From wk at gnupg.org Tue Sep 1 09:45:49 2009 From: wk at gnupg.org (Werner Koch) Date: Tue, 01 Sep 2009 09:45:49 +0200 Subject: Possible bug: addkey can create certifying subkey In-Reply-To: <4A9C075C.4030601@jameshoward.us> (James P. Howard, II's message of "Mon, 31 Aug 2009 13:24:44 -0400") References: <4A9C075C.4030601@jameshoward.us> Message-ID: <87y6ozw1jm.fsf@vigenere.g10code.de> On Mon, 31 Aug 2009 19:24, jh at jameshoward.us said: > I am not sure if this is a bug, but given the documentation it is not > the expected behavior. I created new keys this weekend, due to a lost > USB drive. Replicating it here, if you specify --expert and create a > RSA subkey with all the options off, it will create a subkey with all > the options, including certification turned on. Here's a slightly That is perfectly okay. If you want to set the key flag for certification on a subkey, gpg allows you to do so. The OpenPGP standard does not restrict this. Note that despite a subkey carrying this flag, OpenPGP (and thus gpg) will always use the primary key for certification of user-ids and other subkeys (binding signatures) and for certifying other keys (key signatures). Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From hawke at hawkesnest.net Tue Sep 1 20:57:47 2009 From: hawke at hawkesnest.net (Alex Mauer) Date: Tue, 01 Sep 2009 13:57:47 -0500 Subject: Possible bug: addkey can create certifying subkey In-Reply-To: <87y6ozw1jm.fsf__29803.1139806428$1251791538$gmane$org@vigenere.g10code.de> References: <4A9C075C.4030601@jameshoward.us> <87y6ozw1jm.fsf__29803.1139806428$1251791538$gmane$org@vigenere.g10code.de> Message-ID: On 09/01/2009 02:45 AM, Werner Koch wrote: > On Mon, 31 Aug 2009 19:24, jh at jameshoward.us said: >> I am not sure if this is a bug, but given the documentation it is not >> the expected behavior. I created new keys this weekend, due to a lost >> USB drive. Replicating it here, if you specify --expert and create a >> RSA subkey with all the options off, it will create a subkey with all >> the options, including certification turned on. Here's a slightly > > That is perfectly okay. If you want to set the key flag for > certification on a subkey, gpg allows you to do so. The OpenPGP > standard does not restrict this. I think it may still be a problem that attempting to turn off all the flags has the actual effect of turning them all on instead... -Alex Mauer "hawke" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From SeidlS at schneider.com Tue Sep 1 19:51:29 2009 From: SeidlS at schneider.com (Seidl, Scott) Date: Tue, 1 Sep 2009 12:51:29 -0500 Subject: Secret Key replacement Message-ID: <1F1743D578302F4E8E698B09863791F2102C735A64@WSCMS022.Dom1.Schneider.Com> We use gnupg in an automated mode within the organization to encrypt/decrypt documents exchanged between companies. The Key Pair we have is expiring soon and I am replacing it with a new key pair. This new key would be provided to the other companies before the other expires. I have a couple questions about the existing public keys we have imported to our key ring. 1 - it's my belief that I have to sign/trust each of the keys with the new secret key, is that correct? 2 - Is there any command to do a mass sign or must I do a gpg -u XXXXXXX --edit-key YYYYYY for each key? 3 - What other items am I not thinking of? Thanks Scott Seidl seidls at schneider.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jh at jameshoward.us Wed Sep 2 01:50:23 2009 From: jh at jameshoward.us (James P. Howard, II) Date: Tue, 01 Sep 2009 19:50:23 -0400 Subject: Possible bug: addkey can create certifying subkey In-Reply-To: References: <4A9C075C.4030601@jameshoward.us> <87y6ozw1jm.fsf__29803.1139806428$1251791538$gmane$org@vigenere.g10code.de> Message-ID: <4A9DB33F.2070605@jameshoward.us> On Tue Sep 01 2009 14:57:47 GMT-0400 (EST) , Alex Mauer wrote: > On 09/01/2009 02:45 AM, Werner Koch wrote: >> On Mon, 31 Aug 2009 19:24, jh at jameshoward.us said: >>> I am not sure if this is a bug, but given the documentation it is >>> not the expected behavior. I created new keys this weekend, due >>> to a lost USB drive. Replicating it here, if you specify >>> --expert and create a RSA subkey with all the options off, it >>> will create a subkey with all the options, including >>> certification turned on. Here's a slightly >> >> That is perfectly okay. If you want to set the key flag for >> certification on a subkey, gpg allows you to do so. The OpenPGP >> standard does not restrict this. > > I think it may still be a problem that attempting to turn off all > the flags has the actual effect of turning them all on instead... Well, that was kind of my point, but was also confused by the certifying subkey and may have undually dwelt on it. James -- James P. Howard, II, MPA jh at jameshoward.us -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From jbruni at me.com Wed Sep 2 06:41:34 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Tue, 01 Sep 2009 21:41:34 -0700 Subject: Secret Key replacement In-Reply-To: <1F1743D578302F4E8E698B09863791F2102C735A64@WSCMS022.Dom1.Schneider.Com> References: <1F1743D578302F4E8E698B09863791F2102C735A64@WSCMS022.Dom1.Schneider.Com> Message-ID: <64E1489B-74E0-48EA-B9FE-A632BB2579BD@me.com> On Sep 1, 2009, at 10:51 AM, Seidl, Scott wrote: > We use gnupg in an automated mode within the organization to encrypt/ > decrypt documents exchanged between companies. The Key Pair we have > is expiring soon and I am replacing it with a new key pair. This > new key would be provided to the other companies before the other > expires. > > I have a couple questions about the existing public keys we have > imported to our key ring. > 1 ? it?s my belief that I have to sign/trust each of the keys with > the new secret key, is that correct? > 2 ? Is there any command to do a mass sign or must I do a gpg ?u > XXXXXXX --edit-key YYYYYYfor each key? > 3 ? What other items am I not thinking of? > > Thanks > > Scott Seidl > seidls at schneider.com > One thing you could try is implement a corporate certification-only key, used for certifying others' keys. You would have a second keypair used for signing, encryption, and conducting regular business. Your encryption keypair could expire as normal, but your certifying key would not. Then you would set up your trust system to only trust those keys signed by your corporate certification key. Since your certification key doesn't expire (or at least not as frequently), you would save yourself the trouble of having to re- certify all your partners' keys. -Joe From jbruni at me.com Wed Sep 2 06:47:57 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Tue, 01 Sep 2009 21:47:57 -0700 Subject: 1.4.10rc1 vs. OS X 10.6 Message-ID: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> I tried compiling 1.4.10rc1 on Mac OS X 10.6 without success. During "make" the compile bombed here: ... mv -f .deps/mpih-mul.Tpo .deps/mpih-mul.Po gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include -g -O2 -Wall -Wno- pointer-sign -MT mpiutil.o -MD -MP -MF .deps/mpiutil.Tpo -c -o mpiutil.o mpiutil.c mv -f .deps/mpiutil.Tpo .deps/mpiutil.Po gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul1.S | grep -v '^#' > _mpih-mul1.s gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include -g -O2 -Wall -Wno- pointer-sign -c _mpih-mul1.s _mpih-mul1.s:6:suffix or operands invalid for `push' _mpih-mul1.s:7:suffix or operands invalid for `push' _mpih-mul1.s:8:suffix or operands invalid for `push' _mpih-mul1.s:9:suffix or operands invalid for `push' _mpih-mul1.s:33:suffix or operands invalid for `pop' _mpih-mul1.s:34:suffix or operands invalid for `pop' _mpih-mul1.s:35:suffix or operands invalid for `pop' _mpih-mul1.s:36:suffix or operands invalid for `pop' make[2]: *** [mpih-mul1.o] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 From jbruni at me.com Wed Sep 2 06:52:52 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Tue, 01 Sep 2009 21:52:52 -0700 Subject: 1.4.10rc1 vs. OS X 10.6 In-Reply-To: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> References: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> Message-ID: On Sep 1, 2009, at 9:47 PM, Joseph Oreste Bruni wrote: > I tried compiling 1.4.10rc1 on Mac OS X 10.6 without success. > > During "make" the compile bombed here: > > ... > mv -f .deps/mpih-mul.Tpo .deps/mpih-mul.Po > gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include -g -O2 -Wall -Wno- > pointer-sign -MT mpiutil.o -MD -MP -MF .deps/mpiutil.Tpo -c -o > mpiutil.o mpiutil.c > mv -f .deps/mpiutil.Tpo .deps/mpiutil.Po > gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul1.S | grep -v '^#' > > _mpih-mul1.s > gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include -g -O2 -Wall -Wno- > pointer-sign -c _mpih-mul1.s > _mpih-mul1.s:6:suffix or operands invalid for `push' > _mpih-mul1.s:7:suffix or operands invalid for `push' > _mpih-mul1.s:8:suffix or operands invalid for `push' > _mpih-mul1.s:9:suffix or operands invalid for `push' > _mpih-mul1.s:33:suffix or operands invalid for `pop' > _mpih-mul1.s:34:suffix or operands invalid for `pop' > _mpih-mul1.s:35:suffix or operands invalid for `pop' > _mpih-mul1.s:36:suffix or operands invalid for `pop' > make[2]: *** [mpih-mul1.o] Error 1 > make[1]: *** [all-recursive] Error 1 > make: *** [all] Error 2 > > If I use --disable-asm during configure, the compile completes and a "make check" shows all tests pass! -Joe From John at Mozilla-Enigmail.org Wed Sep 2 06:55:15 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 01 Sep 2009 23:55:15 -0500 Subject: 1.4.10rc1 vs. OS X 10.6 In-Reply-To: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> References: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> Message-ID: <4A9DFAB3.2070409@Mozilla-Enigmail.org> Joseph Oreste Bruni wrote: > I tried compiling 1.4.10rc1 on Mac OS X 10.6 without success. > > During "make" the compile bombed here: > > ... > mv -f .deps/mpih-mul.Tpo .deps/mpih-mul.Po > gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include -g -O2 -Wall -Wno- > pointer-sign -MT mpiutil.o -MD -MP -MF .deps/mpiutil.Tpo -c -o > mpiutil.o mpiutil.c > mv -f .deps/mpiutil.Tpo .deps/mpiutil.Po > gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul1.S | grep -v '^#' > > _mpih-mul1.s > gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include -g -O2 -Wall -Wno- > pointer-sign -c _mpih-mul1.s > _mpih-mul1.s:6:suffix or operands invalid for `push' > _mpih-mul1.s:7:suffix or operands invalid for `push' > _mpih-mul1.s:8:suffix or operands invalid for `push' > _mpih-mul1.s:9:suffix or operands invalid for `push' > _mpih-mul1.s:33:suffix or operands invalid for `pop' > _mpih-mul1.s:34:suffix or operands invalid for `pop' > _mpih-mul1.s:35:suffix or operands invalid for `pop' > _mpih-mul1.s:36:suffix or operands invalid for `pop' > make[2]: *** [mpih-mul1.o] Error 1 > make[1]: *** [all-recursive] Error 1 > make: *** [all] Error 2 Try running configure with '--disable-asm' -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 682 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Wed Sep 2 07:04:28 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 02 Sep 2009 07:04:28 +0200 Subject: Possible bug: addkey can create certifying subkey In-Reply-To: (Alex Mauer's message of "Tue, 01 Sep 2009 13:57:47 -0500") References: <4A9C075C.4030601@jameshoward.us> <87y6ozw1jm.fsf__29803.1139806428$1251791538$gmane$org@vigenere.g10code.de> Message-ID: <87skf6os2r.fsf@vigenere.g10code.de> On Tue, 1 Sep 2009 20:57, hawke at hawkesnest.net said: > I think it may still be a problem that attempting to turn off all the > flags has the actual effect of turning them all on instead... That is per OpenPGP: Key flags are not required and thus lacking any key flags, we need to assume all capabilities. Of course it would be possible to add an empty list of key flags (in contrast to "no list"). IMHO this does not make any sense thus we don't create a key flags list at all if you reset all key flags. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From debian at neuerweg.de Wed Sep 2 08:33:12 2009 From: debian at neuerweg.de (debianfeed) Date: Wed, 02 Sep 2009 08:33:12 +0200 Subject: Using gpg-groups in gnome? In-Reply-To: <200908272030.33297@thufir.ingo-kloecker.de> References: <4A963760.1090704@neuerweg.de> <200908272030.33297@thufir.ingo-kloecker.de> Message-ID: <4A9E11A8.3000308@neuerweg.de> Ingo Kl?cker schrieb: > On Thursday 27 August 2009, debianfeed wrote: > >> Hello >> >> does anybody here know a possibility to use gpg key-groups under >> gnome? groups defined in the gpg.conf >> (e.g. "group mygroupname = 0xAAAA9DB0 0xBBBB9540") >> do not show up in nautilus' seahorse extension. >> >> kgpg is capable of dealing with groups, but as it is a >> KDE-application it ist not usable via the nautilus context menu. >> > > I doubt very much that kgpg cannot be added to the Nautilus context > menu. I'm pretty sure any application can be added to the Nautilus > context menu. Thanks Ingo. Yes, you can use nautilus-actions or nautilus-scripts for kgpg, but in reality used this way kgpg crashes five times a day, "forgets" its settings like "use untrusted keys" and so on. That is not acceptable in a productive enviroment with 80+ Users. I hoped someone would have an idea about a more stable solution. Mark From jerome.blanc at nerim.net Wed Sep 2 10:55:34 2009 From: jerome.blanc at nerim.net (=?UTF-8?B?SsOpcsO0bWU=?= Blanc) Date: Wed, 2 Sep 2009 10:55:34 +0200 Subject: Signing with a key on a smart card In-Reply-To: <20090804220120.3c3715d5@Gemini> References: <20090804220120.3c3715d5@Gemini> Message-ID: <20090902105534.7780e575@Gemini> Hello, anyone that could explain me how gpg chooses which secret key to use or how I could tell gpg which one to use ? Or maybe a way I can tell gpg not to use the smart card while on a certain computer. I still don't get why it doesn't manage to use the proper secret key and google is definitely not my friend. Thanks Le mardi 04 ao?t 2009 ? 22:01, J?r?me Blanc a ?crit : > Hello, > > I'm currently toying with an OpenPGP smart card, but I meet some > difficulties getting how this works. > > I have the Smart Card properly set up (at least I do think so ;-)) : > > [gemini at Gemini ~]$ gpg --card-status > > gpg: detected reader `Gemplus GemPC Twin 00 00' > [?] > Signature key ....: 5898 DBEA 1139 733B ACFD 7880 E8B6 F7C5 2B20 7AEF > created ....: 2009-08-02 11:34:17 > Encryption key....: A52C FAAC D39F 252D A2C4 0149 2B0F 7310 7C9E D800 > created ....: 2009-08-02 11:37:25 > Authentication key: D179 47D8 3B01 87A3 3C86 1AB0 2E8D 6DE6 F8D5 6EFC > created ....: 2009-08-04 19:22:04 > In the keyring, I have 3 private master keys, for handling 3 different > identities. > > In the gpg.conf, the default key is the master key that generated the > subkeys that are on the smart card. > > I can cipher and decipher using the keys on the smart card. However, > when I try to sign a file, then I have the following : > > [gemini at Gemini ~]$ gpg --sign -u 2B207AEF test.txt > Le fichier `test.txt.gpg' existe. R??crire par-dessus ? (o/N) > gpg: detected reader `Gemplus GemPC Twin 00 00' > gpg: la signature a ?chou?: mauvaise cl? secr?te utilis?e > gpg: signing failed: mauvaise cl? secr?te utilis?e > > which means => signing failed: wrong secret key used > > Signing works with the two other master keys. As well, using the same > card on another computer works, with an empty gpg keyring but the > public keys related to it. > > Does this mean I have no other choice but to remove master keys of > that "identity" in order to be able to use the card with my computer ? > > Thanks ! > > Regards, -- J?r?me Blanc OpenPGP : 1024D/F44DB96C -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From wk at gnupg.org Wed Sep 2 13:12:35 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 02 Sep 2009 13:12:35 +0200 Subject: Signing with a key on a smart card In-Reply-To: <20090902105534.7780e575@Gemini> (=?utf-8?B?IkrDqXLDtG1l?= Blanc"'s message of "Wed, 2 Sep 2009 10:55:34 +0200") References: <20090804220120.3c3715d5@Gemini> <20090902105534.7780e575@Gemini> Message-ID: <87d469pplo.fsf@vigenere.g10code.de> On Wed, 2 Sep 2009 10:55, jerome.blanc at nerim.net said: > anyone that could explain me how gpg chooses which secret key to use or > how I could tell gpg which one to use ? Without an option, gpg uses the first available secret key for signing. This is usually not desired, thus you can use "default-key" in gpg.conf to select a different one. If you want to use another than the default key, you may give it on the command line with "-u USERID". You may even give several "-u" options to sign the data with several keys. An OpenPGP keys consists of a primary key and optionally several subkeys. Gpg uses the latest subkey capable of signing to create a signature, if no such subkey is available, the primary key is used. This happens even if you speicify the keyid of a subkey. If you want to force the use of a specific signing subkey, you need use the ! suffix to the keyid. Example: pub 1024D/5B0358A2 created: 1999-03-15 expires: 2011-07-11 usage: SC sub 2048R/B604F148 created: 2004-03-21 expired: 2005-12-31 usage: E sub 2048R/C3680A6E created: 2006-01-01 expired: 2007-12-31 usage: E sub 1024D/3D52C282 created: 2007-12-31 expires: 2010-07-11 usage: S sub 2048R/F409CD54 created: 2007-12-31 expires: 2011-07-10 usage: E sub 2048R/12345678 created: 2009-06-30 expires: 2010-07-10 usage: S Using: -u 0x5B0358A2 ==> Subkey 0x12345678 is used. -u 0x12345678 ==> Subkey 0x12345678 is used. -u 0x3D52C282 ==> Subkey 0x12345678 is used. -u 0x3D52C282! ==> Subkey 0x3D52C282 is used. Due to the key expiration, this will chnage in one year to: -u 0x5B0358A2 ==> Primary key 0x5B0358A2 is used. -u 0x12345678 ==> Primary key 0x5B0358A2 is used. -u 0x3D52C282 ==> Primary key 0x5B0358A2 is used. -u 0x3D52C282! ==> Primary key 0x5B0358A2 is used. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rjh at sixdemonbag.org Wed Sep 2 15:04:11 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 02 Sep 2009 09:04:11 -0400 Subject: 1.4.10rc1 vs. OS X 10.6 In-Reply-To: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> References: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> Message-ID: <1251896651.16235.2.camel@linux-gil5.site> > I tried compiling 1.4.10rc1 on Mac OS X 10.6 without success. I can recreate this bug on 1.4.9 and 1.4.10rc1 on a MacBook Pro running Snow Leopard. I can also confirm that John's fix of passing "--disable-asm" to the configure script works. Can we get an #ifdef for Darwin to replace the ASM blocks with compiled code? Happy compiling! From shavital at mac.com Wed Sep 2 15:14:19 2009 From: shavital at mac.com (Charly Avital) Date: Wed, 02 Sep 2009 09:14:19 -0400 Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: <4A9E6FAB.2040706@mac.com> Robert J. Hansen wrote the following on 3/6/07 10:06 AM: > I've taken the liberty of packaging up 1.4.7 for OS X. (I apologize > to Benjamin if I'm stepping on his toes here; by my recollection, > he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.) I believe you are. > Using the recent release of 1.4.9, I have just compiled from source 1.4.9 with IDEA for MacOSX 10.5.8.(straightforward in Terminal). I guess that when I upgrade to 10.6 (a couple of weeks from now), I may be in from some surprises, according to what I have read in this list. So far, so good. Thank you Robert. Charly $ gpg --version gpg (GnuPG) 1.4.9 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 From shavital at mac.com Wed Sep 2 15:22:57 2009 From: shavital at mac.com (Charly Avital) Date: Wed, 02 Sep 2009 09:22:57 -0400 Subject: 1.4.7 packages for OS X In-Reply-To: <4A9E6FAB.2040706@mac.com> References: <4A9E6FAB.2040706@mac.com> Message-ID: <4A9E71B1.5010000@mac.com> Charly Avital wrote the following on 9/2/09 9:14 AM: > Robert J. Hansen wrote the following on 3/6/07 10:06 AM: >> I've taken the liberty of packaging up 1.4.7 for OS X. (I apologize >> to Benjamin if I'm stepping on his toes here; by my recollection, >> he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.) I apologize to the list, to Robert and to Benjamin. I just picked up an old post, and reacted knee-jerk (emphasis on "jerk" -> yours truly). I'll be back to 1.4.10RC1. Sorry again. Charly From dshaw at jabberwocky.com Wed Sep 2 17:11:03 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 2 Sep 2009 11:11:03 -0400 Subject: 1.4.10rc1 vs. OS X 10.6 In-Reply-To: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> References: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> Message-ID: On Sep 2, 2009, at 12:47 AM, Joseph Oreste Bruni wrote: > I tried compiling 1.4.10rc1 on Mac OS X 10.6 without success. 10.6 ships with a newer version of the compiler toolchain that is giving a few headaches here and there. Until we work out the issue, just compile with --disable-asm. David From dshaw at jabberwocky.com Wed Sep 2 17:18:23 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 2 Sep 2009 11:18:23 -0400 Subject: Secret Key replacement In-Reply-To: <1F1743D578302F4E8E698B09863791F2102C735A64@WSCMS022.Dom1.Schneider.Com> References: <1F1743D578302F4E8E698B09863791F2102C735A64@WSCMS022.Dom1.Schneider.Com> Message-ID: On Sep 1, 2009, at 1:51 PM, Seidl, Scott wrote: > We use gnupg in an automated mode within the organization to encrypt/ > decrypt documents exchanged between companies. The Key Pair we have > is expiring soon and I am replacing it with a new key pair. This > new key would be provided to the other companies before the other > expires. > > I have a couple questions about the existing public keys we have > imported to our key ring. > 1 ? it?s my belief that I have to sign/trust each of the keys with > the new secret key, is that correct? It depends. Many uses of GPG in an automated mode use "--trust-model always" or "--always-trust", since there is no need for a web of trust in their setup. If you are using one of those options, then there is no need to sign anything. If you are not using one of those options, you probably need to make some signatures. > 2 ? Is there any command to do a mass sign or must I do a gpg ?u > XXXXXXX --edit-key YYYYYY for each key? No mass sign ability, but you can do some shell magic like: for i in (the keyids here) do gpg -u XXXXXX --lsign $i done This assumes you don't have a passphrase on the key (otherwise you'd have to type it multiple times as the shell loop ran), but no passphrases is also a common setup for automated use. David From jbruni at me.com Wed Sep 2 18:06:51 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Wed, 02 Sep 2009 09:06:51 -0700 Subject: Secret Key replacement In-Reply-To: References: <1F1743D578302F4E8E698B09863791F2102C735A64@WSCMS022.Dom1.Schneider.Com> Message-ID: <1885564485267653096374965815734278169-Webmail@me.com> On Wednesday, September 02, 2009, at 08:18AM, "David Shaw" wrote: > >No mass sign ability, but you can do some shell magic like: > >for i in (the keyids here) >do > gpg -u XXXXXX --lsign $i >done > >This assumes you don't have a passphrase on the key (otherwise you'd >have to type it multiple times as the shell loop ran), but no >passphrases is also a common setup for automated use. > >David To expand on David's script, the portion found in '(the keyids here)' can be extracted using the following: $ gpg --with-colons --list-keys | grep -e '^pub' | cut -d: -f5 -Joe From wk at gnupg.org Wed Sep 2 19:35:56 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 02 Sep 2009 19:35:56 +0200 Subject: 1.4.10rc1 and v2 OpenPGP cards/3072 bit keys In-Reply-To: <4A9AA3B2.4080803@gefira.pl> (Dariusz Suchojad's message of "Sun, 30 Aug 2009 18:07:14 +0200") References: <4A9AA3B2.4080803@gefira.pl> Message-ID: <87my5dntab.fsf@vigenere.g10code.de> On Sun, 30 Aug 2009 18:07, dsuch at gefira.pl said: > However, I cannot decrypt a message encrypted with a 3072b key, also > generated on-card. I'm 100% sure I'm entering a correct PIN but still I can confirm that. It seems there are actually two problems: One bug in gpg and afaics a bug in the card. I track the problem at https://bugs.g10code.com/gnupg/issue1114 Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Wed Sep 2 19:21:18 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 02 Sep 2009 19:21:18 +0200 Subject: [Announce] GnuPG 1.4.10 released Message-ID: <87vdk1ntyp.fsf@vigenere.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-1 release: Version 1.4.10. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility, samrtcard support and is compliant with the OpenPGP Internet standard as described by RFC-4880 (the update of RFC-2440). Note that this version is from the GnuPG-1 series and thus smaller than those from the GnuPG-2 series, easier to build and also better portable. In contrast to GnuPG-2 (e.g version 2.0.12) it comes with no support for S/MIME or other tools useful for desktop environments. Fortunately you may install both versions alongside on the same system without any conflict. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.10 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.10.tar.bz2 (3331k) gnupg-1.4.10.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.10.tar.gz (4636k) gnupg-1.4.10.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.9-1.4.10.diff.bz2 (189k) A patch file to upgrade a 1.4.9 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.10.exe (1531k) gnupg-w32cli-1.4.10.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. This is a command line only version; the source files are the same as given above. Note, that this is a minimal installer and unless you are just in need for the gpg binary, you are better off using the full featured installer at http://www.gpg4win.org . Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.10.tar.bz2 you would use this command: gpg --verify gnupg-1.4.10.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.10.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.10.tar.bz2 and check that the output matches the second line from the following list: fd1b6a5f3b2dd836b598a1123ac257b8f105615d gnupg-1.4.10.tar.bz2 0db579b2dc202213424f55243906b71228dd18d1 gnupg-1.4.10.tar.gz 4a6b9f8b15d9849307a90f2b35bde8fd2d111331 gnupg-1.4.9-1.4.10.diff.bz2 c4383992b4815311e523d2f12684d47b7a552fca gnupg-w32cli-1.4.10.exe What's New =========== * 2048 bit RSA keys are now generated by default. The default hash algorithm preferences has changed to prefer SHA-256 over SHA-1. 2048 bit DSA keys are now generated to use a 256 bit hash algorithm * Support v2 OpenPGP cards. * The algorithm to compute the SIG_ID status has been changed to match the one from 2.0.10. * Improved file locking. Implemented it for W32. * Fixed a memory leak which made imports of many keys very slow. * Many smaller bug fixes. * Support for the Camellia cipher (RFC-5581). * Support for HKP keyservers over SSL ("HKPS"). Internationalization ==================== GnuPG comes with support for 28 languages. Due to a lot of new and changed strings some translations are not entirely complete. The Chinese (Simple and Traditional), Czech, Dutch, French, German, Norwegian, Polish, Romanian, Russian, Spanish, Swedish and Turkish translations are close to be complete. Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, order extensions or support or more general by donating money to the Free Software movement (e.g. http://www.fsfeurope.org/help/donate.en.html). Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by gpg's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. A service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Werner and the other contributors) -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From benjamin at py-soft.co.uk Wed Sep 2 20:45:43 2009 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 2 Sep 2009 19:45:43 +0100 Subject: 1.4.10rc1 vs. OS X 10.6 In-Reply-To: <1251896651.16235.2.camel@linux-gil5.site> References: <53D43C62-FF90-4387-9269-464E355FF5EA@me.com> <1251896651.16235.2.camel@linux-gil5.site> Message-ID: <732076a80909021145y6c28d19axc2d22a4f1b890b5a@mail.gmail.com> 2009/9/2 Robert J. Hansen : > Can we get an #ifdef for Darwin to replace the ASM blocks with compiled > code? I tested it as part of my Universal Binary build, and the ASM blocks make little difference with fast processors. Ben From bwyatt_sub at comcast.net Wed Sep 2 21:12:49 2009 From: bwyatt_sub at comcast.net (Bob Wyatt) Date: Wed, 2 Sep 2009 15:12:49 -0400 Subject: Install GnuPG 2.0.12 on AIX 5.3 Maintenance (Technology) Level 3 Message-ID: I am boldly trying to get GnuPG 2.0.12 installed, even though I don't really need S/MIME or desktop support. So while this request for help festers a bit, I will download the 1.4 version and see if I can get that to go. When I configure GnuPG 2.0.12, it tells me that linassuan-1.0.4 (minimum) nor Pth are installed. I initially tried libassuan 1.0.5, but it gave me several problems, so I went back to 1.0.4. GnuPG wants libassuan-1.0.4 (API 1), but I can only find 1 version of 1.0.4, so I presume that is API 1. I had issues installing Pth-2.0.7, arising from fdsetsize, but I worked around that with the help of the Pth users (Ken, specifically) by doing the configure with -with-fdsetsize=1024. Both libassuan-1.0.4 and pth-2.0.7 did install into /usr/local/lib, in the end, with no errors. Does anyone have any hints what options I may need to change on my configure, or other advice? -------------- next part -------------- An HTML attachment was scrubbed... URL: From bwyatt_sub at comcast.net Wed Sep 2 22:55:01 2009 From: bwyatt_sub at comcast.net (Bob Wyatt) Date: Wed, 2 Sep 2009 16:55:01 -0400 Subject: GnuPG-1.4.9 Install on AIX 5.3 Maintenance (Technology) Level 3 Message-ID: After doing a CFLAGS="-g -02 -mcpu=powerpc" ./configure, the following is reported: configure: WARNING: pthread.h: present but cannot be compiled configure: WARNING: pthread.h: check for missing prerequisite headers? configure: WARNING: pthread.h: see the Autoconf documentation configure: WARNING: pthread.h: section "Present But Cannot Be Compiled" configure: WARNING: pthread.h: proceeding with the preprocessor's result configure: WARNING: pthread.h: in the future, the compiler will take precedence configure: WARNING: ## -------------------------------- ## configure: WARNING: ## Report this to bug-gnupg at gnu.org ## configure: WARNING: ## -------------------------------- ## Has anyone seen this before and have a workaround? -------------- next part -------------- An HTML attachment was scrubbed... URL: From benjamin at py-soft.co.uk Wed Sep 2 23:17:33 2009 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 2 Sep 2009 22:17:33 +0100 Subject: GnuPG-1.4.9 Install on AIX 5.3 Maintenance (Technology) Level 3 In-Reply-To: References: Message-ID: <732076a80909021417u35036380k936f22b6b84a66c5@mail.gmail.com> 2009/9/2 Bob Wyatt : > After doing a CFLAGS=?-g -02 ?mcpu=powerpc? ./configure, the following is > reported: I think you mentioned that pthreads was installed under /usr/local/ try: ./configure --with-pth-prefix=/usr/local/ For further options, take a look at ./configure --help Ben From rjh at sixdemonbag.org Wed Sep 2 23:27:05 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 02 Sep 2009 17:27:05 -0400 Subject: 1.4.7 packages for OS X In-Reply-To: <4A9E6FAB.2040706@mac.com> References: <4A9E6FAB.2040706@mac.com> Message-ID: <4A9EE329.3040105@sixdemonbag.org> Charly Avital wrote: > Thank you Robert. I did builds for only a very brief period of time: once he got 1.4.7 packages built, I stopped. He does a great job with MacGPG, and I've got no desire to duplicate work that's already being done well. Thanks, Benjamin, for all your work. The Mac users really appreciate it. :) From jh at jameshoward.us Thu Sep 3 04:47:09 2009 From: jh at jameshoward.us (James P. Howard, II) Date: Wed, 02 Sep 2009 22:47:09 -0400 Subject: Possible bug: addkey can create certifying subkey In-Reply-To: <87skf6os2r.fsf@vigenere.g10code.de> References: <4A9C075C.4030601@jameshoward.us> <87y6ozw1jm.fsf__29803.1139806428$1251791538$gmane$org@vigenere.g10code.de> <87skf6os2r.fsf@vigenere.g10code.de> Message-ID: <4A9F2E2D.4010805@jameshoward.us> On Wed Sep 02 2009 01:04:28 GMT-0400 (EST) , Werner Koch wrote: > On Tue, 1 Sep 2009 20:57, hawke at hawkesnest.net said: > >> I think it may still be a problem that attempting to turn off all >> the flags has the actual effect of turning them all on instead... > > That is per OpenPGP: Key flags are not required and thus lacking any > key flags, we need to assume all capabilities. Of course it would > be possible to add an empty list of key flags (in contrast to "no > list"). IMHO this does not make any sense thus we don't create a key > flags list at all if you reset all key flags. This makes a lot of sense, now. Thank you for the clarification. James -- James P. Howard, II, MPA jh at jameshoward.us -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From hidekis at gmail.com Thu Sep 3 09:10:57 2009 From: hidekis at gmail.com (Hideki Saito) Date: Thu, 3 Sep 2009 00:10:57 -0700 Subject: Windows 1.4.10 Problem? Message-ID: Hello, I'm just trying GnuPG 1.4.10 for Windows now, and I'm seeing this odd problem. When I try to do gpg --edit-key mykeyid, I see something like the following: gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. This key was revoked on 0?M by (null) key (null) This key may be revoked by ?? key (null) ?3L 32?/DSA created: ?M revoked: 0?M usage: ?M gpg: fatal: WriteConsole failed: ??????????????????????? ??? secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 The error message next to "WriteConsole failed" says "There's not enough storage (or memory?) to execute this command. Also something like following causes gpg to crash when I type in some characters. gpg -o temp.txt -c ? L Anything I can try to fix this? -- Hideki Saito -------------- next part -------------- An HTML attachment was scrubbed... URL: From hidekis at gmail.com Thu Sep 3 09:45:31 2009 From: hidekis at gmail.com (Hideki Saito) Date: Thu, 3 Sep 2009 00:45:31 -0700 Subject: Windows 1.4.10 Problem? In-Reply-To: References: Message-ID: And here's screenshot just in case: http://www.facebook.com/photo.php?pid=2627732&l=0243cc15e8&id=661728650 Another thing I've tested was to rollback 1.4.9 to recreate problem, with no luck, and replacing iconv.dll from 1.4.9 didn't help either, so it seems like definitely problem started happening on 1.4.10... -- Hideki Saito 2009/9/3 Hideki Saito > Hello, > I'm just trying GnuPG 1.4.10 for Windows now, and I'm seeing this odd > problem. > > When I try to do gpg --edit-key mykeyid, I see something like the > following: > gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Secret key is available. > > This key was revoked on 0?M by (null) key (null) > This key may be revoked by ?? key (null) > ?3L 32?/DSA created: ?M revoked: 0?M usage: ?M > gpg: fatal: WriteConsole failed: ??????????????????????? > ??? > secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 > > The error message next to "WriteConsole failed" says "There's not enough > storage (or memory?) to execute this command. > > Also something like following causes gpg to crash when I type in some > characters. > > gpg -o temp.txt -c > ? L > > Anything I can try to fix this? > > -- > Hideki Saito > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hidekis at gmail.com Thu Sep 3 08:36:40 2009 From: hidekis at gmail.com (Hideki Saito) Date: Wed, 2 Sep 2009 23:36:40 -0700 Subject: Changes in 1.4.10 In-Reply-To: <4A84537D.6030109@mac.com> References: <87ocqj6ali.fsf@wheatstone.g10code.de> <87k5176ae1.fsf@wheatstone.g10code.de> <4A84537D.6030109@mac.com> Message-ID: Just thought of something here... $ gpg --version > gpg (GnuPG) 1.4.10rc1 > NOTE: THIS IS A DEVELOPMENT VERSION! > It is only intended for test purposes and should NOT be > used in a production environment or with production keys! > Copyright (C) 2008 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Doesn't this (C) 2008 supposed to say (C) 2009? -- Hideki Saito -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Thu Sep 3 10:14:03 2009 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Sep 2009 10:14:03 +0200 Subject: [Announce] W32 build of GnuPG 1.4.10 is broken In-Reply-To: <87vdk1ntyp.fsf@vigenere.g10code.de> (Werner Koch's message of "Wed, 02 Sep 2009 19:21:18 +0200") References: <87vdk1ntyp.fsf@vigenere.g10code.de> Message-ID: <87k50gmoms.fsf@vigenere.g10code.de> Hi, GnuPG 1.4.10 has been announced yesterday, including a binary for Microsoft windows: > gnupg-w32cli-1.4.10.exe (1531k) > gnupg-w32cli-1.4.10.exe.sig > > GnuPG compiled for Microsoft Windows and OpenPGP signature. > This is a command line only version; the source files are the > same as given above. Note, that this is a minimal installer and > unless you are just in need for the gpg binary, you are better > off using the full featured installer at http://www.gpg4win.org . > c4383992b4815311e523d2f12684d47b7a552fca gnupg-w32cli-1.4.10.exe It has been reported that this build is proken. Output and input via the console prints weird characters and gpg may crash. We are investigating the problem now. The file has been removed from the main ftp server but it may still be available from mirror sites Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From wk at gnupg.org Thu Sep 3 11:47:01 2009 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Sep 2009 11:47:01 +0200 Subject: Changes in 1.4.10 In-Reply-To: (Hideki Saito's message of "Wed, 2 Sep 2009 23:36:40 -0700") References: <87ocqj6ali.fsf@wheatstone.g10code.de> <87k5176ae1.fsf@wheatstone.g10code.de> <4A84537D.6030109@mac.com> Message-ID: <877hwgmkbu.fsf@vigenere.g10code.de> On Thu, 3 Sep 2009 08:36, hidekis at gmail.com said: > Doesn't this (C) 2008 supposed to say (C) 2009? Good catch but too late for 1.4.10. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Thu Sep 3 16:37:58 2009 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Sep 2009 16:37:58 +0200 Subject: [Announce] Updated W32 build of GnuPG 1.4.10 In-Reply-To: <87k50gmoms.fsf@vigenere.g10code.de> (Werner Koch's message of "Thu, 03 Sep 2009 10:14:03 +0200") References: <87vdk1ntyp.fsf@vigenere.g10code.de> <87k50gmoms.fsf@vigenere.g10code.de> Message-ID: <874orkksah.fsf_-_@vigenere.g10code.de> Hi, the broken binary build of GnuPG 1.4.10 for Microsoft Windows has been fixed. The new installer has a new file name and includes a small source patch to document the applied fix. It can be downloaded from ftp://ftp.gnupg.org/gcrypt/binary/ gnupg-w32cli-1.4.10a.exe (1539k) gnupg-w32cli-1.4.10a.exe.sig The SHA-1 checksum is: eecf2ef835b77f2400f05115c5752a11bc37ecfc gnupg-w32cli-1.4.10a.exe Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From devilio at gmail.com Thu Sep 3 16:46:16 2009 From: devilio at gmail.com (devilio at gmail.com) Date: Thu, 03 Sep 2009 16:46:16 +0200 Subject: Encrypting and signing in the same run Message-ID: <4A9FD6B8.5080308@gmail.com> Good afternoon all, A business partner is asking us to encrypt and sign our files with PGP before uploading it on their server. I decided to use GnuPG as it is said to be compatible. After having generated keys and added their key to our keyring, I used, as said in the man page : gpg -se -r 'Partner Name' file_to_encrypt. However, it doesn't seem to meet their requirements. Here's the reply of our partner : "The file is first encrypted and then signed. Not encrypted and signed in the same run." Our partner has to remove our signature before to be able to decrypt the file. I don't see what I'm doing wrong, even after some searches in manual and other sites. Does anyone see what's going wrong ? Thanks you in advance for your help, S?bastien From rjh at sixdemonbag.org Thu Sep 3 18:01:29 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Sep 2009 12:01:29 -0400 Subject: Encrypting and signing in the same run In-Reply-To: <4A9FD6B8.5080308@gmail.com> References: <4A9FD6B8.5080308@gmail.com> Message-ID: <1251993689.16235.8.camel@linux-gil5.site> > However, it doesn't seem to meet their requirements. Here's the reply of > our partner : > "The file is first encrypted and then signed. Not encrypted and signed > in the same run." It's possible that your partner has phrased things poorly. It may be your partner meant to say, "We want the file to be encrypted and then signed, not encrypted and signed in the same run." The way you are doing things, GnuPG will (in effect) combine encryption and signing into a single step. Some groups have policies that say this is a bad idea. For these people, you need to explicitly break it up into two steps: gpg --encrypt --recipient 'Your Recipient' filename gpg --sign --local-user 'Your Key' filename.gpg This _may_ be the problem. I make no guarantees. From jbruni at me.com Thu Sep 3 19:50:10 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Thu, 03 Sep 2009 10:50:10 -0700 Subject: UI enhancement request Message-ID: <78060965421196564385187426116578326681-Webmail@me.com> Here is a UI enhancement request: In the "edit-key" menu, typing "uid *" selects all UID's. Currently, I have to type "uid #" for every UID individually. Typing "uid" by itself currently deselects all UID's. From bwyatt_sub at comcast.net Thu Sep 3 22:23:09 2009 From: bwyatt_sub at comcast.net (Bob Wyatt) Date: Thu, 3 Sep 2009 16:23:09 -0400 Subject: linassuan-1.0.5 on AIX 5.3 TL 3 Message-ID: After my prior note, I tried updating the libassuan package from 1.0.4 to 1.0.5 using the entire ftp'd from the gnupg site. With the environment set as follows: export CC=gcc export LIBPATH=/usr/lib:/usr/ccs/lib:/usr/local/lib export CFLAGS="-g -O2 -mcpu=powerpc" and running configure as:" ./configure -with-pth-prefix=/usr/local -program-prefix=/usr/local I receive the following: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include -g -O2 -mcpu=powerpc -Wall -Wc ast-align -Wshadow -Wstrict-prototypes -Wpointer-arith -MT assuan-io.o -MD -MP - MF .deps/assuan-io.Tpo -c -o assuan-io.o assuan-io.c assuan-io.c: In function `_assuan_usleep': assuan-io.c:225: error: storage size of `req' isn't known assuan-io.c:226: error: storage size of `rem' isn't known assuan-io.c:234: warning: implicit declaration of function `nanosleep' assuan-io.c:225: warning: unused variable `req' assuan-io.c:226: warning: unused variable `rem' make[3]: *** [assuan-io.o] Error 1 make[3]: Leaving directory `/usr/local/libassuan-1.0.5/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/local/libassuan-1.0.5/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/libassuan-1.0.5' make: *** [all] Error 2 The code that seems to be problematic for this system is: +219 _assuan_usleep (unsigned int usec) +220 { +221 #ifdef HAVE_W32_SYSTEM +222 /* FIXME. */ +223 Sleep (usec / 1000); +224 #else +225 struct timespec req; +226 struct timespec rem; +227 +228 if (usec == 0) +229 return; +230 +231 req.tv_sec = 0; +232 req.tv_nsec = usec * 1000; +233 +234 while (nanosleep (&req, &rem) < 0 && errno == EINTR) +235 req = rem; +236 #endif +237 } Has anyone run into this or have advice to get around this? -------------- next part -------------- An HTML attachment was scrubbed... URL: From bwyatt_sub at comcast.net Thu Sep 3 21:40:23 2009 From: bwyatt_sub at comcast.net (Bob Wyatt) Date: Thu, 3 Sep 2009 15:40:23 -0400 Subject: GnuPG 2.0.12 on AIX 5.3 TL 03 Message-ID: When I run configure, I now have in my environment: export CC=gcc export CFLAGS="-g -O2 -mcpu=powerpc" export LIBPATH=/usr/lib:/usr/ccs/lib:/usr/local/lib When running the configure for GnuPG, I execute: ./configure -program-prefix=/usr/local -with-libassuan-prefix=/usr/local -with-pth-prefix=/usr/local The configure runs through several checks, reporting: configure: checking for libraries checking for gpg-error-config... /usr/local/bin/gpg-error-config checking for GPG Error - version >= 1.4... yes (1.7) checking for libgcrypt-config... /usr/local/bin/libgcrypt-config checking for LIBGCRYPT - version >= 1.4.0... yes (1.4.4) checking LIBGCRYPT API version... okay checking for libassuan-config... /usr/local/bin/libassuan-config checking for LIBASSUAN - version >= 1.0.4... yes (1.0.4) checking LIBASSUAN API version... okay checking for libassuan-config... (cached) /usr/local/bin/libassuan-config checking for LIBASSUAN pth - version >= 1.0.4... no checking for libassuan-config... (cached) /usr/local/bin/libassuan-config checking for LIBASSUAN - version >= 1.0.1... yes (1.0.4) checking LIBASSUAN API version... okay checking for ksba-config... /usr/local/bin/ksba-config checking for KSBA - version >= 1.0.2... yes (1.0.7) checking KSBA API version... okay checking for usb_bulk_write in -lusb... no checking for usb_create_match... no checking for library containing dlopen... none required checking for openpty in -lutil... no checking for shred... /usr/bin/shred checking for pth-config... /usr/local/bin/pth-config checking for PTH - version >= 1.3.7... yes checking whether PTH installation is sane... no So I'm thinking this looks good, up until whether the pth installation is declared as not being sane. But at least I now have the libassuan, so this is progress! Until the ./configure terminates with: configure: WARNING: *** *** To support concurrent access to the gpg-agent and the SCdaemon *** we need the support of the GNU Portable Threads Library. *** Download it from ftp://ftp.gnu.org/gnu/pth/ *** On a Debian GNU/Linux system you might want to try *** apt-get install libpth-dev *** configure: checking for networking optionsconfigure: checking system features for estream configure: *** *** You need libassuan with Pth support to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libassuan/ *** (at least version 1.0.4 (API 1) is required). *** configure: *** *** It is now required to build with support for the *** GNU Portable Threads Library (Pth). Please install this *** library first. The library is for example available at *** ftp://ftp.gnu.org/gnu/pth/ *** On a Debian GNU/Linux system you can install it using *** apt-get install libpth-dev *** To build GnuPG for Windows you need to use the W32PTH *** package; available at: *** ftp://ftp.g10code.com/g10code/w32pth/ *** configure: error: *** *** Required libraries not found. Please consult the above messages *** and install them before running configure again. *** The configure and makes of libassuan and pth are seemingly error-free - no fatal exits or errors are reported. What am I missing? Any advice? Bob -------------- next part -------------- An HTML attachment was scrubbed... URL: From benjamin at py-soft.co.uk Thu Sep 3 22:36:44 2009 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 3 Sep 2009 21:36:44 +0100 Subject: GnuPG 2.0.12 on AIX 5.3 TL 03 In-Reply-To: References: Message-ID: <732076a80909031336k76c546f5yc1565666b8f57f07@mail.gmail.com> 2009/9/3 Bob Wyatt : > What am I missing? Any advice? Please don't keep starting new threads - just post a reply to your existing message. What options did you use to compile pth? Ben From bwyatt_sub at comcast.net Thu Sep 3 23:02:23 2009 From: bwyatt_sub at comcast.net (Bob Wyatt) Date: Thu, 3 Sep 2009 17:02:23 -0400 Subject: GnuPG 2.0.12 on AIX 5.3 TL 03 In-Reply-To: <732076a80909031336k76c546f5yc1565666b8f57f07@mail.gmail.com> References: <732076a80909031336k76c546f5yc1565666b8f57f07@mail.gmail.com> Message-ID: What options did you use to compile pth? Ben Sorry the unnecessary traffic/confusion... The same environment (CC=gcc, CFLAGS="-g -O2 -mcpu=powerpc", and LIBPATH=/usr/lib:/usr/ccs/lib:/usr/local/lib) as my other posts... ./configure --prefix=/usr/local --with-fdsetsize=1024 Bob __________ Information from ESET NOD32 Antivirus, version of virus signature database 4392 (20090903) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com From jbruni at me.com Fri Sep 4 07:26:31 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Thu, 03 Sep 2009 22:26:31 -0700 Subject: UI enhancement request In-Reply-To: <78060965421196564385187426116578326681-Webmail@me.com> References: <78060965421196564385187426116578326681-Webmail@me.com> Message-ID: <4AA0A507.9020602@me.