March 17, 2007, at 07:52 my local time), Robert J. Hansen chipped in: > However, GnuPG is--as you can guess from its name--a GNU project, > which means it's closely affiliated with the Free Software > Foundation. The FSF is a non-profit charity headquartered in the > United States, and gratefully accepts donations. > https://www.fsf.org/associate/support_freedom/donate Or, for europeans, try here for the FSF Europe: http://www.fsfeurope.org/help/donate.de.html (german version) -- Bye, Dirk An excerpt from Plato: He who can properly define and divide is to be considered a god. From wk at gnupg.org Mon Mar 19 09:45:44 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 19 Mar 2007 09:45:44 +0100 Subject: Deleting a designated revoker In-Reply-To: <45FAC606.7030300@psmay.com> (Peter S. May's message of "Fri\, 16 Mar 2007 12\:29\:58 -0400") References: <45F9C535.4000108@excelcia.org> <20070316141308.GB29687@jabberwocky.com> <45FAC606.7030300@psmay.com> Message-ID: <87lkht62pz.fsf@wheatstone.g10code.de> On Fri, 16 Mar 2007 17:29, me at psmay.com said: > Question for Werner: Will there ever be a --with-colons for > --list-packets? This script might not be friendly to non-English versions. No there wil be no such option. The OpenPGP message is already machine readable ;-) LC_ALL=C; export LC_ALL LANG= ; export LANG should help to avoid i18n problems. Shalom-Salam, Werner From jharris at widomaker.com Wed Mar 21 04:23:14 2007 From: jharris at widomaker.com (Jason Harris) Date: Tue, 20 Mar 2007 23:23:14 -0400 Subject: new (2007-03-18) keyanalyze results (+sigcheck) Message-ID: <20070321032314.GA828@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-03-18/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: c3d94da51aec16bca25aa28f8d0b850841fa8329 14641776 preprocess.keys 22b666022b1d47dda1d0ecd2f348c692afba6fe2 8531579 othersets.txt 35807e06167623d50f2247acce21c9503bb01d66 3507678 msd-sorted.txt 35d9f25e5db5c08db5853f00da05ee66771b31b5 2278 keyring_stats f4da768310b8afa588f2434159479085a7178148 1380285 msd-sorted.txt.bz2 30855130432a7c7e404f85c367c42bc276e106f2 26 other.txt 36625506f5a4d10f801743e2c490264911a98c3a 1852023 othersets.txt.bz2 5bbabe86293e2c4b846e42d7978e596b97ed858d 5954318 preprocess.keys.bz2 ebb42bceef65bd4e723abb9c05aa0ce21d9dfe6e 15108 status.txt c4dc5f05989aea0a59926e7a2d657e640c962205 194524 top1000table.html 278422b27d4399b539e784def9f016a5453d2793 29708 top1000table.html.gz 96623cdd38aeae9904db8df3772bdc0f19f758fe 9781 top50table.html 4a0ddb9ad55ed7dca50ef41dd36ec75ac3c63504 2529 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20070320/98216044/attachment.pgp From George.Shaffer at comcast.net Wed Mar 21 05:39:04 2007 From: George.Shaffer at comcast.net (George Shaffer) Date: Wed, 21 Mar 2007 00:39:04 -0400 Subject: Saving a gpg signed message as plain text from Evolution? Message-ID: <1174451943.1822.236.camel@localhost.localdomain> I've searched the archives and have found messages somewhat related to this, but nothing that actually helps. I'm using Evolution 1.4.5; it's old and I'd love to upgrade everything but that is not an option at this time. In the past I've saved what I gather are called in line signatures to a file and verified them with no problem. It never occurred to me that saving the multi part messages that Evolution creates when you sign one of your own messages would be a problem. The multi part messages are convenient, but if the only place that you can verify a specific message from is the email client that it was sent from (and the original recipient), it defeats a major purpose of digital signatures: proof of who sent it and that the message is unchanged. In a legal dispute the sender would look like a fool if he claimed it verified in the email program on his PC, but could not get it to verify anywhere else. The only other person who could verify the message, would be the person least likely to have any desire to assist. I've spent hours trying to get a signed message out of the sent folder of Evolution. Using a message with an in line signature as an example and gpg error messages, I've gotten to the point that gpg will try to verify it but it always verifies bad. That is not surprising since Evolution breaks very long URLs into 2 or three lines, converts copyright symbols to =C2=A9, adds =20 here and there (I think blanks at the end of a line), adds returns (^M) at the end of every line in the message area. Something I saw suggested this was part of the standard? I've fixed everything I could find and tried it with and without the returns and with and without spaces for =20 and all verify bad. Is there anything that I can do to get a signed email out of Evolution 1.4.5 as verifiable plain text. It's pretty important and any assistance would be much appreciated. I'm willing to do just about anything, include resend it to someone who has a client that will save it in a way that it can be verified. Privacy is not a concern, as I plan to post this email to my web site. But the second sentence says "Please note that this is a digitally signed document, and legal notice . . ." and it will look pretty dumb if I have to explain why it won't verify. In the future, I will prepare and sign important documents outside of Evolution, and paste them in when they're ready, if I can't find something better. George Shaffer -- For my GnuPG key ID and fingerprint see http://geodsoft.com/about/ From ewrobinson at fedex.com Wed Mar 21 15:43:04 2007 From: ewrobinson at fedex.com (Eric Robinson) Date: Wed, 21 Mar 2007 09:43:04 -0500 Subject: Erroneous char at the end of a file... Message-ID: Hello Group, I have a customer that is getting erroneous characters in the data at the end of a file (looks like ASCII ?) when they decrypt. This does not happen for every file. This customer is decrypting our GPG encrypted file with Authora's Edge 2.5.1 We have looked at the data before the GPG encryption and It is clean and free of characters Has anyone seen this type of issue with Authora's Edge software? I would appreciate any help at all. Thanks, Eric From oryann9 at yahoo.com Wed Mar 21 20:46:57 2007 From: oryann9 at yahoo.com (oryann9) Date: Wed, 21 Mar 2007 12:46:57 -0700 (PDT) Subject: Erroneous char at the end of a file... In-Reply-To: Message-ID: <20070321194657.2843.qmail@web63407.mail.re1.yahoo.com> Hello, What version of GPG are you using? What is your encrypt and decrypt strings? Are you aware of --textmode if platforms differ? And --armour and --no-mangle-dos-filenames? --- Eric Robinson wrote: > Hello Group, > I have a customer that is getting erroneous > characters in the data at > the end of a file (looks like ASCII ?) when they > decrypt. This does not > happen for every file. > > This customer is decrypting our GPG encrypted file > with Authora's Edge > 2.5.1 > > We have looked at the data before the GPG encryption > and It is clean and > free of characters > > Has anyone seen this type of issue with Authora's > Edge software? I > would appreciate any help at all. > > > Thanks, > Eric > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ____________________________________________________________________________________ Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097 From hhhobbit at securemecca.net Wed Mar 21 22:49:07 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Wed, 21 Mar 2007 15:49:07 -0600 Subject: Saving a gpg signed message as plain text from Evolution? In-Reply-To: References: Message-ID: <1174513747.4664.16.camel@sirius.brigham.net> On Wed, 2007-03-21 at 00:39:04 -0100, wrote: > Message: 8 > Date: Wed, 21 Mar 2007 00:39:04 -0400 > From: George Shaffer > Subject: Saving a gpg signed message as plain text from Evolution? > To: gnupg-users at gnupg.org > Message-ID: <1174451943.1822.236.camel at localhost.localdomain> > Content-Type: text/plain > > I've searched the archives and have found messages somewhat related to > this, but nothing that actually helps. I'm using Evolution 1.4.5; it's > old and I'd love to upgrade everything but that is not an option at this > time. What OS is this on? > In the past I've saved what I gather are called in line signatures to a > file and verified them with no problem. It never occurred to me that > saving the multi part messages that Evolution creates when you sign one > of your own messages would be a problem. The multi part messages are > convenient, but if the only place that you can verify a specific message > from is the email client that it was sent from (and the original > recipient), it defeats a major purpose of digital signatures: proof of > who sent it and that the message is unchanged. > > In a legal dispute the sender would look like a fool if he claimed it > verified in the email program on his PC, but could not get it to verify > anywhere else. The only other person who could verify the message, would > be the person least likely to have any desire to assist. > > I've spent hours trying to get a signed message out of the sent folder > of Evolution. Using a message with an in line signature as an example > and gpg error messages, I've gotten to the point that gpg will try to > verify it but it always verifies bad. > > That is not surprising since Evolution breaks very long URLs into 2 or > three lines, converts copyright symbols to =C2=A9, adds =20 here and > there (I think blanks at the end of a line), adds returns (^M) at the > end of every line in the message area. Something