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Joseph Oreste Bruni wrote: > Here is a UI enhancement request: In the "edit-key" menu, typing "uid *" selects all UID's. Currently, I have to type "uid #" for every UID individually. Typing "uid" by itself currently deselects all UID's. > > I just re-read my post and realized how badly worded it was (verb tense). Correction: I want to be able to type "uid *" and have it select all UID's. This would be in preparation for some global function like changing algorithm preferences, etc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKoKUHAAoJEFGV1jrNVRjHPGwIAIGpi1FO/eHEaQ+ReNbxrcqZ pxBeDvgFrEF7PZMZ5045pJj0ylx7mvCjNH5ZSUnzdTGYf7TOlyex4p0qBVBb28pa rG/b04ozGZoIEpRSrf8g78IJwU9dWqwNVz2Aq9YPpdtdKbLx2J5No8ud8DkLhavh vc6yIavEmze/+kDZOvpTk3g/DqtO80hnkjUgE14MZ1wLmONfx2jXoqXbMCx1bflL kvWoM7/VXJhWHGrA46ysyqVnCc0gfpcToUIozbGP3JhGfLValmdYJsNmHRkDo8oz H2WSUu2iwTDibD8/x60zxi41whQP+pssxsxz3A2mgv3HdCpDfG0o+R7PZY3yyyc= =Umm9 -----END PGP SIGNATURE----- From henkdebruijn at gswot.org Fri Sep 4 08:32:26 2009 From: henkdebruijn at gswot.org (Henk M. de Bruijn) Date: Fri, 4 Sep 2009 08:32:26 +0200 Subject: UI enhancement request In-Reply-To: <4AA0A507.9020602@me.com> References: <78060965421196564385187426116578326681-Webmail@me.com> <4AA0A507.9020602@me.com> Message-ID: <4810307313.20090904083226@gswot.org> On Thu, 03 Sep 2009, at 22:26:31 [GMT -0700] (which was 7:26 where I live) Joseph Oreste Bruni wrote: > Joseph Oreste Bruni wrote: >> Here is a UI enhancement request: In the "edit-key" menu, typing "uid >> *" selects all UID's. Currently, I have to type "uid #" for every UID >> individually. Typing "uid" by itself currently deselects all UID's. > I just re-read my post and realized how badly worded it was (verb > tense). Correction: I want to be able to type "uid *" and have it select > all UID's. > This would be in preparation for some global function like changing > algorithm preferences, etc. I assume that you know that you can select different UID's one after another just by pressing the number followed by return/enter and then the following UID? Btw if you use a signature delimiter one does not have to delete half of a message when replying ;-) -- Henk M. de Bruijn _________________________________________________________________________ The Bat! Natural Email System 4.2.10.8 on Microsoft? Windows Vista? Home Premium Versie 6.0.6001 Service Pack 1 Build 6001 Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz, 2333 MHz 64 bits AntispamSniper for The Bat! Pro 3.2.1.1 From roam at ringlet.net Fri Sep 4 08:49:34 2009 From: roam at ringlet.net (Peter Pentchev) Date: Fri, 4 Sep 2009 09:49:34 +0300 Subject: UI enhancement request In-Reply-To: <4810307313.20090904083226@gswot.org> References: <78060965421196564385187426116578326681-Webmail@me.com> <4AA0A507.9020602@me.com> <4810307313.20090904083226@gswot.org> Message-ID: <20090904064934.GA1196@straylight.m.ringlet.net> On Fri, Sep 04, 2009 at 08:32:26AM +0200, Henk M. de Bruijn wrote: > On Thu, 03 Sep 2009, at 22:26:31 [GMT -0700] (which was 7:26 where I > live) Joseph Oreste Bruni wrote: > > > Joseph Oreste Bruni wrote: > >> Here is a UI enhancement request: In the "edit-key" menu, typing "uid > >> *" selects all UID's. Currently, I have to type "uid #" for every UID > >> individually. Typing "uid" by itself currently deselects all UID's. > > > I just re-read my post and realized how badly worded it was (verb > > tense). Correction: I want to be able to type "uid *" and have it select > > all UID's. > > > This would be in preparation for some global function like changing > > algorithm preferences, etc. > > I assume that you know that you can select different UID's one after > another just by pressing the number followed by return/enter and then > the following UID? But he still has to issue the same command several times after selecting each and every UID in turn. "uid *" could indeed be a useful feature, although it might be not too easy to implement. G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at space.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am the meaning of this sentence. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: From henkdebruijn at gswot.org Fri Sep 4 09:05:21 2009 From: henkdebruijn at gswot.org (Henk M. de Bruijn) Date: Fri, 4 Sep 2009 09:05:21 +0200 Subject: UI enhancement request In-Reply-To: <20090904064934.GA1196@straylight.m.ringlet.net> References: <78060965421196564385187426116578326681-Webmail@me.com> <4AA0A507.9020602@me.com> <4810307313.20090904083226@gswot.org> <20090904064934.GA1196@straylight.m.ringlet.net> Message-ID: <1583607718.20090904090521@gswot.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 4 Sep 2009, at 09:49:34 [GMT +0300] (which was 8:49 where I live) Peter Pentchev wrote: > On Fri, Sep 04, 2009 at 08:32:26AM +0200, Henk M. de Bruijn wrote: >> On Thu, 03 Sep 2009, at 22:26:31 [GMT -0700] (which was 7:26 where I >> live) Joseph Oreste Bruni wrote: >> > I just re-read my post and realized how badly worded it was (verb >> > tense). Correction: I want to be able to type "uid *" and have it select >> > all UID's. >> > This would be in preparation for some global function like changing >> > algorithm preferences, etc. >> I assume that you know that you can select different UID's one after >> another just by pressing the number followed by return/enter and then >> the following UID? > But he still has to issue the same command several times after > selecting each and every UID in turn. "uid *" could indeed be > a useful feature, although it might be not too easy to implement. Are you sure? Because I use this very regularly and I only have to issue sign or tsign only once. - -- Met vriendelijke groet, Henk M. de Bruijn _________________________________________________________________________ The Bat! Natural Email System 4.2.10.8 on Microsoft? Windows Vista? Home Premium Versie 6.0.6001 Service Pack 1 Build 6001 Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz, 2333 MHz 64bits AntispamSniper for The Bat! Pro 3.2.1.1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (x86_64-pc-Msys/MingW32) iQEcBAEBCAAGBQJKoLwqAAoJEBHuy+60ZN0PiL0H/1Z76A/Y4GKCEQohzjDucZGj aB87zdiKSNlYCyayIIPlV4X0Uiq57OqnmtLU3W4aASdcKDprKOxFDJtkpCFS3tqZ U1dydLJyTZDHCFi76GRHthzKyOpm8RGwpobrxlJS08a5baOYda521yzEuIuhe73Z UNqs82Fe8nErHm/w2PVTYNAcWHYL9GqDkQ0Hl0AXE2FizOimSJiCccCL1ziHw5Sh WYks3hoojIUx4nGOH94JdG6qWJIfDKiIhVjpP3aActHPJOsjdfEv7sm3y4Rp+pFK ui2lm+6xXLVFt00GEQVqxrPeTMmksYRgJqIBtQ0r7ZbVwj/ArucoFXgSZJY/nIE= =jUzQ -----END PGP SIGNATURE----- From jbruni at me.com Fri Sep 4 10:35:44 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Fri, 04 Sep 2009 01:35:44 -0700 Subject: UI enhancement request In-Reply-To: <1583607718.20090904090521@gswot.org> References: <78060965421196564385187426116578326681-Webmail@me.com> <4AA0A507.9020602@me.com> <4810307313.20090904083226@gswot.org> <20090904064934.GA1196@straylight.m.ringlet.net> <1583607718.20090904090521@gswot.org> Message-ID: On Sep 4, 2009, at 12:05 AM, Henk M. de Bruijn wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Fri, 4 Sep 2009, at 09:49:34 [GMT +0300] (which was 8:49 where I > live) Peter Pentchev wrote: >> On Fri, Sep 04, 2009 at 08:32:26AM +0200, Henk M. de Bruijn wrote: >>> On Thu, 03 Sep 2009, at 22:26:31 [GMT -0700] (which was 7:26 where I >>> live) Joseph Oreste Bruni wrote: > >>>> I just re-read my post and realized how badly worded it was (verb >>>> tense). Correction: I want to be able to type "uid *" and have it >>>> select >>>> all UID's. > >>>> This would be in preparation for some global function like changing >>>> algorithm preferences, etc. > >>> I assume that you know that you can select different UID's one after >>> another just by pressing the number followed by return/enter and >>> then >>> the following UID? > >> But he still has to issue the same command several times after >> selecting each and every UID in turn. "uid *" could indeed be >> a useful feature, although it might be not too easy to implement. > > Are you sure? Because I use this very regularly and I only have to > issue sign or tsign only once. Specifically, "setpref" only works on the currently selected UID. Since typing "uid" with no arguments clears all UID selections, it shouldn't be too much of a stretch to code "uid *" to select all UID's. It's not that this is something one would do frequently, however. From wk at gnupg.org Fri Sep 4 12:41:58 2009 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 Sep 2009 12:41:58 +0200 Subject: UI enhancement request In-Reply-To: <78060965421196564385187426116578326681-Webmail@me.com> (Joseph Oreste Bruni's message of "Thu, 03 Sep 2009 10:50:10 -0700") References: <78060965421196564385187426116578326681-Webmail@me.com> Message-ID: <87skf3j8jt.fsf@vigenere.g10code.de> Hi, I just implemented your suggestion in gnupg-2: uid N Toggle selection of user ID or photographic user ID with index n. Use * to select all and 0 to deselect all. key N Toggle selection of subkey with index N. Use * to select all and 0 to deselect all. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From Joachim.Blomberg at vr-leasing.de Fri Sep 4 16:06:14 2009 From: Joachim.Blomberg at vr-leasing.de (Joachim.Blomberg at vr-leasing.de) Date: Fri, 4 Sep 2009 16:06:14 +0200 Subject: what is the HEX signature off a normal *.gpg file . for EmailFilter - BCC Mail protect Quarant Message-ID: Hi, im sending *.gpg Mail-Attachments to external Customers , but our EmailFilter - BCC Mail protect Quarantine stopps the and we have to release them manual. I need the HEX File Siganture for GPG Files to customize that in BCC Mail Protect . Thanks Mit freundlichen Gr??en/Best Regards Joachim Blomberg -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Fri Sep 4 19:12:07 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 4 Sep 2009 13:12:07 -0400 Subject: what is the HEX signature off a normal *.gpg file . for EmailFilter - BCC Mail protect Quarant In-Reply-To: References: Message-ID: <2C79ACCB-1D2B-46F4-8FAF-8398CBB7230E@jabberwocky.com> On Sep 4, 2009, at 10:06 AM, Joachim.Blomberg at vr-leasing.de wrote: > > Hi, > > im sending *.gpg Mail-Attachments to external Customers , but our > EmailFilter - BCC Mail protect Quarantine stopps the and we have to > release them manual. > I need the HEX File Siganture for GPG Files to customize that in BCC > Mail Protect . This is unfortunately a difficult question. GPG (really, OpenPGP) supports multiple encodings and thus multiple signatures a file may present to a mail scanner. You may be able to match the most common signatures, but by no means will that cover them all. Having said that, some common signatures (in "file magic" format) are: 0 beshort 0x9900 text/PGP key public ring 0 beshort 0x9501 text/PGP key security ring 0 beshort 0x9500 text/PGP key security ring 0 beshort 0xa600 text/PGP encrypted data 0 string -----BEGIN\040PGP text/PGP armored data >15 string PUBLIC\040KEY\040BLOCK- public key block >15 string MESSAGE- message >15 string SIGNED\040MESSAGE- signed message >15 string PGP\040SIGNATURE- signature 0 beshort 0x8501 data David From wk at gnupg.org Fri Sep 4 19:09:32 2009 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 Sep 2009 19:09:32 +0200 Subject: [Announce] GnuPG 2.0.13 released Message-ID: <87tyziiqlv.fsf@vigenere.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.13. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.10) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems. What's New =========== * GPG now generates 2048 bit RSA keys by default. The default hash algorithm preferences has changed to prefer SHA-256 over SHA-1. 2048 bit DSA keys are now generated to use a 256 bit hash algorithm * The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now passed to the Pinentry to make SCIM work. * The GPGSM command --gen-key features a --batch mode and implements all features of gpgsm-gencert.sh in standard mode. * New option --re-import for GPGSM's IMPORT server command. * Enhanced writing of existing keys to OpenPGP v2 cards. * Add hack to the internal CCID driver to allow the use of some Omnikey based card readers with 2048 bit keys. * GPG now repeatly asks the user to insert the requested OpenPGP card. This can be disabled with --limit-card-insert-tries=1. * Minor bug fixes. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.13 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and its mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.13.tar.bz2 (3854k) gnupg-2.0.13.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.12-2.0.13.diff.bz2 (231k) A patch file to upgrade a 2.0.12 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs for GnuPG-2. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.13.tar.bz2 you would use this command: gpg --verify gnupg-2.0.13.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.13.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.13.tar.bz2 and check that the output matches the first line from the following list: 2ff42aff14cdddafc291d44ac1968af5f09a9d4d gnupg-2.0.13.tar.bz2 56c0c0ca1eb5836e773fbf7c920bb46af0965aec gnupg-2.0.12-2.0.13.diff.bz2 Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings many translations are not entirely complete. Jedi, Maxim Britov, Jaime Su?rez and Nilg?n Belma Bug?ner have been kind enough to go over their translations and thus the Chinese, German, Russian, Spanish, and Turkish translations are pretty much complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG-2. In fact it has been developed along with the KMail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and in Portable Document Format at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, order extensions or support or more general by donating money to the Free Software movement (e.g. http://www.fsfeurope.org/help/donate.en.html). Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. The GnuPG service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From htd at online.no Fri Sep 4 20:11:30 2009 From: htd at online.no (Heinz Diehl) Date: Fri, 4 Sep 2009 20:11:30 +0200 Subject: [Announce] GnuPG 2.0.13 released In-Reply-To: <87tyziiqlv.fsf@vigenere.g10code.de> References: <87tyziiqlv.fsf@vigenere.g10code.de> Message-ID: <20090904181130.GA17899@online.no> On 04.09.2009, Werner Koch wrote: > We are pleased to announce the availability of a new stable GnuPG-2 > release: Version 2.0.13. [....] I'm unable to compile this version on my system. The configure script bails out with the following message: [....] checking for nl_langinfo and THOUSANDS_SEP... yes configure: checking system features for estream configure: *** *** It is now required to build with support for the *** GNU Portable Threads Library (Pth). Please install this *** library first. The library is for example available at *** ftp://ftp.gnu.org/gnu/pth/ *** On a Debian GNU/Linux system you can install it using *** apt-get install libpth-dev *** To build GnuPG for Windows you need to use the W32PTH *** package; available at: *** ftp://ftp.g10code.com/g10code/w32pth/ *** configure: error: *** *** Required libraries not found. Please consult the above messages *** and install them before running configure again. *** Both 32 and 64 bit pth is installed, and pointing configure to the libs using "--with-pth-prefix=PFX" doesn't help either. liesel:# ls -l /usr/lib64/libpth* -rw-r--r-- 1 root root 598616 2008-12-03 12:00 /usr/lib64/libpth.a -rw-r--r-- 1 root root 1677386 2009-02-22 12:23 /usr/lib64/libpthread.a -rw-r--r-- 1 root root 4796 2009-02-22 12:32 /usr/lib64/libpthread_nonshared.a -rw-r--r-- 1 root root 222 2009-02-22 12:23 /usr/lib64/libpthread.so lrwxrwxrwx 1 root root 17 2009-05-18 20:17 /usr/lib64/libpth.so -> libpth.so.20.0.27 lrwxrwxrwx 1 root root 17 2009-05-18 20:17 /usr/lib64/libpth.so.20 -> libpth.so.20.0.27 -rwxr-xr-x 1 root root 101840 2008-12-03 12:00 /usr/lib64/libpth.so.20.0.27 liesel:# ls -l /usr/lib/libpth* -rw-r--r-- 1 root root 401812 2008-12-03 06:02 /usr/lib/libpth.a lrwxrwxrwx 1 root root 17 2009-09-04 19:57 /usr/lib/libpth.so -> libpth.so.20.0.27 lrwxrwxrwx 1 root root 17 2009-09-04 19:57 /usr/lib/libpth.so.20 -> libpth.so.20.0.27 -rwxr-xr-x 1 root root 100444 2008-12-03 06:02 /usr/lib/libpth.so.20.0.27 Does anybody know what's wrong here? Thanks, Heinz. From marcio.barbado at gmail.com Fri Sep 4 18:53:31 2009 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Fri, 4 Sep 2009 13:53:31 -0300 Subject: encrypting compression algorithms Message-ID: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, when symmetrically encrypting a file, e.g.: $ gpg --output file.ods.gpg --symmetric file.ods the command above generates a "gpg" extension encrypted AND compressed file, is that correct? How do I know which compression algorithm was used? How can I force any other available algorithm? Regards, - -- Marcio Barbado, Jr. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFKoUVbhIh3kh+NgOcRAokMAKC8cHDZsPAVBdewgZspneqpexxTAwCdFGZ2 QRPvKTZbGx4+KkAiwl7IOJM= =/Yuj -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Fri Sep 4 21:19:04 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 04 Sep 2009 15:19:04 -0400 Subject: 1.4.10 & BZIP2 in Windows Build In-Reply-To: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> References: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> Message-ID: <4AA16828.1080707@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Is there any particular reason why BZIP2 is missing from the Windows Binary Release of 1.4.10? JOHN ;) Timestamp: Friday 04 Sep 2009, 15:18 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn5068: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKoWgkAAoJEBCGy9eAtCsPARkIAJ6Cwkt/29US1ollnYuaU5l1 Dj3oB8ZsVD8U7QkRIe2D22ZevYxdBKrfHUXO/NVrGBdXwms1EX5JZ69ovEZ2v5Ep aJUxI4x+VB6u4L7/WHizqn10V7qNaH/CWEUEiBzJmKdmmY/RIBt+zOuhwRKr5aF0 BHTN1Dn2ozTwzgErBZfUYAH96oJC28ofYQih0uC0O+8wexmW5DkaS42PdX6xCcQ7 Hb62ZZOuhL3lwnQBp4qbKOuFQW5BPREucb9J+u17twDKI9bVFuLKjS/UR2+Cluib lub5nf6YwuPQwUb9e3tsqIyED4SGC/Kl/OIFm8jxdRW8PTGIjqaV4H/norcZO7s= =OJZM -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Fri Sep 4 21:44:38 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 04 Sep 2009 15:44:38 -0400 Subject: 1.4.10 & BZIP2 in Windows Build In-Reply-To: References: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> <4AA16828.1080707@bellsouth.net> Message-ID: <4AA16E26.9070504@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Koppenhofer wrote: > I asked the same question in the form of a bug report on g10code > https://bugs.g10code.com/gnupg/issue1126 > > As you can see from the bug, it was recommended that I use gpg4win - > nevermind the fact I don't want or need all the 'extras' that come > with it. Thanks David. Rather than resetting the preferences on My Key and then asking every correspondent to update the copy on their Keyring I suppose I shall remain using 1.4.10svn5068 to avoid receiving messages that I cannot decrypt if they were sent using BZIP2. JOHN ;) Timestamp: Friday 04 Sep 2009, 15:44 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn5068: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKoW4kAAoJEBCGy9eAtCsPIZwIAJq2guyppFJ2Cf7UL/4L5k8l wrS7m7D1PQKTVMMEtTeWFoHXzzPdDIOn1B3YyaROAYjkKAcR0MhK1nnlN9YwlPQD HuVKVQ5nexhHxYV2aPolZYp3K1ZhpXPBeugfwR3Q2f9HQZyai0UTPSuDH/zkYNRZ XvEkoBXixdY5FKh1m59tJ2uiNbElXSfAKzhpUsN+49i14zvyFsOm33b2lmXN6SHf PEU9+Ujw0dWJ9N5bXxU7KZMux7JLjUOShZebsmjZ+ZHtEUBbGD6VVdmGsg51+57H ZqJAjeK8FyO9kSXdyHZ47atntvcszvkOIyh5MP60LHPy02C0QUp43ffa6nYyYXM= =g4Bf -----END PGP SIGNATURE----- From barkman at gmail.com Fri Sep 4 21:21:10 2009 From: barkman at gmail.com (Henrik O A Barkman) Date: Fri, 04 Sep 2009 21:21:10 +0200 Subject: BZIP2 Message-ID: <4AA168A6.4020108@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 What is the reason for the Windows build of 1.4.10 (both the pulled and fixed binaries) not supporting BZIP2? D:\Test>gpg --version gpg (GnuPG) 1.4.9 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: d:/Profiler/GnuPG Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 D:\Test>gpg --version gpg (GnuPG) 1.4.10 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: d:/Profiler/GnuPG Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB D:\Test> - -- $\hbar$ -- http://www.facebook.com/barkmanstein -- OpenPGP 0x60D02095 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iGUEAREKACUFAkqhaKYeGGhrcDovL3Bvb2wuc2tzLWtleXNlcnZlcnMubmV0AAoJ EEGwNGJg0CCVx3IAoKGn/M2Iugy6iGfjTslHy84BuL2BAJwP7zNobY4lGZya2pqK QXKv6F0ptw== =TxU6 -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Fri Sep 4 22:48:30 2009 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri, 4 Sep 2009 22:48:30 +0200 (MET DST) Subject: [Announce] GnuPG 1.4.10 released Message-ID: <200909042048.n84KmUDD019717@vulcan.xs4all.nl> Compiles and runs fine on Slackware 10. However, 2 small points: the signature check claims the key has expired, and gpg --version says it's from 2008. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From clbianco at tiscalinet.it Sat Sep 5 00:04:09 2009 From: clbianco at tiscalinet.it (Carlo Luciano Bianco) Date: Sat, 05 Sep 2009 00:04:09 +0200 Subject: 1.4.10 & BZIP2 in Windows Build References: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> <4AA16828.1080707@bellsouth.net> <4AA16E26.9070504__36923.4804566533$1252093584$gmane$org@bellsouth.net> Message-ID: Il /04 set 2009/, *John W. Moore III* ha scritto: > Thanks David. Rather than resetting the preferences on My Key and > then asking every correspondent to update the copy on their > Keyring I suppose I shall remain using 1.4.10svn5068 to avoid > receiving messages that I cannot decrypt if they were sent using > BZIP2. There is another possibility, John... I have just updated my tutorial for the new versions of MinGW, MSYS and GCC and, of course, for GnuPG 1.4.10a including bzip2 support... ;-) As usual, comments, suggestions, clarifications, insults, and so on are welcome! ;-) -- Carlo Luciano Bianco \ ICQ UIN: 109517158 ______________________/ Home page: GnuPG 4069 RSAv4 key: \_____________________________________________ UID:0xE361F839--Fingerprint:9516BCF66B8F12E0C3C3154C61788B6DE361F839 From jbruni at me.com Sat Sep 5 00:14:12 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Fri, 04 Sep 2009 15:14:12 -0700 Subject: [Announce] GnuPG 1.4.10 released In-Reply-To: <200909042048.n84KmUDD019717@vulcan.xs4all.nl> References: <200909042048.n84KmUDD019717@vulcan.xs4all.nl> Message-ID: <19672380484367698399352271239139723592-Webmail@me.com> On Friday, September 04, 2009, at 01:48PM, "Johan Wevers" wrote: >Compiles and runs fine on Slackware 10. > >However, 2 small points: the signature check claims the key has expired, and >gpg --version says it's from 2008. > Werner's current key includes subkeys that don't expire until July 2011. You might need to refresh your copy. The previous subkeys expired at the end of 2007. WRT the copyright date, your right, it says 2008. gpg (GnuPG) 1.4.10 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. -Joe From laurent.jumet at skynet.be Sat Sep 5 00:14:19 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 05 Sep 2009 00:14:19 +0200 Subject: GnuPG 1.4.10a Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello ! I'm trying 1.4.10a but I get a warning: gpg: uncompressing failed: unknown compress algorithm with old messages that previously were decrypted with 1.4.9 I had to suppress Z3 from the compression list; worked with 1.4.9 but not with 1.4.10a - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iHEEAREDADEFAkqhkWkqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMFoEAoKMI0ejc6XM7Ik+oU+lMN+NiSHgVAJsE HOAp8TdUbmCDva0UPlPlx0jXfA== =PWIn -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Sat Sep 5 08:37:37 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 05 Sep 2009 08:37:37 +0200 Subject: CAMELLIA... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello ! Is CAMELLIA actually part of OpenPGP? Are S11, S12 & S13 assigned definitively? Is BZIP2 definitively excluded, or is it an option when compiling? In the latter case, why don't compiling with it? - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iHEEAREDADEFAkqiB5cqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMxNwAoPzyKqX23adRgQ77To0YXF1IGQysAKCU ZAdi2Wdr2p5FYZmvuL75EizrbQ== =DX/3 -----END PGP SIGNATURE----- From shavital at mac.com Sat Sep 5 09:35:43 2009 From: shavital at mac.com (Charly Avital) Date: Sat, 05 Sep 2009 03:35:43 -0400 Subject: Gnupg 2.0.13 under Linux Message-ID: <4AA214CF.1070305@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Compiled GnuPG 2.0.13 from source, in Linux/Ubuntu 9.04 64bits, running under VMware on an Apple MacBook Intel Core 2 Duo running MacOS 10.5.8 (Leopard) $ gpg2 --version gpg (GnuPG) 2.0.13 libgcrypt 1.4.4 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB Thank you. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (GNU/Linux) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJKohTJAAoJEM3GMi2FW4PvOfkH+wd3AxxkACUiPVpeMUHnWLgC eTKNcT9YTDdd0X0Y9TcqiAH/CUiJ6qBRgKHL+aiuM1xaItA6t1nBNoJx9/vKZ2Da C3lyoA6QTOvfAiYFbp39xXWaMecfqel9tq9iWjNLEK31v5NbU+SyN5eKcHfjPTYr koI1tYJW7nsRln/LNdbJn016zqp9GX24zVdCEFUJdSQ2hCucY8Pqd11jMbxMO9vS pOLhRLwycjbmhlBxHqjN7Io3N8CX7GANk0SNW0Uj4BH7xb02Wkuo6XMKjFh/ot7P I8Jd590M801xUePhmcbF9wY87p8aH5SDZbOzZcG0UqDUF91ZNDuutbt0djFSH3c= =O3mk -----END PGP SIGNATURE----- From wk at gnupg.org Sat Sep 5 11:26:45 2009 From: wk at gnupg.org (Werner Koch) Date: Sat, 05 Sep 2009 11:26:45 +0200 Subject: [Announce] GnuPG 2.0.13 released In-Reply-To: <20090904181130.GA17899@online.no> (Heinz Diehl's message of "Fri, 4 Sep 2009 20:11:30 +0200") References: <87tyziiqlv.fsf@vigenere.g10code.de> <20090904181130.GA17899@online.no> Message-ID: <877hwdivxm.fsf@vigenere.g10code.de> On Fri, 4 Sep 2009 20:11, htd at online.no said: > Both 32 and 64 bit pth is installed, and pointing configure to the libs > using "--with-pth-prefix=PFX" doesn't help either. The devolpment package is missing; i.e. the file pth.h . Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From laurent.jumet at skynet.be Sat Sep 5 11:25:06 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 05 Sep 2009 11:25:06 +0200 Subject: CAMELLIA Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello ! I found information about CAMELLIA. According to this info, I suppose I can assume that CAMELLIA is part of OpenPGP *and* S11, S12 & S13 are from now on, owned by CAMELLIA. === Begin Windows Clipboard === Network Working Group D. Shaw Request for Comments: 5581 June 2009 Updates: 4880 Category: Informational The Camellia Cipher in OpenPGP Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This document presents the necessary information to use the Camellia symmetric block cipher in the OpenPGP protocol. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . . 2 3. Camellia . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 2 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3 6. Normative References . . . . . . . . . . . . . . . . . . . . . 3 Shaw Informational [Page 1] RFC 5581 The Camellia Cipher in OpenPGP June 2009 1. Introduction The OpenPGP protocol [RFC4880] can support many different symmetric ciphers. This document presents the necessary information to use the Camellia [RFC3713] symmetric cipher in the OpenPGP protocol. 2. Requirements Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Camellia Camellia is specified in [RFC3713]. It is a 128-bit symmetric block cipher (as are AES and Twofish in OpenPGP) that supports 128-bit, 192-bit, and 256-bit keys. This document defines the use of Camellia in OpenPGP. +---------------------+----------------------------------------+ | Camellia Key Length | OpenPGP Symmetric-Key Algorithm Number | +---------------------+----------------------------------------+ | 128 | 11 | | 192 | 12 | | 256 | 13 | +---------------------+----------------------------------------+ OpenPGP applications MAY implement Camellia. If implemented, Camellia may be used in any place in OpenPGP where a symmetric cipher is usable, and it is subject to the same usage requirements (such as its presence in the Preferred Symmetric Algorithms signature subpacket) as the other symmetric ciphers in OpenPGP. While the OpenPGP algorithm preferences system prevents interoperability problems with public key encrypted messages, if Camellia (or any other optional cipher) is used for encrypting private keys, there could be interoperability problems when migrating a private key from one system to another. A similar issue can arise when using an optional cipher for symmetrically encrypted messages, as this OpenPGP message type does not use the algorithm preferences system. Those using optional ciphers in this manner should take care they are using a cipher that their intended recipient can decrypt. 4. Security Considerations At publication time, there are no known weak keys for Camellia, and the Camellia algorithm is believed to be strong. However, as with any technology involving cryptography, implementers should check the Shaw Informational [Page 2] RFC 5581 The Camellia Cipher in OpenPGP June 2009 current literature, as well as the Camellia home page at http://info.isl.ntt.co.jp/camellia/ to determine if Camellia has been found to be vulnerable to attack. 5. IANA Considerations IANA assigned three algorithm numbers from the registry of OpenPGP Symmetric-Key Algorithms that was created by [RFC4880]. 6. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3713] Matsui, M., Nakajima, J., and S. Moriai, "A Description of the Camellia Encryption Algorithm", RFC 3713, April 2004. [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. Thayer, "OpenPGP Message Format", RFC 4880, November 2007. Author's Address David Shaw EMail: dshaw at jabberwocky.com === End Windows Clipboard === - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iHEEAREDADEFAkqiL0gqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMfDkAn2BUOVDsftL1WFpKW6ECfcSJkEqUAJ40 sAepNW5khcr3NkBeM1Z8zd1OvA== =WGt9 -----END PGP SIGNATURE----- From wk at gnupg.org Sat Sep 5 11:33:57 2009 From: wk at gnupg.org (Werner Koch) Date: Sat, 05 Sep 2009 11:33:57 +0200 Subject: BZIP2 In-Reply-To: <4AA168A6.4020108@gmail.com> (Henrik O. A. Barkman's message of "Fri, 04 Sep 2009 21:21:10 +0200") References: <4AA168A6.4020108@gmail.com> Message-ID: <873a71ivlm.fsf@vigenere.g10code.de> On Fri, 4 Sep 2009 21:21, barkman at gmail.com said: > What is the reason for the Windows build of 1.4.10 (both the pulled and > fixed binaries) not supporting BZIP2? I was not aware that bzip was in gnupg-w32cli-1.4.9 . It is all a matter of the build environment; i.e. if the the bzib2 library was installed for Windows. I am on vacation for the next two weeks so there is no chance that you get a new official package until then. Anyway, I strongly suggest to use gpg4win: If you just need gpg, you may download ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe.sig and select only the GnuPG component. This installs GnuPG 2.0.12 with enough patches to enable the new OpenPGP cards. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jmoore3rd at bellsouth.net Sat Sep 5 12:20:48 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat, 05 Sep 2009 06:20:48 -0400 Subject: BZIP2 In-Reply-To: <873a71ivlm.fsf@vigenere.g10code.de> References: <4AA168A6.4020108@gmail.com> <873a71ivlm.fsf@vigenere.g10code.de> Message-ID: <4AA23B80.2070901@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Werner Koch wrote: > ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe > ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe.sig > > and select only the GnuPG component. If anyone tries this suggestion I would be interested to learn if it is compatible with GPGshell. TIA JOHN ;) Timestamp: Saturday 05 Sep 2009, 06:20 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn5068: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKojt8AAoJEBCGy9eAtCsPn9IH/1adLG5ewWiu9csl+u6fPECZ JGXQw0tJ27Pkz8cNXRCxbOGpd0apyH6E7aTFsTmuodT6MkaFIylToqLXXYhs4MgL nNldo642TfgxfnJy/hryuUdeevXkSr2rb67u0nP7wggVCsGRZBStV0Oko/hyD0GP O6aHCqtsjuww+iLB1SvBr19DJPjkej0gJIHyCSjaOCMuaiem6gSJgzUvO6s3MHGD 6TChaODWWUtsnKlN4sdRG3ZhYCl2LUUesdq52dc9vyImCukrEi+g3lCoLay2yMS0 GQQIBRsCb6IxvnRonJE8yF7WE1MUBta9m6JkdDeymEP7piLazZ1axMoJzzsJT5A= =aCcZ -----END PGP SIGNATURE----- From henkdebruijn at gswot.org Sat Sep 5 13:01:55 2009 From: henkdebruijn at gswot.org (Henk M. de Bruijn) Date: Sat, 5 Sep 2009 13:01:55 +0200 Subject: BZIP2 In-Reply-To: <4AA23B80.2070901@bellsouth.net> References: <4AA168A6.4020108@gmail.com> <873a71ivlm.fsf@vigenere.g10code.de> <4AA23B80.2070901@bellsouth.net> Message-ID: <986106195.20090905130155@gswot.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sat, 05 Sep 2009, at 06:20:48 [GMT -0400] (which was 12:20 where I live) John W. Moore wrote: > Werner Koch wrote: >> ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe >> ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe.sig >> >> and select only the GnuPG component. > If anyone tries this suggestion I would be interested to learn if it is > compatible with GPGshell. Hi John, It is in the way that I use GPGshell as my keymanager :-) However with Vista I did not manage to get GPGtray to work. Not with 1.4.9/10 and not with 2.0.12. - -- Met vriendelijke groet, Henk M. de Bruijn _________________________________________________________________________ The Bat! Natural Email System 4.2.10.9 on Microsoft? Windows Vista? Home Premium Versie 6.0.6001 Service Pack 1 Build 6001 Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz, 2330 MHz 64bits AntispamSniper for The Bat! Pro 3.2.1.1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) iQEcBAEBCAAGBQJKokUYAAoJEBHuy+60ZN0P+8cH/Rf0/4lI6Gt5n5tiWZB62V03 AfrPZpu2SCy2ABc+LaqHsFGItd1jz7weLzadqdGXju8sfMJQkTAgi9+nD1Ke42pY S1ld7aOb/a1P/wqa9XmjoXcBpU3epb1a3YFR7lQrVhJJ5YBlb33FVOedfxl7uS4C 9MndqpGQJ6qyDInd464aw6w43EEfNAwIIEcMlQiBazQNOxdiO9ZhO9ZWYfQBqw+3 gEiRhuMvKmk6TVNYHqQltFe9vWoJaQAbJWH3frK6NLgnumEaDwzaEr34iBPLQw2N Q/f4QbBXP+l8efBlupmE7utoGETEYMmiS7y75bLSic4XlPyKsBnowTwDchoR5i0= =wFth -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Sep 5 15:36:04 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 5 Sep 2009 09:36:04 -0400 Subject: CAMELLIA In-Reply-To: References: Message-ID: <1C2D1576-AE14-483A-837D-0FB3A3464AF2@jabberwocky.com> On Sep 5, 2009, at 5:25 AM, Laurent Jumet wrote: > > I found information about CAMELLIA. > According to this info, I suppose I can assume that CAMELLIA is > part of > OpenPGP *and* S11, S12 & S13 are from now on, owned by CAMELLIA. Yes, and GnuPG 1.4.10 and 2.0.12 (if libgcrypt is recent enough) supports it. David From faramir.cl at gmail.com Sat Sep 5 15:48:24 2009 From: faramir.cl at gmail.com (Faramir) Date: Sat, 05 Sep 2009 09:48:24 -0400 Subject: BZIP2 In-Reply-To: <4AA23B80.2070901@bellsouth.net> References: <4AA168A6.4020108@gmail.com> <873a71ivlm.fsf@vigenere.g10code.de> <4AA23B80.2070901@bellsouth.net> Message-ID: <4AA26C28.8020703@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: > Werner Koch wrote: > >> ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe >> ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe.sig > >> and select only the GnuPG component. > > If anyone tries this suggestion I would be interested to learn if it is > compatible with GPGshell. I tried a previous version of GPG4Win, installing just gpg1, and it worked fine with GPGShell, but it had a problem with copy2usb tool, *_if_* I remember correctly... I should test it again. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKomwoAAoJEMV4f6PvczxAm3QH/3WbYwIsgnIGNAtJP6vOpaFE L9TEAC+NXcR6Z/ZuKVm1IXvjA4eQTEvyNJr4w8AayTrKTDyuikXNbc21qAjW3t3G vJFyQ7zj7/4IgmLcQEwUwk+mfDrpSP6dvsotkt43a9+E73FXW+ld0d1J41p7RmAM BB14eXlDExDYIo5QOr8ocPsBpD69ZEzVYte/YwVYL9lHXt5K/ZatOHGtML2uqJtG xlh80Pvuks5lOKXlG2E7qSmVLYszrb41E5wm1VzQw+FCA2nDnnGY1gUnyPK05WWN ZWU5xbC443YdqkCVWJ11xLTW1NHkHcUigBOjk0xvFMtD1vYFmviulTZP5SwFQ4A= =nfCk -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Sep 5 18:11:18 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 5 Sep 2009 12:11:18 -0400 Subject: encrypting compression algorithms In-Reply-To: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> References: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> Message-ID: On Sep 4, 2009, at 12:53 PM, M.B.Jr. wrote: > when symmetrically encrypting a file, e.g.: > > $ gpg --output file.ods.gpg --symmetric file.ods > > the command above generates a "gpg" extension encrypted AND compressed > file, is that correct? Unless you've disabled compression in your gpg.conf file, yes, it is both encrypted and compressed. > How do I know which compression algorithm was used? Unless you've overridden the default, it is ZIP. > How can I force any other available algorithm? personal-compress-preferences (algo) And (algo) can be "uncompressed", "zip", "zlib", or "bzip2". Note that bzip2 is only available if your GPG was built with the bzip2 library. David From jmoore3rd at bellsouth.net Sat Sep 5 18:51:03 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat, 05 Sep 2009 12:51:03 -0400 Subject: BZIP2 In-Reply-To: <4AA29553.7060607@srima.eu> References: <4AA168A6.4020108@gmail.com> <873a71ivlm.fsf@vigenere.g10code.de> <4AA23B80.2070901@bellsouth.net> <4AA29553.7060607@srima.eu> Message-ID: <4AA296F7.3050404@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sean Rima wrote: > Just removed 1.4.10, installed just the gpg section and restarted > GPGshell under Vista and it works fine Since Werner and the literature state that it is Ok to install both side-by-side is it really necessary to uninstall the 1.4.x version? =-O JOHN ;) Timestamp: Saturday 05 Sep 2009, 12:50 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn5068: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKopb1AAoJEBCGy9eAtCsPNdQH/j/R/D8XyFtYBeXRCs5CB3Xb VWE9FCrpJyiJj3wnPdlxA4ADCexXvA+CTycV9jntexGwYdX8vNQZb5QYLut4Rvjn WRz4T6NP2h4aJQS/iOy7PuNXqJ8+z0bg952Xt2JmPAiQzRHo3b5NFWbHV6XtnQM2 QXW9P00TIxPZMsfKy8cqkyrtPb7rPy4BLeqMZyOq/WoVcbNeEJhsUwq8FQN67T9n GuWSddGN7SBOuvaroYJx618/jTefLzSSh5jvXoTQoqOh1VUXEq3A5r40UQqI1QXX W19+icIDFuUXNZVHpx/BqKKCtolqY2RS5J8vJUcwAIKnamfS+aQn3TLJvPB445I= =kMAj -----END PGP SIGNATURE----- From wk at gnupg.org Sat Sep 5 18:59:13 2009 From: wk at gnupg.org (Werner Koch) Date: Sat, 05 Sep 2009 18:59:13 +0200 Subject: Yet another 1.4.10 build for Windows Message-ID: <87eiqlgwf2.fsf@vigenere.g10code.de> Hi, I had some spare time while waiting for the server of the German tax administration to return our monthly declaration. The result is another build for Windows. Yes, again with BZIP2 support. ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe.sig b86624303f2e29ade92dcfae672fe75ba9df3931 gnupg-w32cli-1.4.10b.exe Hope this helps. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From laurent.jumet at skynet.be Sat Sep 5 19:12:57 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 05 Sep 2009 19:12:57 +0200 Subject: Yet another 1.4.10 build for Windows In-Reply-To: <87eiqlgwf2.fsf@vigenere.g10code.de> Message-ID: Hello Werner ! Werner Koch wrote: > I had some spare time while waiting for the server of the German tax > administration to return our monthly declaration. The result is another > build for Windows. Yes, again with BZIP2 support. > ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe > ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe.sig Thanks ! Seems to work. -- Laurent Jumet KeyID: 0xCFAF704C From faramir.cl at gmail.com Sat Sep 5 23:05:49 2009 From: faramir.cl at gmail.com (Faramir) Date: Sat, 05 Sep 2009 17:05:49 -0400 Subject: Yet another 1.4.10 build for Windows In-Reply-To: <87eiqlgwf2.fsf@vigenere.g10code.de> References: <87eiqlgwf2.fsf@vigenere.g10code.de> Message-ID: <4AA2D2AD.9060907@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Werner Koch escribi?: > Hi, > > I had some spare time while waiting for the server of the German tax > administration to return our monthly declaration. The result is another > build for Windows. Yes, again with BZIP2 support. Thanks, that is greatly appreciated ;) Best Regards, and I hope you enjoy your vacations -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKotKtAAoJEMV4f6PvczxAs08H/1H6MwCHRTD5LKlKUemmH+dm Ryg/3JYs6aazBlY0E0Uo29ZA259WrNnHx+Fhd89kStv4TVtA5inW9qhY0Mu9uahY TBFvnPjqOEqWfVesnSTsItApe6M/Jv3MR3xJ3p5SFmBnOKkf5R26DrAFuGnCLyUV U+Y0VZ5EVF8TognVNc1ONRJRZQzYLKfLmcTp7ylSMU7KkohJBv4ngKfF/vUdUTJh /kVt6QvHGDdjRHJ5+1ePxUBt8M6FXd8r8v6btadvgYzuNVDY8d8UBtodljpZpeYb bGiaqtx6YjUjK4Oc53rF5HdNWbLhjcYIj5KmmXPbu4EzqLnLoPH4MHz6Do2BocA= =3ind -----END PGP SIGNATURE----- From marcio.barbado at gmail.com Sun Sep 6 02:59:23 2009 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Sat, 5 Sep 2009 21:59:23 -0300 Subject: encrypting compression algorithms In-Reply-To: References: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> Message-ID: <2df3b0cb0909051759i66d287abt563a288bfbd317c3@mail.gmail.com> Hi David, thank you. On Sat, Sep 5, 2009 at 1:11 PM, David Shaw wrote: > On Sep 4, 2009, at 12:53 PM, M.B.Jr. wrote: > >> How do I know which compression algorithm was used? > > Unless you've overridden the default, it is ZIP. > Ok but in this point, my doubt is about some command to check whether a "gpg" extension file is compressed and in case it is, which algorithm was used. Like (just an example): $ gpg --check-compression file.gpg Is there something like that? Regards, Marcio Barbado, Jr. From dshaw at jabberwocky.com Sun Sep 6 05:10:29 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 5 Sep 2009 23:10:29 -0400 Subject: encrypting compression algorithms In-Reply-To: <2df3b0cb0909051759i66d287abt563a288bfbd317c3@mail.gmail.com> References: <2df3b0cb0909040953t20ae62e5p17dfb720b64b146b@mail.gmail.com> <2df3b0cb0909051759i66d287abt563a288bfbd317c3@mail.gmail.com> Message-ID: On Sep 5, 2009, at 8:59 PM, M.B.Jr. wrote: > Hi David, thank you. > > > On Sat, Sep 5, 2009 at 1:11 PM, David Shaw > wrote: >> On Sep 4, 2009, at 12:53 PM, M.B.Jr. wrote: >> >>> How do I know which compression algorithm was used? >> >> Unless you've overridden the default, it is ZIP. >> > > > Ok but in this point, my doubt is about some command to check whether > a "gpg" extension file is compressed and in case it is, which > algorithm was used. Like (just an example): > > $ gpg --check-compression file.gpg > > Is there something like that? Not really, but you could look at the debug output. Try decrypting the file with "-vv" added to the command line. If it is compressed, you'll see a line like ":compressed packet: algo=1". Algo 1 is ZIP, algo 2 is ZLIB, algo 3 is BZIP2. David From htd at online.no Sun Sep 6 20:00:44 2009 From: htd at online.no (Heinz Diehl) Date: Sun, 6 Sep 2009 20:00:44 +0200 Subject: [Announce] GnuPG 2.0.13 released In-Reply-To: <877hwdivxm.fsf@vigenere.g10code.de> References: <87tyziiqlv.fsf@vigenere.g10code.de> <20090904181130.GA17899@online.no> <877hwdivxm.fsf@vigenere.g10code.de> Message-ID: <20090906180044.GA7163@online.no> On 05.09.2009, Werner Koch wrote: > The devolpment package is missing; i.e. the file pth.h . The developement package was installed, but I found out that opensuse compiles their packet with --disable-static --with-pic --enable-optimize=yes --enable-pthread=no --with-gnu-ld One or more of these options collide with the gnupg build. After a manual compilation of pth with the defaults, all went ok. Didn't try to figure out which ones were the cause for the build failure. So if anbody feels like having gnupg-2.0.13 installed on the latest opensuse, here are the facts :-) Thanks Werner for your help! From jmoore3rd at bellsouth.net Sun Sep 6 22:11:59 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sun, 06 Sep 2009 16:11:59 -0400 Subject: Build Question RE: svn5158 Message-ID: <4AA4178F.7000600@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Attempting to Build svn5158 with the MSYS/MinGW Environment I came up short with an Error I haven't seen before. In the doc Directory the line below caused the Build process to Fail. gnupg1.texi :4: @include 'version.texi' : No such file or directory followed by 4 lines of WARNINGS then stopping with makeinfo : Removing output file 'gnupg1.info' due to errors ; use - --force to preserve There were also 2 recursive Errors preceded by [make] Since this one is new to Me and of course I am only interested in the executables and not any documentation I am asking if anyone here can offer some Good Orderly Direction or can 'school' Me as to what I have done wrong. TIA JOHN ;) Timestamp: Sunday 06 Sep 2009, 16:10 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKpBeBAAoJEBCGy9eAtCsPLE0IAIuRSwS3sAmcMaJjvf6rT0Ra dAFDpX4uqTNl4BlL+aYMa0DG7MVJ4YTw0N6hlDmdto5eARoF7dRNNwbTjHDfH0vq 5/YbRPgOgZpnOwvRXqWQyS4V5Rri0OdXX0JngHoAqc3rzPrhrgqh1yBln46uSZJy 5GT0ejD8E4CMTzsXlaYCHGCLWvmsZE/Se9wPMGiKWJdg6fI77cEAaytLkcGB7v80 xbHOH8hVGkZYSvwkm1rb7Wtag1kW0ZHibSaqc4eiJ4Cbk2CDYBaOmIAAXvbbmZG4 sOfGM/jcog16RxYcx+PqAIFgVS8+25YnQ/6e1WO9lFk2aoA7n6OoYdoB1I4pQKs= =YIdN -----END PGP SIGNATURE----- From mcse83 at hotmail.com Sun Sep 6 22:55:47 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Sun, 06 Sep 2009 21:55:47 +0100 Subject: Cant get Fellowship card to work In-Reply-To: <87ljmzy4ad.fsf@wheatstone.g10code.de> References: <87ljmzy4ad.fsf@wheatstone.g10code.de> Message-ID: The SCM Microsystems Inc. SCR3340 ExpressCard Reader seems to work as it can read the OpenPGP 2.0 card (I do have problems writing changes to it though, see below). I have just upgraded to GPG 1.4.10 but when I try to create a key pair on the OpenPGP 2.0 card it says: An undefined error occurred (this is when I do it using OpenPGP in Thunderbird by selecting Manage Smartcard from the OpenPGP menu) Is running GPG 1.4.10 up to date enough to be able to generate key pairs on the newer OpenPGP 2.0 cards? If not what do I need to do to be able to use the OpenPGP 2.0 card? Not sure why but I can't access http://www.gpg4win.org... Thanks for any help! From dshaw at jabberwocky.com Mon Sep 7 00:45:12 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 6 Sep 2009 18:45:12 -0400 Subject: Cant get Fellowship card to work In-Reply-To: References: <87ljmzy4ad.fsf@wheatstone.g10code.de> Message-ID: On Sep 6, 2009, at 4:55 PM, Sean Wilson wrote: > The SCM Microsystems Inc. SCR3340 ExpressCard Reader seems to