I saw suggested this > was part of the standard? I've fixed everything I could find and tried > it with and without the returns and with and without spaces for =20 and > all verify bad. > > Is there anything that I can do to get a signed email out of Evolution > 1.4.5 as verifiable plain text. It's pretty important and any assistance > would be much appreciated. I'm willing to do just about anything, > include resend it to someone who has a client that will save it in a way > that it can be verified. Privacy is not a concern, as I plan to post > this email to my web site. But the second sentence says "Please note > that this is a digitally signed document, and legal notice . . ." and it > will look pretty dumb if I have to explain why it won't verify. > > In the future, I will prepare and sign important documents outside of > Evolution, and paste them in when they're ready, if I can't find > something better. > > George Shaffer > -- > For my GnuPG key ID and fingerprint see http://geodsoft.com/about/ I think you are mistaken on several things. 1. Evolution does NOT use in-line. It has always used OpenPGP/MIME and always will. It doesn't even have the capacity to handle in-line. At least it has been that way with every version that I have used. 2. The standard for mailing is to add ^Ms at the end of every line for transmission. 3. The instant you change ONE character in the body it will never vary. 4. I will look at the sent folder, but I have learned to either Cc: or Bcc: myself. In fact, I have it set to do BOTH, and delete the one I don't want to use manually. I don't trust the sent folder because I don't think it signs the messages properly there. 5. I am using Evolution on 2.0.4 on Fedora Core 3 Linux (I was going to recently update to FC6 and the install failed on a trial machine). This message is signed. My Key ID is 5BA96FAC. The key is on the servers, but it's fingerprint and the checksum of the file with the key in it I will send to you is: 9D55 B232 80B0 D623 E1A1 EECC AF74 19BF 5BA9 6FAC 91df314d349879384b36e70905f9d3d9cdeb5675 hhhobbit_at_securemecca.net.asc HHH -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20070321/7844a75b/attachment.pgp From hhhobbit at securemecca.net Wed Mar 21 22:59:39 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Wed, 21 Mar 2007 15:59:39 -0600 Subject: Saving a gpg signed message as plain text from Evolution? In-Reply-To: <1174513747.4664.16.camel@sirius.brigham.net> References: <1174513747.4664.16.camel@sirius.brigham.net> Message-ID: <1174514379.4664.23.camel@sirius.brigham.net> OOPS. Please delete the previous message. We are going out of group for some tests on his old version of Evolution. Sorry HHH From ewrobinson at fedex.com Thu Mar 22 14:30:55 2007 From: ewrobinson at fedex.com (Eric Robinson) Date: Thu, 22 Mar 2007 08:30:55 -0500 Subject: Erroneous char at the end of a file... In-Reply-To: <20070321194657.2843.qmail@web63407.mail.re1.yahoo.com> Message-ID: Thanks for the response... My hands are a little tied, GPG is 'embedded' in our application and can't change any values or parms at all. GPG v1.2.4 Encrypt string: --passphrase-fd 0 --no-tty --batch --sign --encrypt --compress-algo 1 --cipher-algo cast5 I do not know what the customers decrypt string is. Not familiar with --textmode I'll look it up on the site. Yes, --armour is a parm that I can toggle back and forth. Not familiar with --no-mangle-dos-filenames Thanks, Eric ------------------------------------- Eric Robinson Business Application Advisor FedEx Corporate Services Internet Engineering & EC Integration 901.263.5749 ------------------------------------- -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of oryann9 Sent: Wednesday, March 21, 2007 2:47 PM To: gnupg-users at gnupg.org Subject: Re: Erroneous char at the end of a file... Hello, What version of GPG are you using? What is your encrypt and decrypt strings? Are you aware of --textmode if platforms differ? And --armour and --no-mangle-dos-filenames? --- Eric Robinson wrote: > Hello Group, > I have a customer that is getting erroneous characters in the data at > the end of a file (looks like ASCII ?) when they decrypt. This does > not happen for every file. > > This customer is decrypting our GPG encrypted file with Authora's Edge > 2.5.1 > > We have looked at the data before the GPG encryption and It is clean > and > free of characters > > Has anyone seen this type of issue with Authora's Edge software? I > would appreciate any help at all. > > > Thanks, > Eric > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ________________________________________________________________________ ____________ Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097 _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From oryann9 at yahoo.com Thu Mar 22 15:00:18 2007 From: oryann9 at yahoo.com (oryann9) Date: Thu, 22 Mar 2007 07:00:18 -0700 (PDT) Subject: Erroneous char at the end of a file... In-Reply-To: Message-ID: <241971.42473.qm@web63414.mail.re1.yahoo.com> --- Eric Robinson wrote: > Thanks for the response... My hands are a little > tied, GPG is 'embedded' > in our application and can't change any values or > parms at all. > > GPG v1.2.4 > Encrypt string: > > --passphrase-fd 0 --no-tty --batch --sign --encrypt > --compress-algo 1 > --cipher-algo cast5 > > I do not know what the customers decrypt string is. > > Not familiar with --textmode I'll look it up on > the site. > > Yes, --armour is a parm that I can toggle back and > forth. > > Not familiar with --no-mangle-dos-filenames > > > Thanks, > Eric > > Hello, > > What version of GPG are you using? > What is your encrypt and decrypt strings? > Are you aware of --textmode if platforms differ? > And --armour and --no-mangle-dos-filenames? > > > --- Eric Robinson wrote: > > > Hello Group, > > I have a customer that is getting erroneous > characters in the data at > > the end of a file (looks like ASCII ?) when they > decrypt. This does > > not happen for every file. > > > > This customer is decrypting our GPG encrypted file > with Authora's Edge > > 2.5.1 > > > > We have looked at the data before the GPG > encryption and It is clean > > and > > free of characters > > > > Has anyone seen this type of issue with Authora's > Edge software? I > > would appreciate any help at all. > > > > > > Thanks, > > Eric > > Sorry for top posting.... ok yes please look at the man page for those parameters. If you cannot change these parameters, then please work with the app vendor who developed this app, but if its not causing any detremental data issues then you could parse these erroneous out using Perl or Shell??? ____________________________________________________________________________________ Never miss an email again! Yahoo! Toolbar alerts you the instant new Mail arrives. http://tools.search.yahoo.com/toolbar/features/mail/ From ran.rutenberg at gmail.com Mon Mar 19 06:04:52 2007 From: ran.rutenberg at gmail.com (Ran Rutenberg) Date: Mon, 19 Mar 2007 05:04:52 +0000 Subject: Documentation for GnuPG Message-ID: <3ed79ed40703182204i4c57756eo485bb7326c03db08@mail.gmail.com> Dear Users, I would like to start using GnuPG but I can't find any updated documentation (e.g. User Guides, HOWTOs etc.). I would be glad if someone would be able to point me out on where can I find updated documentation. Sincerely, Ran Rutenberg From crypt at sibinco.ru Thu Mar 22 08:53:59 2007 From: crypt at sibinco.ru (=?utf-8?b?0JrQvtC90YHRgtCw0L3RgtC40L0g0JLQtdGA0LHQsA==?=) Date: Thu, 22 Mar 2007 13:53:59 +0600 Subject: gpg card reading problem Message-ID: <200703221353.59896.crypt@sibinco.ru> Hello, I can't use my card with gnupg and asedrive iiie usb card reader. -- System logs: Mar 21 16:29:54 rimex pcscd: Card ATR: 3B 95 15 40 FF 68 01 02 45 47 Mar 21 16:30:04 rimex pcscd: prothandler.c:130:PHSetProtocol() Attempting PTS to T=0 Mar 21 16:32:19 rimex pcscd: prothandler.c:130:PHSetProtocol() Attempting PTS to T=0 But... rimex ~ # gpg --card-status gpg: WARNING: unsafe ownership on configuration file `/home/crypt/.gnupg/gpg.conf' gpg: DBG: connection to agent established scdaemon[7264]: no supported card application found: Card error gpg-agent[7263]: command learn failed: Card error gpg: OpenPGP card not available: Card error scdaemon[7264]: updating status of slot 0 to 0x0007 scdaemon[7264]: client pid is 7263, sending signal 12 rimex ~ # scdaemon[7264]: scdaemon (GnuPG) 2.0.1 stopped rimex ~ # opensc-tool -a iso7816.c:99:iso7816_check_sw: Instruction code not supported or invalid iso7816.c:458:iso7816_select_file: returning with: Unsupported INS byte in APDU card.c:563:sc_select_file: returning with: Unsupported INS byte in APDU 3b:95:15:40:ff:68:01:02:45:47 iso7816.c:99:iso7816_check_sw: Instruction code not supported or invalid iso7816.c:458:iso7816_select_file: returning with: Unsupported INS byte in APDU card.c:563:sc_select_file: returning with: Unsupported INS byte in APDU rimex ~ # So this is the testpcsc info: MUSCLE PC/SC Lite unitary test Program THIS PROGRAM IS NOT DESIGNED AS A TESTING TOOL FOR END USERS! Do NOT use it unless you really know what you do. Testing SCardEstablishContext : Command successful. Testing SCardIsValidContext : Command successful. Testing SCardIsValidContext : Invalid handle. (don't panic) Testing SCardGetStatusChange Please insert a working reader : Command successful. Testing SCardListReaderGroups : Command successful. Command successful. Group 01: SCard$DefaultReaders Testing SCardListReaders : Command successful. Command successful. Reader 01: AseIIIeUSB 00 00 Waiting for card insertion : Command successful. Testing SCardConnect : Command successful. Select file: 00 A4 00 00 02 3F 00 Testing SCardTransmit : Command successful. card response: 6D 00 Testing SCardControl : Command successful. Testing SCardGetAttrib : Feature not supported. (don't panic) Testing SCardGetAttrib : Feature not supported. (don't panic) Testing SCardGetAttrib : Feature not supported. (don't panic) Testing SCardGetAttrib : Feature not supported. (don't panic) Testing SCardGetAttrib : Feature not supported. (don't panic) Testing SCardSetAttrib : Command successful. Testing SCardStatus : Command successful. Current Reader Name : AseIIIeUSB 00 00 Current Reader State : 0x0034 Current Reader Protocol : T=0 Current Reader ATR Size : 10 bytes Current Reader ATR Value : 3B 95 15 40 FF 68 01 02 45 47 Press enter: Testing SCardReconnect : Command successful. Testing SCardDisconnect : Command successful. Testing SCardReleaseContext : Command successful. PC/SC Test Completed Successfully ! Card type is cryptoflex or cyberflex. Is it possible to make it work?? From cmzlwnql at trashmail.net Thu Mar 22 12:12:26 2007 From: cmzlwnql at trashmail.net (redstar) Date: Thu, 22 Mar 2007 11:12:26 +0000 (UTC) Subject: why gpg use SHA1 instead of pref??? Message-ID: Hi Its question of why gpg use SHA1 hash encryption of message. For testing I send message to self and pgpdump will show RIPEMD160 in hash of signing, its normal expectation of my prefs. But for encryption its use of hash SHA1. Here is some printout: $ gpg --edit-key foo gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. pub 1024D/7645B413 created: 2007-03-08 expires: 2007-04-07 usage: SC trust: ultimate validity: ultimate sub 2048g/2A031F9B created: 2007-03-08 expires: 2007-04-07 usage: E sub 2048R/8C905961 created: 2007-03-08 expires: 2007-04-07 usage: S sub 2048R/D9C8767A created: 2007-03-08 expires: 2007-04-07 usage: E [ultimate] (1). testing key Command> showpref [ultimate] (1). testing key Cipher: CAST5, 3DES, BLOWFISH, TWOFISH, AES256, AES192 Digest: RIPEMD160, SHA512, SHA256, SHA384, SHA1, MD5 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Command> pref [ultimate] (1). testing key S3 S2 S4 S10 S9 S8 H3 H10 H8 H9 H2 H1 Z2 Z3 Z1 Z0 [mdc] [no-ks-modify] Command> $ pgpdump foomessage.gpg Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes) New version(3) Key ID - 0xB1CAB8AFD9C8767A Pub alg - RSA Encrypt or Sign(pub 1) RSA m^e mod n(2048 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes) Ver 1 Encrypted data [sym alg is specified in pub-key encrypted session key] (plain text + MDC SHA1(20 bytes)) What I must do for using RIPEMD160 hash of encryption??? Its normal because encryption specifications requirements? Or its error of gpg? Why he will use RSA encryption as other symmetric ciphers like CAST5, 3DES, BLOWFISH,, in prefs, and, RSA its not in prefs list? Sorry of bad enlish.! redstar From dshaw at jabberwocky.com Thu Mar 22 23:54:53 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 22 Mar 2007 18:54:53 -0400 Subject: why gpg use SHA1 instead of pref??? In-Reply-To: References: Message-ID: <20070322225453.GA23909@jabberwocky.com> On Thu, Mar 22, 2007 at 11:12:26AM +0000, redstar wrote: > New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes) > Ver 1 > Encrypted data [sym alg is specified in pub-key encrypted session key] > (plain text + MDC SHA1(20 bytes)) > > What I must do for using RIPEMD160 hash of encryption??? Its normal because > encryption specifications requirements? Or its error of gpg? The MDC is always SHA-1. It is fixed as part of the protocol. > Why he will use RSA encryption as other symmetric ciphers like CAST5, 3DES, > BLOWFISH,, in prefs, and, RSA its not in prefs list? The type of public-key encryption is defined by what type of key you are encrypting to. An RSA key means RSA encryption. The symmetric ciphers are not relevant to this question. David From cmzlwnql at trashmail.net Sun Mar 25 18:53:54 2007 From: cmzlwnql at trashmail.net (redstar) Date: Sun, 25 Mar 2007 16:53:54 +0000 (UTC) Subject: why gpg use SHA1 instead of pref??? References: <20070322225453.GA23909@jabberwocky.com> Message-ID: David Shaw jabberwocky.com> writes: > > New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes) > > Ver 1 > > Encrypted data [sym alg is specified in pub-key encrypted session key] > > (plain text + MDC SHA1(20 bytes)) > > > > What I must do for using RIPEMD160 hash of encryption??? Its normal because > > encryption specifications requirements? Or its error of gpg? > > The MDC is always SHA-1. It is fixed as part of