work > as it > can read the OpenPGP 2.0 card (I do have problems writing changes to > it > though, see below). > > I have just upgraded to GPG 1.4.10 but when I try to create a key pair > on the OpenPGP 2.0 card it says: > > An undefined error occurred (this is when I do it using OpenPGP in > Thunderbird by selecting Manage Smartcard from the OpenPGP menu) > > Is running GPG 1.4.10 up to date enough to be able to generate key > pairs > on the newer OpenPGP 2.0 cards? Yes, it should. Are you using pcsc or the built-in card driver? What platform are you using? David From allen.schultz at gmail.com Mon Sep 7 05:32:01 2009 From: allen.schultz at gmail.com (Allen Schultz) Date: Sun, 06 Sep 2009 21:32:01 -0600 Subject: Turning off GPG-Agent on default install of GPG4Win 2.0.0 Message-ID: <4AA47EB1.8050506@gmail.com> GnuPG Users: How do I turn off the GPG Agent in the default install of GPGWin 2.0.0? I don't like it and don't want it as it keeps asking to frequently for Psi. -- Allen Schultz PS: Please see attached VCF attachment for contact and GPG key info. Signature.asc requires GPG/PGP to be installed to verify signature. -------------- next part -------------- A non-text attachment was scrubbed... Name: allen_schultz.vcf Type: text/x-vcard Size: 648 bytes Desc: not available URL: From mcse83 at hotmail.com Mon Sep 7 10:02:57 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Mon, 07 Sep 2009 09:02:57 +0100 Subject: Cant get Fellowship card to work In-Reply-To: References: Message-ID: I am running Windows Vista. I think I am running the built in driver for the card reader. What additional software do I need to install to get the OpenPGO 2.0 card to work?? From henkdebruijn at gswot.org Mon Sep 7 10:26:21 2009 From: henkdebruijn at gswot.org (Henk M. de Bruijn) Date: Mon, 07 Sep 2009 10:26:21 +0200 Subject: Turning off GPG-Agent on default install of GPG4Win 2.0.0 In-Reply-To: <4AA47EB1.8050506@gmail.com> References: <4AA47EB1.8050506@gmail.com> Message-ID: <4AA4C3AD.2020901@gswot.org> Allen Schultz schreef: > How do I turn off the GPG Agent in the default install of GPGWin 2.0.0? > I don't like it and don't want it as it keeps asking to frequently for Psi. I think there is an option to install it with or without GPA. -- Henk M. de Bruijn ________________________________________________________________________ Mozilla Thunderbird 2.0.0.23 (20090812) Enigmail 0.96.0 OpenPGP message encryption and authentication From brecht at sanders.org Thu Sep 3 11:23:09 2009 From: brecht at sanders.org (Brecht Sanders) Date: Thu, 03 Sep 2009 11:23:09 +0200 Subject: GnuPG 2.0.12 on Windows Message-ID: <4A9F8AFD.1050308@sanders.org> Hi, When compiling 2.0.12 on Windows with MinGW/MSYS there was a compilation error on scd/ccid-driver.c because ETIMEDOUT doesn't exist on Windows. This can be fixed by using WSAETIMEDOUT instead. Maybe a simple #ifdef __MINGW32__ can be used to resolve this? Once I replaced this the rest of the build worked fine. Regards Brecht Sanders From jan.suhr at privacyfoundation.de Mon Sep 7 12:10:54 2009 From: jan.suhr at privacyfoundation.de (Jan Suhr) Date: Mon, 07 Sep 2009 12:10:54 +0200 Subject: problem: OpenPGP Card 2.0 + GnuPG 1.4.10b In-Reply-To: <4AA47EB1.8050506@gmail.com> References: <4AA47EB1.8050506@gmail.com> Message-ID: <4AA4DC2E.1030800@privacyfoundation.de> Hi! I installed the latest build of GnuPG 1.4.10b for Windows and tested the OpenPGP Card 2.0 the following way: 1. Generated new keys on the OpenPGP Card 2.0 for email address test at example.com 2. Encrypted a file: "gpg -e -r test at example.com testfile" 3. Decryted the file: "gpg -d testfile.gpg" Unfortunately I retrieve the following error: C:>gpg -d testfile.gpg gpg: detected reader `Gemplus USB Smart Card Reader 0' gpg: detected reader `Texas Instruments SmartCardSlot 0' Bitte die PIN eingeben gpg: verschl?sselt mit 3072-Bit RSA Schl?ssel, ID 278D09E8, erzeugt 2009-09-07 "Test Test " gpg: Entschl?sselung mit Public-Key-Verfahren fehlgeschlagen: Allgemeiner Fehler gpg: Entschl?sselung fehlgeschlagen: Geheimer Schl?ssel ist nicht vorhanden I don't understand the reason for this problem because the claimed key 278D09E8 is exactly what I generated before. "gpg --card-status" proves that the required key is available: Signature key ....: 26B2 4BD5 31E2 EE7C 36CD 7DAA 6CEC 5307 03DC 9552 created ....: 2009-09-07 09:47:35 Encryption key....: 60BB 063C 079B 0BF3 E9B2 6E90 BAF2 3ED9 278D 09E8 created ....: 2009-09-07 09:47:35 Authentication key: C569 0B26 3A53 BFE6 90FE 664C E140 FB78 C4AF AC2D created ....: 2009-09-07 09:47:35 General key info..: pub 3072R/03DC9552 2009-09-07 Test Test sec> 3072R/03DC9552 erzeugt: 2009-09-07 verf?llt: niemals Kartennummer:0000 0000002B ssb> 3072R/C4AFAC2D erzeugt: 2009-09-07 verf?llt: niemals Kartennummer:0000 0000002B ssb> 3072R/278D09E8 erzeugt: 2009-09-07 verf?llt: niemals Kartennummer:0000 0000002B Any idea what is wrong? Regards Jan From tomp at idirect.com Mon Sep 7 15:48:29 2009 From: tomp at idirect.com (Tom Pegios) Date: Mon, 07 Sep 2009 09:48:29 -0400 Subject: Build Question RE: svn5158 In-Reply-To: <4AA4178F.7000600@bellsouth.net> References: <4AA4178F.7000600@bellsouth.net> Message-ID: <4AA50F2D.6060701@idirect.com> John W. Moore III wrote: > - gpg control packet > Attempting to Build svn5158 with the MSYS/MinGW Environment I came up > short with an Error I haven't seen before. > > In the doc Directory the line below caused the Build process to Fail. > > gnupg1.texi :4: @include 'version.texi' : No such file or directory > > followed by 4 lines of WARNINGS then stopping with > > makeinfo : Removing output file 'gnupg1.info' due to errors ; use > --force to preserve > > There were also 2 recursive Errors preceded by [make] > > Since this one is new to Me and of course I am only interested in the > executables and not any documentation I am asking if anyone here can > offer some Good Orderly Direction or can 'school' Me as to what I have > done wrong. > > TIA > > JOHN ;) > Timestamp: Sunday 06 Sep 2009, 16:10 --400 (Eastern Daylight Time) Hi John In doc\gnupg1.texi change line 4 from: @include 'version.texi to @c include 'version.texi The 'c' after '@' changes the line to a comment (and fixes your problem) That is the quick and dirty fix if you don't need any documentation. Tom From mcse83 at hotmail.com Mon Sep 7 18:41:49 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Mon, 07 Sep 2009 17:41:49 +0100 Subject: Cant get Fellowship card to work In-Reply-To: References: Message-ID: I think I should provide a bit more information about my setup, I am REALLY confused now (lol): Vista Home Premium with SP2 Thunderbird 2.0.0.23 Enigmail 0.96.0 SCR3340 ExpressCard Reader OpenPGP 2.0 smart card GPG 1.4.10 Currently I subscribe to Hushmail for my email. I use Thunderbird/Enigmail/GPG to be able to send/receive encrypted/signed PGP email using their service. I have been doing this for about 2 years now and I keep the private key on my laptops (encrypted) drive. After much reading about the OpenPGP 2.0 card I knew I had to have one ;-)) So I bought one the week it was released. I have been playing around with the card today as I have the day off work but it seems to have me lost as to how it works. I generated a test key pair on the OpenPGP card. My understanding of the reason for doing this was that it was the most secure way as the private key never touches your hard drive and its ONLY present on the OpenPGP card (which you can only access with the correct PIN). Heres were I am confused. When I go into "Key Management" in Thunderbird (under the OpenPGP menu) I can see my new key pair listed there even if I remove the OpenPGP card from the reader?! Also, if the cards removed from the reader, I can right click the new key pair in "Key Management" and select "Export keys to file" and it even saves the secret key to the file on my hard drive!!! I thought the whole point of having the key generated ON the OpenPGP card was so that it was secure (by never being on the hard drive)? Whats the point if I can save a copy of it from "Key Management" WHILE the OpenPGP card is not in the reader? The other things is, how do I know when I look at my private keys in "Key Management" which ones are on the OpenPGP card and which ones are stored locally on my hard drive? When I sign/encrypt a test email I don't know for sure if its using the private key off the hard drive or OpenPGP 2.0 card. If anyone can shed some light on this I would greatly appreciate it! I really want to store my Hushmail 2048bit private key on the OpenPGP 2.0 card and access it via the PIN only rather than use the current way I have it configured (ie: private key stored locally on hard drive with no smart card). I thought it would be as easy as copying the Hushmail private key onto the OpenPGP 2.0 card and telling Thunderbird to use the private key from the smart card rather than the hard drive key... On another note, is it possible to completely erase all key on the OpenPGP 2.0 card once I have finished testing them? Thank you. From mcse83 at hotmail.com Mon Sep 7 22:27:39 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Mon, 07 Sep 2009 21:27:39 +0100 Subject: Cant get Fellowship card to work In-Reply-To: References: Message-ID: Another update ;-) I copied my Hushmail keys onto the OpenPGP 2.0 card by using the keytocard command. When I run gpg --card-status I can see that my keys are there. But when I try to decrypt a Hushmail email in Thunderbird I get this error: ======================================================================= OpenPGP Security Info Error - secret key needed to decrypt message gpg command line and output: C:\Program Files\GNU\GnuPG\gpg.exe gpg: detected reader `AKS ifdh 0' gpg: detected reader `AKS ifdh 1' gpg: detected reader `AKS VR 0' gpg: detected reader `Aladdin Token JC 0' gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0' gpg: fingerprint on card does not match requested one gpg: encrypted with 2048-bit RSA key, ID xxxxxx, created 2006-07-11 ""xxxxxxx at hush.com" " gpg: encrypted with 2048-bit RSA-E key, ID xxxxxx, created 2009-05-27 ""xxxxxx at hushmail.com" " gpg: public key decryption failed: wrong secret key used gpg: decryption failed: secret key not available ======================================================================= Can someone explain to me why this is happening? I am really battling to get my keys to work with this OpenPGP card ;-( PS: If I try to decrypt the email by NOT using the OpenPGP 2.0 card then it decrypts the email first time! From lord.icervantes at gmail.com Tue Sep 8 06:31:36 2009 From: lord.icervantes at gmail.com (=?ISO-8859-1?Q?Iv=E1n_Cervantes?=) Date: Mon, 7 Sep 2009 23:31:36 -0500 Subject: RSA only enable to sign Message-ID: Hi, Can you help me with the next: why I have RSA only to sign?? Im from Mexico and the link http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#me say that in my country there are no restrictions. ian at ian-laptop:~$ gpg --gen-key gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Por favor seleccione tipo de clave deseado: (1) DSA y ElGamal (por defecto) (2) DSA (s?lo firmar) (5) RSA (s?lo firmar) ?Su elecci?n?: Thanks. -- Iv?n Cervantes -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Sep 8 08:04:02 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 08 Sep 2009 02:04:02 -0400 Subject: RSA only enable to sign In-Reply-To: References: Message-ID: <4AA5F3D2.80807@sixdemonbag.org> There are some Spanish-speakers on this list who might be able to give you a Spanish answer. If you don't mind an English answer, I'll try to answer it. > Can you help me with the next: why I have RSA only to sign?? You need to add an RSA encryption subkey. Go ahead and create a sign-only RSA key. Then: gpg --edit-key [my key ID] addkey At the prompt, choose "(6) RSA (encrypt only)". It may be numbered differently on your machine. Go through the rest of the steps and you will have add an RSA encryption subkey. Send the updated key on to the keyserver network and your friends can now use that encryption subkey to encrypt data meant for you. From lord.icervantes at gmail.com Tue Sep 8 08:38:05 2009 From: lord.icervantes at gmail.com (=?ISO-8859-1?Q?Iv=E1n_Cervantes?=) Date: Tue, 8 Sep 2009 01:38:05 -0500 Subject: RSA only enable to sign In-Reply-To: <4AA5F3D2.80807@sixdemonbag.org> References: <4AA5F3D2.80807@sixdemonbag.org> Message-ID: Hi Robert, thanks for the answer, I did that one week ago, and works fine but i need the private key to generate the subkey. But its true that you say, we can enable a subkey of RSA to encrypt. Changing a little my question, why I have only three options in my gpg installation?? The reason is that I develop a system that import a public key (In theory any algorithm in gpg) and then my system encrypt a file with that public key. Thats an automatic process and I can request the private key to my users because that broke my security protocol. thanks. 2009/9/8 Robert J. Hansen > There are some Spanish-speakers on this list who might be able to give > you a Spanish answer. If you don't mind an English answer, I'll try to > answer it. > > > Can you help me with the next: why I have RSA only to sign?? > > You need to add an RSA encryption subkey. Go ahead and create a > sign-only RSA key. Then: > > gpg --edit-key [my key ID] addkey > > At the prompt, choose "(6) RSA (encrypt only)". It may be numbered > differently on your machine. > > Go through the rest of the steps and you will have add an RSA encryption > subkey. Send the updated key on to the keyserver network and your > friends can now use that encryption subkey to encrypt data meant for you. > > -- Iv?n Cervantes -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Sep 8 08:50:39 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 08 Sep 2009 02:50:39 -0400 Subject: RSA only enable to sign In-Reply-To: References: <4AA5F3D2.80807@sixdemonbag.org> Message-ID: <4AA5FEBF.1070707@sixdemonbag.org> Iv?n Cervantes wrote: > Changing a little my question, why I have only three options in my gpg > installation?? A GnuPG "key" isn't just one piece of data. It's a whole lot of pieces of data. All GnuPG keys -- what we should really call "certificates" -- have a signing key. That's the most basic, fundamental thing in the certificate. If you want to be able to encrypt, you have to add an encryption subkey. Up until GnuPG 1.4.10, GnuPG would create a DSA signing key and an ElGamal encryption key for you as one single operation. You executed "--gen-key", and GnuPG created the signing key, added the encryption subkey, and you were done. RSA was considered to be for advanced users. Advanced users were believed to be capable of generating their signing key, and then adding their own encryption key later. From faramir.cl at gmail.com Tue Sep 8 21:33:02 2009 From: faramir.cl at gmail.com (Faramir) Date: Tue, 08 Sep 2009 15:33:02 -0400 Subject: RSA only enable to sign In-Reply-To: References: <4AA5F3D2.80807@sixdemonbag.org> Message-ID: <4AA6B16E.9060002@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Iv?n Cervantes escribi?: ... > Changing a little my question, why I have only three options in my gpg > installation?? I'll reply in English so other people can correct me if I am wrong. I think unless you activate the expert options, you get a reduced set of options. I added the line "expert" to my gpg.conf file, and I get the following options when I generate keys: Por favor seleccione tipo de clave deseado: (1) DSA y ElGamal (por defecto) (2) DSA (s?lo firmar) (3) DSA (permite elegir capacidades) (5) RSA (s?lo firmar) (7) RSA (permite elegir capacidades) Su elecci?n: And the following options when adding a subkey. Por favor seleccione tipo de clave deseado: (2) DSA (s?lo firmar) (3) DSA (permite elegir capacidades) (4) ElGamal (s?lo cifrar) (5) RSA (s?lo firmar) (6) RSA (s?lo cifrar) (7) RSA (permite elegir capacidades) The options you miss when generating a new key are the options where you can chose the capabilities the key will have, and since a mistake there can create a useless (for your purposes) key, they are available only to experts (or to call them other way, to not-newbies). Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKprFtAAoJEMV4f6PvczxAejAH/jkUTEkEAuVZqPOAxWMqkwd/ Mv7hLhBsCGmj6m7MXzVoSfbwsdgtND/AlA4II0xfGLIOcO07Wj/ojVMfoH8xEdTL FMoky+N0bzFqOhA15xcs+nY03108mfbq9knqxIaN+68iG+VVsn/AraTYYupkTRxu oCL041Z6SvXyJqDMjNE7GBHh/OrZb4PHil1WJcTrI1a+vBigqW7Ym5vMTB1840is uBJWlV3XS+Ni9/vmFXeTnqhvIAYS4KSXjig1P5iBkmtn53F78YM80uEKW4XPcNk6 rBYsbzZIGPvuLerHx4TS5zbT8ORBMSBfmG2jnQj63Iw56xdl2Rts+tuGKL73fJU= =aU6J -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Sep 9 01:32:19 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 8 Sep 2009 19:32:19 -0400 Subject: RSA only enable to sign In-Reply-To: <4AA6B16E.9060002@gmail.com> References: <4AA5F3D2.80807@sixdemonbag.org> <4AA6B16E.9060002@gmail.com> Message-ID: <28FDBDCB-AED2-4D46-A6AA-7AD62C0D5334@jabberwocky.com> On Sep 8, 2009, at 3:33 PM, Faramir wrote: > Iv?n Cervantes escribi?: > ... >> Changing a little my question, why I have only three options in my >> gpg >> installation?? > > I'll reply in English so other people can correct me if I am wrong. > I think unless you activate the expert options, you get a reduced > set > of options. I added the line "expert" to my gpg.conf file, and I get > the > following options when I generate keys: [...] > The options you miss when generating a new key are the options where > you can chose the capabilities the key will have, and since a mistake > there can create a useless (for your purposes) key, they are available > only to experts (or to call them other way, to not-newbies). Just right. As a general rule, people should never need --expert to do regular OpenPGP-ish things (make keys, encrypt stuff, etc). David From allen.schultz at gmail.com Wed Sep 9 05:45:39 2009 From: allen.schultz at gmail.com (Allen Schultz) Date: Tue, 08 Sep 2009 21:45:39 -0600 Subject: Turning off GPG-Agent on default install of GPG4Win 2.0.0 In-Reply-To: <4AA65B5F.9040209@gswot.org> References: <4AA47EB1.8050506@gmail.com> <4AA4C3AD.2020901@gswot.org> <4AA5F79F.6040308@gmail.com> <4AA60195.6070401@gswot.org> <4AA60558.1000805@gmail.com> <4AA65B5F.9040209@gswot.org> Message-ID: <4AA724E3.4070308@gmail.com> Henk M. de Bruijn wrote: > I checked but even after setting off the option to install GPA. The > relevant files are still installed and when closing the preference menu > a menu keeps on popping up about GPA and the passphrase. > I don't know which files are involved. I think I figured ot what is acting as the gpg-agent in this newer install. Since they dropped WinPT and added Kleopatra, the interface changed to this (to me) annoying pinentry.exe asking for my passphrase. I think I will install component by component myself and try it out that way. -- Allen Schultz PS: Please see attached VCF attachment for contact and GPG key info. Signature.asc requires GPG/PGP to be installed to verify signature. -------------- next part -------------- A non-text attachment was scrubbed... Name: allen_schultz.vcf Type: text/x-vcard Size: 648 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 552 bytes Desc: OpenPGP digital signature URL: From henkdebruijn at gswot.org Wed Sep 9 06:58:40 2009 From: henkdebruijn at gswot.org (Henk M. de Bruijn) Date: Wed, 09 Sep 2009 06:58:40 +0200 Subject: Turning off GPG-Agent on default install of GPG4Win 2.0.0 In-Reply-To: <4AA724E3.4070308@gmail.com> References: <4AA47EB1.8050506@gmail.com> <4AA4C3AD.2020901@gswot.org> <4AA5F79F.6040308@gmail.com> <4AA60195.6070401@gswot.org> <4AA60558.1000805@gmail.com> <4AA65B5F.9040209@gswot.org> <4AA724E3.4070308@gmail.com> Message-ID: <4AA73600.5040506@gswot.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Allen Schultz schreef: > Henk M. de Bruijn wrote: >> I checked but even after setting off the option to install GPA. The >> relevant files are still installed and when closing the preference menu >> a menu keeps on popping up about GPA and the passphrase. >> I don't know which files are involved. > > I think I figured ot what is acting as the gpg-agent in this newer > install. Since they dropped WinPT and added Kleopatra, the interface > changed to this (to me) annoying pinentry.exe asking for my passphrase. > I think I will install component by component myself and try it out that > way. Please let me(us) know the result? - -- Met vriendelijke groet, Henk M. de Bruijn ________________________________________________________________________ Mozilla Thunderbird 2.0.0.23 (20090812) Enigmail 0.96.0 OpenPGP message encryption and authentication -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (x86_64-pc-Msys/MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKpzX/AAoJEBHuy+60ZN0POvEH/2fjfdyd4DF7CywC61Z+e2/k Apg7NVV0DZ+1dag8ClXBhNVLJ09805JuJgzqRXeWruzjsTIH88qwK8KVnCR+IYDb du9ivLHoE4th2Qxmo2LOF81WskHVZ+DVRycjs9CKL/0xacmEaSRmTfrnBalxDMVQ 4rzo5wqtFf56+dXaW2whZ6qAXJXllsbMJLRUjYx61kOO7XJ1miwd5NTcnOw8qNGp HQefwxkWpMEZdFEBXVlp3nz1z1ZmWhxHKECf1r2UFO5z3qTWAMNEZ17Wuhazk3HL EWVVEtKBuZsTl4hn8GkPzjIK12VHQWrAAJ8L4YFqYqAhPMguqttfdBONsFEjcFk= =Dq6T -----END PGP SIGNATURE----- From markr-gnupg at signal100.com Wed Sep 9 08:25:56 2009 From: markr-gnupg at signal100.com (Mark Rousell) Date: Wed, 09 Sep 2009 07:25:56 +0100 Subject: Turning off GPG-Agent on default install of GPG4Win 2.0.0 In-Reply-To: <4AA724E3.4070308@gmail.com> References: <4AA47EB1.8050506@gmail.com> <4AA4C3AD.2020901@gswot.org> <4AA5F79F.6040308@gmail.com> <4AA60195.6070401@gswot.org> <4AA60558.1000805@gmail.com> <4AA65B5F.9040209@gswot.org> <4AA724E3.4070308@gmail.com> Message-ID: <4AA74A74.8050603@signal100.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Allen Schultz wrote: > I think I figured ot what is acting as the gpg-agent in this newer > install. Since they dropped WinPT and added Kleopatra, the interface > changed to this (to me) annoying pinentry.exe asking for my passphrase. > I think I will install component by component myself and try it out that > way. Let us know what you find out but as far as I am aware there is no way to prevent GnuPG 2 from using gpg-agent/pinentry.exe. I asked about this some time ago on the Enigmail list (I initially thought it was an Enigmail problem) and Patrick Brunschwig told me that GnuPG 2 insists on always using an external gpg-agent program of some sort. Thus the solution, if you don't want to use gpg-agent, is to switch back to using GnuPG 1 (which isn't included in Gpg4win any more, or at least it wasn't included when I last looked at Gpg4win). GnuPG 1 and 2 can co-exist perfectly happily in practice. - -- MarkR PGP public key: http://www.signal100.com/markr/publickey Key ID: C9C5C162 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqnSnQACgkQJQGogsnFwWIGQwCeKi3gxF9oyPPYCH5nVE55RtZu 14YAn1mpNbRau4FEfljULq13yqjJ6fFy =ZjYR -----END PGP SIGNATURE----- From vedaal at hush.com Wed Sep 9 20:20:50 2009 From: vedaal at hush.com (vedaal at hush.com) Date: Wed, 09 Sep 2009 14:20:50 -0400 Subject: Selecting cipher to generate a key pair Message-ID: <20090909182050.C458B20040@smtp.hushmail.com> From: "Smith, Cathy" Date: 2009-04-30 21:54:15 Message-ID: 255999BBAD1AEE4EA6AA193F66611642AEAA0A () EMAIL03 ! pnl ! >Is it possible to select a specific cipher, such as Triple-DES or >Blowfish, to use to generate a key pair? yes, (temporarily) put the following options into your gpg.conf file; s2k-cipher-algo Blowfish expert (you can comment it out with a # in front of it after you generate the key, if you plan to use this often or change ciphers) caveats: [1] if you do this, then if you encrypt anything symmetrically (i.e. not to a public key), it will use the same cipher unless you specifically mention which cipher to use when you encrypt symmetrically [2] might not need the option of 'expert', am not sure (but if you want to do custom stuff, just leave it there anyway, and more choices will show up at the gpg prompt ;-) ) vedaal From bo.berglund at telia.com Wed Sep 9 23:07:44 2009 From: bo.berglund at telia.com (BosseB) Date: Wed, 09 Sep 2009 23:07:44 +0200 Subject: How do I use gpg to decrypt encrypted files???? Message-ID: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> I have a number of encrypted files, which I need to decrypt. I have installed GPG 1.4.9 on my Windows XP-Pro SP3 PC. I have the necessary keyrings and they work with Thunderbird and Enigmail. But as I said I need to decrypt files that are on my hard disk, not in an email.... I tried this command in a command window: gpg -d I got a prompt for my passphrase and as soon as I entered this the window filled with large amounts of strange characters and the PC speaker started to beep and never would stop. I finally had to use ProcessExplorer and kill the cmd process to get silence. :-( What is the correct procedure to decrypt a file thta has been encrypted with my public key? And is there no way to use some kind of GUI tool to do this so the masses of option codes are automatically used? -- Bo Berglund Developer in Sweden From erik at lotspeich.org Wed Sep 9 23:21:07 2009 From: erik at lotspeich.org (Erik Lotspeich) Date: Wed, 09 Sep 2009 16:21:07 -0500 Subject: How do I use gpg to decrypt encrypted files???? In-Reply-To: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> Message-ID: <4AA81C43.4060300@lotspeich.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, You'll likely want to redirect the decrypted output to a file. I'm no expert on the DOS/Windows command-line, so I don't know if this would work there. On Linux/Unix, I'd do this: gpg -d > Note the ">" redirection operator. Regards, Erik BosseB wrote: > I have a number of encrypted files, which I need to decrypt. I have > installed GPG 1.4.9 on my Windows XP-Pro SP3 PC. I have the necessary > keyrings and they work with Thunderbird and Enigmail. > > But as I said I need to decrypt files that are on my hard disk, not in > an email.... > > I tried this command in a command window: > gpg -d > I got a prompt for my passphrase and as soon as I entered this the > window filled with large amounts of strange characters and the PC > speaker started to beep and never would stop. > I finally had to use ProcessExplorer and kill the cmd process to get > silence. :-( > > What is the correct procedure to decrypt a file thta has been > encrypted with my public key? > And is there no way to use some kind of GUI tool to do this so the > masses of option codes are automatically used? > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkqoHEMACgkQY21D/n6bGwfWWQCfYFvagb2GgGVLrvBjM7G8btf4 7BIAn0Fk6FZ/34YFhltA/qAloXVxARAP =Msqk -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Sep 9 23:29:47 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 9 Sep 2009 17:29:47 -0400 Subject: How do I use gpg to decrypt encrypted files???? In-Reply-To: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> Message-ID: <59D37CC1-78AB-48B9-9E7F-C033E4B3A20E@jabberwocky.com> On Sep 9, 2009, at 5:07 PM, BosseB wrote: > I have a number of encrypted files, which I need to decrypt. I have > installed GPG 1.4.9 on my Windows XP-Pro SP3 PC. I have the necessary > keyrings and they work with Thunderbird and Enigmail. > > But as I said I need to decrypt files that are on my hard disk, not in > an email.... > > I tried this command in a command window: > gpg -d > I got a prompt for my passphrase and as soon as I entered this the > window filled with large amounts of strange characters and the PC > speaker started to beep and never would stop. > I finally had to use ProcessExplorer and kill the cmd process to get > silence. :-( Take away the "-d". Just plain "gpg my-file-to-decrypt.asc" will do what you want, and save the result in "my-file-to-decrypt" (it removes the ".asc"). If you want to control the name that the file is saved under, do: gpg -o file-to-save-the-decrypted-data-in my-file-to-decrypt.asc > What is the correct procedure to decrypt a file thta has been > encrypted with my public key? > And is there no way to use some kind of GUI tool to do this so the > masses of option codes are automatically used? http://www.gpg4win.org/ David From faramir.cl at gmail.com Wed Sep 9 23:30:18 2009 From: faramir.cl at gmail.com (Faramir) Date: Wed, 09 Sep 2009 17:30:18 -0400 Subject: How do I use gpg to decrypt encrypted files???? In-Reply-To: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> Message-ID: <4AA81E6A.6000504@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 BosseB escribi?: ... > But as I said I need to decrypt files that are on my hard disk, not in > an email.... > > I tried this command in a command window: > gpg -d I have never encrypted or decrypted from command line, so I can't tell where was the error... ... > And is there no way to use some kind of GUI tool to do this so the > masses of option codes are automatically used? Sure, there are several GUIs that can help you. I like a lot GPGShell (it is not opensource, but it is free -as free beer-), you can download it from http://www.jumaros.de/rsoft/index.html Last time I installed it, it required gpg.exe to be in Path windows global environment variable, otherwise it couldn't locate it. Another one (which I have not tried) is WinPT. There are more GUIs, you just need to google... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKqB5qAAoJEMV4f6PvczxAdnEH/R3dGjECyV5EyHPq6NcNdc3A jjEYFFifRaJO1k0XBcXQJK+87Mv0dDU2745ODcPdMnNtPAXfUBm2URcq5+DNMUuF DKOmhU29ipenrDscP1nmo1EsTAoj5uhUznnE99S6YNX5C4TrdV8f6EaBFjSwnqo+ ZfOeTRKtRz9GXpBpf61yisfs+/o5pW++HStzT3tnwnQejpBVutgGBBME9wg/t/cO VGUu+fDgfZ16ZyxG5OeAkPN6djbVIpM0s8HkEbfCZYNgHCeo//85cVb9Dj7yb27j erhwGrvXZ2+kjUDWyQiYgjIl4R8Zk9SmOIeGBLHOqvulHrvqzeRfc4RSKqCq5Vw= =4VWs -----END PGP SIGNATURE----- From bo.berglund at telia.com Wed Sep 9 23:50:28 2009 From: bo.berglund at telia.com (BosseB) Date: Wed, 09 Sep 2009 23:50:28 +0200 Subject: How do I use gpg to decrypt encrypted files???? References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> <59D37CC1-78AB-48B9-9E7F-C033E4B3A20E__2803.35139618746$1252531875$gmane$org@jabberwocky.com> Message-ID: On Wed, 9 Sep 2009 17:29:47 -0400, David Shaw wrote: >On Sep 9, 2009, at 5:07 PM, BosseB wrote: > >> I have a number of encrypted files, which I need to decrypt. I have >> installed GPG 1.4.9 on my Windows XP-Pro SP3 PC. I have the necessary >> keyrings and they work with Thunderbird and Enigmail. >> >> But as I said I need to decrypt files that are on my hard disk, not in >> an email.... >> >> I tried this command in a command window: >> gpg -d >> I got a prompt for my passphrase and as soon as I entered this the >> window filled with large amounts of strange characters and the PC >> speaker started to beep and never would stop. >> I finally had to use ProcessExplorer and kill the cmd process to get >> silence. :-( > >Take away the "-d". Just plain "gpg my-file-to-decrypt.asc" will do >what you want, and save the result in "my-file-to-decrypt" (it removes >the ".asc"). If you want to control the name that the file is saved >under, do: > > gpg -o file-to-save-the-decrypted-data-in my-file-to-decrypt.asc This worked but is not mentioned in the help (gpg -h) at all even though it seems to be the most important command one needs in order to use GPG... (hint, hint) >> What is the correct procedure to decrypt a file thta has been >> encrypted with my public key? >> And is there no way to use some kind of GUI tool to do this so the >> masses of option codes are automatically used? > >http://www.gpg4win.org/ > I tried installing gpg4win last week on my PC but had to uninstall it afterwards because it invaded my Outlook 2003 to such an extent that it became unusable for normal email use. :-( So I had to revert to installing GPG instead and then I don't have any integration with Outlook anymore so I have to start using Thunderbird for encrypted correspondence (with Enigmail). Sigh.... Funnily I only found GPG 1.4.9 on the GnuPG site even though Gpg4Win came with some version 2.0.x, why is this? And might my problems with Gpg4Win stem from its use of a GPG ver 2 level? Several years ago I had installed a Gpg4Win on a PC, which integrated OK with Outlook, not at all like the one I found last week. I also seem to recall that back a few years there was a piece of software that after installation offered a rightclick menu item in Windows Explorer for encrypting/decrypting a file depending on the file type clicked on. If it was an ASC file it offered decrypt and otherwise encrypt. But I have failed to find such software now. Maybe I am only dreaming or possibly it was part of PGP7, which I used at one time? -- Bo Berglund Developer in Sweden From laurent.jumet at skynet.be Thu Sep 10 00:08:30 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Thu, 10 Sep 2009 00:08:30 +0200 Subject: How do I use gpg to decrypt encrypted files???? In-Reply-To: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> Message-ID: Hello BosseB ! BosseB wrote: > I have a number of encrypted files, which I need to decrypt. I have > installed GPG 1.4.9 on my Windows XP-Pro SP3 PC. I have the necessary > keyrings and they work with Thunderbird and Enigmail. > But as I said I need to decrypt files that are on my hard disk, not in > an email.... > I tried this command in a command window: > gpg -d > I got a prompt for my passphrase and as soon as I entered this the > window filled with large amounts of strange characters and the PC > speaker started to beep and never would stop. > I finally had to use ProcessExplorer and kill the cmd process to get > silence. :-( If you don't specify the final file, GPG writes it to stdout (the screen); and if the file contains non ASCII carachters, you'll get full of garbage. You should use instead: gpg --yes --output finalfile encrypted.asc (The "-D" is not mandatory as GPG assumes you want to decrypt). But there is an easier way: install GPGShell and you only need to rightclick on the file and call the appropriate decrypting menu: http://www.jumaros.de/rsoft/index.html -- Laurent Jumet KeyID: 0xCFAF704C From philcerf at googlemail.com Thu Sep 10 00:43:48 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Thu, 10 Sep 2009 00:43:48 +0200 Subject: howto secure older keys after the recent attacks Message-ID: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> Hi. Now something more realistic and pracitcal. I'm using gpg for anonymous but secured communication together with some of my friends for some years now.... Recently I've read on severa attacks on SHA1 and AES256 that could also affect gpg and its keys. So waht I'd like to see is some step by step howto on securing older keys (written by some expert probably ;-) ). I have two keys a the moment one is a 4096 bit RSA key, the oder (for daily use) has 1024 bits. Using the pgpdump tool I found out that it has these settings: Old: Signature Packet(tag 2)(567 bytes) Ver 4 - new Sig type - Positive certification of a User ID and Public Key packet(0x13). Pub alg - RSA Encrypt or Sign(pub 1) Hash alg - SHA1(hash 2) Hashed Sub: key flags(sub 27)(1 bytes) Flag - This key may be used to certify other keys Flag - This key may be used to sign data Hashed Sub: preferred symmetric algorithms(sub 11)(5 bytes) Sym alg - AES with 256-bit key(sym 9) Sym alg - AES with 192-bit key(sym 8) Sym alg - AES with 128-bit key(sym 7) Sym alg - CAST5(sym 3) Sym alg - Triple-DES(sym 2) Hashed Sub: preferred hash algorithms(sub 21)(2 bytes) Hash alg - SHA1(hash 2) Hash alg - RIPEMD160(hash 3) Hashed Sub: preferred compression algorithms(sub 22)(2 bytes) Comp alg - ZLIB (comp 2) Comp alg - ZIP (comp 1) Hashed Sub: features(sub 30)(1 bytes) Flag - Modification detection (packets 18 and 19) Hashed Sub: key server preferences(sub 23)(1 bytes) Flag - No-modify Hashed Sub: signature creation time(sub 2)(4 bytes) Time - Fri Oct 28 20:48:23 CEST 2005 Hashed Sub: primary User ID(sub 25)(1 bytes) Primary - Yes Sub: issuer key ID(sub 16)(8 bytes) and a more recent User ID has these: Old: Signature Packet(tag 2)(566 bytes) Ver 4 - new Sig type - Positive certification of a User ID and Public Key packet(0x13). Pub alg - RSA Encrypt or Sign(pub 1) Hash alg - SHA1(hash 2) Hashed Sub: signature creation time(sub 2)(4 bytes) Time - Fri Apr 25 01:23:36 CEST 2008 Hashed Sub: key flags(sub 27)(1 bytes) Flag - This key may be used to certify other keys Flag - This key may be used to sign data Hashed Sub: preferred symmetric algorithms(sub 11)(5 bytes) Sym alg - AES with 256-bit key(sym 9) Sym alg - AES with 192-bit key(sym 8) Sym alg - AES with 128-bit key(sym 7) Sym alg - CAST5(sym 3) Sym alg - Triple-DES(sym 2) Hashed Sub: preferred hash algorithms(sub 21)(3 bytes) Hash alg - SHA1(hash 2) Hash alg - SHA256(hash 8) Hash alg - RIPEMD160(hash 3) Hashed Sub: preferred compression algorithms(sub 22)(3 bytes) Comp alg - ZLIB (comp 2) Comp alg - BZip2(comp 3) Comp alg - ZIP (comp 1) Hashed Sub: features(sub 30)(1 bytes) Flag - Modification detection (packets 18 and 19) Hashed Sub: key server preferences(sub 23)(1 bytes) Flag - No-modify As far as I understand thise means: - The signatures on them are created with SHA1 - The differ in preferred algorihtms for hashes and compression Well... - It seems that I can easily change these preferences via gpg --edit-key,.. so I could simply remove e.g. SHA1 -But I'd also like to have the signatures themselves using e.g. SHA256 or SHA512,... but they're alread using SHA1 Can this be changed? Or can I simply add new self signatures? And if I do so the old ones would still be on the keyservers, right? And no way to delete them. So does this mean any harm to me? At some day SHA1 might be fully broken, and then an attacker could use simply these older self signatures instead of the newer ones, or not? Or should I better start with a fresh key without any old signatures? Another thing I've read about is, that gpg keys are using SHA1 hard coded in some places with no way to use another algortihm... which places are these so one could avoid them perhaps? Thanks for your insight, Philippe. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Thu Sep 10 01:53:10 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 9 Sep 2009 19:53:10 -0400 Subject: How do I use gpg to decrypt encrypted files???? In-Reply-To: References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> <59D37CC1-78AB-48B9-9E7F-C033E4B3A20E__2803.35139618746$1252531875$gmane$org@jabberwocky.com> Message-ID: <39AD678A-874B-4128-A747-BCCDE707A005@jabberwocky.com> On Sep 9, 2009, at 5:50 PM, BosseB wrote: > Funnily I only found GPG 1.4.9 on the GnuPG site even though Gpg4Win > came with some version 2.0.x, why is this? There are two versions of GPG. One, the 1.4.x line is a self- contained GPG that builds on many platforms. It only does OpenPGP. The other, 2.x line, is a more modular version that builds on fewer (but still all of the common) platforms. It uses libraries for its crypto and other things, and is somewhat harder to build. It does OpenPGP and x509 and has some other nice features that aren't in 1.4.x. Of course, when you download a prebuilt binary, you don't need to worry about building it. > I also seem to recall that back a few years there was a piece of > software that after installation offered a rightclick menu item in > Windows Explorer for encrypting/decrypting a file depending on the > file type clicked on. If it was an ASC file it offered decrypt and > otherwise encrypt. > But I have failed to find such software now. Maybe I am only dreaming > or possibly it was part of PGP7, which I used at one time? I wonder if you are thinking of Windows Privacy Tray? http://winpt.gnupt.de/int/ Or possibly GPGShell? http://www.jumaros.de/ David From rjh at sixdemonbag.org Thu Sep 10 03:05:37 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 09 Sep 2009 21:05:37 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> Message-ID: <1252544737.23872.14.camel@linux-gil5.site> > So waht I'd like to see is some step by step howto on securing older > keys (written by some expert probably ;-) ). Add these lines to your gpg.conf file: personal-digest-preferences SHA256 SHA224 SHA384 SHA512 RIPEMD160 personal-cipher-preferences AES128 3DES ... This will tell GnuPG that you'd much rather use a newer SHA than you would SHA-1; and if for some reason GnuPG has to use a 160-bit hash, to use RIPEMD160 instead of SHA-1. It will also tell GnuPG to use AES128 for message encryption. If for whatever reason your recipient can't read AES128, it should fall back to 3DES. Some people will tell you that 3DES is an old, antique and outdated cipher. This is true. Some will tell you it's slow. This is an understatement. 3DES is ugly, crude, and inelegant. It has all the aesthetics of the Soviet Socialist Realism school of art. It has also been turning brilliant cryptanalysts into burned-out alcoholic wrecks for three decades straight, and that reputation is solid gold. Some people will undoubtedly advocate much more complex schemes. I suggest avoiding them. Simple and effective solutions are usually much, much better than complex and effective solutions. From dshaw at jabberwocky.com Thu Sep 10 03:45:45 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 9 Sep 2009 21:45:45 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> Message-ID: <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> On Sep 9, 2009, at 6:43 PM, Philippe Cerfon wrote: > Hi. > > Now something more realistic and pracitcal. > > I'm using gpg for anonymous but secured communication together with > some of my friends for some years now.... > Recently I've read on severa attacks on SHA1 and AES256 that could > also affect gpg and its keys. > > So waht I'd like to see is some step by step howto on securing older > keys (written by some expert probably ;-) ). [..] > As far as I understand thise means: > - The signatures on them are created with SHA1 > - The differ in preferred algorihtms for hashes and compression > > Well... > - It seems that I can easily change these preferences via gpg --edit- > key,.. so I could simply remove e.g. SHA1 Yes, but it won't actually go away completely. SHA1 is special in OpenPGP. Unlike the other hashes, SHA1 is required to be supported. Removing SHA1 from an OpenPGP preference list doesn't actually remove it, but instead effectively puts it at the end of the list (so it is the lowest ranked choice). > -But I'd also like to have the signatures themselves using e.g. > SHA256 or SHA512,... but they're alread using SHA1 > Can this be changed? > Or can I simply add new self signatures? Yes > And if I do so the old ones would still be on the keyservers, right? > And no way to delete them. Yes > So does this mean any harm to me? At some day SHA1 might be fully > broken, and then an attacker could use simply these older self > signatures instead of the newer ones, or not? Well, yes and no. Old signatures are certainly available to both friend and foe, but the real question is: use them for what? What attack are you concerned about here? > Or should I better start with a fresh key without any old signatures? No need. If you had a DSA key, I might suggest changing keys, but you have an RSA key, and are thus free to use whatever hash you please. To change the hash you sign with, stick this in your gpg.conf file: personal-digest-preferences sha256 Feel free to list whatever hashes you like here. GPG will rank them in that order. > Another thing I've read about is, that gpg keys are using SHA1 hard > coded in some places with no way to use another algortihm... which > places are these so one could avoid them perhaps? You pretty much can't. The key ID itself is derived from SHA1. There was a very long discussion of the SHA1 issue a few months back on this list. See, for example, http://lists.gnupg.org/pipermail/gnupg-users/2009-May/036338.html and http://lists.gnupg.org/pipermail/gnupg-devel/2009-May/024999.html In short, I wouldn't worry all that much about it. With regards to AES256, I doubly wouldn't worry about it. See http://lists.gnupg.org/pipermail/gnupg-users/2009-August/037107.html This sort of question tends to cause long threads where everyone throws in their own cipher preferences. Instead of giving my preferences, allow me to point at the wonderful defaults in GPG. They're the default algorithms for a reason. David From bo.berglund at telia.com Thu Sep 10 06:48:29 2009 From: bo.berglund at telia.com (BosseB) Date: Thu, 10 Sep 2009 06:48:29 +0200 Subject: How do I use gpg to decrypt encrypted files???? References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> Message-ID: On Thu, 10 Sep 2009 00:08:30 +0200, "Laurent Jumet" wrote: > >Hello BosseB ! > >BosseB wrote: > >> I have a number of encrypted files, which I need to decrypt. I have >> installed GPG 1.4.9 on my Windows XP-Pro SP3 PC. I have the necessary >> keyrings and they work with Thunderbird and Enigmail. >> But as I said I need to decrypt files that are on my hard disk, not in >> an email.... >> I tried this command in a command window: >> gpg -d >> I got a prompt for my passphrase and as soon as I entered this the >> window filled with large amounts of strange characters and the PC >> speaker started to beep and never would stop. >> I finally had to use ProcessExplorer and kill the cmd process to get >> silence. :-( > > If you don't specify the final file, GPG writes it to stdout (the screen); and if the file contains non ASCII carachters, you'll get full of garbage. > You should use instead: >gpg --yes --output finalfile encrypted.asc > (The "-D" is not mandatory as GPG assumes you want to decrypt). > > But there is an easier way: install GPGShell and you only need to rightclick on the file and call the appropriate decrypting menu: >http://www.jumaros.de/rsoft/index.html I found GPGShell and tried it but it did not offer a context menu in Windows Explorer just a rather strange regular program window which is not intuitive to use for a Windows user at least. It starts up with a list of the keyring, which is of little use, and no file browser. Not what I was looking for... But I finally found it, it is called GPGee and it gives me a Windows Explorer pop-up menu entry for Verify/Decrypt if I click on an ASC file and Sign/Encrypt alternatives if I click another file type. Just what I remembered! The problem here is that the top Google result for gpgee is softpedia and their download link is broken. But I got it from here: http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/gpgee/ -- Bo Berglund Developer in Sweden From bo.berglund at telia.com Thu Sep 10 06:52:01 2009 From: bo.berglund at telia.com (BosseB) Date: Thu, 10 Sep 2009 06:52:01 +0200 Subject: How do I use gpg to decrypt encrypted files???? References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> <59D37CC1-78AB-48B9-9E7F-C033E4B3A20E__2803.35139618746$1252531875$gmane$org@jabberwocky.com> <39AD678A-874B-4128-A747-BCCDE707A005__48820.2000190087$1252540473$gmane$org@jabberwocky.com> Message-ID: <491ha5l6dfn0tj38bfu3vfn3hicpadljbb@4ax.com> On Wed, 9 Sep 2009 19:53:10 -0400, David Shaw wrote: >On Sep 9, 2009, at 5:50 PM, BosseB wrote: > >> Funnily I only found GPG 1.4.9 on the GnuPG site even though Gpg4Win >> came with some version 2.0.x, why is this? > >There are two versions of GPG. One, the 1.4.x line is a self- >contained GPG that builds on many platforms. It only does OpenPGP. >The other, 2.x line, is a more modular version that builds on fewer >(but still all of the common) platforms. It uses libraries for its >crypto and other things, and is somewhat harder to build. It does >OpenPGP and x509 and has some other nice features that aren't in 1.4.x. > >Of course, when you download a prebuilt binary, you don't need to >worry about building it. > But it seems like my Outlook 2003 and GPG 2.0.x does not like each other. I will try to install an older gpg4win version using the GPG 1.x version then. I have an old setup for gpg4win 1.0.8 saved among my downloads. It is from beginning of 2007.... >> I also seem to recall that back a few years there was a piece of >> software that after installation offered a rightclick menu item in >> Windows Explorer for encrypting/decrypting a file depending on the >> file type clicked on. If it was an ASC file it offered decrypt and >> otherwise encrypt. >> But I have failed to find such software now. Maybe I am only dreaming >> or possibly it was part of PGP7, which I used at one time? > >I wonder if you are thinking of Windows Privacy Tray? http://winpt.gnupt.de/int/ >Or possibly GPGShell? http://www.jumaros.de/ > Found what I was looking for. It is called GPGee and I downloaded from here: http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/gpgee/ -- Bo Berglund Developer in Sweden From faramir.cl at gmail.com Thu Sep 10 07:08:18 2009 From: faramir.cl at gmail.com (Faramir) Date: Thu, 10 Sep 2009 01:08:18 -0400 Subject: How do I use gpg to decrypt encrypted files???? In-Reply-To: References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> Message-ID: <4AA889C2.5030107@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 BosseB escribi?: ... >> But there is an easier way: install GPGShell and you only need to rightclick on the file and call the appropriate decrypting menu: >> http://www.jumaros.de/rsoft/index.html > > I found GPGShell and tried it but it did not offer a context menu in > Windows Explorer just a rather strange regular program window which is > not intuitive to use for a Windows user at least. It starts up with a > list of the keyring, which is of little use, and no file browser. > Not what I was looking for... It has a context menu in Windows Explorer, I use it all the times... The list of keys you talk about, is GPGKeys component, the keymanager. There is also a tray tool named GPGTray, and a utility named GPGTools. But what I use the most to work with files, is the contextual menu. > But I finally found it, it is called GPGee and it gives me a Windows > Explorer pop-up menu entry for Verify/Decrypt if I click on an ASC > file and Sign/Encrypt alternatives if I click another file type. GPGShell does that too. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKqInCAAoJEMV4f6PvczxAUicIAKW1Smpa6unRQgCPdcTyAn5r oNUPupOKYAGEQhOUrvSsu5Yvob39xo5r5LJUwbqOOohY5+rUI+nh6+mVVe9+XusL M670WEPn+NnS3faB5rjyN75alSUIC5R6GFY7xoOK5W4INaVJY/2XNUDu44rNekhs mIJTLvzlFwlndxl1sghBOODROS9DFyZ0vhQ3wAwiA+u9WhOAlnUj574qhuTMpqWn wNJSzmaZ1U9AQmuZZLA9wGDku+iIrpMyP9VYM7xTaY5JGUe9ttnuWBi75q38CjgE 6bGy6G0JSylSkHG6cs6/wrp4RuXId9Y24qqqRd4H+bq4cAdFeWVgvLzzvKPcfhM= =oHmH -----END PGP SIGNATURE----- From bo.berglund at telia.com Thu Sep 10 07:22:13 2009 From: bo.berglund at telia.com (BosseB) Date: Thu, 10 Sep 2009 07:22:13 +0200 Subject: How do I use gpg to decrypt encrypted files???? (1/1) References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> <4AA889C2.5030107__19352.2947760814$1252559359$gmane$org@gmail.com> Message-ID: <583ha55lpnb4t0ecig1qpfcvknb8rrk9mi@4ax.com> begin 644 GPGeeDecrypt.png MB5!.1PT*&@H````-24A$4@```2$```&?"`(```"?O_-)````*W1%6'1#U"]S:AG+E+N\H:F8X''+Y#,FY M[R?*>8]+!F!15Z]>;7L1 M7&X MK#0^YQ51TV`P<'SQDW\V>9P^R(^?#M3FH$V5/,ZF-4WM;&Y+*AEL' M*B-+R5/)D/P(GL at 8ZLA_]-W/FK%19?G41C`GK\>:$'=LM*=J!$RE&QS/DQ]>QV,?^=B=B[PQ],7B?T\7ST.ZG[E at EM)/?Y:!>NB+=RSV1VO:+V-5=R,.9YS@/[5IH!SST][8#* M'%(T5782TCVR)^O!E18S_^;._^ANMJ^HG?/(AH0_9XB^\#^(LHY<>IRFMZQ<7/V`)= MTZV,T4PA/E+?06L'5-:.#$72W<*VUPS0#,'K//+'4;)8TQUHVS-[0[OGTO8_F#6IO M#RU_%"1Z1+0S)S1SA.%S,50I1TO85!]-]U6_-?IH:K^FW%/=>-]]]VG?`F?O MD&N"48]V4%WIHM[]V$<3J"I?M,-]N.4_MTJ3%.EN'TT@&/IH`B[F8;SUP-Z= MHMCZ:#[UU%-%9U?_=^N_%G]Y1*FHCV:]'IFFV/IH%AV;RIWSX.K>OFOPF\^B MX5'UT6SJ[T2>3[>4[$M&\H:(7=>.-:M2=W0 at 5D'/*VJ-F[;#3>00)<&,F=>M M6;L\*]*%J`EFC.0`BN_'`&ED#)`5XGA,[5UK;_WR7BN8`T1&*F/6P!3U(R)= MB!C[BH`L,@;((F.`+#(&R")C@"PR!L at B8X"L:#-&-6]TA&S&M+*-HB^DO'-E M=K%Q+SQQQ2)DKZ5JL&J7FW0W4SIKHS:I=DS[4&87)5H;!VN58FL#HMT(1ADM MF'4^G at ML?:PM/U!5"_45S9L&."JD5VU`K+>A<)2>S8],?1%(Z$0-TZI-Q.)A ML-[6@(!!0B:+8S9;KZ[HN(OV#;7)UO.P5FYL MI(ZL^Q5KS,<:78G*D]AO6KB/9FG56/?M,ZW/.AZXYZ]L]6 at 7J5`+:**]S@/H MB-`9HW'`?D,[!L at B8X`L,@;((F.`+#(&R(HV8V$NDU_\5?SGX.CG%N"=HC;Z M:-;OH]F1"ZSH=]-Q]-'TFFU'XH0^HH^F/F?EUT?3O&6AXW5K#"E:"=;EI"GK M,OIH7AMYD6YI^_5F^V@*)8I&K%_HHWEMJ2KUT2SZH)MOQ\RM>\@B"X\. MHH]F`WTTW?.O-\2Q/"2J7Z*]SB.`CIPQ)W(=1Q_-_KV=TF83G4([!L at B8X`L M,@;((F.`+#(&R")C@"RI[Z#-ZQC=`%*LW&-EK at JU=I]A1Z0*V0C#A^F at Z M>BXB,-9\2(+[BHX4$;`6L>8#:ZW60/YXP-&#$\UBK88GVP_:_REKWTH@`ESG M`??;SM186L$R?,C'[NS[>6$H&1#M[T(L1F/'_[& M7_UM\N#`@0.=N/\86I?\,6U[$>*AG;P at 8]B5[+"TO0AQ\LK8D8?.M;V<$+3^ M]=U&C(."Q9E_JCCG`8325LRJT8VG`/O?1:XU8\OB%7^W&S-J: MY>.7C*#]6C1:V^LD9D5;*N]T\N$>7_LUR=BI4Z>*1M9*CY6V==F-[3U;Q:*: M%,T2+3!3;5_QEGG`DE"MCY-U/PM8&C,KZ^;,AF3/^FQU-*A\A8]G_U];6TO^ ML[X^&Y!]T$^?/KT[RE[C5E6-J?I^(^P*&9NE:_YS?=Z.90%+ at F?R3$YI`YC/ MI#8$M95NG21 at Z^OK:%QPHGT=J?HN:H:#1S!#3"$;!YB[6F9CN* MZSXQ,[GO(F(^5?4 at 37F<$9[C.E.8R*)V?SG[GT_LC$=383G^7?/1L8ZCL]+ MM'N#NVKMF!:)]$^;%K-L$]:.67Y(.C=S".KQ#]BQ8\?RK9G:.T(KG39_4J'> MQUK+ at SDW\R6JOFC1Y"V?\TB9WVMIK5G1R*IL1['J$,A)`J;VDJ9F!V9KUYX; M*V5\6^8^GZ$U>JK*#4;\AYNOXIB_>_)F+73=?780Y8 at 9^BA-5QJPQ*E3N<_? MJ7JSW+\:Z-N2[LAE,4,$:IQ+7$2#I_5;F;];,_W'T@;M!0(6A1Z=LNL%^K8` MLKS:,4Z7QXUZ'J)HQP!99`R019U at J,\<_^/L,1MZ$=92O]0)QG7'8VSHQK&O M", at B8X`L,@;((F.`+#(&R")C@"PRA at I.GSX][Q\]&`Q.M[TLO=&;C)66E86T MM+CBL6-K\TOSQXO/<)]L4\&,#7(6GY560\)G$NWQ?MB_Q9Y:/ MM?ZJ;"L]7]+$48;6_>JE%61+%](Z)#[YMY85J%*SH@/CTZ>3N*UEI>!**U(Y M-JY9*E@;K:A6J:-:<`=)9:5[ZS8J+LM+ES+V3,3OD;7V;Y65_%/*-<'XYS1$BEK['K!'KU);* M%JF#GR)-;\[=UU![UZZTY*VUPJ;C<7^E]_AS-%^._93`R]GV(A02/*^8/;96 MW&0W8C\>W?K>YY59U5I!,=;Z"/_'8%*Z\W<$/DBV^F#HO"T6RFQGJ#G[M$[ M at 3_$O6B7JB)CL,CN21M83-'*D#'HHOR at MRCF\XI`%]".X9IWKKS9]B)$B(QA MAK**___/UMOQ'4-QX_W/8B MQ*Q"QJ9;TY6EE>WM[8.K2UO;6TM#M;DY65T^='DRN?CZQ<.'#OO/JL$K.+MV M,6C7EL?'-[_U[?1!LJ^X_H\;_WS^)]F07IA.IVTO at DNU?<4D8*^_?G$X',W> MF)HD/R\G/Z:C0ZN'+UZ\.+UT87EENGIT=ALR\PM[ MI0(]4N&\XG`X7%I:F at 5LFOSEF"1MVE"-5E=6D_W&IY]^WI]U:6K]VU MN?1ZS::N).PR1Y^#MA<- at 50^Y[&ZNIH^6%I2APZO#I-6^O"*4@V"=Q'%Q0%'_,6U\=P?0_-S<'BA=7EU:65I=F1YF:RXYCL*IY;77I%3;>> M/O?09S]_(AM]\?VZ1KH>USCD6WP<:R<7[2KR**_- at ZG*=1X'U6 at T2@*6V-K< M2L*UO)KL,9Y3P^>'H]%+KQPY=.C(TM*H[7>TJ-+#2)_>I6:W3O=C1*SR\=C2 MTM)D,DG:L>%P=/GR^9'ZZY65Z2NOK!SY[".CT;"IQ'K_Q`_T3NO9Z=._G^4B0^H-1WRJ'(_-V[%+F[O_^]I7OZJFAP\? M?40-5X;#I'U;2K^;!I!7N1U;F2:)&B:-U=,O_WN)L<6, M!@<+JI"Q],+?Y>5K7S(O+X^T4`T;.^L!1((^FH`L,@;((F.`+#(&R(H\8WPU MC-;)9JSQVVJXB\MSOTQTD&#-G/"WA^*[+'10H'O5[N3NN)*;G-8>J_*IEZ7YA%=(+NOZ--34WGWK2P= MP;,'9\1WOD0'17Z=!]"ZT!FCKNVUUY*8/?KHH^K[G[SYYIMG(WWP[]J&+.W[[*XMY5]Y2BLP;%9'U6KI M[,^JIOOS7;?(*V.?'OSP@>]<>>.-_WC^#Q[][=^[0_V?^M.-C>=N.?:S6XZI MMXZ=O^DGSSUW3)UYZX/O7U%_\R_J*[^U\V>[1;";JC/E,QH?'7^LJY"\,O8C M][4G><^>D3A__M at 3-WOO7DFW?^H=[^]7R4+]]TTX_??__]HCE8B]KG!UKWWQQW M?C&?,NLT. at KB@Q42C'?_L;-G!X,D5Z\J]7/UWJWJ-UY5[_W^W_WNW;,A&__I M#EB1&O5]K;50S1FZ0T7J]O-[#\_WO.*G!D\.W_;.(VKC=G7AU:/_ M^E02L&1 at C8!5E;54^<8JT]+:ZR565V`5SMU?N/NVY.?R\F^^_?;;1]2MN6=N M"[:XUL^'XWQT49.EE>/?/PA8>%6_'[O]^/'CNP_O_HOSYX][3I8U08Y/?';: MPSJF-M`<;9##)PG=X7L\]M.=!^;_U<\9[NQL%$WBJ&*OJM2XU^[ZYSG#TCF3 M0X11\YX219$#H.&:8$`6&0-DD3%`%AD#9)$Q0!89`V11[QZ[*+&NU6$N;K`G+:WU?T+/WKSZR#;\TG M`4,8[6:CU`LM;'UF925$/; M9Y[61I*\09K at OJ+CG)[YP.=7]S@^=8(5H4)PD>\K`JTC8X`L,@;((F.`+#(& MR")C@*SZY^[]+Q<$]K.:&4L"MCZWMK:6_N3Z"<"J6L;RUU(DN5[0.G`TUV['\SJ'G&4("%@!K M.+`*&=-.^FG?CS78CA6]HCD05;'VPJMY7M':']E=:,U\[!ZB3<6'`SU5_UJJ M?&TV`@`4:>#[,26_(T>&T5_U]Q7;7G*@'^C;`L at B8X`L,@;((F.`+-]S'F>? M?;SM186L$R*_:9HLB4EZ_$51,"4\J8XUORWQ)TP#K)6*LP\`$VS&3UEW: MVM!5VD6DD$X]Q"PDJ8SEB^J835"^)EQ^B#:.^R5*2PO#@346C&`[9@:`TQC= M0<""";JOR';M"#9$2.VBF[E[G`<2!C`&RR!@@BXP!LL at 8((N,`;+(&""+.L'8 M19E:(=0)!F2QKPC((F.`+#(&R")C@"PR!L at B8X`L,@;((F.`+-F:.:6E at JE` MANC)UN(F/X#4OJ(U8/EF+7L\F&M[/0!2 at M97M**M0]PXYP'((F.`+*F,5:I& M"D1,]IX2VKE[,WC9$([*$"O9`R01<8`660,D$7&`%ED#)!% MQ@!99`R01<8`62WWT02B1Q]-0)94QHH"EK5LZ;-F0Y>?D)0B`D'[:%KS0Z(0 MM\Z=\\BNQ"=RB$/G, at 9$IHM]---I:<00A];Z:.8/P[0A0$RZV$>31 at PQX7@, MD-5RQJSM%8T88D([!L at B8X`L,@;((F.`+#(&R/+]?NSLLX^WO:B0=>+D at VTO M0IQ\,\8&`.IA7Q&01<8`660,D$7&`%ED#)!%Q@!99`R0%6?&N!4UNJ/3=8+] M.T0'>Z&J(P,QU`GF0X\ND]I7M'[NL\*)V:^I_`C6(47/NA?`/7/KPIAC:G,P M1P;<@M8)5KGL>=8,ME81U@)L+7>EC6R=/#^P4KEBFDWX"YVQ_*?3;`K,;G[A=Q+);?V$(V@=8+=OY8.<>3'9RK_A:FQG$"1.*_S`+J#C`&R MR!@@BXP!LL at 8((N,`;+(&""KY8QQQ0:B)_4==,A.DT"7R5Y+E3X@,-C/0EQW MG^^^57K-H7;IO7LJH/N"]FTIZF?IV5]3T22BAUKH!UUIN,^S0)>UV0_:9[C/ MLT"7A3AW[ZB?8QW9/:M0:P9HAFSMM_1!O@>7]>R%H[^FNWF<"W<>U5(`L,@;((F.`+#(&R")C@"PR!L at B8X`L,@;(ZF@?32`:]-$$ M9+76MT7K?*F,WIG*UD%3NYD#US&B^]KOH^D_1+O_)7TWT0M!K[M7?IU3Y&Y< M!H0G?CQFWKS+/57IW30KS0UHG?BY^Z(;:C;;!-&@H;."UJ7RZ6WI?Y-;^FZB M%P+UT?2YF67I.(X'0&=QG0<@BXP!LL at 8((N,`;+(&""+C`&RR!@@R_?[L;// M/M[VHD+6B9,/MKT(C"X(6B>XZB?>/-!RS\$$![H at 4)U at Y:P07&^2TK+! M1`M=T(]]1:"_NI(QVAS$JBL9`V)%Q@!97N<\WKGR9MO+"?152<8HJP at LR)6Q M\?CAMAAT($#!SCG`U%*#08#/X?2/[Q 1H50.V7(`````245.1*Y"8(*A ` end begin 644 GPGeeEncrypt.png MB5!.1PT*&@H````-24A$4@```3D```%C"`(```#)ENLW````*W1%6'1#ZL``` M``=T24U%!]D)"@43+U>]VW(````)<$A9(G1$1#>RQFRPSGDYL"WD^[IN9[:JNKJE^FWZO[]="P] M-=4UU3W]GZ?>GJ,,`-GH&E,3FE`]FV*?C<:YZDL&<)(=>A)M78`:TEG^N_]\ M[OB94)]KW[RVZBI!!?3[]SWXT*-5UP)L^&U at N/PY&[W%^\&9-ZJN&`!LPY^S"5]XH at W;P%=>O:?JND$9\+OL"CMF+P(`2@"M M`KA!*[3:&5-U+0!FPA];DM?-GQV\.V.)LBI&HU&9%Q-\M/>AX4':$XTO+1=8 M_C5":\G9KH9/>?`$EVS-PL\M\[.PV%`.W=F+"%',46#?/$)#%Z)8,#DQUFKI MQC/*G!I?BJSVUFALY6O,\4X"Z)3:7U5LD<4(YV*U%#,;6V;G(O(I0NKN(DBH MD#SM:C:RJ3$\*\-DII8:8R M1\FG5>3^L'Q7;UM^PI445%Y4E[')5H-->4N&.O3J=3=#:#PYSZ_*CW+1CW5!A9=6?X!4Y&E7 ME8<[_.TW&BLEQ6+0]-7SBD4UEI.PPL9CI?[&"S36P7*!25*B;H*QGIC6ME'V MNJ4P3(1NOC(;-..J7;V0*#4J]4F.O(8D]G*,.L_Q)D#CJ3C8PJN#;U0P!_J*0G_NH-J4!H/Y, MVL`(%:#F-,HG#J#!H%4`-T"K`&Z0__ZK(78W%Q;-E0;WN1GDJ56[WXG^+@]0 M:2#7!E!(&]C^9"@K;V/#ID`N<'M=I^S^:M3:]P">IT+A]CI-_OZK1M=-&F!U M@&_!:8KU-;=X8$/)<.==)^?6>JNL&!>)]T557`6+H]^][\*%'PY>5[;\*E>/]*%==!8A$ M'RU"JZW&:T!5705(2J16]]U[K.JZ08&L?7-B5.GLU!#C;RAC2P!N,-W7W++` M\,2W;A9^3]?_%X#5;0.$RZH5TWW-HSS./:'NN]<_^/)5(CC8=560B%R;C/<\ M]"_^-A.RHP[$C"T%0O54&AI5[_BY7XBE?J1<`R, M5CV)KJRLZ&_)+EF9MU"P-.CL>SCD at G,_0/'CP+O&0O7$N=;WOCU?J(%S7#)I;WAH5`.A>L=**-G9]UF70[H;3W=+2"40HU5?I>._:V.[&@K5 M$[!.P@RD$*![1,VK/6)34]NWG>N_Z>71PA(HVQ19PK at K]C,L M),JZZB7H\DL5@%JOB2LJ#>B&ON91]?9,Z-E?;+.H2[ZA\[[XR$(5>QAE'J.R MZ1D@%VR_=WW_OZ6EI8NOE\*!)>$_&V+%?[5-:<%!YEY?$6U at 6=51>G:7^/[J MDF=%QW)=N_C24ZPGU+%@G+R_[! M\LCONRZ+Y=PKUC!%%4?,6 at CO"PZZK%^^:O*WWP^%.I&KG#F))8S-AH'-G82_ M>H%EHKK-42B9E0YS_4FT=E^?%U6L M:U1F$=<`3IL"11,*->R[*D(5R;90T&5 at .4M_:<]LW+$A=IPIM@(U)[6?3=C) MM, at 5'"64Z-*8\?!2/U4)+$LLCHQK]X-^;"A7:`"R+95>]E,5$FY[7?75B%BC MZAS9_5<#`_L<0FT$2BLWY,"!`Z*`L5_(`#YQ`&X0:5>9)FDVQ%MR#NPJ@!OX M_JO!,L.&31Q#*F1O59G`+:[JVH&/;5]SXNXWF%L/?E%^Z6E2'@26T_VEA46N M6(*$^'8UZCWB[C>8Y/U53ZBZ7'/Q-8=4^'LZ'")0I3Z7R")7` M)#9:<-.]@P\WWZFZ2E`CPH:QO*9?IP1?QKW at G=S5%@^;!'!DP)%^X+J?7K"=7_7U^L M^(85*H.U$#`E:/2NC0E2`J$&P0R9N:D6["I,,5I43ZCC%O%:F"T77W-(2ZWM M:F=,U;5H(Z$R`Z$J[RH3-F*[\[M9U?7U-%ZJ=\-M'F;F39QNXAM]0W>I3?\(&L'%Y<"S<\.(HO+^JQ[\ROA2F MKUF)]:R4 M*('I^3-$9-?#Y\7&=P8X=R%3Z26)^+95$KE`5P=-XYYUWECIG M8UR#5CERN]>X$EW/`%`.LF1VA$G-F"#)W&2-;05$&=ZHXV;0F`?#4>2G;AH7 M(DB=93VP_F0K/=C,<^5I(ZPG+$JIMK'.H at 4#2U'4FDO,VU1J3(T>[K?N+5YA9N.1SG?"=. at 8&/&!8.K8(TAF+%O;5X' M`40-9#9#G_KEH%7PB=TKV4XYFXXG$:%Q1V9WI2M7'JW"F+[8OE>R&&^U&TD] M-QUW6I:6BQ+!G(T\L`1M1O$OMU.'3JV4YY MM(%A&[)US;9\/PG%=2-=[Z!:B-'JXW__^+Z]^[R#X4#T>F)S'"_,+<[VYQ<7% MWMS<_,*\E[BX^Z;+>O,G7SN9ZI-R;)S4K9U3M_ID1MXK640WB4?;$=&;CD<% M$#;Z7>@-VH2SZ'I*8_0I$]\&/G?NW&NOG>SUYKQCSZAZ?T][?X9S-RWN/7GR MY/#4B=T+P\7]_C:L2:;(,PPJI#I%^3&.G5*'$./`4MUZL*D>GH9]RS%:[?5Z M\_/SOE"'OE`7%A8V-\\M+BQN;)QZ\LG'%^:'O>&S"[MW"S'9,CE)^R1M%9V[ MW2[^0(QWJ>]'JK*?\X;)R5>AQ9Z;2TXG2#2VY#6`@X/Y>7'3WL7>4(B]"T)< M=NJU%^9[FX-!;W?TN?KBVRBW%;V/H5A4B^NY3-3DGI+?[L at NEV8OH1G$/-8$ M,*P!<5J]S/\S&`Z\+JOW=[`AQ,;)X4#,]38&&\_N7CCEO?G"]^;OVCO);O$U MGWT1J;%#DG8MB]W'W?*N9:Z_2:*%VA*GU7/^GQ,G3RSN7O0'EH;#X8;7(.[U MQ+'%^9?$&2VV MD(3'`*F8:M7B4CP_/S\8##R[VNO-G1Z\MBG^:GYA^-)+\_N^='_8E9T=V1CF M95K3GD5K5@%?\_HP\34/A:'ZFI\3GDK#5X/3 at XU3+RSN[[WT/?$'?WQTX!E4 MK^\JF55E5"9*,,:9;CL93M'/%::I=N.LO<4!72^SJ;CN:]ZPBL6/+?EM8,]X MSHFYX=RI4R?%W/RQXS=]X=`WAEZ_=7#*,[J#BW*-6K]B?!F;6<]I/-EY[>#`<^JWBX7"0Z*/`*6KN:UZM=:WDHQ/9U87A0L\3Y9QX\H5_ M.GUZ<.[O\6+K5_GQY84*G\0RZ4\39ZQ51,2B7OG#+USRA;X!Q=4U4NGVF M7;^$DFW[=!R8N826DVKI;X;))UG5G8L[@\TXU"\/#>92K'WL!1XT'"J?LDEU.F[;5I]=#A M>TJK!Y2,OAE*\WS-2Z;J=4O0#IKA:UZMAHO^=+0*/C'/&;[F-8`Y&P`W:-K^ MJP!-A75+`&Y`&QC`#:;[FAO7[D,;8"*]5D3-E4['@0=R>J?SIO>OZJL`:#Z)M.I)]/GGGS]\[-B>/?_XU%-/>:(- MTCV5CD8W>O\ZG_]^U1<"D3"\WPPFON8BNK]ZZ-"AVV^_?>OW_]P[ON%KXG,_ MO_/55U_UY/K``P^([W[NTDLO]3-]_!]I8_`D]_&/+4?^T*C@`+H/<:MHYU4W MC$E_-?PBP_[JYSO?O_O;9UY__:?/_MX#G_G=&\7_BC]<7W]FUX&?[3H at WCQP M?.>/GGGF@'CXS8^_>T;\];^*K_WFZ(_R]#-(+E0>P81PKUPG'1 M/]]J+,3H,91D?YJH>#;9XM;7><%WF7`3G"92JZ/1NM?Z??;]U\5W7G[XO??$ M-=?<]=N^1%_^Y5^*M[?&6;ZZ<^,:>PAK<)`^%'!:?B MN=3AACB-;6SIZ-&CXN6_$.M"_.`M\3?"$ZWW]V\_=8O_WOI_V84:1=K'1=]F M3ED+J03=L7QNRX=8, at MU965E?7U]?.]7LI4`N6#3ZN]T'MLW/OCVG0>O^^!^ ML7Z]./'R_G];]83J)680:EI"$RZ"F:3T))E?O?[@P8.3PUO^Y/CQ at PE.\0E-HD4Y2 MJ&>3'Q;ZOM-A\S7\RNGO\?W6,=S1:CSK% M[N]O>6E\*S8&3Y*=8RR?`C+RS1EW4"=1EY:7^RLK_7Y_*78?JJA!>[%]'%%8 MHYP99\@MH>[;0XJX$%'2A482AED:2Z.?:G&+'K0^*II^U%Y2485;I at D:#[[F M,$5^`$(K&FP55VW%C#VC:JM4/OB:PS8"#81&M8:/1&OG`O`U!Y5 at -T>+.:W) MB'H=ZE`F.XX<.1)>>=LN'A1D<2XO+]MS*G,V]F'_).5$I43E;Z]=;6&C`G2B M1N"-.96VJ/[24FS467K)^N!_.Y]5X at .#2LDR:.T<3%K8SZ:EZ/O9!"L?R@>) M)L3F:TX8G@:C!-9",/5GTE]M;1\`P!7HK[:=#\Z\4745(!%HM;TP'N$6:+6E M]/OW55T%2(H3& M4$=?\U@'1?N:#3D44*CJA*%)`6I+>7XVX6^!8A63_$PH>91SE MA".Z"+4$N,,-($:K2F`D97XU1[L:]8EZ(J2%N]<,4OB:&^,SV`-\ZL?V%.4L M'C*`D'2^YLHL*%H"*(UT:PR-+PM2+#\$`#(IM(IX`"H$GS@`-T"K`&Z`5@'< M`*T"N(%M;.GHTX]473THED.'[ZFZ"I`4FU;Y(@'J`VU@`#=`JP!N4,U>R0"0 MEAVKJZNXLP#4']K``&Z`5@'<`*T"N($_ME2?;BJ#6P!13.-"Y*+8J&@LLY>6 M5PU;"!&MFD&ZO:?LY/Y,A*&]>=1FA'O8`/+4JA%E0LAH>%,U?9EAR at 9R=9T\ MM2H'3]--HAR+5$Y1\M at _(C94/UC at CCE-SG95%Q+#1?4!H3I-X6U at GH^:P!?A M.N7-KV)@*P2A-H"``9R%FKZ!"@(*:^YF+F%:%&HX-0.D9>IK7J9)'(VI^MH!7(*Q)0`W0*L`;I"G5G&J`BB.Z;[FN2 at M*"1$ M25'R5'WM`"ZQ(_0U%SEY18TD["E57SN`2]!?!7`#M`K@!F at 5P`W0*H`;H%4` M-T"K`&Z`5@'<`*T"N$$%ON8`D`%\S0'G(M1!8 at BYW%@ M1:Z!GZKL91X@.8SC8TF]K%W4\>(**T#TJ;&:`(7(V[CWB@ M;>0YMF34CQ+47XFX;TF)>M=>`7OAQLKH.8W[`"2O!D`1Y-\&U at DUG#`&OS$J MO_)#8`R/J&0VGBXGI at K_CQF':BE#J_)3KILFN[&RO)MMHPTD!XY2AE9E%*DH MIB\V/T!KJ2SN?MJ^'WU%:#F%Q]V/>C?LFBHB#%.B8O8'))FPL9QN_R![K?*] M8P`)R;\-K.O3\C(VQ:+#)&@*4">N!`=Q at FT\<`-26R7I at Y`I0<["K M`&XPL:L,G`#4G,G8$J85H.9,VL#858":LRT^<#E at PP$RD.=:B#*=OP':1OYK M#(,#A`>0+T7YVA57&_M9`.VD<)^X*'_QA'[G`A,-,*:DN!"ITI.\ M"]`VRHX+D20]R;L`;:,H/QM+G#1C9GM15=P9@'J1?\S1X$#V(#6.$EG\SNU> MY@#M)$^M)FSK6K9F3N)E#M!.\#4'<(/)>F#ZA``U9^H3AUP!Z at QM8``W0*L` M;H!6`=Q at .K;$'`E`G2'>$H`;U,C7'``LX&L.X`:E^L0I3N1"\S(7)D=S9=,G MU at E#.ZG&USQYBK(?.3[HT%H*][,1R9S:BMNX%:`9%-)?U3)M*YO_\_.JJP"1[+ST4]W++Y_S_H5)9P?O5ETKJ(;Y MW_A,U54`&]V?OOWQ>^]?"%_OOR%[647'W2?@:*&\^.-S2DKY=_C"5 at 6.F=U+ MRO[$##?VFD]WNY?WNO-7Y%;9TK2$4'-G_HJ=2LIHJW2MCMJAU?0W]O+>CJXO MJ\+JI`3 at SA:`7R_!4J8@,']6.D)]$$8[RKZ!EY3^ZS"^\+(':;+?.="_K?*B^\^(], MS M at VHGV\OZI:W@^4]_8[=&Q?=70XPA\Y44>UA]?7]'/3\#2YG1'X-.23,HYD\I MK<,Z*KV_FN'&>H]S at 7'WA37B?K938L/P(U%H*MU/ML3Y\OO64#\,CT$IS\6/ MW]J:_CTU_3LLS=JY,+;TB6=7M[;$A?*&Q[>!#:P5^F,PZI3T!?W69R_YU861 M]_?\K\2>Z[KAWW+HEMY?S7!CM[8ZG<^[6=EY\??GAI[]?+ MO@*H`N^[WM at X?>;,^]?6W*C/ <4AA889C2.5030107__19352.2947760814$1252559359$gmane$org@gmail.com> Message-ID: <4q2ha5l2gg5e5d8itkdhdol5kghippsga6@4ax.com> On Thu, 10 Sep 2009 01:08:18 -0400, Faramir wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >BosseB escribi?: >... >>> But there is an easier way: install GPGShell and you only need to rightclick on the file and call the appropriate decrypting menu: >>> http://www.jumaros.de/rsoft/index.html >> >> I found GPGShell and tried it but it did not offer a context menu in >> Windows Explorer just a rather strange regular program window which is >> not intuitive to use for a Windows user at least. It starts up with a >> list of the keyring, which is of little use, and no file browser. >> Not what I was looking for... > > It has a context menu in Windows Explorer, I use it all the times... > The list of keys you talk about, is GPGKeys component, the keymanager. >There is also a tray tool named GPGTray, and a utility named GPGTools. >But what I use the most to work with files, is the contextual menu. > > >> But I finally found it, it is called GPGee and it gives me a Windows >> Explorer pop-up menu entry for Verify/Decrypt if I click on an ASC >> file and Sign/Encrypt alternatives if I click another file type. > > GPGShell does that too. > So I have installed both GPGShell and GPGee and all I see in my Windows Explorer shell is GPGee. How can I make GPGShell appear? And how does it look like? I attach two screenshots showing my context menu when selecting an ASC file and a regular file. Can't see GPGShell.... -- Bo Berglund Developer in Sweden From laurent.jumet at skynet.be Thu Sep 10 08:49:57 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Thu, 10 Sep 2009 08:49:57 +0200 Subject: How do I use gpg to decrypt encrypted files???? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello BosseB ! BosseB wrote: > I found GPGShell and tried it but it did not offer a context menu in > Windows Explorer just a rather strange regular program window which is > not intuitive to use for a Windows user at least. It starts up with a > list of the keyring, which is of little use, and no file browser. > Not what I was looking for... I guess GPGShell was not well installed, because it exactly offers what you are looking for. You don't need the GPGTools at first; use only the rightclick in the explorer, and you'll get all the GPG opions: Encrypt, Sign, ClearSign, Decrypt - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iHEEAREDADEFAkqoo4kqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMKY4An2Wveqsr3wgrmF/j6z03OoEab7ivAKCG Sr5+fRFp4sIA0FeKuRoUidjW5A== =wdEh -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Thu Sep 10 08:53:49 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Thu, 10 Sep 2009 08:53:49 +0200 Subject: How do I use gpg to decrypt encrypted files???? (0/1) In-Reply-To: <4q2ha5l2gg5e5d8itkdhdol5kghippsga6@4ax.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello BosseB ! BosseB wrote: > So I have installed both GPGShell and GPGee and all I see in my > Windows Explorer shell is GPGee. > How can I make GPGShell appear? > And how does it look like? First of all, uninstall both. After, reinstall GPGShell, enabling GPGTray and all context menus, but not GPGTools. Reboot. RightClick on GPGTray and review the Configs for GPG and GPGShell. Go to Explorer, and RightClick on a file: you see the actions. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iHEEAREDADEFAkqoo6IqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMXI0AoKXMUnBcRXJ7OC0dYMtVVCcFMblZAJ9b R+tlp7zny1jfkfMGLRARoFUHNA== =2Jzf -----END PGP SIGNATURE----- From mcse83 at hotmail.com Thu Sep 10 09:36:43 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Thu, 10 Sep 2009 08:36:43 +0100 Subject: OpenPGP 2.0 and Hushmail keys Message-ID: Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys? >From what I understand Hushmail is based on OpenPGP so it should work. The key I have from my Hushmail account is 2048bit in length but once I copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email anymore, any idea why? Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will anyone be able to export or copy the private key (if the OpenPGP card is NOT inserted in the reader)? Does GPG write a copy of the keys anywhere else besides on the card? I know it asks you when you generate the key pair if you want to store an off card copy for backup purposes but I selected no for this. What I don't understand is that when I generated a brand new test key pair on the OpenPGP card and then removed it from the reader I was still able to export the keys to a file from key management in Thunderbird, can someone explain this? I thought the private/secret key was ONLY on the card when generated this ways so that no one could get to it to brute force it etc? Thanks everyone! ;-) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5590 bytes Desc: S/MIME Cryptographic Signature URL: From philcerf at googlemail.com Thu Sep 10 13:42:26 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Thu, 10 Sep 2009 13:42:26 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <1252544737.23872.14.camel@linux-gil5.site> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <1252544737.23872.14.camel@linux-gil5.site> Message-ID: <6e7da8720909100442v18532f0ehb9d397304673ae9e@mail.gmail.com> Hi Robert. On Thu, Sep 10, 2009 at 3:05 AM, Robert J. Hansen wrote: > Add these lines to your gpg.conf file: > > personal-digest-preferences SHA256 SHA224 SHA384 SHA512 RIPEMD160 > personal-cipher-preferences AES128 3DES > [...] And you think this is enough? Not removing and recreating and older signatures that use SHA1? Thanks, Philippe. From philcerf at googlemail.com Thu Sep 10 14:02:53 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Thu, 10 Sep 2009 14:02:53 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> Message-ID: <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> On Thu, Sep 10, 2009 at 3:45 AM, David Shaw wrote: > Yes, but it won't actually go away completely. ?SHA1 is special in OpenPGP. > ?Unlike the other hashes, SHA1 is required to be supported. ?Removing SHA1 > from an OpenPGP preference list doesn't actually remove it, but instead > effectively puts it at the end of the list (so it is the lowest ranked > choice). Uhm,.. what a pity. What would happen if SHA1 gets fully broken? Would we have to create a new OpenPGP and new keys? >> -But I'd also like to have the signatures themselves using e.g. SHA256 or >> SHA512,... but they're alread using SHA1 >> Can this be changed? >> Or can I simply add new self signatures? > Yes Does this work via --cert-digest-algo option? If so what must I do to get gpg to: - resign my own key - resign other keys Is it simply with the sign command, or will it complain that there's already a signture there? >> So does this mean any harm to me? At some day SHA1 might be fully broken, >> and then an attacker could use simply these older self signatures instead of >> the newer ones, or not? > > Well, yes and no. ?Old signatures are certainly available to both friend and > foe, but the real question is: use them for what? ?What attack are you > concerned about here? Well.. not sure... I've heard that one can add many settings to these signatures like rovcations or policies. But I have not enough knowledge on them (although I could imagine that someone could probably use them to do evil things which might be impossible with a newer hash-algo). But perhaps it could be used to do some forgery with User IDs? > To change the hash you sign with, stick this in your gpg.conf file: > > personal-digest-preferences sha256 Oh,.. so what is this --cert-digest-algo then good for? >> Another thing I've read about is, that gpg keys are using SHA1 hard coded >> in some places with no way to use another algortihm... which places are >> these so one could avoid them perhaps? > > You pretty much can't. ?The key ID itself is derived from SHA1. I thought the key ID is only used for humans to short check the keys,.. but not in the system itself?! So this would basically mean, once SHA1 is broken, we're totally screwed?! > There was a very long discussion of the SHA1 issue a few months back on this > list. ?See, for example, > http://lists.gnupg.org/pipermail/gnupg-users/2009-May/036338.html?and > http://lists.gnupg.org/pipermail/gnupg-devel/2009-May/024999.html > > In short, I wouldn't worry all that much about it. At least at the moment you mean? I mean we had the "same" thing with MD4, MD5 and so on,... so probably it will hit us with SHA1, too? > With regards to AES256, I doubly wouldn't worry about it. ?See > http://lists.gnupg.org/pipermail/gnupg-users/2009-August/037107.html > > This sort of question tends to cause long threads where everyone throws in > their own cipher preferences. ?Instead of giving my preferences, allow me to > point at the wonderful defaults in GPG. ?They're the default algorithms for > a reason. Ok,.. thanks for that information :) I'd have some additional poor men's questions ;-)... - When creating a new key,.. it uses the entropy, right? So is there some way to improve this entropy? Perhaps not using Linux but instead OpenBSD which might have a better PRNG (don't know if this is actually the case ;) ) or use a specific Linux kernel version where a newer and better PRNG was added? -Currently the default (and I assume suggested) algorithm is RSA, right? How does DSA2 compare with it? I once read, that RSA would provide a hash algorithm armor which the DSA's wouldn't have. Is this still true? -My course's professor showed us some number from NIST (don't recall the exact ones, though) where they suggested about something like this: 15360 (or so) bits for the asymetric key <-> 512 bits for the hash size <-> 256 symmetric key should lead to about the same "strenght"... So we have 512/256 bits for the later two,.. but per default much less for the asymmetric... Does this mean, that the other two are overkill for what we use in gpg? - When creating new keys (I'd like to "convince" some more friends to take part :) )... should they create their keys with gpg1 or gpg2? Or is the key generation equally secure? Best wishes, Philippe. From rjh at sixdemonbag.org Thu Sep 10 15:59:47 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Sep 2009 09:59:47 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> Message-ID: <1252591187.3973.20.camel@linux-gil5.site> > - When creating a new key,.. it uses the entropy, right? So is there > some way to improve this entropy? Perhaps not using Linux but instead > OpenBSD which might have a better PRNG (don't know if this is actually > the case ;) ) or use a specific Linux kernel version where a newer and > better PRNG was added? Not really. If there were good reasons to believe OpenBSD's entropy collector was better than Linux's, the Linux crew would fix the code, maybe even borrowing OpenBSD's entropy collector. > -Currently the default (and I assume suggested) algorithm is RSA, > right? How does DSA2 compare with it? Arguing whether RSA or DSA2 is better is kind of like arguing whether King Kong or Godzilla is better at stomping cities flat. > I once read, that RSA would > provide a hash algorithm armor which the DSA's wouldn't have. Is this > still true? Yes. No. Not really. Kind of. RSA gives you a lot of freedom, yes. You could put SHA512 on an RSA-3 (as in "three bits of key") signature and it won't bat an eyelash. It's _stupid_, but it won't bat an eyelash. So, sure. RSA gives you more freedom with hashes than DSA2, but that's not necessarily a good thing. > should lead to about the same "strenght"... Beware of those numbers. I don't know anyone who takes them seriously. They are conjecture and speculation. Educated conjecture and speculation, sure: some of the brightest minds out there worked on the conjecture and speculation -- but they're still conjecture and speculation. That said, there's nothing wrong with using those numbers as long as you remember that they're conjecture. > So we have 512/256 bits for the later two,.. but per default much less > for the asymmetric... Does this mean, that the other two are overkill > for what we use in gpg? Probably. But it isn't as if it matters much. > - When creating new keys (I'd like to "convince" some more friends to > take part :) )... should they create their keys with gpg1 or gpg2? Or > is the key generation equally secure? If memory serves, the key generation code is identical between the 1.4 and 2.0 branches. From bmearns at ieee.org Thu Sep 10 16:12:59 2009 From: bmearns at ieee.org (Brian Mearns) Date: Thu, 10 Sep 2009 10:12:59 -0400 Subject: (Off topic) News on quantum computers cracking crypto Message-ID: <4df3a1330909100712r6cdaedd4g87cbc578180a5385@mail.gmail.com> In case you missed it, using 15 as a key value is no longer a viable option: http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm Fortunately, people are working on it: http://spectrum.ieee.org/computing/software/cryptographers-take-on-quantum-computers -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net From rjh at sixdemonbag.org Thu Sep 10 16:28:31 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Sep 2009 10:28:31 -0400 Subject: (Off topic) News on quantum computers cracking crypto In-Reply-To: <4df3a1330909100712r6cdaedd4g87cbc578180a5385@mail.gmail.com> References: <4df3a1330909100712r6cdaedd4g87cbc578180a5385@mail.gmail.com> Message-ID: <1252592911.3973.24.camel@linux-gil5.site> On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote: > In case you missed it, using 15 as a key value is no longer a viable > option: Hasn't been for many years. The advancement is in reducing the size of the quantum computing device, not in factoring a larger number. We factored 15 via Shor's algorithm in ... what, 2001? But it was a huge, expensive, multimillion-dollar, special-purpose apparatus. From christoph.anton.mitterer at physik.uni-muenchen.de Thu Sep 10 16:27:48 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Thu, 10 Sep 2009 16:27:48 +0200 Subject: (Off topic) News on quantum computers cracking crypto In-Reply-To: <4df3a1330909100712r6cdaedd4g87cbc578180a5385@mail.gmail.com> References: <4df3a1330909100712r6cdaedd4g87cbc578180a5385@mail.gmail.com> Message-ID: <1252592868.15961.25.camel@etppc03.garching.physik.uni-muenchen.de> On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote: > In case you missed it, using 15 as a key value is no longer a viable > option: http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm Thank God! I've used 17 ;) Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From dkg at fifthhorseman.net Thu Sep 10 16:31:48 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 10 Sep 2009 10:31:48 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> Message-ID: <4AA90DD4.30808@fifthhorseman.net> On 09/09/2009 09:45 PM, David Shaw wrote: > Instead of giving my preferences, > allow me to point at the wonderful defaults in GPG. They're the default > algorithms for a reason. I've asked this before, but without any satisfactory answer, i'm still curious: Why do the digest defaults in 1.4.10 and 2.0.13 list SHA-1 above SHA-512, SHA-224, and SHA-384? I don't believe that the mere existence of hardware acceleration of SHA-1 is sufficient to warrant its default preference over stronger, widely-implemented digests. Users who have (and prefer to use) accelerator hardware for any particular digest can change their published preferences to explicitly prefer that hardware, right? Are SHA-1 accelerators so widespread that people have them (and gpg uses them) without being aware of them? Is there some other reason to rank SHA-1 like this? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From bmearns at ieee.org Thu Sep 10 16:29:42 2009 From: bmearns at ieee.org (Brian Mearns) Date: Thu, 10 Sep 2009 10:29:42 -0400 Subject: (Off topic) News on quantum computers cracking crypto In-Reply-To: <1252592868.15961.25.camel@etppc03.garching.physik.uni-muenchen.de> References: <4df3a1330909100712r6cdaedd4g87cbc578180a5385@mail.gmail.com> <1252592868.15961.25.camel@etppc03.garching.physik.uni-muenchen.de> Message-ID: <4df3a1330909100729g26db4491mcfe8857b7737b2e1@mail.gmail.com> 2009/9/10 Christoph Anton Mitterer : > On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote: >> In case you missed it, using 15 as a key value is no longer a viable >> option: http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm > Thank God! I've used 17 ;) > > > Cheers, > Chris. > No you didn't, 17 is prime. =D -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net From christoph.anton.mitterer at physik.uni-muenchen.de Thu Sep 10 16:40:32 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Thu, 10 Sep 2009 16:40:32 +0200 Subject: (Off topic) News on quantum computers cracking crypto In-Reply-To: <4df3a1330909100729g26db4491mcfe8857b7737b2e1@mail.gmail.com> References: <4df3a1330909100712r6cdaedd4g87cbc578180a5385@mail.gmail.com> <1252592868.15961.25.camel@etppc03.garching.physik.uni-muenchen.de> <4df3a1330909100729g26db4491mcfe8857b7737b2e1@mail.gmail.com> Message-ID: <1252593632.15961.27.camel@etppc03.garching.physik.uni-muenchen.de> On Thu, 2009-09-10 at 10:29 -0400, Brian Mearns wrote: > > Thank God! I've used 17 ;) > No you didn't, 17 is prime. =D *D'Ohh* ... caught me ;) Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From philcerf at googlemail.com Thu Sep 10 16:51:05 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Thu, 10 Sep 2009 16:51:05 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <1252591187.3973.20.camel@linux-gil5.site> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252591187.3973.20.camel@linux-gil5.site> Message-ID: <6e7da8720909100751j1f820760k50513adc029525a@mail.gmail.com> Hi Robert. On Thu, Sep 10, 2009 at 3:59 PM, Robert J. Hansen wrote: > Not really. ?If there were good reasons to believe OpenBSD's entropy > collector was better than Linux's, the Linux crew would fix the code, > maybe even borrowing OpenBSD's entropy collector. Ah,.. right... it was the other way round it didn't work (GPL2 to BSD ;) ) >> -Currently the default (and I assume suggested) algorithm is RSA, >> right? How does DSA2 compare with it? > Arguing whether RSA or DSA2 is better is kind of like arguing whether > King Kong or Godzilla is better at stomping cities flat. One should perhaps count in all the King Kong vs. Godzilla moviews,.. who has won more often? ;-) >> ?I once read, that RSA would >> provide a hash algorithm armor which the DSA's wouldn't have. Is this >> still true? > > Yes. ?No. ?Not really. ?Kind of. ooook... ^^ >> should lead to about the same "strenght"... > > Beware of those numbers. ?I don't know anyone who takes them seriously. > They are conjecture and speculation. ?Educated conjecture and > speculation, sure: some of the brightest minds out there worked on the > conjecture and speculation -- but they're still conjecture and > speculation. > > That said, there's nothing wrong with using those numbers as long as you > remember that they're conjecture. Ok,.. I see. > If memory serves, the key generation code is identical between the 1.4 > and 2.0 branches. Thanks :) Philippe. From rjh at sixdemonbag.org Thu Sep 10 16:54:46 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Sep 2009 10:54:46 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> Message-ID: <1252594486.3973.35.camel@linux-gil5.site> On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote: > Uhm,.. what a pity. What would happen if SHA1 gets fully broken? Would > we have to create a new OpenPGP and new keys? Probably. However, if SHA-1 gets totally broken we'll have a lot bigger things to worry about than OpenPGP. > > Well, yes and no. Old signatures are certainly available to both friend and > > foe, but the real question is: use them for what? What attack are you > > concerned about here? > > Well.. not sure... > But perhaps it could be used to do some forgery with User IDs? As soon as you find an attack, then we can discuss it. Unfortunately, we can't really talk intelligently about vague fears. > I thought the key ID is only used for humans to short check the > keys,.. but not in the system itself?! Nope, it's pretty pervasive in the system. > So this would basically mean, once SHA1 is broken, we're totally screwed?! If SHA-1 gets totally broken, pretty much everyone with a computer more powerful than a pocket calculator is screwed. We won't be the only ones. > At least at the moment you mean? I mean we had the "same" thing with > MD4, MD5 and so on,... so probably it will hit us with SHA1, too? Hans Dobbertin proved MD5 was weak in 1996. In 1997, Network Associates (who then were pretty much the only game in town, as far as PGP goes) decided the Dobbertin attack was worrisome and that MD5 needed to go. By the time the MD5 attacks became practical, PGP had _long_ since migrated to SHA-1 and RIPEMD160. The same thing is happening today with OpenPGP. Everyone knows about the SHA-1 attacks. For right now, the SHA-1 attacks are impractical. The people behind OpenPGP are working on a new OpenPGP proposal that will use a stronger, better hash algorithm. They're on it. Relax. :) If you want to follow the discussion yourself on the official mailing list for the RFC4880 standard, feel free. It's a public list and everyone's welcome. From rjh at sixdemonbag.org Thu Sep 10 17:04:34 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Sep 2009 11:04:34 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909100751j1f820760k50513adc029525a@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252591187.3973.20.camel@linux-gil5.site> <6e7da8720909100751j1f820760k50513adc029525a@mail.gmail.com> Message-ID: <1252595074.3973.43.camel@linux-gil5.site> On Thu, 2009-09-10 at 16:51 +0200, Philippe Cerfon wrote: > Ah,.. right... it was the other way round it didn't work (GPL2 to BSD ;) ) Copyright protects the way an idea is expressed, not the idea itself. If Linux had a better entropy collector than OpenBSD, the OpenBSD folks would study the Linux version. They'd learn how it works, they'd learn how it was designed. The Linux developers would probably help them out in this. Once the OpenBSD folks knew exactly how the Linux collector worked and why, they'd go off and hammer out their own version of the Linux collector. It wouldn't take them long. The hardest part of programming is understanding the problem and how the solution you're writing interacts with it. Once you've got that down, the code almost writes itself. It comes together really, really quick. IANAL, if you're doing serious software development talk to your own IP lawyer before you take this seriously, etc., etc. From dshaw at jabberwocky.com Thu Sep 10 17:08:09 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 10 Sep 2009 11:08:09 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> Message-ID: <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> On Sep 10, 2009, at 8:02 AM, Philippe Cerfon wrote: > On Thu, Sep 10, 2009 at 3:45 AM, David Shaw > wrote: >> Yes, but it won't actually go away completely. SHA1 is special in >> OpenPGP. >> Unlike the other hashes, SHA1 is required to be supported. >> Removing SHA1 >> from an OpenPGP preference list doesn't actually remove it, but >> instead >> effectively puts it at the end of the list (so it is the lowest >> ranked >> choice). > Uhm,.. what a pity. What would happen if SHA1 gets fully broken? Would > we have to create a new OpenPGP and new keys? Not a new OpenPGP, exactly, but certainly a revised one. New keys, yes. Of course, SHA1 is nowhere near being fully broken. Heck, even MD5 is nowhere near being "fully" broken (which doesn't mean I recommend people use it, of course). >>> -But I'd also like to have the signatures themselves using e.g. >>> SHA256 or >>> SHA512,... but they're alread using SHA1 >>> Can this be changed? >>> Or can I simply add new self signatures? >> Yes > > Does this work via --cert-digest-algo option? > If so what must I do to get gpg to: > - resign my own key > - resign other keys > Is it simply with the sign command, or will it complain that there's > already a signture there? Yes. To re-sign a key with a new hash, do this: gpg --cert-digest-algo sha256 --expert --edit-key (thekey) (pick the user IDs you want to sign) sign The "cert-digest-algo" tells GPG which hash to make key signatures with, and the "expert" tells GPG that it is okay to re-sign a user ID that is already signed. >> To change the hash you sign with, stick this in your gpg.conf file: >> >> personal-digest-preferences sha256 > > Oh,.. so what is this --cert-digest-algo then good for? personal-digest-preferences sets the hash for signatures you make on data. cert-digest-algo sets the hash for signatures ("certifications") you make on keys. >>> Another thing I've read about is, that gpg keys are using SHA1 >>> hard coded >>> in some places with no way to use another algortihm... which >>> places are >>> these so one could avoid them perhaps? >> >> You pretty much can't. The key ID itself is derived from SHA1. > > I thought the key ID is only used for humans to short check the > keys,.. but not in the system itself?! > So this would basically mean, once SHA1 is broken, we're totally > screwed?! No, just that we need to revise OpenPGP. It's not a disaster - we've done it in the past, and can do it again in the future. It's just a specification that describes a cryptographic system using the best knowledge of the time. If the knowledge changes, we change the specification. The real headache here is (as always) the practical - what to do with existing keys and such. I suspect that removing SHA1 would effectively mean a new key type for OpenPGP (again, not a disaster - we're on our 4th key type today). > I'd have some additional poor men's questions ;-)... > - When creating a new key,.. it uses the entropy, right? So is there > some way to improve this entropy? Perhaps not using Linux but instead > OpenBSD which might have a better PRNG (don't know if this is actually > the case ;) ) or use a specific Linux kernel version where a newer and > better PRNG was added? There are occasional debates on who has the better PRNG. The debates usually end with no changes on either side :) That isn't to say there aren't differences between systems - the FreeBSD PRNG (which seems to have been inherited by OSX) is of a fairly different construction than the Linux one, which has led to some mild controversy in the past. Notably, the Linux one blocks if you run out of gathered entropy, and the FreeBSD one does not. FreeBSD /dev/random is similar to Linux's /dev/urandom. See also http://www.entropykey.co.uk/ > -Currently the default (and I assume suggested) algorithm is RSA, > right? How does DSA2 compare with it? Given the same key length and same hash, they are (massive armwave!) roughly equal for real-world use. If you like, you can define "roughly equal" as "usually so much stronger than the rest of the system that fiddly differences are irrelevant". The actual difference you find between the two is more in implementation and use issues, like DSA signatures being physically smaller than RSA signatures (nice for email), RSA being more widely supported in hardware doodads (smartcards, crypto math chips, etc), and RSA allowing more hash flexibility than DSA. Read NIST SP 800-57 for lots of detail on strength, but they basically conclude the same thing: roughly equal for real-world use. > I once read, that RSA would > provide a hash algorithm armor which the DSA's wouldn't have. Is this > still true? I'm not exactly sure what you mean by "hash algorithm armor". RSA in OpenPGP does have a additional protection (usually called a "hash firewall") that DSA lacks. This gives some protection against hash substitution attacks, but it's not a major deal either way. > -My course's professor showed us some number from NIST (don't recall > the exact ones, though) where they suggested about something like > this: > 15360 (or so) bits for the asymetric key <-> 512 bits for the hash > size <-> 256 symmetric key > should lead to about the same "strenght"... > So we have 512/256 bits for the later two,.. but per default much less > for the asymmetric... Does this mean, that the other two are overkill > for what we use in gpg? It's true that NIST's guidelines say that to truly get the maximum juice out of a 512-bit hash, you should use a 15360-bit key, but that doesn't mean you must. That overall strength of the system is the weakest point, so as long as that weakest point is strong enough, you're fine. A 15360-bit key is wildly impractical. I doubt we'll ever see keys of that size in use. When technology progresses to the point of that being necessary (no time soon) we'll move on to other algorithms that are stronger per-bit, like ECDSA. > - When creating new keys (I'd like to "convince" some more friends to > take part :) )... should they create their keys with gpg1 or gpg2? Or > is the key generation equally secure? Equally secure. In fact, it's almost the same code. David From dshaw at jabberwocky.com Thu Sep 10 17:27:04 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 10 Sep 2009 11:27:04 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909100751j1f820760k50513adc029525a@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252591187.3973.20.camel@linux-gil5.site> <6e7da8720909100751j1f820760k50513adc029525a@mail.gmail.com> Message-ID: <112F77B5-77C3-4AAC-9B76-5CBCA1669267@jabberwocky.com> On Sep 10, 2009, at 10:51 AM, Philippe Cerfon wrote: >> Not really. If there were good reasons to believe OpenBSD's entropy >> collector was better than Linux's, the Linux crew would fix the code, >> maybe even borrowing OpenBSD's entropy collector. > > Ah,.. right... it was the other way round it didn't work (GPL2 to > BSD ;) ) Those are just implementations of methods to gather and manipulate entropy. If one method was better, the other would more likely re- implement the idea rather than lifting code wholesale. This usually works out that way in the open source world, and especially in the open source crypto world. Most likely, the people with the better entropy gatherer would actively help the other people to improve their code. This doesn't necessarily work out the same way in the non-open source world, but even so, some companies are very good to deal with with getting information and discussing common problems (the PGP company is a good example of this). >>> -Currently the default (and I assume suggested) algorithm is RSA, >>> right? How does DSA2 compare with it? >> Arguing whether RSA or DSA2 is better is kind of like arguing whether >> King Kong or Godzilla is better at stomping cities flat. > > One should perhaps count in all the King Kong vs. Godzilla moviews,.. > who has won more often? ;-) Kong 1, Godzilla 0. Not exactly an Oscar winner, but "King Kong vs. Godzilla" does have its charms. I'm not sure which is RSA or DSA in this example though, and then there is Mechani-Kong, and Lady Kong, and... ;) David From gnupg.users at ml.karotte.org Thu Sep 10 18:00:40 2009 From: gnupg.users at ml.karotte.org (Sebastian Wiesinger) Date: Thu, 10 Sep 2009 18:00:40 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> Message-ID: <20090910160040.GA14108@danton.fire-world.de> * Philippe Cerfon [2009-09-10 14:03]: > I'd have some additional poor men's questions ;-)... > - When creating a new key,.. it uses the entropy, right? So is there > some way to improve this entropy? Perhaps not using Linux but instead > OpenBSD which might have a better PRNG (don't know if this is actually > the case ;) ) or use a specific Linux kernel version where a newer and > better PRNG was added? Hi, regarding this, the Simtec Entropy Key http://www.entropykey.co.uk/ is available for sale online since a few days ago. This is an USB hardware entropy generator. Perhaps this would be something to consider in your tests regarding quality and speed of entropy generation. Kind Regards, Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 591 bytes Desc: Digital signature URL: From dshaw at jabberwocky.com Thu Sep 10 18:17:35 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 10 Sep 2009 12:17:35 -0400 Subject: OpenPGP 2.0 and Hushmail keys In-Reply-To: References: Message-ID: <09ABD6E9-5379-4416-9A09-239278D755F1@jabberwocky.com> On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote: > Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys? >> From what I understand Hushmail is based on OpenPGP so it should >> work. > The key I have from my Hushmail account is 2048bit in length but > once I > copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email > anymore, any idea why? It should work fine. It sounds like a different sort of problem. > Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will > anyone be able to export or copy the private key (if the OpenPGP > card is > NOT inserted in the reader)? Does GPG write a copy of the keys > anywhere > else besides on the card? No, but there is a stub secret key that lives in the usual secret keyring. This isn't a true secret key (it does not contain the actual key data), but is the OpenPGP information (user IDs and other things), along with a pointer that says "the key is on smartcard XYZ". So if they can get ahold of your computer, someone could steal this stub, but there is nothing secret about it, and it won't do them any good. David From gnupg.users at ml.karotte.org Thu Sep 10 18:19:12 2009 From: gnupg.users at ml.karotte.org (Sebastian Wiesinger) Date: Thu, 10 Sep 2009 18:19:12 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <20090910160040.GA14108@danton.fire-world.de> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <20090910160040.GA14108@danton.fire-world.de> Message-ID: <20090910161912.GB14108@danton.fire-world.de> * Sebastian Wiesinger [2009-09-10 18:01]: > Hi, > > regarding this, the Simtec Entropy Key http://www.entropykey.co.uk/ is > available for sale online since a few days ago. This is an USB > hardware entropy generator. Perhaps this would be something to > consider in your tests regarding quality and speed of entropy > generation. I'm sorry, somehow I mixed up this thread with one on gnupg-devel. Nevertheless the key is a nice piece of hardware. Regards, Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 591 bytes Desc: Digital signature URL: From dkg at fifthhorseman.net Thu Sep 10 18:22:30 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 10 Sep 2009 12:22:30 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <1252594486.3973.35.camel@linux-gil5.site> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> Message-ID: <4AA927C6.7080905@fifthhorseman.net> On 09/10/2009 10:54 AM, Robert J. Hansen wrote: > On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote: >> I thought the key ID is only used for humans to short check the >> keys,.. but not in the system itself?! > > Nope, it's pretty pervasive in the system. Unless i misunderstand the context, I think I disagree with your characterization here, Robert. The Key ID is a substring (either the last 8 or 16 hex chars) of the Key Fingerprint (which is 40 hex chars). The Key ID is used nowhere in the internals of the OpenPGP specification, from what i can tell. The fingerprint itself is used only in the designated revocation key [0], which is an acknowledged weakness of the cryptosystem [1]. It's not used anywhere else that i can tell. So I think Philippe Cerfon's characterization is pretty accurate, actually. The fingerprint (and to a weaker extent, the keyID) is useful where the mechanical implementation meets the human mind. But I don't think either are used internally to the OpenPGP cryptosystem in many places at all. --dkg [0] http://tools.ietf.org/html/rfc4880#section-5.2.3.15 [1] http://www.imc.org/ietf-openpgp/mail-archive/msg33257.