the protocol. > > > Why he will use RSA encryption as other symmetric ciphers like CAST5, 3DES, > > BLOWFISH,, in prefs, and, RSA its not in prefs list? > > The type of public-key encryption is defined by what type of key you > are encrypting to. An RSA key means RSA encryption. The symmetric > ciphers are not relevant to this question. i try to answer this few days before it but it was not post on list so now, i post again. but, its confusing output of pgpdump. plain text + SHA1 must be encrypt of symmetric algorithm and after, its session key is encrypt of public key cipher. im right or wrong? So why, he will use SHA1 in hash of symmetric key. its expectation to use SHA1 hash with assymetric public key of receiver. or im not understand you its really SHA1, with symmetric key its part of protocol?? how its possible to know which symmetric algorithm it was used to encrypt message? how i must obtain this informtation from pgpdump? i think, it will be very good if well have some matrix of prefs, which assymetric and symmetric algorithm he will use in all this cases. thanks David to help all peoples of gpg list!! From randux at Safe-mail.net Wed Mar 28 02:03:39 2007 From: randux at Safe-mail.net (randux at Safe-mail.net) Date: Wed, 28 Mar 2007 03:03:39 +0300 Subject: Signature version line not protected against alteration Message-ID: Greetings all, I came upon something a bit odd in gnupg 1.4.7. I found I can change the comment field in a signed message to be whatever I like. I should think this is a bad thing as an attacker could insert text in a message presumably protected against all modifications if the signature verifies properly. I'm hoping the attachments won't be corrupted by my emailer. The first attachment is the clearsigned message. I altered the comment field manually after creating the .asc. The second attachment is the public key so you can verify that the clearsigned message is valid. Thanks loads to everyone whos worked on gnupg. It's a brilliant app and an important one at that. Cheers, Rand -------------- next part -------------- A non-text attachment was scrubbed... Name: phil.zimmermann.asc Type: application/pgp-signature Size: 299 bytes Desc: not available Url : /pipermail/attachments/20070328/01eca3a3/attachment.pgp -------------- next part -------------- A non-text attachment was scrubbed... Name: phil.pub Type: application/octet-stream Size: 1767 bytes Desc: not available Url : /pipermail/attachments/20070328/01eca3a3/attachment.obj From dshaw at jabberwocky.com Wed Mar 28 05:25:58 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 27 Mar 2007 23:25:58 -0400 Subject: Signature version line not protected against alteration In-Reply-To: References: Message-ID: <20070328032558.GA28900@jabberwocky.com> On Wed, Mar 28, 2007 at 03:03:39AM +0300, randux at Safe-mail.net wrote: > Greetings all, > > I came upon something a bit odd in gnupg 1.4.7. I found I can change > the comment field in a signed message to be whatever I like. I > should think this is a bad thing as an attacker could insert text in > a message presumably protected against all modifications if the > signature verifies properly. The "comment" and "version" armor fields are both essentially comments, and are ignored by the OpenPGP protocol. You can change either of them to whatever you like. David From vedaal at hush.com Wed Mar 28 17:55:22 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Wed, 28 Mar 2007 11:55:22 -0400 Subject: --passphrase option // can two different passphrases be used in the same command? Message-ID: <20070328155523.09D62DA844@mailserver7.hushmail.com> a question came up yesterday on the alt.security.pgp list someone was trying to sign and symmetrically encrypt a message, and wanted to do this as one command, first entering the passphrase for signing, and then entering a different passphrase for symmetrical encryption, and could not get it to work i tried many different variations of this on the commandline, and it seems that gnupg (1.4.7) recognizes only the second passphrase listed if the second passphrase is the correct one for the signing key, then the message will be signed but also symmetrically encrypted with the same passphrase (the passphrase for the signing key) example: c:\gnupg>gpg --armor --passphrase sss -c -u aaaa1 -s --passphrase aaaa1 c:\1.txt You need a passphrase to unlock the secret key for user: "aaaa1 " 2048-bit RSA key, ID F9015496, created 2005-12-01 gpg: TWOFISH encryption will be used gpg: writing to `c:\1.txt.asc' gpg: RSA/SHA256 signature from: "F9015496 aaaa1 " this message decrypts with the passphrase aaaa1, but not with the passphrase sss if the second passphrase is the symmetric encryption passphrase, then