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From mcse83 at hotmail.com Thu Sep 10 18:53:25 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Thu, 10 Sep 2009 17:53:25 +0100 Subject: OpenPGP 2.0 and Hushmail keys In-Reply-To: <09ABD6E9-5379-4416-9A09-239278D755F1@jabberwocky.com> References: <09ABD6E9-5379-4416-9A09-239278D755F1@jabberwocky.com> Message-ID: Thanks for the reply! How do I troubleshoot the issue I am experiencing with my Hushmail keys on the OpenPGP 2.0 card not being able to decrypt my mail? Are you sure about what you said below regarding the stub and the secret/private key? I just generated a test key pair on the OpenPGP 2.0 card and then removed the card from the reader. When I go into key management in Thunderbird and select the newly created key and select "export keys to file" it says: Do you want to include the secret key in the saved OpenPGP key file? So I click " Export secret keys" and it saves it to a .asc file. If I open this in notepad it looks as follows (this is a test key so I don't mind posting it here as it will be deleted and is for testing purposes only): -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (MingW32) mI0ESqkqYgEEAIYhqEhZZee+zfPk2b782y+KvWswD38+6upjGP0wz/hq3iazMZLG 8YZKTQ81GIaKptl3Ke0hBEKVLBlU97Sf0ijUclUtZU6AVn+uscFAw7MiH9a+Lzek xYWlA9ITrlz4BVTmc78yFr9SC/ntcX1a7fovKMg6nDgogcEXi1RAN0nFABEBAAG0 JHN3QHRlc3QuY29tIChURVNUIDAwMykgPHN3QHRlc3QuY29tPoi4BBMBAgAiBQJK qSpiAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBEbTBUCVZGxk1OA/9e Bx0CJfn07D3YUZiVgVdqhz4aKom7QiQtLmJRZoasToKs3cq5UInMwu8DlMm+FHd0 0jgvlVTSsp/wfcGHM3s77rD/6mJmPsGNaBsLUFouyRbbAm4IhAAKTqjbWgwORjF9 ffOWy28GTXwp9vGACu2kIDSvRhFPhHzPs5Ssieq1PriNBEqpKmIBBACkoagKVkIU +3ugbhTty3xQQ/7uQUmWGIcoUu/nWtitswK0KHO6sOD+pVAm2C8KqYTxVLgJcfrq XUAkB/CDbo1NIDONdBuPR8yxOh+BRjpGEKdW887y1C2k7dVM9HX4001AEcOo3lQD s/jKfn5wLqYUhbHFEOxkqQvpbmkBs1we0wARAQABiJ4EGAECAAkFAkqpKmICGyAA CgkQRG0wVAlWRsalyAP2Lb29wtB7h84dKb4dg28Wgq0jd7ZisLhJNn8hjlTUcYK8 q0BbXXLkpVgt8JWYXubmQbXsHLMipab3qQAryGU9v6eH+VeRV4E4L/G9hJOuqaQs ySHj61iLaI6GSAo3maVRnJwFSyX5zIHo2bIlpQWQtqvp2cw/YwhSVgJcHoQcV7iN BEqpKmIBBACRYDxMNqTMOdoAeRHG8AOnzhhBCCXSVI0ErZ7t3xs67vd7S4JmZcMd wj80CKCNSH56iDHRGWbgJ7x5a2ngl41vspFOgOxeb90YTN+k6W8CfCB/Rah4crQQ U0RtoKoghia6AyRstMLNjxXssKM4So2PzaUVZkkj6F4g1EY374qF7wARAQABiJ8E GAECAAkFAkqpKmICGwwACgkQRG0wVAlWRsa5FQP+PPKmU/jKZCd0HSVuBhVwRNHl 1cUmagZNgBeCMP2n1vj4fqcEkRLgE1UxZ2vs/n+r3bmIf47rSYH6ANeo47d1NymJ WCJnD2xrjuqhVX6uYeECfMS36k5bxPKBveuPvbhmxSBa26Ju215fPizg8CCYjw7p /sFdiVsSWXO9wCETPPQ= =zTSa -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.10 (MingW32) lKYESqkqYgEEAIYhqEhZZee+zfPk2b782y+KvWswD38+6upjGP0wz/hq3iazMZLG 8YZKTQ81GIaKptl3Ke0hBEKVLBlU97Sf0ijUclUtZU6AVn+uscFAw7MiH9a+Lzek xYWlA9ITrlz4BVTmc78yFr9SC/ntcX1a7fovKMg6nDgogcEXi1RAN0nFABEBAAH/ AGUAR05VAhDSdgABJAECAAAFAAAAQwAAtCRzd0B0ZXN0LmNvbSAoVEVTVCAwMDMp IDxzd0B0ZXN0LmNvbT6IuAQTAQIAIgUCSqkqYgIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AACgkQRG0wVAlWRsZNTgP/XgcdAiX59Ow92FGYlYFXaoc+GiqJu0Ik LS5iUWaGrE6CrN3KuVCJzMLvA5TJvhR3dNI4L5VU0rKf8H3BhzN7O+6w/+piZj7B jWgbC1BaLskW2wJuCIQACk6o21oMDkYxfX3zlstvBk18KfbxgArtpCA0r0YRT4R8 z7OUrInqtT6cpgRKqSpiAQQApKGoClZCFPt7oG4U7ct8UEP+7kFJlhiHKFLv51rY rbMCtChzurDg/qVQJtgvCqmE8VS4CXH66l1AJAfwg26NTSAzjXQbj0fMsTofgUY6 RhCnVvPO8tQtpO3VTPR1+NNNQBHDqN5UA7P4yn5+cC6mFIWxxRDsZKkL6W5pAbNc HtMAEQEAAf8AZQBHTlUCENJ2AAEkAQIAAAUAAABDAACIngQYAQIACQUCSqkqYgIb IAAKCRBEbTBUCVZGxqXIA/Ytvb3C0HuHzh0pvh2DbxaCrSN3tmKwuEk2fyGOVNRx gryrQFtdcuSlWC3wlZhe5uZBtewcsyKlpvepACvIZT2/p4f5V5FXgTgv8b2Ek66p pCzJIePrWItojoZICjeZpVGcnAVLJfnMgejZsiWlBZC2q+nZzD9jCFJWAlwehBxX nKYESqkqYgEEAJFgPEw2pMw52gB5EcbwA6fOGEEIJdJUjQStnu3fGzru93tLgmZl wx3CPzQIoI1IfnqIMdEZZuAnvHlraeCXjW+ykU6A7F5v3RhM36TpbwJ8IH9FqHhy tBBTRG2gqiCGJroDJGy0ws2PFeywozhKjY/NpRVmSSPoXiDURjfvioXvABEBAAH/ AGUAR05VAhDSdgABJAECAAAFAAAAQwAAiJ8EGAECAAkFAkqpKmICGwwACgkQRG0w VAlWRsa5FQP+PPKmU/jKZCd0HSVuBhVwRNHl1cUmagZNgBeCMP2n1vj4fqcEkRLg E1UxZ2vs/n+r3bmIf47rSYH6ANeo47d1NymJWCJnD2xrjuqhVX6uYeECfMS36k5b xPKBveuPvbhmxSBa26Ju215fPizg8CCYjw7p/sFdiVsSWXO9wCETPPQ= =Ol1j -----END PGP PRIVATE KEY BLOCK----- If I open my Hushmail keys in notepad it looks familiar to the test key I have exported from key management (with the card not inserted in the reader)! I am battling to understand this as I thought generating a key pair on the openPGP card itself was as secure as can be as your private key ONLY exists on the card itself and is not available anywhere else (ie: on your hard drive for export). David Shaw wrote: > On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote: > >> Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys? >>> From what I understand Hushmail is based on OpenPGP so it should work. >> The key I have from my Hushmail account is 2048bit in length but once I >> copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email >> anymore, any idea why? > > It should work fine. It sounds like a different sort of problem. > >> Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will >> anyone be able to export or copy the private key (if the OpenPGP card is >> NOT inserted in the reader)? Does GPG write a copy of the keys anywhere >> else besides on the card? > > No, but there is a stub secret key that lives in the usual secret > keyring. This isn't a true secret key (it does not contain the actual > key data), but is the OpenPGP information (user IDs and other things), > along with a pointer that says "the key is on smartcard XYZ". > > So if they can get ahold of your computer, someone could steal this > stub, but there is nothing secret about it, and it won't do them any > good. > > David > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5590 bytes Desc: S/MIME Cryptographic Signature URL: From mcse83 at hotmail.com Thu Sep 10 19:36:38 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Thu, 10 Sep 2009 18:36:38 +0100 Subject: OpenPGP 2.0 and Hushmail keys In-Reply-To: <09ABD6E9-5379-4416-9A09-239278D755F1@jabberwocky.com> References: <09ABD6E9-5379-4416-9A09-239278D755F1@jabberwocky.com> Message-ID: This is the error I get when I try to decrypt Hushmail emails in Thunderbird with the OpenPGP card: Error - secret key needed to decrypt message gpg command line and output: C:\Program Files\GNU\GnuPG\gpg.exe gpg: detected reader `AKS ifdh 0' gpg: detected reader `AKS ifdh 1' gpg: detected reader `AKS VR 0' gpg: detected reader `Aladdin Token JC 0' gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0' gpg: fingerprint on card does not match requested one (huh, whats this mean?) gpg: encrypted with 2048-bit RSA key, ID xxxxxxxx, created 2006-07-11 ""xxxxxxxxxx at hush.com" " gpg: encrypted with 2048-bit RSA-E key, ID xxxxxxxx, created 2009-05-27 ""xxxxxxxx at hushmail.com" " gpg: public key decryption failed: wrong secret key used gpg: decryption failed: secret key not available This happens after copying my Hushmail keys to the OpenPGP card... David Shaw wrote: > On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote: > >> Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys? >>> From what I understand Hushmail is based on OpenPGP so it should work. >> The key I have from my Hushmail account is 2048bit in length but once I >> copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email >> anymore, any idea why? > > It should work fine. It sounds like a different sort of problem. > >> Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will >> anyone be able to export or copy the private key (if the OpenPGP card is >> NOT inserted in the reader)? Does GPG write a copy of the keys anywhere >> else besides on the card? > > No, but there is a stub secret key that lives in the usual secret > keyring. This isn't a true secret key (it does not contain the actual > key data), but is the OpenPGP information (user IDs and other things), > along with a pointer that says "the key is on smartcard XYZ". > > So if they can get ahold of your computer, someone could steal this > stub, but there is nothing secret about it, and it won't do them any > good. > > David > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5590 bytes Desc: S/MIME Cryptographic Signature URL: From rjh at sixdemonbag.org Thu Sep 10 22:21:44 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Sep 2009 16:21:44 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AA927C6.7080905@fifthhorseman.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <4AA927C6.7080905@fifthhorseman.net> Message-ID: <4AA95FD8.7070109@sixdemonbag.org> Daniel Kahn Gillmor wrote: > On 09/10/2009 10:54 AM, Robert J. Hansen wrote: >> On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote: >>> I thought the key ID is only used for humans to short check the >>> keys,.. but not in the system itself?! >> Nope, it's pretty pervasive in the system. > > Unless i misunderstand the context, I think I disagree with your > characterization here, Robert. I understood him to mean the "key ID" as the fingerprint of the certificate's primary signing key, rather than checking each bit of the certificate's primary signing key individually. From philcerf at googlemail.com Thu Sep 10 23:33:51 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Thu, 10 Sep 2009 23:33:51 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <1252594486.3973.35.camel@linux-gil5.site> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> Message-ID: <6e7da8720909101433y46965b9bk98250a6544c37a28@mail.gmail.com> Hi Robert. On Thu, Sep 10, 2009 at 4:54 PM, Robert J. Hansen wrote: > Probably. ?However, if SHA-1 gets totally broken we'll have a lot bigger > things to worry about than OpenPGP. What specifically do you mean? Crypto-stuff in banking etc.? > As soon as you find an attack, then we can discuss it. ?Unfortunately, > we can't really talk intelligently about vague fears. Of course,... just wondered if there might be any known issues due to that. > Hans Dobbertin proved MD5 was weak in 1996. ?In 1997, Network Associates > (who then were pretty much the only game in town, as far as PGP goes) > decided the Dobbertin attack was worrisome and that MD5 needed to go. > By the time the MD5 attacks became practical, PGP had _long_ since > migrated to SHA-1 and RIPEMD160. Ok,.. I see. But attackers could still attack older data, that they intercepted, right? Best wishes, Philippe. From mcse83 at hotmail.com Thu Sep 10 23:34:29 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Thu, 10 Sep 2009 22:34:29 +0100 Subject: Copy existing key to OpenPGP 2.0 card Message-ID: What is the correct way to copy existing keys that exist onto an OpenPGP 2.0 card? I was trying this, is it correct: gpg --edit-key xxxxxxxx toggle keytocard select 1 key 1 keytocard select 2 q y -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5590 bytes Desc: S/MIME Cryptographic Signature URL: From philcerf at googlemail.com Thu Sep 10 23:38:58 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Thu, 10 Sep 2009 23:38:58 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> Message-ID: <6e7da8720909101438tf2e8adax5721edd00201e25a@mail.gmail.com> On Thu, Sep 10, 2009 at 5:08 PM, David Shaw wrote: > The real headache here is (as always) the practical - what to do with > existing keys and such. ?I suspect that removing SHA1 would effectively mean > a new key type for OpenPGP (again, not a disaster - we're on our 4th key > type today). Ok,.. but then people would "loose" all their collected signatures on their keys and to other keys :-( > That isn't to say there aren't differences between systems - the FreeBSD > PRNG (which seems to have been inherited by OSX) is of a fairly different > construction than the Linux one, which has led to some mild controversy in > the past. ?Notably, the Linux one blocks if you run out of gathered entropy, > and the FreeBSD one does not. ?FreeBSD /dev/random is similar to Linux's > /dev/urandom. So I better use Linux and not FreeBSD ;) > I'm not exactly sure what you mean by "hash algorithm armor". ?RSA in > OpenPGP does have a additional protection (usually called a "hash firewall") > that DSA lacks. ?This gives some protection against hash substitution > attacks, but it's not a major deal either way. Yeah,.. that's the issue I've meant... > It's true that NIST's guidelines say that to truly get the maximum juice out > of a 512-bit hash, you should use a 15360-bit key, but that doesn't mean you > must. ?That overall strength of the system is the weakest point, so as long > as that weakest point is strong enough, you're fine. *still cannot believe, that I've remembered the exact number :-O * Thanks, Philippe. From philcerf at googlemail.com Thu Sep 10 23:43:00 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Thu, 10 Sep 2009 23:43:00 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AA927C6.7080905@fifthhorseman.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <4AA927C6.7080905@fifthhorseman.net> Message-ID: <6e7da8720909101443j49b3a2d5kba9b976f51d82ec6@mail.gmail.com> Hello Daniel. On Thu, Sep 10, 2009 at 6:22 PM, Daniel Kahn Gillmor wrote: > The Key ID is a substring (either the last 8 or 16 hex chars) of the Key > Fingerprint (which is 40 hex chars). ?The Key ID is used nowhere in the > internals of the OpenPGP specification, from what i can tell. I think I've messed up the terms fingerprint and key ID, sorry :-( > The fingerprint itself is used only in the designated revocation key > [0], which is an acknowledged weakness of the cryptosystem [1]. ?It's > not used anywhere else that i can tell. Ok,.. I'm confused now. David said,.. the community would probably have to create a new key type or version at some point. But this sounds more, that if I simply don't use designated revocation keys,... I don't use SHA1 at all,.. and would be fine to simply swtich to another algorithm. Regards, Philippe. From philcerf at googlemail.com Thu Sep 10 23:44:29 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Thu, 10 Sep 2009 23:44:29 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AA95FD8.7070109@sixdemonbag.org> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <4AA927C6.7080905@fifthhorseman.net> <4AA95FD8.7070109@sixdemonbag.org> Message-ID: <6e7da8720909101444s69409e50w41478de6fb5603eb@mail.gmail.com> On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen wrote: > I understood him to mean the "key ID" as the fingerprint of the > certificate's primary signing key, rather than checking each bit of the > certificate's primary signing key individually. I meant the fingerprint, yes. But now that you say it. Would it be "better" to not just check other keys via their fingerprint, but to really copy them (e.g. per USB-stick) from their owners and sign only such direct copies? Philippe. From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 00:11:07 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 00:11:07 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> Message-ID: <1252621480.1119.21.camel@fermat.scientia.net> Hi folks. On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote: > The real headache here is (as always) the practical - what to do with > existing keys and such. I suspect that removing SHA1 would > effectively mean a new key type for OpenPGP (again, not a disaster - > we're on our 4th key type today). Wahhhh .... will loose all my signatures *G* Ok seriously: ... This is _really_ nice (especially as there are Debian packages for it :-D) > See also http://www.entropykey.co.uk/ Anyway,.. I'm really not an randomness-expert so perhaps some questions: 1) Is this already supported by gpg? 2) If so,.. where would gpg use it? Only for symmetric keys? Or also for asymmetric? 3) One problem with such devices is,.. that one can never know (well at least normal folks like me) how good they actually are. If this company would be evil (subsidiary of NSA or so) they could just sell bad devices that produce poor entropy thus rendering our (symmetric and asymmetric) keys, signatures etc. "useless". Right? So my question is basically,.. If gpg would use this,... does it only improve the already existing entropy and randomness of the kernel PRNG? I mean that gpg somehow "merges" the different sources? Or is it more or less a,.. either use the kernel PRNG or the hardware RNG. If there is such a "merging",.. how well does it work? I mean imagine the device would be very evil (or just stupid) and produce only 0's or 1's or series of 0101's or something like this. Would the "merging" produce entropy that's still as least as good as if one would just have the kernel PRNG? Or would it yield in weaker randomness. (sorry for my non-expert terminology here ;) ) > > - When creating new keys (I'd like to "convince" some more friends to > > take part :) )... should they create their keys with gpg1 or gpg2? Or > > is the key generation equally secure? > > Equally secure. In fact, it's almost the same code. I really wonder if you'll maintain both versions forever :-) ;) Happy crypting, Chris. -- Grid Monkey -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 00:32:39 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 00:32:39 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> Message-ID: <1252621965.3937.1.camel@fermat.scientia.net> Hi folks. On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote: > The real headache here is (as always) the practical - what to do with > existing keys and such. I suspect that removing SHA1 would > effectively mean a new key type for OpenPGP (again, not a disaster - > we're on our 4th key type today). Wahhhh .... will loose all my signatures *G* Ok seriously: ... This is _really_ nice (especially as there are Debian packages for it :-D) > See also http://www.entropykey.co.uk/ Anyway,.. I'm really not an randomness-expert so perhaps some questions: 1) Is this already supported by gpg? 2) If so,.. where would gpg use it? Only for symmetric keys? Or also for asymmetric? 3) One problem with such devices is,.. that one can never know (well at least normal folks like me) how good they actually are. If this company would be evil (subsidiary of NSA or so) they could just sell bad devices that produce poor entropy thus rendering our (symmetric and asymmetric) keys, signatures etc. "useless". Right? So my question is basically,.. If gpg would use this,... does it only improve the already existing entropy and randomness of the kernel PRNG? I mean that gpg somehow "merges" the different sources? Or is it more or less a,.. either use the kernel PRNG or the hardware RNG. If there is such a "merging",.. how well does it work? I mean imagine the device would be very evil (or just stupid) and produce only 0's or 1's or series of 0101's or something like this. Would the "merging" produce entropy that's still as least as good as if one would just have the kernel PRNG? Or would it yield in weaker randomness. (sorry for my non-expert terminology here ;) ) > > - When creating new keys (I'd like to "convince" some more friends to > > take part :) )... should they create their keys with gpg1 or gpg2? Or > > is the key generation equally secure? > > Equally secure. In fact, it's almost the same code. I really wonder if you'll maintain both versions forever :-) ;) Happy crypting, Chris. -- Grid Monkey -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 00:32:58 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 00:32:58 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <1252594486.3973.35.camel@linux-gil5.site> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> Message-ID: <1252621978.3937.2.camel@fermat.scientia.net> Hi Robert. On Thu, 2009-09-10 at 10:54 -0400, Robert J. Hansen wrote: > Nope, it's pretty pervasive in the system. I thought it (and SHA1 fingerprints) would only be used in designated revoker signatures, and MDC? > The people behind OpenPGP are working on a new OpenPGP proposal that > will use a stronger, better hash algorithm. Have workings on an 4880 successor already started? Perhaps some of you (David?) remember the discussion that took place here and on the WG list some time ago about things like: - how criticality and critical bit could be handled much stricter - potential problems that arise because conforming implementation are only recommended to ignore signatures of an older time (especially self-sigs). - some other places where OpenPGP could (and for security reasons perhaps should) be more strict and demanding to (conforming) implementations - Ideas for much broader use of attributes (different types of names, birth-dates, -places, sex, etc. etc.) So I wonder who's doing the (main) work for the writing this time? And is there perhaps a wiki or so, where one could collect such suggestions? Sincerely, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From rjh at sixdemonbag.org Fri Sep 11 00:39:14 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Sep 2009 18:39:14 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909101433y46965b9bk98250a6544c37a28@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <6e7da8720909101433y46965b9bk98250a6544c37a28@mail.gmail.com> Message-ID: <4AA98012.80507@sixdemonbag.org> Philippe Cerfon wrote: > What specifically do you mean? Crypto-stuff in banking etc.? "Specifically"? I don't have the time to list everywhere that will break. SHA-1 is used in a ton of places, and often not places you'd immediately expect. For instance, computer fuel injection timings are controlled by software. Auto enthusiasts would like to be able to customize them, but can't. If SHA-1 breaks, auto enthusiasts will be able to forge their own signatures and deliver their own "updates" to their engines. Skype will potentially break. Many P2P networks (including the ones Skype is based upon) use a mathematical construct called a "distributed hash table" to figure out how to route data. If the hash algorithm is bad, well, you're out of luck. Filesystems will suffer. There exist some filesystems that avoid storing redundant data by tracking a hash of each file. If the file you're writing matches a hash that's already on the disk, the filesystem just puts in a soft link. That's three examples of things that will unexpectedly break if SHA-1 falls. A complete laundry list would go for pages and pages and pages. I'd suggest reading comp.risks; they might have something on point. > But attackers could still attack older data, that they intercepted, right? No. Imagine that in 2010, the OpenPGP Working Group publishes a new key specification. v5 keys use SHA256, not SHA1. I revoke my current key and migrate to a new v5 key. In 2015, the SHA-1 attack becomes practical. Someone goes back to my old messages and lifts a signature off something I've written. They construct a new message that hashes out the same as my old message, and put my old signature on a new message. "Look, look! He signed a message in 2009 claiming that he'd pay me $1 million in 2015! Pay up, Mr. Hansen!" No one would take such a forgery seriously. From rjh at sixdemonbag.org Fri Sep 11 01:18:42 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Sep 2009 19:18:42 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909101444s69409e50w41478de6fb5603eb@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <4AA927C6.7080905@fifthhorseman.net> <4AA95FD8.7070109@sixdemonbag.org> <6e7da8720909101444s69409e50w41478de6fb5603eb@mail.gmail.com> Message-ID: <4AA98952.4030303@sixdemonbag.org> Philippe Cerfon wrote: > But now that you say it. Would it be "better" to not just check other > keys via their fingerprint, but to really copy them (e.g. per > USB-stick) from their owners and sign only such direct copies? No. Sharing media is a great way to spread malware. Don't do that to your friends. Use the keyserver network. SHA-1 is in trouble, but it's not dead yet, and regular users should not be worried about it. From philcerf at googlemail.com Fri Sep 11 01:19:30 2009 From: philcerf at googlemail.com (Philippe Cerfon) Date: Fri, 11 Sep 2009 01:19:30 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AA98012.80507@sixdemonbag.org> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <6e7da8720909101433y46965b9bk98250a6544c37a28@mail.gmail.com> <4AA98012.80507@sixdemonbag.org> Message-ID: <6e7da8720909101619n20e32f84p8748f477eeace46@mail.gmail.com> On Fri, Sep 11, 2009 at 12:39 AM, Robert J. Hansen wrote: > That's three examples of things that will unexpectedly break if SHA-1 > falls. ?A complete laundry list would go for pages and pages and pages. > ?I'd suggest reading comp.risks; they might have something on point. Thanks,.. got what you meant :-) >> But attackers could still attack older data, that they intercepted, right? > Imagine that in 2010, the OpenPGP Working Group publishes a new key > specification. ?v5 keys use SHA256, not SHA1. ?I revoke my current key > and migrate to a new v5 key. > In 2015, the SHA-1 attack becomes practical. ?Someone goes back to my > old messages and lifts a signature off something I've written. ?They > construct a new message that hashes out the same as my old message, and > put my old signature on a new message. ?"Look, look! ?He signed a > message in 2009 claiming that he'd pay me $1 million in 2015! ?Pay up, > Mr. Hansen!" > > No one would take such a forgery seriously. Ah I see,... And encryption does not suffer from hash algorithm weaknesses anyway, does it? I mean there it wouldn't help to revoke my key,... (given the fact that one has such long term secrets). Cheers, Philippe. From allen.schultz at gmail.com Fri Sep 11 00:51:32 2009 From: allen.schultz at gmail.com (Allen Schultz) Date: Thu, 10 Sep 2009 16:51:32 -0600 Subject: Turning off GPG-Agent on default install of GPG4Win 2.0.0 In-Reply-To: <4AA73600.5040506@gswot.org> References: <4AA47EB1.8050506@gmail.com> <4AA4C3AD.2020901@gswot.org> <4AA5F79F.6040308@gmail.com> <4AA60195.6070401@gswot.org> <4AA60558.1000805@gmail.com> <4AA65B5F.9040209@gswot.org> <4AA724E3.4070308@gmail.com> <4AA73600.5040506@gswot.org> Message-ID: <4AA982F4.1010906@gmail.com> Henk M. de Bruijn wrote: > Allen Schultz schreef: >> Henk M. de Bruijn wrote: >>> I checked but even after setting off the option to install GPA. The >>> relevant files are still installed and when closing the preference menu >>> a menu keeps on popping up about GPA and the passphrase. >>> I don't know which files are involved. >> I think I figured ot what is acting as the gpg-agent in this newer >> install. Since they dropped WinPT and added Kleopatra, the interface >> changed to this (to me) annoying pinentry.exe asking for my passphrase. >> I think I will install component by component myself and try it out that >> way. > > Please let me(us) know the result? Ok. Got it back to what I want it to do. I don't know what agent demanded the attention of my passphrase, but it's not in the default GPG package I can see. Here is what I did, regardless of what other GPG enabled products I have installed. 1. Uninstall GPG4Win. 2. Download/Installed GnuPG 1.4.10b compiled for Microsoft Windows from gnupg.org. 3. Update PATH to find new GPG install directory. 4. Now restart any program you have requiring GPG features. This could be done before the uninstall. I'm back to the normal agents that need the passphrase for the programs required. Nothing else, nor is WinPT installed from that GPG4Win package. I still do have GPGShell (the german version) still installed on my computer. -- Allen Schultz PS: Please see attached VCF attachment for contact and GPG key info. Signature.asc requires GPG/PGP to be installed to verify signature. -------------- next part -------------- A non-text attachment was scrubbed... Name: allen_schultz.vcf Type: text/x-vcard Size: 648 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 552 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Sep 11 02:38:20 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 10 Sep 2009 20:38:20 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <1252621965.3937.1.camel@fermat.scientia.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> Message-ID: <4AA99BFC.7020309@fifthhorseman.net> On 09/10/2009 06:32 PM, Christoph Anton Mitterer wrote: > 3) One problem with such devices is,.. that one can never know (well at > least normal folks like me) how good they actually are. > If this company would be evil (subsidiary of NSA or so) they could just > sell bad devices that produce poor entropy thus rendering our (symmetric > and asymmetric) keys, signatures etc. "useless". Right? Worse than this: the devices could produce measurably "good" entropy that happens to be predictable to a malicious individual in control of a special secret. For example, if such a key were to contain a copy of the secret, and somehow retain the current time (e.g. a battery and a clock?), it could produce a new output stream each second with: AES(secret + time()) (first cleartext block is just "secret + time", and next cleartext block for that second is just the previous ciphertext block XOR'ed with "secret + time" -- reset every second as time() changes) This would produce a predictable stream that (like all good ciphers) has high-entropy output. Then, if this was used to provide random numbers to the kernel, which in turn provided them to gpg, an attacker who knows the secret associated with your entropy key, and the time you generated the key (that information is published with your public key) could probably reproduce the stream of "randomness" that was used for your key generation, and therefore stumble upon your private key. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From reynt0 at cs.albany.edu Fri Sep 11 02:36:39 2009 From: reynt0 at cs.albany.edu (reynt0) Date: Thu, 10 Sep 2009 20:36:39 -0400 (EDT) Subject: howto secure older keys after the recent attacks In-Reply-To: <1252621480.1119.21.camel@fermat.scientia.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621480.1119.21.camel@fermat.scientia.net> Message-ID: On Fri, 2009-09-11 Christoph Anton Mitterer wrote: . . . > sell bad devices that produce poor entropy thus rendering > our (symmetric and asymmetric) keys, signatures etc. "useless". . . . Just out of curiousity, about how "poor" entropy might make it easy to break encryption: Is it necessary for an attacker to know pre-attack that a specific targeted file has been encrypted or etc using poor entropy? Or is the weakness one which can efficiently be exploited en mass, by attacking all files in a batch of files and just being successful against any of the files which happened to be encrypted using poor entropy? From dshaw at jabberwocky.com Fri Sep 11 04:23:43 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 10 Sep 2009 22:23:43 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AA99BFC.7020309@fifthhorseman.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <4AA99BFC.7020309@fifthhorseman.net> Message-ID: On Sep 10, 2009, at 8:38 PM, Daniel Kahn Gillmor wrote: > On 09/10/2009 06:32 PM, Christoph Anton Mitterer wrote: >> 3) One problem with such devices is,.. that one can never know >> (well at >> least normal folks like me) how good they actually are. >> If this company would be evil (subsidiary of NSA or so) they could >> just >> sell bad devices that produce poor entropy thus rendering our >> (symmetric >> and asymmetric) keys, signatures etc. "useless". Right? > > Worse than this: the devices could produce measurably "good" entropy > that happens to be predictable to a malicious individual in control > of a > special secret. Sure, but your computer vendor "could" have a relationship with the NSA and put some special code in the BIOS to capture keyboard input and periodically send it to a central server. Your disk drive vendor "could" keep a few extra sectors hidden from the reallocation pool, and use them to store copies of things that match the byte signature of a PGP key. Your wifi AP vendor "could" have a hidden secret WPA key that makes your home network available to a malicious individual in control of the special secret. "Could" is a very powerful word. At some point, people have to buy and run the closed-source hardware they need to run their open-source software on :) David From dshaw at jabberwocky.com Fri Sep 11 04:35:31 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 10 Sep 2009 22:35:31 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <1252621965.3937.1.camel@fermat.scientia.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> Message-ID: <467E60D6-50E7-463F-9038-85856842F6B1@jabberwocky.com> On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote: > Hi folks. > > > > On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote: >> The real headache here is (as always) the practical - what to do with >> existing keys and such. I suspect that removing SHA1 would >> effectively mean a new key type for OpenPGP (again, not a disaster - >> we're on our 4th key type today). > Wahhhh .... will loose all my signatures *G* > Ok seriously: ... > > > This is _really_ nice (especially as there are Debian packages for > it :-D) >> See also http://www.entropykey.co.uk/ > Anyway,.. I'm really not an randomness-expert so perhaps some > questions: > > 1) Is this already supported by gpg? Yes. It's not that gpg has a driver for it though. The developers of the entropy key were clever and instead of making programs write new code to use the key, they made a program that reads the key and feeds the Linux entropy pool. Thus, anything that uses /dev/random (like gpg) benefits without code changes. > 2) If so,.. where would gpg use it? Only for symmetric keys? Or also > for > asymmetric? Both. > 3) One problem with such devices is,.. that one can never know (well > at > least normal folks like me) how good they actually are. > If this company would be evil (subsidiary of NSA or so) they could > just > sell bad devices that produce poor entropy thus rendering our > (symmetric > and asymmetric) keys, signatures etc. "useless". Right? Not completely useless given the Linux random design, but certainly an evil source of entropy would be a serious problem. Do you have any reason to believe this device is evil? There are many random number generators on the market. Knowing which ones are evil would be handy ;) > So my question is basically,.. > If gpg would use this,... does it only improve the already existing > entropy and randomness of the kernel PRNG? I mean that gpg somehow > "merges" the different sources? > Or is it more or less a,.. either use the kernel PRNG or the hardware > RNG. The kernel merges several sources of entropy into the /dev/random pool. The entropy key would just be another source (though a very prolific source) of entropy. David From dshaw at jabberwocky.com Fri Sep 11 04:46:34 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 10 Sep 2009 22:46:34 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <1252621978.3937.2.camel@fermat.scientia.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <1252621978.3937.2.camel@fermat.scientia.net> Message-ID: <1D0607F7-C866-45FA-A233-A883D872251A@jabberwocky.com> On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote: >> The people behind OpenPGP are working on a new OpenPGP proposal that >> will use a stronger, better hash algorithm. > Have workings on an 4880 successor already started? No, at this point things are mainly being proposed as *additions* to 4880. The first of these to reach completion is RFC-5581, which added the Camellia cipher to OpenPGP (it's in 1.4.10, incidentally, but you need to opt-in by adding it to your key prefs before it will be used). Another addition would be ECC support, or the SHA-1 free key format. > Perhaps some of you (David?) remember the discussion that took place > here and on the WG list some time ago about things like: > - how criticality and critical bit could be handled much stricter > - potential problems that arise because conforming implementation are > only recommended to ignore signatures of an older time (especially > self-sigs). > - some other places where OpenPGP could (and for security reasons > perhaps should) be more strict and demanding to (conforming) > implementations > - Ideas for much broader use of attributes (different types of names, > birth-dates, -places, sex, etc. etc.) > > So I wonder who's doing the (main) work for the writing this time? And > is there perhaps a wiki or so, where one could collect such > suggestions? The place for all such suggestions is the IETF OpenPGP working group: http://www.imc.org/ietf-openpgp/ David From dkg at fifthhorseman.net Fri Sep 11 04:55:09 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 10 Sep 2009 22:55:09 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <4AA99BFC.7020309@fifthhorseman.net> Message-ID: <4AA9BC0D.7060903@fifthhorseman.net> On 09/10/2009 10:23 PM, David Shaw wrote: > "Could" is a very powerful word. At some point, people have to buy and > run the closed-source hardware they need to run their open-source > software on :) Agreed! I was just pointing out that the lack of true entropy might not be as obvious as the proposed card that always returned "0x00" when asked for a random byte. There is also open hardware for random number generation, for whatever that's worth: http://warmcat.com/_wp/whirlygig-rng/ i've never used any of these devices myself. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Fri Sep 11 04:52:39 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 10 Sep 2009 22:52:39 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <6e7da8720909101444s69409e50w41478de6fb5603eb@mail.gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <4AA927C6.7080905@fifthhorseman.net> <4AA95FD8.7070109@sixdemonbag.org> <6e7da8720909101444s69409e50w41478de6fb5603eb@mail.gmail.com> Message-ID: On Sep 10, 2009, at 5:44 PM, Philippe Cerfon wrote: > On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen > wrote: >> I understood him to mean the "key ID" as the fingerprint of the >> certificate's primary signing key, rather than checking each bit of >> the >> certificate's primary signing key individually. > > I meant the fingerprint, yes. > But now that you say it. Would it be "better" to not just check other > keys via their fingerprint, but to really copy them (e.g. per > USB-stick) from their owners and sign only such direct copies? I suspect you are more in danger of being hit by meteors several times in a row as you walk to your friend's house with the USB stick, than you are in danger from SHA-1. :) David From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 11:20:32 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 11:20:32 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <467E60D6-50E7-463F-9038-85856842F6B1@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <467E60D6-50E7-463F-9038-85856842F6B1@jabberwocky.com> Message-ID: <1252660833.31099.9.camel@etppc03.garching.physik.uni-muenchen.de> On Thu, 2009-09-10 at 22:35 -0400, David Shaw wrote: > Yes. It's not that gpg has a driver for it though. The developers of > the entropy key were clever and instead of making programs write new > code to use the key, they made a program that reads the key and feeds > the Linux entropy pool. Thus, anything that uses /dev/random (like > gpg) benefits without code changes. Nice nice :) Apart from that,.. I've just read that they support even having more of those devices added,.. for an even higher entropy bandwidth :D > Not completely useless given the Linux random design, but certainly an > evil source of entropy would be a serious problem. Do you have any > reason to believe this device is evil? _Not at all_ ... But the problem is,.. how could I know? Nor would I have the technical knowledge to verify their implementation,.. nor the elecetron microscope that I'd probably need for the verification. > There are many random number > generators on the market. Knowing which ones are evil would be handy ;) Well,.. as soon as I got a list,.. I promise that I'll tell you ... EXCEPT... I'm already detained in Guantanamo, Diego Garcia,.. or something like this ... for knowing that list ;) But in this case we might probably meet anyway,.. as _all_ people I've ever had contact to,.. will be detained, too ;) > > So my question is basically,.. > > If gpg would use this,... does it only improve the already existing > > entropy and randomness of the kernel PRNG? I mean that gpg somehow > > "merges" the different sources? > > Or is it more or less a,.. either use the kernel PRNG or the hardware > > RNG. > > The kernel merges several sources of entropy into the /dev/random > pool. The entropy key would just be another source (though a very > prolific source) of entropy. So this basically means: Use such devices (as much as possible), they practically can only improve security, but not weaken? Gr??e, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 11:23:55 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 11:23:55 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <4AA927C6.7080905@fifthhorseman.net> <4AA95FD8.7070109@sixdemonbag.org> <6e7da8720909101444s69409e50w41478de6fb5603eb@mail.gmail.com> Message-ID: <1252661036.31099.12.camel@etppc03.garching.physik.uni-muenchen.de> On Thu, 2009-09-10 at 22:52 -0400, David Shaw wrote: > I suspect you are more in danger of being hit by meteors several times > in a row as you walk to your friend's house with the USB stick, than > you are in danger from SHA-1. I was watching Armageddon yesterday evening... so watch out what you're saying ;P (and never forget you anti-meteor-shower-umbrella) Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 11:25:53 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 11:25:53 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AA99BFC.7020309@fifthhorseman.