gnupg will abort example: c:\gnupg>gpg --armor --passphrase aaaa1 -u aaaa1 -s -c --passphrase sss c:\1.txt You need a passphrase to unlock the secret key for user: "aaaa1 " 2048-bit RSA key, ID F9015496, created 2005-12-01 gpg: skipped "aaaa1": bad passphrase gpg: c:\1.txt: sign+symmetric failed: bad passphrase is there a way to direct gnupg to remember one passphrase for signing, and another one for symmetrically encrypting? this might be useful for some automated messages, otherwise, the simple workaround is just to do: gpg --armor -u keyname -s -c filename and enter the passphrases separately at each of the gpg prompts tia, vedaal -- Click for home mortgage, fast & free, no lender fee, approval today http://tagline.hushmail.com/fc/CAaCXv1QbtbAM5lao4GFSo9WIpRelaQq/ From wk at gnupg.org Thu Mar 29 10:06:59 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 29 Mar 2007 10:06:59 +0200 Subject: --passphrase option // can two different passphrases be used in the same command? In-Reply-To: <20070328155523.09D62DA844@mailserver7.hushmail.com> (vedaal@hush.com's message of "Wed\, 28 Mar 2007 11\:55\:22 -0400") References: <20070328155523.09D62DA844@mailserver7.hushmail.com> Message-ID: <87fy7opj6k.fsf@wheatstone.g10code.de> On Wed, 28 Mar 2007 17:55, vedaal at hush.com said: > is there a way to direct gnupg to remember one passphrase for > signing, > and another one for symmetrically encrypting? Not with the --passhrase* options. You need to employ the --command-fd interface if you want better control over the passphrase. GPGME makes this easier. Shalom-Salam, Werner From ublument at Bear.com Fri Mar 30 17:09:58 2007 From: ublument at Bear.com (Blumenthal, Uri) Date: Fri, 30 Mar 2007 11:09:58 -0400 Subject: Problem interoperating with PGP Univeral? Message-ID: I am trying to get cleartext-signed PGP/MIME messages produced by PGP Universal 2.5.3, verified by email clients (Thunderbird-1.5.0.10 + Enigmail-0.94.2 + GPG-1.4.7). So far my experience is: - Pure plaintext (neither PGP/MIME nor PGP/Partitioned) messages are verified OK. - PGP/MIME encrypted and signed messages are decrypted and verified OK. - PGP/MIME or PGP/Partitioned messages (HTML body and/or attachments) fail signature verification, with error message from GPG: Cleartext signature without data I've submitted help request to Enigmail list, but perhaps somebody here can advise me regarding this issue? Maybe there are settings at PGP Universal that should be changed to make its output "friendlier"? Or maybe there are GPG setting that would allow verification of those emails? I'll be grateful for any help! Thank you! -- Regards, Uri Blumenthal *********************************************************************** Bear Stearns is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account activity contained in this communication. *********************************************************************** From patrick at mozilla-enigmail.org Sat Mar 31 23:29:54 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Sat, 31 Mar 2007 23:29:54 +0200 Subject: Problem interoperating with PGP Univeral? In-Reply-To: References: Message-ID: Blumenthal, Uri wrote: > I am trying to get cleartext-signed PGP/MIME messages produced by PGP > Universal 2.5.3, verified by email clients (Thunderbird-1.5.0.10 + > Enigmail-0.94.2 + GPG-1.4.7). > > So far my experience is: > > - Pure plaintext (neither PGP/MIME nor PGP/Partitioned) messages are > verified OK. > > - PGP/MIME encrypted and signed messages are decrypted and verified OK. > > - PGP/MIME or PGP/Partitioned messages (HTML body and/or attachments) > fail signature verification, with error message from GPG: > > Cleartext signature without data > > I've submitted help request to Enigmail list, but perhaps somebody here > can advise me regarding this issue? Maybe there are settings at PGP > Universal that should be changed to make its output "friendlier"? Or > maybe there are GPG setting that would allow verification of those > emails? > > I'll be grateful for any help! > > Thank you! I can provide some more details on this. GnuPG 1.4.7 returns with this error message "gpg: can't handle this ambiguous signature data". This is the detached signature that comes with such a message: -----BEGIN PGP SIGNATURE----- Version: PGP Universal 2.5.3 qANQR1DEDQMBAhH9zteyosL+MwHCPwMFAUYL2iX9zteyosL+MxECC8QAnRhWP2Sx Ex7VcRL+wBVB2C7lksYAAKCYHvRP7E8vA5jKNgigU0o4kbFn4w== =lOCI -----END PGP SIGNATURE----- -Patrick From dshaw at jabberwocky.com Sat Mar 31 23:51:47 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 31 Mar 2007 17:51:47 -0400 Subject: Problem interoperating with PGP Univeral? In-Reply-To: References: Message-ID: <20070331215147.GB21090@jabberwocky.com> On Sat, Mar 31, 2007 at 11:29:54PM +0200, Patrick Brunschwig wrote: > Blumenthal, Uri wrote: > > I am trying to get cleartext-signed PGP/MIME messages produced by PGP > > Universal 2.5.3, verified by email clients (Thunderbird-1.5.0.10 + > > Enigmail-0.94.2 + GPG-1.4.7). > > > > So far my experience is: > > > > - Pure plaintext (neither PGP/MIME nor PGP/Partitioned) messages are > > verified OK. > > > > - PGP/MIME encrypted and signed messages are decrypted and verified OK. > > > > - PGP/MIME or PGP/Partitioned messages (HTML body and/or attachments) > > fail signature verification, with error message from GPG: > > > > Cleartext signature without data > > > > I've submitted help request to Enigmail list, but perhaps somebody here > > can advise me regarding this issue? Maybe there are settings at PGP > > Universal that should be changed to make its output "friendlier"? Or > > maybe there are GPG setting that would allow verification of those > > emails? > > > > I'll be grateful for any help! > > > > Thank you! > > I can provide some more details on this. GnuPG 1.4.7 returns with this > error message "gpg: can't handle this ambiguous signature data". > > This is the detached signature that comes with such a message: > > -----BEGIN PGP SIGNATURE----- > Version: PGP Universal 2.5.3 > > qANQR1DEDQMBAhH9zteyosL+MwHCPwMFAUYL2iX9zteyosL+MxECC8QAnRhWP2Sx > Ex7VcRL+wBVB2C7lksYAAKCYHvRP7E8vA5jKNgigU0o4kbFn4w== > =lOCI > -----END PGP SIGNATURE----- That's just a regular signature. How does Enigmail call GPG to do the verification? David From office at dotdoms.com Wed Mar 28 16:06:42 2007 From: office at dotdoms.com (dotdoms) Date: Wed, 28 Mar 2007 07:06:42 -0700 (PDT) Subject: how to only signate a mail by GnuPG, command line? Message-ID: <9714450.post@talk.nabble.com> Hello, I am brand new to PGP and GnuPG, so my question might sound dumb, but I am really stuck for days now, so I hope and would be thankful to probably receive some answer here. I am trying to send a GnuPG signe email by PHP. The PHP part of it isn?t really a problem to me, but I don?t get the correct command line for GnuPG to do as I need. I tried so far that: gpg -o signature_file.txt --clearsign original_file.txt The point is I don?t know the syntax how to add the Emailadress/Key ID which should sign the signature_file. E.g. something like that (allthough that obviously ain?t the correct syntax): gpg -o signature_file.txt --clearsign original_file.txt myemailadress at domain.tld Thx in advance :) best regards, dd -- View this message in context: http://www.nabble.com/how-to-only-signate-a-mail-by-GnuPG%2C-command-line--tf3480533.html#a9714450 Sent from the GnuPG - User mailing list archive at Nabble.com. From rjkunkel at fuse.net Fri Mar 23 19:26:39 2007 From: rjkunkel at fuse.net (rjkunkel) Date: Fri, 23 Mar 2007 11:26:39 -0700 (PDT) Subject: gpg doesn't seem to execute within windows application Message-ID: <9640662.post@talk.nabble.com> We are running a windows application that allows us to call a batch program or executable. I can run gpg with not problem from the DOS Command prompt under Windows XP. WHen I try to run it under my application, it doesn't seem to execute to create the encrypted file. I am using the command line: gpg -o enc_file -v -e -r "recipient name" sendfile I put the -v to allow my application to capture the verbose text, but I don't get any text back from the execution. The call is being made in the application with spawnvp(_P_NOWAIT, xcmd, parms); where char xcmd[128]; char *parms[20]; Thanks, Rob -- View this message in context: http://www.nabble.com/gpg-doesn%27t-seem-to-execute-within-windows-application-tf3455573.html#a9640662 Sent from the GnuPG - User mailing list archive at Nabble.com. From alexey_maslennikov at slashmail.org Sat Mar 24 23:00:42 2007 From: alexey_maslennikov at slashmail.org (Alexey Maslennikov) Date: Sun, 25 Mar 2007 00:00:42 +0200 (IST) Subject: ow to create secret key stub Message-ID: <50684.85.130.148.85.1174773642.squirrel@slashmail.org> Good time of day, I have a smart card, which I successfully use on the computer I first initialized it on. I have another computer, and I want to use my smart card on this one too. The question: how do I create secret key stub for my existing smart card key on new computer? Thank you in advance! -- Alexey Maslennikov From macfan21 at mac.com Tue Mar 27 18:02:51 2007 From: macfan21 at mac.com (Mark Dymek) Date: Tue, 27 Mar 2007 12:02:51 -0400 Subject: No subject Message-ID: when i install gnupg 1.4.7 on a mac os x systerm where does the executable file get installed? in other words where does gnupg live on my system. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20070327/e604b87e/attachment.pgp