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <4AA99BFC.7020309@fifthhorseman.net> Message-ID: <1252661153.31099.15.camel@etppc03.garching.physik.uni-muenchen.de> On Thu, 2009-09-10 at 20:38 -0400, Daniel Kahn Gillmor wrote: > Worse than this: the devices could produce measurably "good" entropy > that happens to be predictable to a malicious individual in control of a > special secret. > > For example, if such a key were to contain a copy of the secret, and > somehow retain the current time (e.g. a battery and a clock?), it could > produce a new output stream each second with: > > AES(secret + time()) > > (first cleartext block is just "secret + time", and next cleartext block > for that second is just the previous ciphertext block XOR'ed with > "secret + time" -- reset every second as time() changes) > > This would produce a predictable stream that (like all good ciphers) has > high-entropy output. > > Then, if this was used to provide random numbers to the kernel, which in > turn provided them to gpg, an attacker who knows the secret associated > with your entropy key, and the time you generated the key (that > information is published with your public key) could probably reproduce > the stream of "randomness" that was used for your key generation, and > therefore stumble upon your private key. Ok,... now you've made me unsecure :-/ (on whether to use such a thingy - ok I've already ordered one ^^ - or not) Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 11:26:45 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 11:26:45 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <4AA99BFC.7020309@fifthhorseman.net> Message-ID: <1252661206.31099.17.camel@etppc03.garching.physik.uni-muenchen.de> On Thu, 2009-09-10 at 22:23 -0400, David Shaw wrote: > Sure, but your computer vendor "could" have a relationship with the > NSA and put some special code in the BIOS to capture keyboard input > and periodically send it to a central server. Your disk drive vendor > "could" keep a few extra sectors hidden from the reallocation pool, > and use them to store copies of things that match the byte signature > of a PGP key. Your wifi AP vendor "could" have a hidden secret WPA > key that makes your home network available to a malicious individual > in control of the special secret. This is exactly what keeps me awake at nights ;P Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 11:28:57 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 11:28:57 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AA9BC0D.7060903@fifthhorseman.net> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <4AA99BFC.7020309@fifthhorseman.net> <4AA9BC0D.7060903@fifthhorseman.net> Message-ID: <1252661338.31099.19.camel@etppc03.garching.physik.uni-muenchen.de> On Thu, 2009-09-10 at 22:55 -0400, Daniel Kahn Gillmor wrote: > There is also open hardware for random number generation, for whatever > that's worth: > > http://warmcat.com/_wp/whirlygig-rng/ I think David already pointed me to this one some time ago,.. but they're not yet selling it, right? Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 12:37:03 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 12:37:03 +0200 Subject: howto secure older keys after the recent attacks In-Reply-To: <1D0607F7-C866-45FA-A233-A883D872251A@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <1252594486.3973.35.camel@linux-gil5.site> <1252621978.3937.2.camel@fermat.scientia.net> <1D0607F7-C866-45FA-A233-A883D872251A@jabberwocky.com> Message-ID: <1252665424.31099.28.camel@etppc03.garching.physik.uni-muenchen.de> On Thu, 2009-09-10 at 22:46 -0400, David Shaw wrote: > The place for all such suggestions is the IETF OpenPGP working group: http://www.imc.org/ietf-openpgp/ Yeah I know,.. and if you remember, most of what I've mentioned before was already discussed at that list... but with no very big support ;) So either these ideas were not improving strictness, security or functionality (as with the additional attributes)... or people are just to scared to break existing things or do not want to put a too high burden on the implementations. Anyway,.. don't believe that much (if any) of the above would be added in (near) future releases,.. and I don't wanna start the same discussions again ;) Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 13:31:38 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 13:31:38 +0200 Subject: workings of trust signatures Message-ID: <1252668699.31099.51.camel@etppc03.garching.physik.uni-muenchen.de> Hi. I just wanted to fresh up my knowledge on trust signatures and have it confirmed whether I've understood it correctly. So first of all, level 0 TSigs are identical to normal non-trust-sigs. e.g.: [my self] --normal sig--> [person A] +-normal sig--> [person B] `-trust5 sig--> [person C] --normal sig--> [person D] => I only trust A,.. but nothing "below" A (at any level). Level 1 TSigs would mean, that I signed that key (as with normal signing) but in addition I also trust (with the specified value 60 or 120 e.g.) keys he signed (regardless of whether he used a normal sig or a TSig for that. e.g.: [my self] --trust1 sig--> [person A] +-normal sig--> [person B] `-trust5 sig--> [person C] --normal sig--> [person D] `-trust5 sig--> [person E] --trust2 sig--> [person F] --normal sig--> [person G] => I only trust A, B, C and E,.. but nothing "below" B, C or E (at any level) because of my own level 1 tsig to A. If I give higher levels of TSigs... the level is always the maxmium number of hops that can occur,.. But only further Tsigs on the keys I've signed with it,... will make this usable,.. so it cannot jump over normal sigs: e.g.: [my self] --trust6 sig--> [person A] +-normal sig--> [person B] --normal sig--> [person C] `-trust5 sig--> [person D] --normal sig--> [person E] --trist1 sig--> [person F] `-trust1 sig--> [person G] --trust5 sig--> [person H] --normal sig--> [person I] => I trust - A - B (because of my trust5 sig to A) - not C as, B signed it only with a normal sig - D - not E or F (even though my own trust to A and the trust from A to D were H, but D didn't sign E with a trust sig, the fact. that E signed F with a trust sig is irrelevant, as there was a "hole" in the chain - G - H - but not I, as G was only given a trust1 sig by A Right so far? So the chain of trust sigs can be "aborted" at any level, by a signature "before",.. even if signatures that came even more earlier specified a high enough level. Thanks, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From christoph.anton.mitterer at physik.uni-muenchen.de Fri Sep 11 14:04:23 2009 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Fri, 11 Sep 2009 14:04:23 +0200 Subject: workings of trust signatures In-Reply-To: <1252668699.31099.51.camel@etppc03.garching.physik.uni-muenchen.de> References: <1252668699.31099.51.camel@etppc03.garching.physik.uni-muenchen.de> Message-ID: <1252670664.31099.56.camel@etppc03.garching.physik.uni-muenchen.de> Hi. One additional question: Is it possible to give multiple trust signatures to the same subject, but with different levels and trust amounts. e.g. [myself] +-trust 1 sig / value=120-+> [some person or trustworthy CA] --trust 1 sig --> [some sub CA, which is "less" trustworthy] `-trust 2 sig / value= 60-? So I'd allow the CA to be trusted introducer with full trust,.. but being meta-introducer only with partial trust. Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From noiano at x-privat.org Fri Sep 11 18:19:59 2009 From: noiano at x-privat.org (Noiano) Date: Fri, 11 Sep 2009 18:19:59 +0200 Subject: BZIP2 In-Reply-To: <4AA168A6.4020108__29897.916437085$1252095856$gmane$org@gmail.com> References: <4AA168A6.4020108__29897.916437085$1252095856$gmane$org@gmail.com> Message-ID: Henrik O A Barkman ha scritto: > > What is the reason for the Windows build of 1.4.10 (both the pulled and > fixed binaries) not supporting BZIP2? > > [cut] I can see the bzip2, windows vista SP2 C:\Users\noiano>gpg --version gpg (GnuPG) 1.4.10 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: [cut] Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 C:\Users\noiano> Strange, isn't it? From classpath at arcor.de Sat Sep 12 00:12:04 2009 From: classpath at arcor.de (Morten Gulbrandsen) Date: Sat, 12 Sep 2009 00:12:04 +0200 Subject: How do I use gpg to decrypt encrypted files???? In-Reply-To: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> References: <0u5ga51p7i5vf6g3422n1lb06vfve5l9be@4ax.com> Message-ID: <4AAACB34.8090703@arcor.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BosseB wrote: > I have a number of encrypted files, which I need to decrypt. I have > installed GPG 1.4.9 on my Windows XP-Pro SP3 PC. I have the necessary > keyrings and they work with Thunderbird and Enigmail. > > But as I said I need to decrypt files that are on my hard disk, not in > an email.... > like this symmetric only to any password to any key, if the passphrase is known bash-3.00$ ls -l filename.txt - -rw-r--r-- 1 morten other 12 Sep 11 19:31 filename.txt bash-3.00$ cat filename.txt hello world bash-3.00$ file filename.txt filename.txt: ascii text bash-3.00$ gpg -c filename.txt bash-3.00$ ls -l filename.txt* - -rw-r--r-- 1 morten other 12 Sep 11 19:31 filename.txt - -rw-r--r-- 1 morten other 63 Sep 11 23:59 filename.txt.gpg bash-3.00$ gpg --decrypt filename.txt.gpg gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase hello world gpg: WARNING: message was not integrity protected bash-3.00$ this is the easiest way and gives some security. There are options to enforce --cipher-algo AES256 http://gnupg.org/documentation/manuals/gnupg/CMS-Options.html#index-cipher_002dalgo-272 - --cipher-algo oid Use the cipher algorithm with the ASN.1 object identifier oid for encryption. For convenience the strings 3DES, AES and AES256 may be used instead of their OIDs. The default is 3DES (1.2.840.113549.3.7). like this gpg -c --cipher-algo aes256 filename.txt However decrypting a binary or ascii file to a certain key the result may be binarty or ascii armored like this gpg --encrypt --armor --recipient AAA651B filename.txt # AAA651B is example for the target key ID or if you are happy with a binary result, like this gpg --encrypt --recipient AAA651B filename.txt On my system it works easy, there are some videos on facebook and perhaps youtube also explaining this more, you will also need to sign it. sincerely yours, Morten 0x81802954 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (SunOS) Comment: For keyID and its URL see the OpenPGP message header iEYEARECAAYFAkqqyzQACgkQ9ymv2YGAKVTWKQCg9rFJFGEAh9/nYAlyHq1ZBuiL w6kAnAn8CBlelb7I04mxhoSjY5q6IyCp =Voii -----END PGP SIGNATURE----- From peter at digitalbrains.com Sat Sep 12 17:38:54 2009 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 12 Sep 2009 17:38:54 +0200 Subject: Does the SCM SCR3320 work with GnuPG? Message-ID: <4AABC08E.8040101@digitalbrains.com> Hello list, Does anybody know if the SCM SCR3320 USB card reader works with GnuPG under Linux? Specifically, I was thinking of buying the "ChipDrive MyKey 2" from Conrad[1] in The Netherlands. It's only 20 euros. If you look at the product page for the SCR3320[2] and compare the photo with the product page for the MyKey[3], it looks like a different stick. I hope this is just a change in the housing, because the MyKey description still says it's the SCR3320. I want to use it in combination with an OpenPGP v2 card, although I'm also considering cutting up my v1 card to fit in the SIM size. I don't think it is relevant, but I'm running Debian Squeeze/testing with stock kernel and stock gnupg. But this can be changed if necessary, it's just convenient (I mean the kernel and gnupg can be custom compiled, not changing the distro). Thank you for your time, Peter Lebbing. [1]http://www.conrad.nl/goto.php?artikel=971780 [2]http://www.scmmicro.com/products-services/smart-card-readers-terminals/multifunctional-token/scr3320.html [3]http://www.scmmicro.com/products-services/chipdriveR/solutions/mykeyy.htm -- I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt From dshaw at jabberwocky.com Sat Sep 12 18:03:24 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 12 Sep 2009 12:03:24 -0400 Subject: Does the SCM SCR3320 work with GnuPG? In-Reply-To: <4AABC08E.8040101@digitalbrains.com> References: <4AABC08E.8040101@digitalbrains.com> Message-ID: <009E610F-6BA3-43A9-8325-976401BE6E5A@jabberwocky.com> On Sep 12, 2009, at 11:38 AM, Peter Lebbing wrote: > Hello list, > > Does anybody know if the SCM SCR3320 USB card reader works with > GnuPG under > Linux? Specifically, I was thinking of buying the "ChipDrive MyKey > 2" from > Conrad[1] in The Netherlands. It's only 20 euros. > > If you look at the product page for the SCR3320[2] and compare the > photo > with the product page for the MyKey[3], it looks like a different > stick. I > hope this is just a change in the housing, because the MyKey > description > still says it's the SCR3320. I can't speak to the MyKey device, but I have a SCR3320 and it works just fine with GnuPG and the v2 card. I like the smaller "USB stick" form factor a lot more than the larger "credit card" sized cards. They're much easier to deal with when you don't have smartcard readers wherever you go. David From peter at digitalbrains.com Sat Sep 12 19:40:27 2009 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 12 Sep 2009 19:40:27 +0200 Subject: Does the SCM SCR3320 work with GnuPG? In-Reply-To: <009E610F-6BA3-43A9-8325-976401BE6E5A@jabberwocky.com> References: <4AABC08E.8040101@digitalbrains.com> <009E610F-6BA3-43A9-8325-976401BE6E5A@jabberwocky.com> Message-ID: <4AABDD0B.2070802@digitalbrains.com> David Shaw wrote: > I can't speak to the MyKey device, but I have a SCR3320 and it works > just fine with GnuPG and the v2 card. Great, thanks for the info. One more question, does your reader look like [1] or like [2]? I must say I like the supposedly "new housing" ([2]) better than the "old" one. Swapping cards seems easier and more logical with the new model. The Conrad links have some more pictures showing how to swap cards. > I like the smaller "USB stick" form factor a lot more than the larger > "credit card" sized cards. They're much easier to deal with when you > don't have smartcard readers wherever you go. I totally agree. I like the idea of the separate keypad of, f.e., the SPR532 I have (even though I don't use it currently), but mobility is worth more. Peter Lebbing. PS: I accidentally backspaced over the 'l' in '.html' in the link to the MyKey on the SCM site in the previous mail. [1]http://www.conrad.nl/goto.php?artikel=971793 [2]http://www.conrad.nl/goto.php?artikel=971780 -- I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt From dshaw at jabberwocky.com Sun Sep 13 00:02:50 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 12 Sep 2009 18:02:50 -0400 Subject: Does the SCM SCR3320 work with GnuPG? In-Reply-To: <4AABDD0B.2070802@digitalbrains.com> References: <4AABC08E.8040101@digitalbrains.com> <009E610F-6BA3-43A9-8325-976401BE6E5A@jabberwocky.com> <4AABDD0B.2070802@digitalbrains.com> Message-ID: <38EF43B4-72CA-4BC2-A3F6-F8192144138C@jabberwocky.com> On Sep 12, 2009, at 1:40 PM, Peter Lebbing wrote: > David Shaw wrote: >> I can't speak to the MyKey device, but I have a SCR3320 and it works >> just fine with GnuPG and the v2 card. > > Great, thanks for the info. One more question, does your reader look > like > [1] or like [2]? > > I must say I like the supposedly "new housing" ([2]) better than the > "old" > one. Swapping cards seems easier and more logical with the new model. I have [1] (the white plastic one with the black card carrier on the side and black cap). While it is possible, it isn't very convenient to swap cards very often in this model. The card carrier seems somewhat fragile and not really up for frequent opening and closing. David From faramir.cl at gmail.com Sun Sep 13 04:02:35 2009 From: faramir.cl at gmail.com (Faramir) Date: Sat, 12 Sep 2009 22:02:35 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <467E60D6-50E7-463F-9038-85856842F6B1@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <467E60D6-50E7-463F-9038-85856842F6B1@jabberwocky.com> Message-ID: <4AAC52BB.1030602@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw escribi?: ... >> So my question is basically,.. >> If gpg would use this,... does it only improve the already existing >> entropy and randomness of the kernel PRNG? I mean that gpg somehow >> "merges" the different sources? >> Or is it more or less a,.. either use the kernel PRNG or the hardware >> RNG. > > The kernel merges several sources of entropy into the /dev/random pool. > The entropy key would just be another source (though a very prolific > source) of entropy. I remember an example from one of the Bruce Schneier book, where 2 people (Alice and Bob, of course) wanted to get a random bit. They thought about each one flipping a coin, and then mixing the results. And Bob said "what if one of us don't do it randomly", and Alice said as long as one of the results was truly random, the final result would be random. So I suppose as long as the entropy generator output is mixed with other sources of entropy, it can't lower the quality of the final entropy. But of course, maybe I didn't understand it right. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKrFK7AAoJEMV4f6PvczxAk6cIAKfa64/reW57fOGrHcAxapEI eOdCLI8MDvUVPVb5+dVVJL6WQXy6jbDAikkjbJuT8sSNaUpK8nkvPccVuI3mNVkg 8PExrLS2fnXqk3HtVWcXRd/TxoQNL454SZ9EXsjaRwqZvijDqpuwuwDmfg4EvWhY SYgzJCboRTnbJhzpaAt+z23IrdSLKdV5EvRtK6RPwjQkvu84Y+EJKiT8qdf11hQe sIzQQoi79k+sBuq8xn+JDRcSFbfjSIdU7erXDK9F2UchB9j7OXAtdqv3ChQN6Med LXfmuqfd+GUeuFYYaBMgKj5S5IFsTiBc3mitcj1ulstPy2MlRHI/KTX9h9R1OMI= =90/F -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sun Sep 13 04:18:53 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 12 Sep 2009 22:18:53 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AAC52BB.1030602@gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <467E60D6-50E7-463F-9038-85856842F6B1@jabberwocky.com> <4AAC52BB.1030602@gmail.com> Message-ID: <4AAC568D.5020406@sixdemonbag.org> Faramir wrote: > I remember an example from one of the Bruce Schneier book, where 2 > people (Alice and Bob, of course) wanted to get a random bit. They > thought about each one flipping a coin, and then mixing the results. [puts on his voting security hat] This is part of some voting protocols. Let's say you have two candidates who tie in an election. Each candidate sends their own representative to the election with a ten-sided die (you can find these in any hobby store). The election commissioner collects the dice, then distributes them out randomly to the representatives. Everyone throws the dice and the numbers are added up together modulo 10. If it comes up 0 through 4, candidate A wins the election; if it comes up 5 through 9, candidate B wins the election. Thanks to the magic of random distributions and modulo math, as long as there's one fair die in the system, the entire system is fair. Anyway. This is apropos of nothing except to show you that such schemes really are used in the real world. :) From rjh at sixdemonbag.org Sun Sep 13 04:18:59 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 12 Sep 2009 22:18:59 -0400 Subject: howto secure older keys after the recent attacks In-Reply-To: <4AAC52BB.1030602@gmail.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> <1252621965.3937.1.camel@fermat.scientia.net> <467E60D6-50E7-463F-9038-85856842F6B1@jabberwocky.com> <4AAC52BB.1030602@gmail.com> Message-ID: <4AAC5693.30108@sixdemonbag.org> Faramir wrote: > I remember an example from one of the Bruce Schneier book, where 2 > people (Alice and Bob, of course) wanted to get a random bit. They > thought about each one flipping a coin, and then mixing the results. [puts on his voting security hat] This is part of some voting protocols. Let's say you have two candidates who tie in an election. Each candidate sends their own representative to the election with a ten-sided die (you can find these in any hobby store). The election commissioner collects the dice, then distributes them out randomly to the representatives. Everyone throws the dice and the numbers are added up together modulo 10. If it comes up 0 through 4, candidate A wins the election; if it comes up 5 through 9, candidate B wins the election. Thanks to the magic of random distributions and modulo math, as long as there's one fair die in the system, the entire system is fair. Anyway. This is apropos of nothing except to show you that such schemes really are used in the real world. :) From oscar.getstring at gmail.com Sun Sep 13 02:33:19 2009 From: oscar.getstring at gmail.com (oscar.getstring at gmail.com) Date: Sun, 13 Sep 2009 01:33:19 +0100 (GMT) Subject: Quick advice about FAQ 4.14 Message-ID: Hi, I would like to point a quick advice related to FAQ 4.14 available at the GNUpg website  url: http://www.gnupg.org/documentation/faqs.en.html#q4.14 section: How can I use GnuPG in an automated environment?  I believe that the points 4,5 and 6 should be reviewed and maybe correct to reflect the real procedure. Several posts on this mailing list have already pointed out the necessity to rename the secring.auto in secring.pgp or to use the option --secret-keyring secring.auto. I can list one of them. http://lists.gnupg.org/pipermail/gnupg-users/2001-October/010397.html  Thank you, Oscar Cassetti.   -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Sun Sep 13 13:51:15 2009 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 13 Sep 2009 13:51:15 +0200 Subject: Does the SCM SCR3320 work with GnuPG? In-Reply-To: <38EF43B4-72CA-4BC2-A3F6-F8192144138C@jabberwocky.com> References: <4AABC08E.8040101@digitalbrains.com> <009E610F-6BA3-43A9-8325-976401BE6E5A@jabberwocky.com> <4AABDD0B.2070802@digitalbrains.com> <38EF43B4-72CA-4BC2-A3F6-F8192144138C@jabberwocky.com> Message-ID: <4AACDCB3.1060108@digitalbrains.com> I've just ordered the MyKey with the new model card reader. I'll report whether it works when I have it. Peter. -- I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt From psilvaferreira at gmail.com Sun Sep 13 13:26:34 2009 From: psilvaferreira at gmail.com (Pedro Ferreira) Date: Sun, 13 Sep 2009 12:26:34 +0100 Subject: USB card readers Message-ID: Hi, I'm looking for a usb card reader to use with gnupg instead of the OpenPGP SmartCard. I've read about the SCM SCR3320 on this list and I think it will work. Does anyone recommends other similar products? It must work on windows and linux, and should be small enough to be on a keychain. Thanks Pedro From mcse83 at hotmail.com Sun Sep 13 22:52:19 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Sun, 13 Sep 2009 21:52:19 +0100 Subject: One Private Key on Two or more OpenPGP 2.0 cards? Message-ID: If I generate a brand new key pair and then add the key to an OpenPGP 2.0 card all works perfectly. But if I want to add the same key onto another OpenPGP card (as a backup) I get the following error in Thunderbird: Error - decryption failed gpg command line and output: C:\Program Files\GNU\GnuPG\gpg.exe The SmartCard D2760001240102000005000000430000 found in your reader cannot be used to process the message. Please insert your SmartCard D27600012401020000050000003F0000 and repeat the operation. Obviously if I insert the first card it decrypts the email no problem. What is the correct method to use to have the SAME private key on multiple cards? The reason I want to do this is so that I can have a "production" card, a backup card and an offsite card. How do I accomplish this? Thank you. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5590 bytes Desc: S/MIME Cryptographic Signature URL: From dshaw at jabberwocky.com Mon Sep 14 04:54:13 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 13 Sep 2009 22:54:13 -0400 Subject: One Private Key on Two or more OpenPGP 2.0 cards? In-Reply-To: References: Message-ID: On Sep 13, 2009, at 4:52 PM, Sean Wilson wrote: > If I generate a brand new key pair and then add the key to an OpenPGP > 2.0 card all works perfectly. But if I want to add the same key onto > another OpenPGP card (as a backup) I get the following error in > Thunderbird: > > Error - decryption failed > > gpg command line and output: > C:\Program Files\GNU\GnuPG\gpg.exe > The SmartCard D2760001240102000005000000430000 found in your reader > cannot be used to process the message. > Please insert your SmartCard D27600012401020000050000003F0000 and > repeat > the operation. > > Obviously if I insert the first card it decrypts the email no problem. > What is the correct method to use to have the SAME private key on > multiple cards? The reason I want to do this is so that I can have a > "production" card, a backup card and an offsite card. How do I > accomplish this? The problem you are having is because the secret key still exists, even after it is transferred to a card. There are no secret bits any longer, but the "stub" of the key is still there, and it contains the serial number of the card (so GPG knows which card to look at for the secret bits). If you delete the secret key stub, you can re-import it and transfer it to other smartcards. Something like this: 1. Generate your key and save a copy of the secret part (gpg --export- secret-key ...) 2. Transfer the secret key to your production card 3. Delete the whole key from your keyring (gpg --delete-secret-and- public ...) 4. Import the secret key again (gpg --import ...) 5. Transfer the secret key to your backup card 6. Repeat #3 7. Repeat #4 8. Transfer the secret key to your offsite card. 9. Repeat #3. 10. Import the public part of the key 11. Insert the card you want to use regularly, and do a "gpg --card- status" (this re-creates the stub for the card you use regularly) If you ever want to use a different smartcard, you will need to delete your secret key, insert the card, and do a "gpg --card-status" to recreate the stub for that card. David From mcse83 at hotmail.com Mon Sep 14 12:00:35 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Mon, 14 Sep 2009 11:00:35 +0100 Subject: One Private Key on Two or more OpenPGP 2.0 cards? In-Reply-To: References: Message-ID: Many thanks for this David! Now that you have explained it to me it all makes sense. I tested it and it works perfectly. The only thing I am battling with now is, how do I create an authentication key that I can use with SSH across all 3 of my OpenPGP cards? I'm a bit lost how to do this! I can easily create a single authentication key on ONE card but whats the correct procedure to follow to create an authentication key and put it on 3 OpenPGP cards? Many thanks for all your help! David Shaw wrote: > On Sep 13, 2009, at 4:52 PM, Sean Wilson wrote: > >> If I generate a brand new key pair and then add the key to an OpenPGP >> 2.0 card all works perfectly. But if I want to add the same key onto >> another OpenPGP card (as a backup) I get the following error in >> Thunderbird: >> >> Error - decryption failed >> >> gpg command line and output: >> C:\Program Files\GNU\GnuPG\gpg.exe >> The SmartCard D2760001240102000005000000430000 found in your reader >> cannot be used to process the message. >> Please insert your SmartCard D27600012401020000050000003F0000 and repeat >> the operation. >> >> Obviously if I insert the first card it decrypts the email no problem. >> What is the correct method to use to have the SAME private key on >> multiple cards? The reason I want to do this is so that I can have a >> "production" card, a backup card and an offsite card. How do I >> accomplish this? > > The problem you are having is because the secret key still exists, > even after it is transferred to a card. There are no secret bits any > longer, but the "stub" of the key is still there, and it contains the > serial number of the card (so GPG knows which card to look at for the > secret bits). If you delete the secret key stub, you can re-import it > and transfer it to other smartcards. > > Something like this: > > 1. Generate your key and save a copy of the secret part (gpg > --export-secret-key ...) > 2. Transfer the secret key to your production card > 3. Delete the whole key from your keyring (gpg > --delete-secret-and-public ...) > 4. Import the secret key again (gpg --import ...) > 5. Transfer the secret key to your backup card > 6. Repeat #3 > 7. Repeat #4 > 8. Transfer the secret key to your offsite card. > 9. Repeat #3. > 10. Import the public part of the key > 11. Insert the card you want to use regularly, and do a "gpg > --card-status" (this re-creates the stub for the card you use regularly) > > If you ever want to use a different smartcard, you will need to delete > your secret key, insert the card, and do a "gpg --card-status" to > recreate the stub for that card. > > David > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5590 bytes Desc: S/MIME Cryptographic Signature URL: From mcse83 at hotmail.com Mon Sep 14 17:47:54 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Mon, 14 Sep 2009 16:47:54 +0100 Subject: Generating Key on OpenPGP - backups? Message-ID: If I generate a key on an OpenPGP 2.0 card and select yes when it asks me to create a backup of the key, how do I restore the private key should the card become damaged/lost/etc ? I tried putting a new OpenPGP card in my reader and restoring the key from the file it created in my profile but it wouldn't let me decrypt the test emails I had encrypted. Once you have created a private key ON the OpenPGP card, what is the correct method to use to be able to put the private key onto another OpenPGP card as a backup? I know how to do this if I create the key pair on my hard drive but am unsure how to proceed if I create the key pair on the OpenPGP card itself. Thank you! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5590 bytes Desc: S/MIME Cryptographic Signature URL: From mcse83 at hotmail.com Mon Sep 14 17:52:14 2009 From: mcse83 at hotmail.com (Sean Wilson) Date: Mon, 14 Sep 2009 16:52:14 +0100 Subject: Bit length incorrect on OpenPGP 2.0 card Message-ID: When I create a brand new key pair on an OpenPGP 2.0 card and I tell it to create a signing,encryption and authentication key of 2048bits in length it created two of the three keys as 2048bit but the other one is 1024bit! I have tried this many times on two cards and they both seem to behave the same way, how do I force gpg to create 2048bit keys for all the keys I generate? If I try to create a key pair of 1024 or 3072bits in length the same thing happens. What am I doing wrong? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5590 bytes Desc: S/MIME Cryptographic Signature URL: From nicholas.cole at gmail.com Tue Sep 15 15:42:20 2009 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Tue, 15 Sep 2009 14:42:20 +0100 Subject: Hash algo for signing - documentation Message-ID: Hi all. This is a query mostly for my own interest, but I think it might point to a change in the documentation being required. I was slightly confused by this message http://lists.gnupg.org/pipermail/gnupg-users/2009-May/036361.html David suggests (as I read it) that an RSA key created with --cert-digest-algo sha256 will continue to use sha256 whenever it signs keys, whereas the documentation implies that you would have to specify --cert-digest-algo every time a key is signed. How does an RSA key choose a hash algorithm for this purpose? It might also be worth noting that (if I read http://lists.gnupg.org/pipermail/gnupg-users/2009-May/036379.html correctly) this option does not control what DSA2 keys use. Or have I misunderstood? Best wishes, Nicholas From dshaw at jabberwocky.com Tue Sep 15 19:12:23 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 15 Sep 2009 13:12:23 -0400 Subject: Hash algo for signing - documentation In-Reply-To: References: Message-ID: <10204BE7-2F18-45F9-B7C5-0DD6E36DA8CD@jabberwocky.com> On Sep 15, 2009, at 9:42 AM, Nicholas Cole wrote: > Hi all. This is a query mostly for my own interest, but I think it > might point to a change in the documentation being required. > > I was slightly confused by this message > > http://lists.gnupg.org/pipermail/gnupg-users/2009-May/036361.html > > David suggests (as I read it) that an RSA key created with > --cert-digest-algo sha256 will continue to use sha256 whenever it > signs keys, whereas the documentation implies that you would have to > specify --cert-digest-algo every time a key is signed. Perhaps I wasn't clear in that message. You definitely need to specify --cert-digest-algo every time a key is signed (or put it in your gpg.conf file). > How does an > RSA key choose a hash algorithm for this purpose? For RSA, the rules are: if cert-digest-algo is set, use it. If you have a PGP 2.x key making a PGP 2.x signature, use MD5. Otherwise, use SHA-1. > It might also be worth noting that (if I read > http://lists.gnupg.org/pipermail/gnupg-users/2009-May/036379.html > correctly) this option does not control what DSA2 keys use. No. It does control what DSA keys use, but you must choose an algorithm that makes sense for the particular DSA key (for example, you can't use SHA-1 with a DSA 2048-bit key). David From nicholas.cole at gmail.com Tue Sep 15 23:07:12 2009 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Tue, 15 Sep 2009 22:07:12 +0100 Subject: Hash algo for signing - documentation In-Reply-To: <10204BE7-2F18-45F9-B7C5-0DD6E36DA8CD@jabberwocky.com> References: <10204BE7-2F18-45F9-B7C5-0DD6E36DA8CD@jabberwocky.com> Message-ID: Dear David, Thanks for, as ever, excellent clarification. Best wishes, N. From peter at digitalbrains.com Wed Sep 16 15:11:58 2009 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 16 Sep 2009 15:11:58 +0200 Subject: Does the SCM SCR3320 work with GnuPG? In-Reply-To: <4AACDCB3.1060108@digitalbrains.com> References: <4AABC08E.8040101@digitalbrains.com> <009E610F-6BA3-43A9-8325-976401BE6E5A@jabberwocky.com> <4AABDD0B.2070802@digitalbrains.com> <38EF43B4-72CA-4BC2-A3F6-F8192144138C@jabberwocky.com> <4AACDCB3.1060108@digitalbrains.com> Message-ID: <4AB0E41E.3030908@digitalbrains.com> Peter Lebbing wrote: > I've just ordered the MyKey with the new model card reader. I'll report > whether it works when I have it. Well, bit of a disappointment, but hopefully it can be fixed. It turned out that the reader included with the new model MyKey is the SCT3511. It seems like a nice device: it can also support hybrid cards and be used as a contactless token when not plugged in. However, it does not work error free with GnuPG (Debian version 1.4.9-4). - Basic access works - Changing cardholder name works - Command "verify" works - Changing Admin PIN works - Changing "user" PIN FAILS - Anything involving RSA keys FAILS As soon as a command has failed, the only way to talk to the reader(/card) again is by unplugging and replugging. I have not tried removing the card from the reader while the reader is plugged in. Could a GnuPG dev please have a look at the debug logs? I believe Werner does the card stuff, right? I really hope this reader can be made to work with GnuPG. It reports itself as (lsusb): 04e6:5116 SCM Microsystems, Inc. SCR331-LC1 SmartCard Reader Linux recognises it as a "SCR3310 v2.0 USB SC Reader", so I suppose they share the USB ID's. I created a test key on the card, and used it both in the perfectly working SPR532 as well as in the SCT3511. The PIN is 12345678 (as can be seen in the debug log, if you know where to look :). I encrypted a test file to the encryption subkey on the card. I have included debug logs for both card readers attempting decryption. This is not one of my smallest posts to this group, but I think it's just within acceptable ranges :). If I'm mistaken, I'll put files on a website from now on. The test key has the following properties: pub 1024R/D75DDA31 2009-09-16 uid Test Test sub 1024R/CAAB1A36 2009-09-16 sub 1024R/40DC2931 2009-09-16 When decrypting with the non-working SCT3511 reader, gpg --debug-ccid-driver -d test.asc produces the following debug output: gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5116:X:0) gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: 5116 bcdDevice: 0204 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.10 (Warning: Only accurate for version 1.0) gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 7 ? gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4800 gpg: DBG: ccid-driver: dwMaxiumumClock 8000 gpg: DBG: ccid-driver: bNumClockSupported 0 gpg: DBG: ccid-driver: dwDataRate 12903 bps gpg: DBG: ccid-driver: dwMaxDataRate 412903 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 0 gpg: DBG: ccid-driver: dwMaxIFSD 252 gpg: DBG: ccid-driver: dwSyncProtocols 00000000 gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000101BA gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto voltage selection gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: CCID can set ICC in clock stop mode gpg: DBG: ccid-driver: TPDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 271 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01 data: 11 10 FF 45 00 80 00 gpg: DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 02 00 00 01 11 10 FF 45 00 80 00 gpg: DBG: ccid-driver: protocol ..........: T=1 gpg: DBG: ccid-driver: bmFindexDindex ....: 11 gpg: DBG: ccid-driver: bmTCCKST1 .........: 10 gpg: DBG: ccid-driver: bGuardTimeT1 ......: FF gpg: DBG: ccid-driver: bmWaitingIntegersT1: 45 gpg: DBG: ccid-driver: bClockStop ........: 00 gpg: DBG: ccid-driver: bIFSC .............: 128 gpg: DBG: ccid-driver: bNadValue .........: 0 gpg: DBG: ccid-driver: sending 61 07 00 00 00 00 03 01 00 00 11 10 FF 45 00 80 00 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01 data: 11 10 FF 45 00 80 00 gpg: DBG: ccid-driver: sending 6F 05 00 00 00 00 04 00 00 00 00 C1 01 FC 3C gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 E1 01 FC 1C gpg: DBG: ccid-driver: IFSD has been set to 252 gpg: DBG: ccid-driver: sending 6F 0F 00 00 00 00 05 04 00 00 00 00 0B 00 A4 04 00 06 D2 76 00 01 24 01 2D gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 00 16 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00 00 90 00 7D gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 06 04 00 00 00 40 05 00 CA 00 4F 00 C0 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 40 12 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00 00 90 00 D0 gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 07 04 00 00 00 00 05 00 CA 00 C4 00 0B gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 00 09 01 FE FE FE 03 03 03 90 00 65 gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 08 04 00 00 00 40 05 00 CA 00 6E 00 E1 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 40 C4 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 01 FE FE FE 03 03 03 C5 3C 0A 70 A5 C5 B3 46 D2 1D DD 1B D5 EB 0F BC C6 E2 D7 5D DA 31 20 E2 BB 7D 50 8D C1 2F 83 5B 0C 20 2E FB 7A D3 40 DC 29 31 37 1E 37 7B 43 4A 27 A1 CF E1 B9 44 86 08 9C 6C CA AB 1A 36 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4A B0 C9 08 4A B0 C9 7C 4A B0 C9 52 5E 00 90 00 C6 gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 09 04 00 00 00 00 05 00 CA 00 5E 00 91 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 00 02 90 00 92 gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 0A 04 00 00 00 40 05 00 CA 00 6E 00 E1 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 40 C4 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 01 FE FE FE 03 03 03 C5 3C 0A 70 A5 C5 B3 46 D2 1D DD 1B D5 EB 0F BC C6 E2 D7 5D DA 31 20 E2 BB 7D 50 8D C1 2F 83 5B 0C 20 2E FB 7A D3 40 DC 29 31 37 1E 37 7B 43 4A 27 A1 CF E1 B9 44 86 08 9C 6C CA AB 1A 36 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4A B0 C9 08 4A B0 C9 7C 4A B0 C9 52 5E 00 90 00 C6 gpg: DBG: ccid-driver: sending 6F 11 00 00 00 00 0B 04 00 00 00 00 0D 00 20 00 82 08 31 32 33 34 35 36 37 38 AF gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 00 02 90 00 92 gpg: DBG: ccid-driver: sending 6F 11 00 00 00 00 0C 04 00 00 00 40 0D 00 20 00 81 08 31 32 33 34 35 36 37 38 EC gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 gpg: DBG: ccid-driver: T=1 S-block response received cmd=26 gpg: ccid_transceive failed: (0x1000a) gpg: apdu_send_simple(0) failed: card I/O error gpg: verify CHV1 failed: general error gpg: encrypted with 1024-bit RSA key, ID 40DC2931, created 2009-09-16 "Test Test " gpg: public key decryption failed: general error gpg: decryption failed: secret key not available gpg: DBG: ccid-driver: status: 01 error: 00 octet[9]: 01 data: --------------------------------------------------------------------------- When decrypting the same file with the SPR532, the debug output is as follows: gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:E003:60200D5E:0) gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: E003 bcdDevice: 0510 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 1 5.0V gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4000 gpg: DBG: ccid-driver: dwMaxiumumClock 8000 gpg: DBG: ccid-driver: bNumClockSupported 0 gpg: DBG: ccid-driver: dwDataRate 10753 bps gpg: DBG: ccid-driver: dwMaxDataRate 344105 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 0 gpg: DBG: ccid-driver: dwMaxIFSD 254 gpg: DBG: ccid-driver: dwSyncProtocols 00000000 gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000100BA gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto voltage selection gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: TPDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 270 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 3 verification modification gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01 data: 11 10 00 45 00 80 00 gpg: DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 02 00 00 01 11 10 00 45 00 80 00 gpg: DBG: ccid-driver: protocol ..........: T=1 gpg: DBG: ccid-driver: bmFindexDindex ....: 11 gpg: DBG: ccid-driver: bmTCCKST1 .........: 10 gpg: DBG: ccid-driver: bGuardTimeT1 ......: 00 gpg: DBG: ccid-driver: bmWaitingIntegersT1: 45 gpg: DBG: ccid-driver: bClockStop ........: 00 gpg: DBG: ccid-driver: bIFSC .............: 128 gpg: DBG: ccid-driver: bNadValue .........: 0 gpg: DBG: ccid-driver: sending 61 07 00 00 00 00 03 01 00 00 11 10 00 45 00 80 00 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01 data: 11 10 00 45 00 80 00 gpg: DBG: ccid-driver: sending 6F 05 00 00 00 00 04 00 00 00 00 C1 01 FE 3E gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 00 E1 01 FE 1E gpg: DBG: ccid-driver: IFSD has been set to 254 gpg: DBG: ccid-driver: sending 6F 0F 00 00 00 00 05 04 00 00 00 00 0B 00 A4 04 00 06 D2 76 00 01 24 01 2D gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 00 16 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00 00 90 00 7D gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 06 04 00 00 00 40 05 00 CA 00 4F 00 C0 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 40 12 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00 00 90 00 D0 gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 07 04 00 00 00 00 05 00 CA 00 C4 00 0B gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 00 09 01 FE FE FE 03 03 03 90 00 65 gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 08 04 00 00 00 40 05 00 CA 00 6E 00 E1 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 40 C4 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 01 FE FE FE 03 03 03 C5 3C 0A 70 A5 C5 B3 46 D2 1D DD 1B D5 EB 0F BC C6 E2 D7 5D DA 31 20 E2 BB 7D 50 8D C1 2F 83 5B 0C 20 2E FB 7A D3 40 DC 29 31 37 1E 37 7B 43 4A 27 A1 CF E1 B9 44 86 08 9C 6C CA AB 1A 36 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4A B0 C9 08 4A B0 C9 7C 4A B0 C9 52 5E 00 90 00 C6 gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 09 04 00 00 00 00 05 00 CA 00 5E 00 91 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 00 02 90 00 92 gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 0A 04 00 00 00 40 05 00 CA 00 6E 00 E1 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 40 C4 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 01 FE FE FE 03 03 03 C5 3C 0A 70 A5 C5 B3 46 D2 1D DD 1B D5 EB 0F BC C6 E2 D7 5D DA 31 20 E2 BB 7D 50 8D C1 2F 83 5B 0C 20 2E FB 7A D3 40 DC 29 31 37 1E 37 7B 43 4A 27 A1 CF E1 B9 44 86 08 9C 6C CA AB 1A 36 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4A B0 C9 08 4A B0 C9 7C 4A B0 C9 52 5E 00 90 00 C6 gpg: DBG: ccid-driver: sending 6F 11 00 00 00 00 0B 04 00 00 00 00 0D 00 20 00 82 08 31 32 33 34 35 36 37 38 AF gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 00 02 90 00 92 gpg: DBG: ccid-driver: sending 6F 11 00 00 00 00 0C 04 00 00 00 40 0D 00 20 00 81 08 31 32 33 34 35 36 37 38 EC gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 40 02 90 00 D2 gpg: DBG: ccid-driver: sending 6F 84 00 00 00 00 0D 04 00 00 00 20 80 00 2A 80 86 81 00 5F 13 C4 EF 28 20 A4 2F 68 89 E2 C4 8F C0 45 E5 E2 93 1E 76 CC AD 4D 0C 51 7F 35 0C 68 35 A9 49 C3 CD 7D 50 FE 17 EF C3 A0 C8 52 06 32 82 65 F7 32 1F 18 4A CF 76 DE BB DE B6 0A 53 32 4D C5 CE 09 A5 B9 F7 93 ED AD 1A 34 23 D4 7B 19 BA C5 CA C9 41 EB E2 C2 63 19 B9 A0 50 3A 4C AB 30 7D 5D DA 2B 6D B6 87 CF 62 BF 31 9F 73 CA 10 AF DF 20 73 41 40 C4 CA 4C CA FB B3 A4 30 gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 90 00 90 gpg: DBG: ccid-driver: sending 6F 0A 00 00 00 00 0E 04 00 00 00 40 06 6F F9 DF 9F 3D C3 6E gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 00 25 09 2A A8 6A BC 73 C8 E4 B8 B1 09 BC 1F 08 08 68 00 8D 4E 96 D2 53 22 57 92 3F F3 AA 3B 85 7F F8 56 0E E6 90 00 AE gpg: encrypted with 1024-bit RSA key, ID 40DC2931, created 2009-09-16 "Test Test " Test gpg: DBG: ccid-driver: status: 01 error: 00 octet[9]: 01 data: --------------------------------------------------------------------------- Thanks for your time, Peter Lebbing. -- I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt From florian.schuettler at tu-ilmenau.de Wed Sep 16 18:03:42 2009 From: florian.schuettler at tu-ilmenau.de (Florian =?iso-8859-1?q?Sch=FCttler?=) Date: Wed, 16 Sep 2009 18:03:42 +0200 Subject: Does the SCM SCR3320 work with GnuPG? In-Reply-To: <4AB0E41E.3030908@digitalbrains.com> References: <4AABC08E.8040101@digitalbrains.com> <4AACDCB3.1060108@digitalbrains.com> <4AB0E41E.3030908@digitalbrains.com> Message-ID: <200909161803.42119.florian.schuettler@tu-ilmenau.de> On Wednesday, Sep 16, 2009 Peter Lebbing wrote: > Peter Lebbing wrote: > Well, bit of a disappointment, but hopefully it can be fixed. It turned out > that the reader included with the new model MyKey is the SCT3511. It seems > like a nice device: it can also support hybrid cards and be used as a > contactless token when not plugged in. > > However, it does not work error free with GnuPG (Debian version 1.4.9-4). > > - Basic access works > - Changing cardholder name works > - Command "verify" works > - Changing Admin PIN works > - Changing "user" PIN FAILS > - Anything involving RSA keys FAILS > If it is a v2 card as you mentioned earlier you should try using GnuPG 1.4.10. I had pretty much the same issues with a PC/SC reader (ReinerSCT cyberjack ecom plus) on Debian Lenny (1.4.9-3+lenny1) until I tried 1.4.10 with which there were no problems, except that I did not get the keypad to work yet. Florian From marcio.barbado at gmail.com Wed Sep 16 19:56:13 2009 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Wed, 16 Sep 2009 14:56:13 -0300 Subject: IDEA patent vs the recent USPTO memorandum Message-ID: <2df3b0cb0909161056l6bee9ffdw5c5f52d840251182@mail.gmail.com> Hi list, I've recently had access to this document, written by the "United States Patent and Trademark Office" (USPTO) which basically tries to ban software patents. The memorandum is here: http://www.uspto.gov/web/offices/pac/dapp/opla/2009-08-25_interim_101_instructions.pdf the case is, I'm really interested in reading your opinions of what this could mean to optional OpenPGP ciphers like IDEA. Regards, Marcio Barbado, Jr. From rjh at sixdemonbag.org Wed Sep 16 21:46:14 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 16 Sep 2009 15:46:14 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <2df3b0cb0909161056l6bee9ffdw5c5f52d840251182@mail.gmail.com> References: <2df3b0cb0909161056l6bee9ffdw5c5f52d840251182@mail.gmail.com> Message-ID: <4AB14086.2080506@sixdemonbag.org> M.B.Jr. wrote: > I've recently had access to this document, written by the "United > States Patent and Trademark Office" (USPTO) which basically tries to > ban software patents. The memorandum in question is eight pages, twenty slides and two flowcharts. As a ballpark estimate that would mean it would take an IP lawyer about two days to figure out what this means for the specific subject of patented cryptographic algorithms. It would take the non-experts on this list many times that long, if we could do it at all. There may be patent lawyers on this list who are familiar with the memorandum in question who are willing to speak in a public forum about it. Weirder things have happened. But speaking for myself, I do not have the time it takes to (a) become an expert on U.S. patent law, (b) read the memorandum, and (c) consider how it changes the U.S. patent system, and (d) write up my results. If this is important to you, I would suggest speaking with an IP lawyer. From dshaw at jabberwocky.com Wed Sep 16 22:07:56 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 16 Sep 2009 16:07:56 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <2df3b0cb0909161056l6bee9ffdw5c5f52d840251182@mail.gmail.com> References: <2df3b0cb0909161056l6bee9ffdw5c5f52d840251182@mail.gmail.com> Message-ID: <8CC97F1A-8C8F-43C4-A964-6FF6050D3183@jabberwocky.com> On Sep 16, 2009, at 1:56 PM, M.B.Jr. wrote: > Hi list, > I've recently had access to this document, written by the "United > States Patent and Trademark Office" (USPTO) which basically tries to > ban software patents. > > The memorandum is here: > http://www.uspto.gov/web/offices/pac/dapp/opla/2009-08-25_interim_101_instructions.pdf > > the case is, > I'm really interested in reading your opinions of what this could mean > to optional OpenPGP ciphers like IDEA. Whether this means IDEA is okay or not patent-wise, I have a slightly different take on this: who cares about IDEA at this point? IDEA was good back in the 90s and PGP 2.x. It's 2009 now, and we have better ciphers than IDEA, a massive installed software base that doesn't use IDEA, and nobody is suffering for the lack of IDEA. If IDEA was suddenly not patented, none of this would change. David From jbruni at me.com Wed Sep 16 22:14:33 2009 From: jbruni at me.com (Joseph Oreste Bruni) Date: Wed, 16 Sep 2009 13:14:33 -0700 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <40277634650501091730578209036735663424-Webmail@me.com> References: <40277634650501091730578209036735663424-Webmail@me.com> Message-ID: <98612224889657358508767064977332020353-Webmail@me.com> On Wednesday, September 16, 2009, at 12:46PM, "Robert J. Hansen" wrote: >M.B.Jr. wrote: >> I've recently had access to this document, written by the "United >> States Patent and Trademark Office" (USPTO) which basically tries to >> ban software patents. > >The memorandum in question is eight pages, twenty slides and two flowcharts. > >As a ballpark estimate that would mean it would take an IP lawyer about >two days to figure out what this means for the specific subject of >patented cryptographic algorithms. It would take the non-experts on >this list many times that long, if we could do it at all. > >There may be patent lawyers on this list who are familiar with the >memorandum in question who are willing to speak in a public forum about >it. Weirder things have happened. But speaking for myself, I do not >have the time it takes to (a) become an expert on U.S. patent law, (b) >read the memorandum, and (c) consider how it changes the U.S. patent >system, and (d) write up my results. > >If this is important to you, I would suggest speaking with an IP lawyer. Especially for a patent that is due to expire in a year or two. http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm From rjh at sixdemonbag.org Wed Sep 16 22:15:23 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 16 Sep 2009 16:15:23 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <8CC97F1A-8C8F-43C4-A964-6FF6050D3183@jabberwocky.com> References: <2df3b0cb0909161056l6bee9ffdw5c5f52d840251182@mail.gmail.com> <8CC97F1A-8C8F-43C4-A964-6FF6050D3183@jabberwocky.com> Message-ID: <4AB1475B.9080208@sixdemonbag.org> David Shaw wrote: > Whether this means IDEA is okay or not patent-wise, I have a slightly > different take on this: who cares about IDEA at this point? IDEA was > good back in the 90s and PGP 2.x. It's 2009 now, and we have better > ciphers than IDEA, a massive installed software base that doesn't use > IDEA, and nobody is suffering for the lack of IDEA. If IDEA was > suddenly not patented, none of this would change. Some people use remailers and other tools which depend on PGP 2.6/RFC1991 traffic. There are some people who would very much like to see GnuPG fully support RFC1991 so it can replace the very long in the tooth PGP 2.6. Admittedly, I think the correct response is to say, "GnuPG /did/ replace PGP 2.6, the same way RFC4880 replaced RFC1991, now come into the 21st century with the rest of us." But many of the die-hard PGP 2.6 advocates resist changing. From dshaw at jabberwocky.com Wed Sep 16 22:40:02 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 16 Sep 2009 16:40:02 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <4AB1475B.9080208@sixdemonbag.org> References: <2df3b0cb0909161056l6bee9ffdw5c5f52d840251182@mail.gmail.com> <8CC97F1A-8C8F-43C4-A964-6FF6050D3183@jabberwocky.com> <4AB1475B.9080208@sixdemonbag.org> Message-ID: On Sep 16, 2009, at 4:15 PM, Robert J. Hansen wrote: > David Shaw wrote: >> Whether this means IDEA is okay or not patent-wise, I have a slightly >> different take on this: who cares about IDEA at this point? IDEA was >> good back in the 90s and PGP 2.x. It's 2009 now, and we have better >> ciphers than IDEA, a massive installed software base that doesn't use >> IDEA, and nobody is suffering for the lack of IDEA. If IDEA was >> suddenly not patented, none of this would change. > > Some people use remailers and other tools which depend on PGP > 2.6/RFC1991 traffic. There are some people who would very much like > to > see GnuPG fully support RFC1991 so it can replace the very long in the > tooth PGP 2.6. If the "some people" still want this, I haven't seen it in a good long while. Possibly they gave up asking. Still, it doesn't matter. GnuPG is not a RFC-1991 tool, and a theoretical un-patenting of IDEA doesn't change that either. To say nothing of the fact that compliant OpenPGP implementations are explicitly banned from generating RFC-1991 keys. In effect, the request you're paraphrasing seems to be "Add support for a dead, deprecated, and weaker format to GnuPG, and then deal with a massive software distribution problem so everyone can have the new version, all so a few remailers and tools don't have to upgrade to OpenPGP". That argument might have made more sense in 1999, to help get people through the transition, but it's not 1999 any more. I'll go out on a limb and suggest that upgrading the relatively few remailers is an easier job... David From rjh at sixdemonbag.org Wed Sep 16 23:02:31 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 16 Sep 2009 17:02:31 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: References: <2df3b0cb0909161056l6bee9ffdw5c5f52d840251182@mail.gmail.com> <8CC97F1A-8C8F-43C4-A964-6FF6050D3183@jabberwocky.com> <4AB1475B.9080208@sixdemonbag.org> Message-ID: <4AB15267.4070903@sixdemonbag.org> David Shaw wrote: > If the "some people" still want this, I haven't seen it in a good long > while. Possibly they gave up asking. Gave up the asking, more likely. I still get one or two emails a year inquiring about if/when GnuPG will support this. (No, I don't know why they email me, and I wish they wouldn't.) That said, I share in your sentiments. From peter at digitalbrains.com Thu Sep 17 00:00:00 2009 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 17 Sep 2009 00:00:00 +0200 Subject: Does the SCM SCR3320 work with GnuPG? In-Reply-To: <200909161803.42119.florian.schuettler@tu-ilmenau.de> References: <4AABC08E.8040101@digitalbrains.com> <4AACDCB3.1060108@digitalbrains.com> <4AB0E41E.3030908@digitalbrains.com> <200909161803.42119.florian.schuettler@tu-ilmenau.de> Message-ID: <4AB15FE0.4080207@digitalbrains.com> Florian Sch?ttler wrote: > If it is a v2 card as you mentioned earlier you should try using GnuPG 1.4.10. > I had pretty much the same issues with a PC/SC reader (ReinerSCT cyberjack > ecom plus) on Debian Lenny (1.4.9-3+lenny1) until I tried 1.4.10 with which > there were no problems, except that I did not get the keypad to work yet. Hey, that's odd. I'm 100% sure I mentioned it was a v1 card. Must have deleted that when I rewrote a part for clarity (the irony :). It is a cut-up v1 card to fit in the ID-000 (SIM card) size. My v2 card is on back order. Since I'm replying anyway, let me mention two more things: 1) It is not always necessary to remove and re-insert the reader and card after an error. Not sure when it is and isn't. 2) The data sent in error by the card when a "VERIFY" command is given for the failing operations is the ATR response for the OpenPGP card. It's been quite a while since I had a look at ISO 7816 based things, but I did notice this. Peter. -- I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt From jayshree06comp at gmail.com Thu Sep 17 11:21:27 2009 From: jayshree06comp at gmail.com (jayshree kalawa) Date: Thu, 17 Sep 2009 14:51:27 +0530 Subject: gnupg.py output Message-ID: hello, After executing the gnupg.py module some exception thrown by it .so i am unable to see what the output it gives. The output generated by it ,is attached . Reading the Gnupg documents it is clear to me that it provide encrytion /decryption and other functionality . Is there any solution to use encryption function separately within by program . thanks .. -- Jayshree Kalawa scsmtech2008 at yahoogroups.co.in -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- [jayshree at TestServer ~]$ python test_gnupg.py Test that key deletion works ... ok Test that encryption and decryption works ... ok Test the environment by ensuring that setup worked ... ok Test that key import and export works ... ok Test that after key generation, the generated key is available ... ok Test that initially there are no keys ... ok Test that absence of gpg is handled correctly ... ok Test that signing and verification works ... ok Doctest: gnupg.GPG.__init__ ... ok Doctest: gnupg.GPG.encrypt ... Exception in thread Thread-83: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 752, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'KEY_NOT_CREATED' Exception in thread Thread-85: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 752, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'KEY_NOT_CREATED' Exception in thread Thread-89: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 729, in handle_status Verify.handle_status(self, key, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 563, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'NODATA' Exception in thread Thread-93: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 729, in handle_status Verify.handle_status(self, key, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 563, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'NODATA' Exception in thread Thread-95: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 729, in handle_status Verify.handle_status(self, key, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 563, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'NODATA' Exception in thread Thread-97: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 729, in handle_status Verify.handle_status(self, key, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 563, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'NODATA' Exception in thread Thread-103: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 729, in handle_status Verify.handle_status(self, key, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 563, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'NODATA' FAIL Doctest: gnupg.GPG.gen_key ... Exception in thread Thread-107: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 752, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'KEY_NOT_CREATED' FAIL Doctest: gnupg.GPG.import_keys ... Exception in thread Thread-113: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 752, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'KEY_NOT_CREATED' Exception in thread Thread-115: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 752, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'KEY_NOT_CREATED' FAIL Doctest: gnupg.GPG.list_keys ... Exception in thread Thread-153: Traceback (most recent call last): File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap self.run() File "/usr/lib/python2.4/threading.py", line 422, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.4/site-packages/gnupg.py", line 150, in _read_response result.handle_status(keyword, value) File "/usr/lib/python2.4/site-packages/gnupg.py", line 752, in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: 'KEY_NOT_CREATED' FAIL ====================================================================== FAIL: Doctest: gnupg.GPG.encrypt ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 2152, in runTest raise self.failureException(self.format_failure(new.getvalue())) AssertionError: Failed doctest test for gnupg.GPG.encrypt File "/usr/lib/python2.4/site-packages/gnupg.py", line 468, in encrypt ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 472, in gnupg.GPG.encrypt Failed example: if os.path.exists("/tmp/pygpgtest"): shutil.rmtree("/tmp/pygpgtest") Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 2, in ? shutil.rmtree("/tmp/pygpgtest") File "/usr/lib/python2.4/shutil.py", line 155, in rmtree onerror(os.listdir, path, sys.exc_info()) File "/usr/lib/python2.4/shutil.py", line 153, in rmtree names = os.listdir(path) OSError: [Errno 13] Permission denied: '/tmp/pygpgtest' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 485, in gnupg.GPG.encrypt Failed example: assert result Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert result AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 486, in gnupg.GPG.encrypt Failed example: str(result) Expected: 'hello' Got: '' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 491, in gnupg.GPG.encrypt Failed example: result.status Expected: 'need passphrase' Got: '' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 494, in gnupg.GPG.encrypt Failed example: result.status Expected: 'decryption failed' Got: '' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 498, in gnupg.GPG.encrypt Failed example: result.status Expected: 'decryption ok' Got: '' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 500, in gnupg.GPG.encrypt Failed example: str(result) Expected: 'hello again' Got: '' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 503, in gnupg.GPG.encrypt Failed example: result.status Expected: 'need passphrase' Got: 'invalid recipient' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 506, in gnupg.GPG.encrypt Failed example: result.status Expected: 'encryption ok' Got: 'invalid recipient' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 510, in gnupg.GPG.encrypt Failed example: result.status Expected: 'decryption ok' Got: '' ====================================================================== FAIL: Doctest: gnupg.GPG.gen_key ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 2152, in runTest raise self.failureException(self.format_failure(new.getvalue())) AssertionError: Failed doctest test for gnupg.GPG.gen_key File "/usr/lib/python2.4/site-packages/gnupg.py", line 384, in gen_key ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 391, in gnupg.GPG.gen_key Failed example: assert result Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert result AssertionError ====================================================================== FAIL: Doctest: gnupg.GPG.import_keys ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 2152, in runTest raise self.failureException(self.format_failure(new.getvalue())) AssertionError: Failed doctest test for gnupg.GPG.import_keys File "/usr/lib/python2.4/site-packages/gnupg.py", line 260, in import_keys ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 264, in gnupg.GPG.import_keys Failed example: shutil.rmtree("/tmp/pygpgtest") Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? shutil.rmtree("/tmp/pygpgtest") File "/usr/lib/python2.4/shutil.py", line 155, in rmtree onerror(os.listdir, path, sys.exc_info()) File "/usr/lib/python2.4/shutil.py", line 153, in rmtree names = os.listdir(path) OSError: [Errno 13] Permission denied: '/tmp/pygpgtest' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 275, in gnupg.GPG.import_keys Failed example: assert print1 in seckeys.fingerprints Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert print1 in seckeys.fingerprints AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 276, in gnupg.GPG.import_keys Failed example: assert print1 in pubkeys.fingerprints Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert print1 in pubkeys.fingerprints AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 277, in gnupg.GPG.import_keys Failed example: str(gpg.delete_keys(print1)) Expected: 'Must delete secret key first' Got: 'No such key' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 279, in gnupg.GPG.import_keys Failed example: str(gpg.delete_keys(print1,secret=True)) Expected: 'ok' Got: 'No such key' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 281, in gnupg.GPG.import_keys Failed example: str(gpg.delete_keys(print1)) Expected: 'ok' Got: 'No such key' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 295, in gnupg.GPG.import_keys Failed example: assert print1 in pubkeys.fingerprints Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert print1 in pubkeys.fingerprints AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 297, in gnupg.GPG.import_keys Failed example: assert result Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert result AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 300, in gnupg.GPG.import_keys Failed example: assert print1 in seckeys.fingerprints Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert print1 in seckeys.fingerprints AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 301, in gnupg.GPG.import_keys Failed example: assert print1 in pubkeys.fingerprints Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert print1 in pubkeys.fingerprints AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 302, in gnupg.GPG.import_keys Failed example: assert print2 in pubkeys.fingerprints Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert print2 in pubkeys.fingerprints AssertionError ====================================================================== FAIL: Doctest: gnupg.GPG.list_keys ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 2152, in runTest raise self.failureException(self.format_failure(new.getvalue())) AssertionError: Failed doctest test for gnupg.GPG.list_keys File "/usr/lib/python2.4/site-packages/gnupg.py", line 337, in list_keys ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 341, in gnupg.GPG.list_keys Failed example: shutil.rmtree("/tmp/pygpgtest") Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? shutil.rmtree("/tmp/pygpgtest") File "/usr/lib/python2.4/shutil.py", line 155, in rmtree onerror(os.listdir, path, sys.exc_info()) File "/usr/lib/python2.4/shutil.py", line 153, in rmtree names = os.listdir(path) OSError: [Errno 13] Permission denied: '/tmp/pygpgtest' ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 349, in gnupg.GPG.list_keys Failed example: assert print1 in pubkeys.fingerprints Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert print1 in pubkeys.fingerprints AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 350, in gnupg.GPG.list_keys Failed example: assert print2 in pubkeys.fingerprints Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert print2 in pubkeys.fingerprints AssertionError ====================================================================== FAIL: Doctest: gnupg.GPG.verify ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 2152, in runTest raise self.failureException(self.format_failure(new.getvalue())) AssertionError: Failed doctest test for gnupg.GPG.verify File "/usr/lib/python2.4/site-packages/gnupg.py", line 233, in verify ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 239, in gnupg.GPG.verify Failed example: assert key Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert key AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 243, in gnupg.GPG.verify Failed example: assert sig Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert sig AssertionError ---------------------------------------------------------------------- File "/usr/lib/python2.4/site-packages/gnupg.py", line 245, in gnupg.GPG.verify Failed example: assert verify Exception raised: Traceback (most recent call last): File "/usr/lib/python2.4/doctest.py", line 1243, in __run compileflags, 1) in test.globs File "", line 1, in ? assert verify AssertionError ---------------------------------------------------------------------- Ran 14 tests in 5465.843s FAILED (failures=5) From vedaal at hush.com Thu Sep 17 16:29:56 2009 From: vedaal at hush.com (vedaal at hush.com) Date: Thu, 17 Sep 2009 10:29:56 -0400 Subject: IDEA patent vs the recent USPTO memorandum Message-ID: <20090917142956.AA8AFB803A@smtp.hushmail.com> >Message: 2 >Date: Wed, 16 Sep 2009 16:40:02 -0400 >From: David Shaw >If the "some people" still want this, I haven't seen it in a good >long while. Possibly they gave up asking. as an old-time pgp 2.x user, have often put the question to some of the die-hard remailer 2.6 users: 'why don't you just switch to gnupg?' this is the reason i got in response: "i'm very concerned about my privacy, which is why i bother to use a remailer in the first place i carefully went over every line in the pgp 2.6 sourcecode, and i'm happy with it if only there were a gnupg mini-version with a shorter source-code, (or at least one that's readable by someone looking at it from scratch, not just reading the updates and patches as they go along) then i'd gladly switch to be fair, several of them 'have' switched to Disastry's version, and can use any algo or hash in open pgp (except those that came after Disastry ;-( ) specifically because his source code is short enough to be readable (disclaimer, not by me, am not at that semi-paranoid level yet, and at the medium compromise level of: the stuff i want to encrypt and/or sign, isn't that important enough, and i'm willing to trust experts in the field who have vetted the code ;-) ) vedaal From rjh at sixdemonbag.org Thu Sep 17 18:41:23 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 17 Sep 2009 12:41:23 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <20090917142956.AA8AFB803A@smtp.hushmail.com> References: <20090917142956.AA8AFB803A@smtp.hushmail.com> Message-ID: <4AB266B3.7020206@sixdemonbag.org> vedaal at hush.com wrote: > if only there were a gnupg mini-version with a shorter source-code, > (or at least one that's readable by someone looking at it from > scratch, not just reading the updates and patches as they go along) > then i'd gladly switch This is doable. I did this in '99 for GnuPG 1.0. I haven't done it since, but given the codebase is still in the same ballpark, size-wise, I find it hard to believe it's impossible today. It seems strange to imagine there's someone not capable of auditing the GnuPG code, but is capable of auditing the PGP 2.6 code. Having read both codebases (albeit not a recent GnuPG codebase), I found GnuPG's code to be much clearer and easier to understand than PGP 2.6's. From faramir.cl at gmail.com Fri Sep 18 12:15:32 2009 From: faramir.cl at gmail.com (Faramir) Date: Fri, 18 Sep 2009 06:15:32 -0400 Subject: I forgot about the meaning of some options... Message-ID: <4AB35DC4.8040609@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello: I while ago, I added a couple of lines to my gpg.conf file, and at that time I thought I knew what was I doing... but right now, I can't remember exactly what effect do they have in gpg... maybe it is due to lack of caffeine, but anyway, I'd like to know the effects of the following lines: default-preference-list AES TWOFISH AES192 AES256 BLOWFISH CAST5 3DES SHA256 SHA512 SHA224 SHA384 SHA1 RIPEMD160 Z1 Z2 Z3 Z0 and personal-cipher-preferences TWOFISH AES AES192 AES256 BLOWFISH CAST5 3DES I also have personal-digest-preferences and personal-compress-preferences lines, but understanding the personal-cipher-preferences line I would also understand the other 2 lines... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJKs13EAAoJEMV4f6PvczxA4h4IAIgriR7RFiRAej9MJSwBmVBJ soiHfpjfycXAi+O41G0c6LmFexlgIg95CYKzf7pAeIj5MkOCbGAPmSNWGGSeU5I4 a+8ZJd5TKMStWI75zdeW6sMtptduwo8qoeDGQ7OV+ZwgQiBjI8gED/2vJVi8WxGa FJ2vc4CIH8d6kRXP2QPY4lWrO4ktf9JpvUaoT2EAS4FBLAopw60a1l4IULi1sm3k SwrxFtLA8FpTswAgHULBWoMiI9nbYocFGQukIIhnXHXwD2prfiSpG3sZqo8GHvjM 47RrvbsNkP4n1CwVxCl6Oahl4v+oT8SM/CBGEISJUwALmZSuE+VSK2dtdUzgegE= =UdZx -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Fri Sep 18 12:34:59 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 18 Sep 2009 12:34:59 +0200 Subject: I forgot about the meaning of some options... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Faramir ! Faramir wrote: > I while ago, I added a couple of lines to my gpg.conf file, and at > that time I thought I knew what was I doing... but right now, I can't > remember exactly what effect do they have in gpg... maybe it is due to > lack of caffeine, but anyway, I'd like to know the effects of the > following lines: > default-preference-list AES TWOFISH AES192 AES256 BLOWFISH CAST5 3DES > SHA256 SHA512 SHA224 SHA384 SHA1 RIPEMD160 Z1 Z2 Z3 Z0 > and > personal-cipher-preferences TWOFISH AES AES192 AES256 BLOWFISH CAST5 3DES > I also have personal-digest-preferences and > personal-compress-preferences lines, but understanding the > personal-cipher-preferences line I would also understand the other 2 > lines... Let's take an example with my own: 1st, you don't need to write the whole words but only their tags: default-preference-list S7 S11 S12 S13 S1 S10 S3 S4 S2 S9 S8 H3 H8 H9 H10 H11 H2 H1 Z1 Z2 Z3 Z0 personal-cipher-preferences S7 S11 S12 S13 S1 S10 S3 S4 S2 S9 S8 personal-digest-preferences H3 H8 H9 H10 H11 H2 H1 personal-compress-preferences Z1 Z2 Z3 Z0 The algorithm list is: ?????????????????????????????????????????????????????????? ? Cipher-Algos: ? Digest-Algos: ? Compress-Algos: ? ?????????????????????????????????????????????????????????? ? ? ? Z0 Uncompressed ? ? S1 IDEA ? H1 MD5 ? Z1 ZIP ? ? S2 3DES ? H2 SHA1 ? Z2 ZLIB ? ? S3 CAST5 ? H3 RIPEMD160 ? Z3 BZIP2 ? ? S4 BLOWFISH ? ? ? ? ? ? ? ? ? ? ? ? S7 AES ? ? ? ? S8 AES192 ? H8 SHA256 ? ? ? S9 AES256 ? H9 SHA384 ? ? ? S10 TWOFISH ? H10 SHA512 ? ? ? S11 CAMELLIA128 ? H11 SHA224 ? ? ? S12 CAMELLIA192 ? ? ? ? S13 CAMELLIA256 ? ? ? ?????????????????????????????????????????????????????????? 2nd, those preferences depend wether they are in gpg.conf or not; your key is not branded. If you'd like (and it's of course the best) to brand your public key in order to send it to KeyServer and allow everyone to know what kind of Hash, Crypt and Compress algorythms you prefer, you must use the "--edit-key/Setpref" menu. Let's suppose I want to brand my key 0xCFAF704C : gpg --edit-key 0xCFAF704C setpref S7 S11 S12 S13 S1 S10 S3 S4 S2 S9 S8 H3 H8 H9 H10 H11 H2 H1 Z1 Z2 Z3 Z0 With those four settings in gpg.conf, GPG will take your first choice that matches the first allowed choice in the public key you are encrypting to. And your public key will indicate your choices providing you branded it before sending to KeyServers. And while you brand your key for algorythms, you may want to brand it for your preferred keyserver too: keyserver http://www.pointdechat.net/0xCFAF704C.asc - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iHEEAREDADEFAkqzaCUqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMevEAoJK//qtLtZTBmRXDC5XrtI1fBQV3AJ9C Z6EpJY7dBVj6cSTmXrt+lRnqgw== =3HVM -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Sep 18 13:41:49 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 18 Sep 2009 07:41:49 -0400 Subject: I forgot about the meaning of some options... In-Reply-To: <4AB35DC4.8040609@gmail.com> References: <4AB35DC4.8040609@gmail.com> Message-ID: On Sep 18, 2009, at 6:15 AM, Faramir wrote: > I while ago, I added a couple of lines to my gpg.conf file, and > at > that time I thought I knew what was I doing... but right now, I can't > remember exactly what effect do they have in gpg... maybe it is due to > lack of caffeine, but anyway, I'd like to know the effects of the > following lines: > > default-preference-list AES TWOFISH AES192 AES256 BLOWFISH CAST5 3DES > SHA256 SHA512 SHA224 SHA384 SHA1 RIPEMD160 Z1 Z2 Z3 Z0 --default-preference-list Set the list of default preferences to . This preference list is used for new keys and becomes the default for "setpref" in the edit menu. > > and > > personal-cipher-preferences TWOFISH AES AES192 AES256 BLOWFISH CAST5 > 3DES --personal-cipher-preferences Set the list of personal cipher preferences to . Use gpg --version to get a list of available algorithms, and use none to set no preference at all. This allows the user to factor in their own preferred algorithms when algorithms are chosen via recipient key preferences. The most highly ranked cipher in this list is also used for the --symmetric encryption command. David From foad0128 at gmail.com Fri Sep 18 12:46:27 2009 From: foad0128 at gmail.com (FOAD FOAD) Date: Fri, 18 Sep 2009 12:46:27 +0200 Subject: which version is install Message-ID: Hi, I want to know which version of gpg is install on my openbsd, could you tell me how to do ? Thx and have a nice day. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Fri Sep 18 14:06:07 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 18 Sep 2009 08:06:07 -0400 Subject: which version is install In-Reply-To: References: Message-ID: On Sep 18, 2009, at 6:46 AM, FOAD FOAD wrote: > Hi, > > I want to know which version of gpg is install on my openbsd, could > you tell me how to do ? Type "gpg --version" David From rjh at sixdemonbag.org Fri Sep 18 14:13:50 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 18 Sep 2009 08:13:50 -0400 Subject: which version is install In-Reply-To: References: Message-ID: <4AB3797E.9020001@sixdemonbag.org> FOAD FOAD wrote: > I want to know which version of gpg is install on my openbsd, could you > tell me how to do ? gpg --version From benjamin at py-soft.co.uk Fri Sep 18 13:48:07 2009 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Fri, 18 Sep 2009 12:48:07 +0100 Subject: which version is install In-Reply-To: References: Message-ID: <732076a80909180448s2f5b6759jabcd869c1045b287@mail.gmail.com> 2009/9/18 FOAD FOAD : > I want to know which version of gpg is install on my openbsd, could you tell > me how to do ? Try: gpg --version gpg2 --version Ben From db111 at freemail.hu Fri Sep 18 22:13:02 2009 From: db111 at freemail.hu (Csabi) Date: Fri, 18 Sep 2009 22:13:02 +0200 (CEST) Subject: Question about GnuPG Shell 1.0 Message-ID: Hello, I have Windows XP with GnuPG 1.4.9 installed. I wanted to install GNUPG Shell 1.0 but when i clicked to "install" button, the installer told me the following: GnuPG not installed on your system. Please, install it first. I dont know the C programming language so i cant examine the source code to know how do it search the installed GnuPG on the system. My GnuPG is installed in c:\program files\gnu\gnupg I copyed it in to c:\program files\gnupg and tryed to install GnuPG Shell again, but the same error message appeared. GPG Shell works fine but i would like to try the GnuPG Shell. Do You have any idea to resolve the problem? Sincerely, Csabi From John at Mozilla-Enigmail.org Fri Sep 18 23:58:18 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Fri, 18 Sep 2009 16:58:18 -0500 Subject: Question about GnuPG Shell 1.0 In-Reply-To: References: Message-ID: <4AB4027A.3070704@Mozilla-Enigmail.org> Csabi wrote: > Hello, > > I have Windows XP with GnuPG 1.4.9 installed. > I wanted to install GNUPG Shell 1.0 but when i clicked to "install" > > GPG Shell works fine but i would like to try the GnuPG Shell. > > Do You have any idea to resolve the problem? Have you asked on GnuPG Shell's support forum? -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From allen.schultz at gmail.com Sun Sep 20 00:00:06 2009 From: allen.schultz at gmail.com (Allen Schultz) Date: Sat, 19 Sep 2009 18:00:06 -0400 Subject: Question about GnuPG Shell 1.0 In-Reply-To: References: Message-ID: <4AB55466.9030703@gmail.com> Csabi wrote: > I have Windows XP with GnuPG 1.4.9 installed. ... > GnuPG not installed on your system. Please, install it first. Have you set the System PATH and then tried the installation again? Is it possible GPG Shell uses PATH and other windows settings for looking for GnuPG? -- Allen Schultz PS: Please see attached VCF attachment for contact and GPG key info. Signature.asc requires GPG/PGP to be installed to verify signature. -------------- next part -------------- A non-text attachment was scrubbed... Name: allen_schultz.vcf Type: text/x-vcard Size: 648 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 552 bytes Desc: OpenPGP digital signature URL: From John at Mozilla-Enigmail.org Sun Sep 20 03:31:04 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Sat, 19 Sep 2009 20:31:04 -0500 Subject: Question about GnuPG Shell 1.0 In-Reply-To: <4AB55466.9030703@gmail.com> References: <4AB55466.9030703@gmail.com> Message-ID: <4AB585D8.2010005@Mozilla-Enigmail.org> Allen Schultz wrote: > Csabi wrote: >> I have Windows XP with GnuPG 1.4.9 installed. > ... >> GnuPG not installed on your system. Please, install it first. > > Have you set the System PATH and then tried the installation again? Is > it possible GPG Shell uses PATH and other windows settings for looking > for GnuPG? "GPGshell" is a different tool. GPGshell is closed-source (likely VB) and Windows-only. The OP was asking about "GnuPG Shell", http://www.tech-faq.com/gnupg-shell.shtml, which is cross-platform and has source available as well as pre-built executables for Debian, Redhat, and Windows. That distinction made, setting the PATH environment variable is probably a good start, either at a user or a system level for Windows. It's still possible that the Windows build of "GnuPG Shell" checks values in the registry, but those should have been set correctly if GnuPG was installed with the Windows installer. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From John at Mozilla-Enigmail.org Sun Sep 20 04:15:00 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Sat, 19 Sep 2009 21:15:00 -0500 Subject: Question about GnuPG Shell 1.0 In-Reply-To: <4AB585D8.2010005@Mozilla-Enigmail.org> References: <4AB55466.9030703@gmail.com> <4AB585D8.2010005@Mozilla-Enigmail.org> Message-ID: <4AB59024.5000504@Mozilla-Enigmail.org> John Clizbe wrote: > Allen Schultz wrote: >> Csabi wrote: >>> I have Windows XP with GnuPG 1.4.9 installed. >> ... >>> GnuPG not installed on your system. Please, install it first. >> >> Have you set the System PATH and then tried the installation again? Is >> it possible GPG Shell uses PATH and other windows settings for looking >> for GnuPG? > > "GPGshell" is a different tool. GPGshell is closed-source (likely VB) and > Windows-only. The OP was asking about "GnuPG Shell", > http://www.tech-faq.com/gnupg-shell.shtml, which is cross-platform and has > source available as well as pre-built executables for Debian, Redhat, and Windows. > > That distinction made, setting the PATH environment variable is probably a good > start, either at a user or a system level for Windows. It's still possible that > the Windows build of "GnuPG Shell" checks values in the registry, but those > should have been set correctly if GnuPG was installed with the Windows installer. Checked the source tarball for GnuPG Shell... The NSIS installer script for the Windows build of "GnuPG Shell" is checking for the value "Install Directory" in the Windows registry under HKLM\Software\GNU\GnuPG to determine if GnuPG is installed. The Windows installer from GnuPG.org [ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe] correctly sets this value. Try re-running the GnuPG installer, then running the GnuPGShell installer. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From tux.tsndcb at free.fr Sun Sep 20 08:51:52 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Sun, 20 Sep 2009 08:51:52 +0200 (CEST) Subject: How to reset a smartcard ? In-Reply-To: <1946870851.6198191253429473037.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <110346939.6198241253429512297.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi, I wanted to hown how to "reset" a smartcard as factory settings or how to blanck all informations on the smartcard (Signature key, Encrpytion key, Authentication key ... to none) as on the first use. Thanks in advanced for your help. Best Regards From bob.henson at galen.org.uk Sun Sep 20 10:50:22 2009 From: bob.henson at galen.org.uk (Bob Henson) Date: Sun, 20 Sep 2009 09:50:22 +0100 Subject: Question about GnuPG Shell 1.0 In-Reply-To: <4AB59024.5000504@Mozilla-Enigmail.org> References: <4AB55466.9030703@gmail.com> <4AB585D8.2010005@Mozilla-Enigmail.org> <4AB59024.5000504@Mozilla-Enigmail.org> Message-ID: <4AB5ECCE.4040708@galen.org.uk> John Clizbe wrote: > John Clizbe wrote: >> Allen Schultz wrote: >>> Csabi wrote: >>>> I have Windows XP with GnuPG 1.4.9 installed. >>> ... >>>> GnuPG not installed on your system. Please, install it first. >>> Have you set the System PATH and then tried the installation again? Is >>> it possible GPG Shell uses PATH and other windows settings for looking >>> for GnuPG? >> "GPGshell" is a different tool. GPGshell is closed-source (likely VB) and >> Windows-only. The OP was asking about "GnuPG Shell", >> http://www.tech-faq.com/gnupg-shell.shtml, which is cross-platform and has >> source available as well as pre-built executables for Debian, Redhat, and Windows. >> >> That distinction made, setting the PATH environment variable is probably a good >> start, either at a user or a system level for Windows. It's still possible that >> the Windows build of "GnuPG Shell" checks values in the registry, but those >> should have been set correctly if GnuPG was installed with the Windows installer. > > Checked the source tarball for GnuPG Shell... > > The NSIS installer script for the Windows build of "GnuPG Shell" is checking for > the value "Install Directory" in the Windows registry under > HKLM\Software\GNU\GnuPG to determine if GnuPG is installed. > The Windows installer from GnuPG.org > [ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe] correctly sets this > value. > > Try re-running the GnuPG installer, then running the GnuPGShell installer. I think, from memory, you get the same error message if the keyring is not available at that directory. If the OP has his keyrings elsewhere than in the GnuPG directory, he may need to set/reset the registry so HOMEDIR points to the correct directory. I wonder if that might be the case? Regards, Bob From wk at gnupg.org Sun Sep 20 14:24:46 2009 From: wk at gnupg.org (Werner Koch) Date: Sun, 20 Sep 2009 14:24:46 +0200 Subject: GnuPG 2.0.12 on Windows In-Reply-To: <4A9F8AFD.1050308@sanders.org> (Brecht Sanders's message of "Thu, 03 Sep 2009 11:23:09 +0200") References: <4A9F8AFD.1050308@sanders.org> Message-ID: <87iqfdajn5.fsf@vigenere.g10code.de> On Thu, 3 Sep 2009 11:23, brecht at sanders.org said: > When compiling 2.0.12 on Windows with MinGW/MSYS there was a > compilation error on scd/ccid-driver.c because ETIMEDOUT doesn't exist > on Windows. You need all the patches as available in gpg4win. Or use 2.0.13. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From db111 at freemail.hu Sun Sep 20 16:08:13 2009 From: db111 at freemail.hu (Csabi) Date: Sun, 20 Sep 2009 16:08:13 +0200 (CEST) Subject: Question about GnuPG Shell 1.0 In-Reply-To: <4AB59024.5000504@Mozilla-Enigmail.org> References: <4AB55466.9030703@gmail.com> <4AB585D8.2010005@Mozilla-Enigmail.org> <4AB59024.5000504@Mozilla-Enigmail.org> Message-ID: Hello, Thx Your help and excuse me because i did not ask on the GnuPG Shell support forum at first. I installed GnuPG 1.4.10B after i installed GnuPG Shell without any error, that work fine. My keys were at a good place (in the GnuPG directory) so that was not a problem. So i think that the Windows installer which comes with GnuPG 1.4.10B resolve the problem. Sincerely, Csabi From tux.tsndcb at free.fr Sun Sep 20 21:17:53 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Sun, 20 Sep 2009 21:17:53 +0200 (CEST) Subject: One Private Key on Two or more OpenPGP 2.0 cards? In-Reply-To: Message-ID: <876555470.6254451253474273873.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi, I'm also very interresting if there is a way to put the same authentication key on several smartcards. Thanks in advanced. Best Regards ----- Mail Original ----- De: "Sean Wilson" ?: "David Shaw" Cc: gnupg-users at gnupg.org Envoy?: Lundi 14 Septembre 2009 12h00:35 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: One Private Key on Two or more OpenPGP 2.0 cards? Many thanks for this David! Now that you have explained it to me it all makes sense. I tested it and it works perfectly. The only thing I am battling with now is, how do I create an authentication key that I can use with SSH across all 3 of my OpenPGP cards? I'm a bit lost how to do this! I can easily create a single authentication key on ONE card but whats the correct procedure to follow to create an authentication key and put it on 3 OpenPGP cards? Many thanks for all your help! David Shaw wrote: > On Sep 13, 2009, at 4:52 PM, Sean Wilson wrote: > >> If I generate a brand new key pair and then add the key to an OpenPGP >> 2.0 card all works perfectly. But if I want to add the same key onto >> another OpenPGP card (as a backup) I get the following error in >> Thunderbird: >> >> Error - decryption failed >> >> gpg command line and output: >> C:\Program Files\GNU\GnuPG\gpg.exe >> The SmartCard D2760001240102000005000000430000 found in your reader >> cannot be used to process the message. >> Please insert your SmartCard D27600012401020000050000003F0000 and repeat >> the operation. >> >> Obviously if I insert the first card it decrypts the email no problem. >> What is the correct method to use to have the SAME private key on >> multiple cards? The reason I want to do this is so that I can have a >> "production" card, a backup card and an offsite card. How do I >> accomplish this? > > The problem you are having is because the secret key still exists, > even after it is transferred to a card. There are no secret bits any > longer, but the "stub" of the key is still there, and it contains the > serial number of the card (so GPG knows which card to look at for the > secret bits). If you delete the secret key stub, you can re-import it > and transfer it to other smartcards. > > Something like this: > > 1. Generate your key and save a copy of the secret part (gpg > --export-secret-key ...) > 2. Transfer the secret key to your production card > 3. Delete the whole key from your keyring (gpg > --delete-secret-and-public ...) > 4. Import the secret key again (gpg --import ...) > 5. Transfer the secret key to your backup card > 6. Repeat #3 > 7. Repeat #4 > 8. Transfer the secret key to your offsite card. > 9. Repeat #3. > 10. Import the public part of the key > 11. Insert the card you want to use regularly, and do a "gpg > --card-status" (this re-creates the stub for the card you use regularly) > > If you ever want to use a different smartcard, you will need to delete > your secret key, insert the card, and do a "gpg --card-status" to > recreate the stub for that card. > > David > > > _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Mon Sep 21 11:10:00 2009 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Sep 2009 11:10:00 +0200 Subject: OpenPGP 2.0 and Hushmail keys In-Reply-To: (Sean Wilson's message of "Thu, 10 Sep 2009 17:53:25 +0100") References: <09ABD6E9-5379-4416-9A09-239278D755F1@jabberwocky.com> Message-ID: <87ws3s64uv.fsf@vigenere.g10code.de> On Thu, 10 Sep 2009 18:53, mcse83 at hotmail.com said: > I am battling to understand this as I thought generating a key pair on > the openPGP card itself was as secure as can be as your private key ONLY > exists on the card itself and is not available anywhere else (ie: on > your hard drive for export). If you look at the exported key you posted with gpg --list-packets yopu will get the listing below. I added a few comments: :secret key packet: version 4, algo 1, created 1252600418, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0 serial-number: d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00 The primary secret key stub. The line "gnu-divert-to-card" indicates that this is stub key. As you can see there are only two parameters: skey[0] and skey[1] - this makes up the public parts of the key. There is nothing secret with them. For a real secret key (and not just a stub) you would see more parameters (i.e. the secret parameters). :user ID packet: "sw at test.com (TEST 003) " :signature packet: algo 1, keyid 446D3054095646C6 version 4, created 1252600418, md5len 0, sigclass 0x13 digest algo 2, begin of digest 4d 4e hashed subpkt 2 len 4 (sig created 2009-09-10) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID 446D3054095646C6) data: [1023 bits] :secret sub key packet: version 4, algo 1, created 1252600418, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0 serial-number: d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00 Same as with the primary key. :signature packet: algo 1, keyid 446D3054095646C6 version 4, created 1252600418, md5len 0, sigclass 0x18 digest algo 2, begin of digest a5 c8 hashed subpkt 2 len 4 (sig created 2009-09-10) hashed subpkt 27 len 1 (key flags: 20) subpkt 16 len 8 (issuer key ID 446D3054095646C6) data: [1014 bits] :secret sub key packet: version 4, algo 1, created 1252600418, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0 serial-number: d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00 Same as with the primary key. :signature packet: algo 1, keyid 446D3054095646C6 version 4, created 1252600418, md5len 0, sigclass 0x18 digest algo 2, begin of digest b9 15 hashed subpkt 2 len 4 (sig created 2009-09-10) hashed subpkt 27 len 1 (key flags: 0C) subpkt 16 len 8 (issuer key ID 446D3054095646C6) data: [1022 bits] Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Mon Sep 21 11:12:42 2009 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Sep 2009 11:12:42 +0200 Subject: Copy existing key to OpenPGP 2.0 card In-Reply-To: (Sean Wilson's message of "Thu, 10 Sep 2009 22:34:29 +0100") References: Message-ID: <87skeg64qd.fsf@vigenere.g10code.de> On Thu, 10 Sep 2009 23:34, mcse83 at hotmail.com said: > What is the correct way to copy existing keys that exist onto an OpenPGP > 2.0 card? > > I was trying this, is it correct: > > gpg --edit-key xxxxxxxx > toggle > keytocard > select 1 > key 1 > keytocard > select 2 > q > y Soemthing like this. You need to follow the prompts. If you don't know what to do at a certain prompt, use the default (i.e. hit Enter). Using a fixed list of commands does not work reliable. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From peter at digitalbrains.com Mon Sep 21 18:58:27 2009 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 21 Sep 2009 18:58:27 +0200 Subject: Getting the SCM SCT3511 to work Message-ID: <4AB7B0B3.5050609@digitalbrains.com> In a previous message [1] in the thread named "Does the SCM SCR3320 work with GnuPG?", I wrote that gnupg with Debian version 1.4.9-4 cannot use an OpenPGP v1 card in the SCT3511 reader. I've installed Debian version 1.4.10-1 from unstable, and it seems there is no change in the situation. I did however discover something rather important. Just once in a while, decryption with the card will actually work! Always when the decryption fails, it is because the card sends its ATR instead of the requested data. It seems that most of the time decryption fails when the PC tries to read the plaintext from the card after the card has reported succes for the issued PSO: DECIPHER command. Somewhat less frequent the card will send its ATR after the VERIFY CHV1 command. And even less frequent it just works. The mailing list complained about the length of my message, so I put the debug logs on the web. This is the debug log for when decryption is succesful: http://wwwhome.cs.utwente.nl/~lebbing/decrypt_sct_success.txt This is the debug log for when it fails after PSO: DECIPHER: http://wwwhome.cs.utwente.nl/~lebbing/decrypt_sct_fail_decipher.txt This is the debug log for when it fails after VERIFY CHV1: http://wwwhome.cs.utwente.nl/~lebbing/decrypt_sct_fail_verify_chv1.txt Oh, BTW, I changed the PIN on the test card to 123456 instead of the longer 12345678 used before. Thanks for your time, Peter. [1] http://lists.gnupg.org/pipermail/gnupg-users/2009-September/037333.html -- I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt From johanw at vulcan.xs4all.nl Mon Sep 21 20:30:33 2009 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon, 21 Sep 2009 20:30:33 +0200 (MET DST) Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: Message-ID: <200909211830.n8LIUXKU008065@vulcan.xs4all.nl> David Shaw wrote: >If the "some people" still want this, I haven't seen it in a good long >while. Possibly they gave up asking. Probably. However, if someone wants IDEA support for whatever reason there is still the IDEA plugin. It still works with GnuPG 1.4.10 for both Linux and Windows, although I have not tested it with the 2.0 versions. >To say nothing of the fact that compliant OpenPGP implementations are >explicitly banned from generating RFC-1991 keys. Why is that? Forced upgrading? Anyway, pgp 2.6.3ia builds just fine on modern Linux and win32 platforms. For win32, all you have to do is make a project file including all source files in Visual Studio and compile it. Long filename support etc. comes automatically so windows users don't have to be stuck with some DOS executable which would be a pita. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dshaw at jabberwocky.com Mon Sep 21 21:48:51 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 21 Sep 2009 15:48:51 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <200909211830.n8LIUXKU008065@vulcan.xs4all.nl> References: <200909211830.n8LIUXKU008065@vulcan.xs4all.nl> Message-ID: <49732A2F-7FA1-4FA8-A2E8-5EC575BFD502@jabberwocky.com> On Sep 21, 2009, at 2:30 PM, Johan Wevers wrote: > David Shaw wrote: > >> If the "some people" still want this, I haven't seen it in a good >> long >> while. Possibly they gave up asking. > > Probably. However, if someone wants IDEA support for whatever reason > there > is still the IDEA plugin. It still works with GnuPG 1.4.10 for both > Linux > and Windows, although I have not tested it with the 2.0 versions. There is IDEA support (as this is part of OpenPGP, albeit with patent issues), but no V3 key generation support. >> To say nothing of the fact that compliant OpenPGP implementations are >> explicitly banned from generating RFC-1991 keys. > > Why is that? Forced upgrading? I recall it was not so much forced upgrading, as a general feeling of "enough already". If you take a look at the ietf-openpgp archives for 2003-2004, you'll see a few discussions around it. Mind you, the statistics we played with at the time (4-5 years ago) showed that over 90% of keys on the keyservers were V4. I doubt that number has gone anywhere but up since then. Another way to look at it is that the new wording around V3 keys (including the no-generate rule) enables someone to write an OpenPGP implementation that has no V3 support whatsoever (something which wasn't doable in RFC-2440). David From tschaible at gmail.com Mon Sep 21 22:36:30 2009 From: tschaible at gmail.com (Tom Schaible) Date: Mon, 21 Sep 2009 16:36:30 -0400 Subject: Question about Algorithm Validations Message-ID: <85646c00909211336k3186240m44df5074117ba56c@mail.gmail.com> Hello all, I've been trying to find some information on GPG and how it's algorithms are validated. Unfortunately, I've been coming up empty on the web site and in archive searches. Hopefully, some of you can answer my questions and confirm some of assumptions. 1. I'm working under the assumption that libgcrypt is a library that encapsulates the cryptographic algorithms and that libgcrypt is used only by gpg 2.x or greater. gpg 1.4.x does not use libgcrypt and updates to libgcrypt are not necessarily being patched back into the gpg 1.4 codebase. Is this correct? 2. I've read some forum posts that state that libgcrypt is tested against the NIST CAVS test suite and that 1.4.4 has passed and all tests and is validated by NIST? Is this correct? If so, does anyone know which algorithms/validation #'s libgcrypt was validated under? I can't seem to find them in the NIST database. 3. Assuming gpg 1.4.x doesn't use libgcrypt directly, what are the procedures for validating its algorithms (NIST or otherwise)? Your help is greatly appreciated. Thanks, --Tom From marcio.barbado at gmail.com Tue Sep 22 04:11:27 2009 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Mon, 21 Sep 2009 23:11:27 -0300 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <49732A2F-7FA1-4FA8-A2E8-5EC575BFD502@jabberwocky.com> References: <200909211830.n8LIUXKU008065@vulcan.xs4all.nl> <49732A2F-7FA1-4FA8-A2E8-5EC575BFD502@jabberwocky.com> Message-ID: <2df3b0cb0909211911q7762ce53v629141284cc9c21a@mail.gmail.com> Gentlemen, I really appreciate the comments you've made on the subject and the little debates as well. That was exactly what I was expecting. Sometimes, regular users do not have the proper notion of whether some functionality merits attention. All in all, it looks like IDEA, even if totally freed, is sentenced to gradual abandonment. Is this perception of mine correct? Regards, On Mon, Sep 21, 2009 at 4:48 PM, David Shaw wrote: > On Sep 21, 2009, at 2:30 PM, Johan Wevers wrote: > >> David Shaw wrote: >> >>> If the "some people" still want this, I haven't seen it in a good long >>> while. ?Possibly they gave up asking. >> >> Probably. However, if someone wants IDEA support for whatever reason there >> is still the IDEA plugin. It still works with GnuPG 1.4.10 for both Linux >> and Windows, although I have not tested it with the 2.0 versions. > > There is IDEA support (as this is part of OpenPGP, albeit with patent > issues), but no V3 key generation support. > >>> To say nothing of the fact that compliant OpenPGP implementations are >>> explicitly banned from generating RFC-1991 keys. >> >> Why is that? Forced upgrading? > > I recall it was not so much forced upgrading, as a general feeling of > "enough already". ?If you take a look at the ietf-openpgp archives for > 2003-2004, you'll see a few discussions around it. ?Mind you, the statistics > we played with at the time (4-5 years ago) showed that over 90% of keys on > the keyservers were V4. ?I doubt that number has gone anywhere but up since > then. > > Another way to look at it is that the new wording around V3 keys (including > the no-generate rule) enables someone to write an OpenPGP implementation > that has no V3 support whatsoever (something which wasn't doable in > RFC-2440). > > David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Marcio Barbado, Jr. From rjh at sixdemonbag.org Tue Sep 22 05:53:53 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 21 Sep 2009 23:53:53 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <2df3b0cb0909211911q7762ce53v629141284cc9c21a@mail.gmail.com> References: <200909211830.n8LIUXKU008065@vulcan.xs4all.nl> <49732A2F-7FA1-4FA8-A2E8-5EC575BFD502@jabberwocky.com> <2df3b0cb0909211911q7762ce53v629141284cc9c21a@mail.gmail.com> Message-ID: <4AB84A51.2030208@sixdemonbag.org> M.B.Jr. wrote: > All in all, it looks like IDEA, even if totally freed, is sentenced to > gradual abandonment. Is this perception of mine correct? It is more accurate to say it has already been abandoned. Very few people today use IDEA as a symmetric cipher for OpenPGP messages. From dshaw at jabberwocky.com Tue Sep 22 06:05:29 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 22 Sep 2009 00:05:29 -0400 Subject: IDEA patent vs the recent USPTO memorandum In-Reply-To: <2df3b0cb0909211911q7762ce53v629141284cc9c21a@mail.gmail.com> References: <200909211830.n8LIUXKU008065@vulcan.xs4all.nl> <49732A2F-7FA1-4FA8-A2E8-5EC575BFD502@jabberwocky.com> <2df3b0cb0909211911q7762ce53v629141284cc9c21a@mail.gmail.com> Message-ID: <15146DCD-2A5C-48B7-A317-DEBB65CB6270@jabberwocky.com> On Sep 21, 2009, at 10:11 PM, M.B.Jr. wrote: > Gentlemen, > I really appreciate the comments you've made on the subject and the > little debates as well. > > That was exactly what I was expecting. > > Sometimes, regular users do not have the proper notion of whether some > functionality merits attention. > > All in all, it looks like IDEA, even if totally freed, is sentenced to > gradual abandonment. Is this perception of mine correct? In my opinion, yes. These days, you'd need a good reason to use IDEA rather than AES, CAST5, or even 3DES. When you add in the fact that IDEA actually costs money (heresy!) and nearly every competitor is free, it becomes a fairly easy calculation to make. In the context of OpenPGP, the gradual abandonment has already happened. The usage today is non-zero, but negligible. The only reason the IDEA discussion comes up here (usually once or twice a year) is that PGP 2.x used it back in the 1990s. David From wk at gnupg.org Tue Sep 22 11:09:36 2009 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Sep 2009 11:09:36 +0200 Subject: Question about Algorithm Validations In-Reply-To: <85646c00909211336k3186240m44df5074117ba56c@mail.gmail.com> (Tom Schaible's message of "Mon, 21 Sep 2009 16:36:30 -0400") References: <85646c00909211336k3186240m44df5074117ba56c@mail.gmail.com> Message-ID: <87ws3rz6pb.fsf@vigenere.g10code.de> On Mon, 21 Sep 2009 22:36, tschaible at gmail.com said: > 1. I'm working under the assumption that libgcrypt is a library that > encapsulates the cryptographic algorithms and that libgcrypt is used > only by gpg 2.x or greater. gpg 1.4.x does not use libgcrypt and > updates to libgcrypt are not necessarily being patched back into the > gpg 1.4 codebase. Is this correct? Right. However we have added support for newer algorithms also to gpg 1.4 (e.g. Camellia). > 2. I've read some forum posts that state that libgcrypt is tested > against the NIST CAVS test suite and that 1.4.4 has passed and all > tests and is validated by NIST? Is this correct? If so, does anyone > know which algorithms/validation #'s libgcrypt was validated under? I > can't seem to find them in the NIST database. It is still under evaluation; on the NIST site you find a list of such modules. However before a final evaluation is done the testlabs do internal testings and it happens that I know that Libgcrypt passed them. > 3. Assuming gpg 1.4.x doesn't use libgcrypt directly, what are the > procedures for validating its algorithms (NIST or otherwise)? If you want to do that a lot of work is waiting for you and you have to spend quite some money on that. BTW, it seems that a evaluation of GnuPG-2 is going on in Japan. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bmearns at ieee.org Tue Sep 22 16:26:29 2009 From: bmearns at ieee.org (Brian Mearns) Date: Tue, 22 Sep 2009 10:26:29 -0400 Subject: Details of signature verification status-fd lines Message-ID: <4df3a1330909220726y2fda1d60vfa9158f468f10b21@mail.gmail.com> Just a quick question on the --status-fd output from a --verify operation: if EXPSIG, EXPKEYSIG, or REVKEYSIG are given, could VALIDSIG or GOODSIG also show up? In other words, are these just for more information on why a signature failed, or can they qualify the "GOOD" and "VALID" outputs? Thanks -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net From wk at gnupg.org Tue Sep 22 17:19:27 2009 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Sep 2009 17:19:27 +0200 Subject: Details of signature verification status-fd lines In-Reply-To: <4df3a1330909220726y2fda1d60vfa9158f468f10b21@mail.gmail.com> (Brian Mearns's message of "Tue, 22 Sep 2009 10:26:29 -0400") References: <4df3a1330909220726y2fda1d60vfa9158f468f10b21@mail.gmail.com> Message-ID: <87pr9jxb0g.fsf@vigenere.g10code.de> On Tue, 22 Sep 2009 16:26, bmearns at ieee.org said: > Just a quick question on the --status-fd output from a --verify > operation: if EXPSIG, EXPKEYSIG, or REVKEYSIG are given, could > VALIDSIG or GOODSIG also show up? In other words, are these just for It depends. EXPKEYSIG for example may come in addition to VALIDSIG. VALIDSIG is the modern version of GOODSIG. Except for the description in doc/DETAILS we don't have a more specific description (it is on our task list, though). The best way to see what you can expect is to look at the gpgme code. gpgme/src/verify.c computes the validity of signatures. Processing the NEWSIG status line is in general a good idea so that you don't mix the status lines given for different signatures. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bmearns at ieee.org Tue Sep 22 17:50:14 2009 From: bmearns at ieee.org (Brian Mearns) Date: Tue, 22 Sep 2009 11:50:14 -0400 Subject: Details of signature verification status-fd lines In-Reply-To: <87pr9jxb0g.fsf@vigenere.g10code.de> References: <4df3a1330909220726y2fda1d60vfa9158f468f10b21@mail.gmail.com> <87pr9jxb0g.fsf@vigenere.g10code.de> Message-ID: <4df3a1330909220850s3bea80c6se41efdde2394c3a9@mail.gmail.com> On Tue, Sep 22, 2009 at 11:19 AM, Werner Koch wrote: > On Tue, 22 Sep 2009 16:26, bmearns at ieee.org said: >> Just a quick question on the --status-fd output from a --verify >> operation: if EXPSIG, EXPKEYSIG, or REVKEYSIG are given, could >> VALIDSIG or GOODSIG also show up? In other words, are these just for > > It depends. ?EXPKEYSIG for example may come in addition to VALIDSIG. > VALIDSIG is the modern version of GOODSIG. ?Except for the description > in doc/DETAILS we don't have a more specific description (it is on our > task list, though). > > The best way to see what you can expect is to look at the gpgme code. > gpgme/src/verify.c computes the validity of signatures. ?Processing the > NEWSIG status line is in general a good idea so that you don't mix the > status lines given for different signatures. > > > Salam-Shalom, > > ? Werner > > > -- > Die Gedanken sind frei. ?Auschnahme regelt ein Bundeschgesetz. > > Thanks for the response. So EXPKEYSIG doesn't mean the key was expired when the signature was made, right? If that shows up along with VALIDSIG, it's ok to trust the signature, correct? What about REVKEYSIG? If a key is revoked, is there an easy way to know if the signature was made prior to revocation, or would it be necessary to just compare the stamps on the signature and the revocation? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net From dkg at fifthhorseman.net Tue Sep 22 19:11:21 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 22 Sep 2009 13:11:21 -0400 Subject: choosing an encryption target from a User ID Message-ID: <4AB90539.7020809@fifthhorseman.net> when encrypting messages to a user ID with multiple matching keys with full calculated validity, gpg seems to just choose the "first" matching key, for some definition of "first" -- i think it's decided by chronological age of first import into the local keyring. This does not seem to be the best heuristic. here are some other proposed heuristics for choosing among multiple keys with full calculated User ID validity during encryption: 0) choose the most recently-created key 1) choose the key with the strongest supported encryption-capable subkey (by bitlength?) 2) encrypt to *all* matching keys The current implementation does what seems to be the Wrong Thing in the use case where the recipient is going through a key transition, and has two keys (one older, deprecated but not yet expired; and one newer, stronger, preferred). Any thoughts on this? Should i open it as a ticket? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From John at Mozilla-Enigmail.org Tue Sep 22 21:40:14 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 22 Sep 2009 14:40:14 -0500 Subject: choosing an encryption target from a User ID In-Reply-To: <4AB90539.7020809@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> Message-ID: <4AB9281E.6040008@Mozilla-Enigmail.org> Daniel Kahn Gillmor wrote: > when encrypting messages to a user ID with multiple matching keys with > full calculated validity, gpg seems to just choose the "first" matching > key, for some definition of "first" -- i think it's decided by > chronological age of first import into the local keyring. IIRC, it's the first usable key with a matching User ID. Period. First one it can use. PS: Would you touch the membership file on zimmermann.mayfirst.org? ISP DHCPed a new IP when I replaced a dead router over the weekend. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Tue Sep 22 21:40:45 2009 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 22 Sep 2009 12:40:45 -0700 Subject: howto secure older keys after the recent attacks In-Reply-To: <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> References: <6e7da8720909091543t25f2550cv3b820d7b52a1882b@mail.gmail.com> <0B433892-BFE9-45F8-BDA6-9B522077B045@jabberwocky.com> <6e7da8720909100502r7350e4c0x92092e47e23bc742@mail.gmail.com> <43DB695D-52F5-4D3B-85AB-3932552FD576@jabberwocky.com> Message-ID: <4AB9283D.704@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 David Shaw wrote: > There are occasional debates on who has the better PRNG. The debates > usually end with no changes on either side :) > > That isn't to say there aren't differences between systems - the FreeBSD > PRNG (which seems to have been inherited by OSX) is of a fairly > different construction than the Linux one, which has led to some mild > controversy in the past. Notably, the Linux one blocks if you run out > of gathered entropy, and the FreeBSD one does not. FreeBSD /dev/random > is similar to Linux's /dev/urandom. That description is not quite accurate. FreeBSD (and OSX, which actually inherited quite a bit of userland and other bits from FreeBSD) uses the Yarrow PRNG. Here is an excerpt from the wikipedia /dev/random article: Yarrow places a lot of emphasis on avoiding any pool compromise and on recovering from it as quickly as possible. It is regularly reseeded; on a system with small amount of network and disk activity, this is done after fraction of a second. http://en.wikipedia.org/wiki//dev/random So while it is correct to say that like a traditional SysV /dev/urandom our /dev/random does not block (except in extraordinary circumstances, unlikely to happen in any real world application), it is not correct to say that it continues handing out bits of dubious quality when it "runs out of entropy." (I realize that is not specifically what you said David, but since at least one reader seems to have come to that conclusion based on what you did say so I felt compelled to respond.) As the wikipedia article also points out we have support for hardware entropy devices as well so anyone doing "heavy duty" crypto stuff has that option available. But for the casual user our current system is more than enough. And yes, I realize that this is an area of debate, which is why I purposely included your first quote above in my reply. :) My purpose is not to debate which is "better," rather to bring some light to the topic of what we're actually doing. Anyone interested in more details about Yarrow can read the paper at http://www.schneier.com/paper-yarrow.html. hth, Doug (aka dougb at FreeBSD.org) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iEYEAREDAAYFAkq5KD0ACgkQyIakK9Wy8Pv8dwCeMbTkNlTvaK2Npz7acx3zlzCW pxEAoMaj4NhMmoX9xu5c9d4MThuVjTT8 =MsTX -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Tue Sep 22 22:09:58 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 22 Sep 2009 16:09:58 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4AB9281E.6040008@Mozilla-Enigmail.org> References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> Message-ID: <4AB92F16.1050300@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 John Clizbe wrote: > IIRC, it's the first usable key with a matching User ID. Period. First one it > can use. My usual 'solution' for this is to 'Disable' the non-preferred or unused Key until such time as it is Revoked or I have been otherwise informed it is deprecated beyond any further use. JOHN ;) Timestamp: Tuesday 22 Sep 2009, 16:09 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKuS8VAAoJEBCGy9eAtCsPIAMH/iHFYbkgRit0CWEPDq9Oyhdi PvJwBnppkbU1YXF54MEV2y9+88FSl3A5crZyBkLt+MKvMEuYZO906+7xxmNQZ6u6 7wCNYjX5VbiKVHyT4k4N6AJBn4fuZB3jswK9yWylo2Loz2YjDfvnnpXIbxhuM2co ct8aiCjOKPMdvaw9KwhgcczOia0GGZlK9Rp7qCrt6TS/WguRecQX9h/NpZR8jjSY S6MpSIuVXvoPWU/GlednH2Rmp11f7xdOKHwYkwDV9gq03ql8l8sTdzFr6T0LEBY+ tEZRroTaoUfu53+yvJm75kkkqBlRpbVEphKQaGbaSWaxCDaoU5kYkfLlztlxXlQ= =X28H -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Tue Sep 22 22:40:07 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 22 Sep 2009 16:40:07 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4AB92F16.1050300@bellsouth.net> References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> <4AB92F16.1050300@bellsouth.net> Message-ID: <4AB93627.8040107@fifthhorseman.net> On 09/22/2009 04:09 PM, John W. Moore III wrote: > John Clizbe wrote: > >> IIRC, it's the first usable key with a matching User ID. Period. First one it >> can use. thanks for catching that, John. It appears that if the first key with a matching User ID doesn't have full calculated validity, the user gets a scary warning that "There is no assurance this key belongs to the named user", and then: It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. It does this even if there is a full-valid match later in the keyring! This doesn't seem like friendly or reasonable behavior for the power user, let alone the novice user. > My usual 'solution' for this is to 'Disable' the non-preferred or unused > Key until such time as it is Revoked or I have been otherwise informed > it is deprecated beyond any further use. i'm assuming you mean "gpg --edit-key 0xDECAFBAD" followed by the "disable" subcommand. What do y'all think should actually be happening here? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From dshaw at JABBERWOCKY.COM Tue Sep 22 22:41:25 2009 From: dshaw at JABBERWOCKY.COM (David Shaw) Date: Tue, 22 Sep 2009 16:41:25 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4AB90539.7020809@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> Message-ID: <0DFF645C-1DDE-4A46-AE7C-440B29E697D0@JABBERWOCKY.COM> On Sep 22, 2009, at 1:11 PM, Daniel Kahn Gillmor wrote: > when encrypting messages to a user ID with multiple matching keys with > full calculated validity, gpg seems to just choose the "first" > matching > key, for some definition of "first" -- i think it's decided by > chronological age of first import into the local keyring. > > This does not seem to be the best heuristic. here are some other > proposed heuristics for choosing among multiple keys with full > calculated User ID validity during encryption: > > 0) choose the most recently-created key > > 1) choose the key with the strongest supported encryption-capable > subkey (by bitlength?) > > 2) encrypt to *all* matching keys The problem with this sort of thing is that for every possible heuristic we can come up with, there is going to be someone who that heuristic breaks. GnuPG has done the "first matching key" since the beginning, as did (old) PGP[1]. That behavior is baked deeply into systems. David [1] PGP has a GUI nowadays, so this sort of thing doesn't apply in the same way any longer. I don't have my copy of PGP command line online at the moment, so I can't check what it does, but I'd be surprised if it didn't either take the first one or give an error message. From jmoore3rd at bellsouth.net Tue Sep 22 22:57:17 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 22 Sep 2009 16:57:17 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <0DFF645C-1DDE-4A46-AE7C-440B29E697D0@JABBERWOCKY.COM> References: <4AB90539.7020809@fifthhorseman.net> <0DFF645C-1DDE-4A46-AE7C-440B29E697D0@JABBERWOCKY.COM> Message-ID: <4AB93A2D.9030309@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Shaw wrote: > [1] PGP has a GUI nowadays, so this sort of thing doesn't apply in the > same way any longer. I don't have my copy of PGP command line online at > the moment, so I can't check what it does, but I'd be surprised if it > didn't either take the first one or give an error message. Like GPG it utilizes the 1st encountered Key that matches the Send To: address & is valid. JOHN ;) Timestamp: Tuesday 22 Sep 2009, 16:57 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKuTosAAoJEBCGy9eAtCsPZH8H/1ARVU6lWN9IoaWrMGgf/z86 U33uTXD5rRMUZcdpmoFvwkso6Gc5vU7AM6yYcl5A8yYBWkQ9USfVhGZEVB7pX8/n AGKcHfm2TALDxCknqQWXrI7k1CHY10nQ9gNjwHooHTYIV1gTavm6tQGYPmQOsOds aKBITuxIw3hIcb6tm8gObi4V0I1NT7Qp4oeMWHJAhcDHJJ/KIoSRe4a4N1176eYC vdc2S6VT7tLqiuAH22np4e7Je1epTTq+0QNwnrKuMLTv80EGnYf7qixotOhaNWrC 18TSYarG9t5biEzc/vJEAWQEdCoN6af+mr/2aiGNBX5ikh/mRC/bA180ejtoKR0= =dbA2 -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Tue Sep 22 23:06:41 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 22 Sep 2009 17:06:41 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4AB93A2D.9030309@bellsouth.net> References: <4AB90539.7020809@fifthhorseman.net> <0DFF645C-1DDE-4A46-AE7C-440B29E697D0@JABBERWOCKY.COM> <4AB93A2D.9030309@bellsouth.net> Message-ID: <4AB93C61.6050702@fifthhorseman.net> On 09/22/2009 04:57 PM, John W. Moore III wrote: > Like GPG it utilizes the 1st encountered Key that matches the Send To: > address & is valid. this is not what gpg does. gpg simply chooses the first key with a matching user ID, whether or irrespective of the calculated validity of the User ID in question. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From jmoore3rd at bellsouth.net Tue Sep 22 23:07:45 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 22 Sep 2009 17:07:45 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4AB93C61.6050702@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <0DFF645C-1DDE-4A46-AE7C-440B29E697D0@JABBERWOCKY.COM> <4AB93A2D.9030309@bellsouth.net> <4AB93C61.6050702@fifthhorseman.net> Message-ID: <4AB93CA1.70204@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Daniel Kahn Gillmor wrote: > On 09/22/2009 04:57 PM, John W. Moore III wrote: >> Like GPG it utilizes the 1st encountered Key that matches the Send To: >> address & is valid. > > this is not what gpg does. gpg simply chooses the first key with a > matching user ID, whether or irrespective of the calculated validity of > the User ID in question. I was referring to the validity of the Key; _not_ the UID. If the Key isn't expired/revoked or disabled; GPG will use it when it comes upon it in the 1st order encountered. So does Command Line PGP. JOHN ;) Timestamp: Tuesday 22 Sep 2009, 17:07 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKuTygAAoJEBCGy9eAtCsPB+UH/0OUuuUAXhTG7n4lTpXkedjO TwsYHPLsCvTws9Zgym+Ojw/NuPeD27hb82AWHz128mF+iL/88TJ5MCdLb/RV7tm8 fAMlSDVDjJQELUDKwLyhT3+eFKSh3SU+PegRmf0yZzEdj01Fv9LURb9O7e8TxXWQ sOMTxv9b4LL68ievBfWURE+AW2MtVBGRCfrIbbEQfeMsMGjKDD0jTZ+CoOWuaeY3 rWhSHQt8Fn23r3Wxc0D3FL1Tkk3KojKNt39NQI9XBMk/1D3/CIz4YS1Dw3dOVH0z 8FI0eRLTnm7RIN6i5C5cDOLUuUBdAkTmOSJ9zkikBAeOfs7K5i/rQKDDZjjAMe0= =W8qb -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Sep 22 23:08:42 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 22 Sep 2009 17:08:42 -0400 Subject: Two tidbits of potential interest Message-ID: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> First of all, someone has factored a 512-bit RSA key (the one used to protect a TI programmable calculator, it seems). It took 73 days on a dual-core 1900Mhz Athlon64. It took just under 5 gigs of storage and around 2.5 gigs of RAM. In other words: not much at all. It's not some big distributed project - rather it's a single guy who wanted to factor it and just left it running in the background for 2 and a half months. (This is actually a month old - forgot to send it before now). http://www.unitedti.org/index.php?showtopic=8888 Also, here's the Stick Figure Guide to AES: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html David From classpath at arcor.de Tue Sep 22 23:37:48 2009 From: classpath at arcor.de (Morten Gulbrandsen) Date: Tue, 22 Sep 2009 23:37:48 +0200 Subject: Two tidbits of potential interest In-Reply-To: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> References: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> Message-ID: <4AB943AC.1010308@arcor.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi List readers, thanks to David Shaw for the nice URL: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html This one I like very much; The pencil and paper approach. > > Also, here's the Stick Figure Guide to AES: > > http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html > > David > however we will need elliptic curve ciphers in the next years or so? Sincerely yours, Morten 0x81802954 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (SunOS) Comment: For keyID and its URL see the OpenPGP message header iEYEARECAAYFAkq5Q6wACgkQ9ymv2YGAKVT7UgCfTAcsbpME8FbBdEhnW7psURR2 5wMAoMb9jmrGS8KrZn0MNGE2YXbMR4+W =ttIc -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Sep 23 00:30:52 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 22 Sep 2009 18:30:52 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4AB93627.8040107@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> <4AB92F16.1050300@bellsouth.net> <4AB93627.8040107@fifthhorseman.net> Message-ID: <90E3E1E5-F0AF-40EB-B4C6-61640E7EFED3@jabberwocky.com> On Sep 22, 2009, at 4:40 PM, Daniel Kahn Gillmor wrote: > On 09/22/2009 04:09 PM, John W. Moore III wrote: >> John Clizbe wrote: >> >>> IIRC, it's the first usable key with a matching User ID. Period. >>> First one it >>> can use. > > thanks for catching that, John. It appears that if the first key > with a > matching User ID doesn't have full calculated validity, the user > gets a > scary warning that "There is no assurance this key belongs to the > named > user", and then: > > It is NOT certain that the key belongs to the person named > in the user ID. If you *really* know what you are doing, > you may answer the next question with yes. > > It does this even if there is a full-valid match later in the keyring! > > This doesn't seem like friendly or reasonable behavior for the power > user, let alone the novice user. > >> My usual 'solution' for this is to 'Disable' the non-preferred or >> unused >> Key until such time as it is Revoked or I have been otherwise >> informed >> it is deprecated beyond any further use. > > i'm assuming you mean "gpg --edit-key 0xDECAFBAD" followed by the > "disable" subcommand. > > What do y'all think should actually be happening here? I think the current behavior is the right one. Otherwise we break however many baked-in uses out there (scripts, etc), to say nothing of having to explain to people why a particular key was chosen. "We pick the first valid key" cannot be misunderstood or confuse anyone. Yes, it's wrong for some situations. But every behavior is wrong for some situations. This particular "wrong" behavior has almost 20 years of history behind it. David From dkg at fifthhorseman.net Wed Sep 23 00:54:23 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 22 Sep 2009 18:54:23 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <90E3E1E5-F0AF-40EB-B4C6-61640E7EFED3@jabberwocky.com> References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> <4AB92F16.1050300@bellsouth.net> <4AB93627.8040107@fifthhorseman.net> <90E3E1E5-F0AF-40EB-B4C6-61640E7EFED3@jabberwocky.com> Message-ID: <4AB9559F.4020906@fifthhorseman.net> On 09/22/2009 06:30 PM, David Shaw wrote: > I think the current behavior is the right one. Otherwise we break > however many baked-in uses out there (scripts, etc), to say nothing of > having to explain to people why a particular key was chosen. "We pick > the first valid key" cannot be misunderstood or confuse anyone. well, i'm living proof that it can confuse people, and that people can misunderstand it. It took me a while to sort out: a) what it was doing specifically (i originally thought it was sorting by key creation date) b) how to change the ordering of keys in a keyring (so far, i've only figured out how to move a given key to the "end of the list": gpg --export --export-options export-local $KEYID > tmpfile gpg --delete-key $KEYID gpg --import --import-options import-local < tmpfile I suppose i could do arbitrary bubble-sort-ish reorderings with this primitive, too; is there another way?) c) that gpg is even willing to settle on a key with a matching User ID with no calculated validity (e.g. if i added a user ID of "Daniel Kahn Gillmor " to my key, even if no one else certified it, then anyone who had met me before meeting you would need to specify your key by key ID, instead of by e-mail address!) > Yes, it's wrong for some situations. But every behavior is wrong for > some situations. This particular "wrong" behavior has almost 20 years > of history behind it. I hear you. I've offered some concrete examples of ways that the current behavior breaks things. Can you give me an example of a script that has this behavior "baked in" to the point where adopting a better heuristic would break it? Also, i believe this behavior is *only* relevant in situations where the user asks gpg to encrypt something to a name or User ID. Is that right? or are there other circumstances in gpg where the "choose the first matching User ID" heuristic is used? Thanks for thinking through this with me, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Wed Sep 23 01:16:05 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 22 Sep 2009 19:16:05 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4AB9559F.4020906@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> <4AB92F16.1050300@bellsouth.net> <4AB93627.8040107@fifthhorseman.net> <90E3E1E5-F0AF-40EB-B4C6-61640E7EFED3@jabberwocky.com> <4AB9559F.4020906@fifthhorseman.net> Message-ID: On Sep 22, 2009, at 6:54 PM, Daniel Kahn Gillmor wrote: > Can you give me an example of a script > that has this behavior "baked in" to the point where adopting a better > heuristic would break it? It doesn't work that way. The default is "the first valid key". It's been that way in the PGP world since before GPG as a product was written. If you want to propose a specific alternative, I'm ready to listen, but I'm not going to defend the default behavior of 15+ years. > Also, i believe this behavior is *only* relevant in situations where > the > user asks gpg to encrypt something to a name or User ID. Is that > right? > or are there other circumstances in gpg where the "choose the first > matching User ID" heuristic is used? It's used everywhere user IDs are referenced in the product. --list- keys. --edit-key, --sign-key, etc, etc. David From bmearns at ieee.org Wed Sep 23 04:29:07 2009 From: bmearns at ieee.org (Brian Mearns) Date: Tue, 22 Sep 2009 22:29:07 -0400 Subject: Entropy sources for rngd Message-ID: <4df3a1330909221929g6409f10aoa00cd9f9206a4e87@mail.gmail.com> Sorry, I know this is only somewhat on topic: if someone can suggest an appropriate mailing-list or news group, that'd be great. I want to use rngd to increase my entropy pool for use with GnuPG, but I don't have a hardware random device. I've seen a lot of references to using /dev/urandom as the input source for rngd, which claim that rngd's randomness test is sufficient for ensuring that the entropy pool remains random. But there's something that really doesn't sit well about that for me. Can anyone offer informed insight on this? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net From wk at gnupg.org Wed Sep 23 10:20:07 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 23 Sep 2009 10:20:07 +0200 Subject: Details of signature verification status-fd lines In-Reply-To: <4df3a1330909220850s3bea80c6se41efdde2394c3a9@mail.gmail.com> (Brian Mearns's message of "Tue, 22 Sep 2009 11:50:14 -0400") References: <4df3a1330909220726y2fda1d60vfa9158f468f10b21@mail.gmail.com> <87pr9jxb0g.fsf@vigenere.g10code.de> <4df3a1330909220850s3bea80c6se41efdde2394c3a9@mail.gmail.com> Message-ID: <87d45ixebs.fsf@vigenere.g10code.de> On Tue, 22 Sep 2009 17:50, bmearns at ieee.org said: > Thanks for the response. So EXPKEYSIG doesn't mean the key was expired > when the signature was made, right? If that shows up along with It means that the key has expired by now. > VALIDSIG, it's ok to trust the signature, correct? What about That is up to you. Usually you would show a message stating that the key used to create the message meanwhile expired. Whether you take the signature creation date into account and show a different message is up to you. If a signer wants to use an expired key for signing he may as well change the signature creation time. > REVKEYSIG? If a key is revoked, is there an easy way to know if the > signature was made prior to revocation, or would it be necessary to > just compare the stamps on the signature and the revocation? There is no way becuase you don't know why the key was revoked. Sure the revocation signature allows to give a reason of revocation and you can take that in account, but if the key was compromised an attacker may also create a revocation with a different reasons (e.g. key superseded). You can't tell who did the revocation. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tux.tsndcb at free.fr Wed Sep 23 11:46:08 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Wed, 23 Sep 2009 11:46:08 +0200 (CEST) Subject: Is it possible to have the same authentication key on several smartcard ? In-Reply-To: <1881721311.6602431253699144033.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <779082531.6602531253699168054.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi, Is it possible to have the same authentication key on several smartcard ? Is it possible to done an authentication key backup when it has been generated directly on a smartcard ? Thanks in advanced for your answer. Best Regard. From wk at gnupg.org Wed Sep 23 13:36:49 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 23 Sep 2009 13:36:49 +0200 Subject: Is it possible to have the same authentication key on several smartcard ? In-Reply-To: <779082531.6602531253699168054.JavaMail.root@zimbra7-e1.priv.proxad.net> (tux tsndcb's message of "Wed, 23 Sep 2009 11:46:08 +0200 (CEST)") References: <779082531.6602531253699168054.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <878wg5yjse.fsf@vigenere.g10code.de> On Wed, 23 Sep 2009 11:46, tux.tsndcb at free.fr said: > Is it possible to have the same authentication key on several smartcard ? Yes. You need to generate the key off-card and and then put it onto the card. Use gpg --edit-key and the subcommands genkey and keytocard for this. > Is it possible to done an authentication key backup when it has been generated directly on a smartcard ? No. An on-card generated key can't be extracted from the card (except for the public part of course). Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tux.tsndcb at free.fr Wed Sep 23 14:45:37 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Wed, 23 Sep 2009 14:45:37 +0200 (CEST) Subject: Is it possible to have the same authentication key on several smartcard ? In-Reply-To: <1476655970.6628141253709902382.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <1700721014.6628201253709937121.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi Werner, Many thanks for your answer, I will try it. Best Regard ----- Mail Original ----- De: "Werner Koch" ?: "tux tsndcb" Cc: gnupg-users at gnupg.org Envoy?: Mercredi 23 Septembre 2009 13h36:49 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Is it possible to have the same authentication key on several smartcard ? On Wed, 23 Sep 2009 11:46, tux.tsndcb at free.fr said: > Is it possible to have the same authentication key on several smartcard ? Yes. You need to generate the key off-card and and then put it onto the card. Use gpg --edit-key and the subcommands genkey and keytocard for this. > Is it possible to done an authentication key backup when it has been generated directly on a smartcard ? No. An on-card generated key can't be extracted from the card (except for the public part of course). Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dkg at fifthhorseman.net Wed Sep 23 15:34:10 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 23 Sep 2009 09:34:10 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> <4AB92F16.1050300@bellsouth.net> <4AB93627.8040107@fifthhorseman.net> <90E3E1E5-F0AF-40EB-B4C6-61640E7EFED3@jabberwocky.com> <4AB9559F.4020906@fifthhorseman.net> Message-ID: <4ABA23D2.9080108@fifthhorseman.net> On 09/22/2009 07:16 PM, David Shaw wrote: > It doesn't work that way. The default is "the first valid key". It's > been that way in the PGP world since before GPG as a product was > written. If you want to propose a specific alternative, I'm ready to > listen, but I'm not going to defend the default behavior of 15+ years. OK; if i'm proposing one specific alternative, it would be: Select the most recently-generated valid key that has a non-revoked, non-expired encryption-capable subkey, and has a matching user ID with the highest-available-class of calculated validity for the given User ID. That is, if you have the following keys with matching User IDs and non-expired, non-revoked encryption-capable subkeys (or encryption-capable primary-keys): * A: unknown calculated validity, primary key created 2005-02-01 * B: marginal calculated validity, primary key created 2004-01-02 * C: full calculated validity, primary key created 2003-08-01 * D: full calculated validity, primary key created 2003-05-02 * E: marginal calculated validity, primary key created 2004-10-30 then C would be the most reasonable default choice for encryption, due to its full validity and creation date. If C and D weren't in the keyring, then E would be the next-best choice. A simple algorithm for doing this is to walk through the keys in the keyring with a matching User ID; keeping track of the "current best" key. When you look at a new key, compare validity with the "current best". If the new key has better validity, use it instead of the "current best". If the new key has worse validity, pass it over and move on. If the new key has the same validity as the "current best", compare primary key creation dates: if the new key was created more recently, use it instead of the "current best". > It's used everywhere user IDs are referenced in the product. --list-keys. > --edit-key, --sign-key, etc, etc. list-keys merely produces a list of *all* matching keys, and the documentation makes no promises about ordering; i don't much care what order they come out in this case. For edit-key and sign-key, the proposed heuristic makes less sense; there are already significant usability concerns with using either of these subcommands when specifying a key by an ambiguous User ID, and i'm not sure that this specific change would have any effect (good or bad) on the usability of these commands. At any rate, the usability concerns there seem less worrisome than the security concern associated with sending data encrypted to the wrong key. I hear you that the historic default is "first valid key", but there is little documentation about keyring ordering in the man page, nor is there any documentation that the in-keyring ordering can have significant security consequences. And i could find no documentation about how to change the order of keys in any keyring. Since the ordering is currently relevant in several places, i'd assume there would be a way to change it explicitly, but i can't seem to find it, other than the export/delete/import "push-to-end" procedure i noted earlier. Is there any other interface to change the keyring ordering that i've missed? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From bmearns at ieee.org Wed Sep 23 16:16:59 2009 From: bmearns at ieee.org (Brian Mearns) Date: Wed, 23 Sep 2009 10:16:59 -0400 Subject: Details of signature verification status-fd lines In-Reply-To: <87d45ixebs.fsf@vigenere.g10code.de> References: <4df3a1330909220726y2fda1d60vfa9158f468f10b21@mail.gmail.com> <87pr9jxb0g.fsf@vigenere.g10code.de> <4df3a1330909220850s3bea80c6se41efdde2394c3a9@mail.gmail.com> <87d45ixebs.fsf@vigenere.g10code.de> Message-ID: <4df3a1330909230716r501fde1co5c19701bc7c1227c@mail.gmail.com> On Wed, Sep 23, 2009 at 4:20 AM, Werner Koch wrote: > On Tue, 22 Sep 2009 17:50, bmearns at ieee.org said: > >> Thanks for the response. So EXPKEYSIG doesn't mean the key was expired >> when the signature was made, right? If that shows up along with > > It means that the key has expired by now. > >> VALIDSIG, it's ok to trust the signature, correct? What about > > That is up to you. ?Usually you would show a message stating that the > key used to create the message meanwhile expired. ?Whether you take the > signature creation date into account and show a different message is up > to you. ?If a signer wants to use an expired key for signing he may as > well change the signature creation time. > >> REVKEYSIG? If a key is revoked, is there an easy way to know if the >> signature was made prior to revocation, or would it be necessary to >> just compare the stamps on the signature and the revocation? > > There is no way becuase you don't know why the key was revoked. ?Sure > the revocation signature allows to give a reason of revocation and you > can take that in account, but if the key was compromised an attacker may > also create a revocation with a different reasons (e.g. key superseded). > You can't tell who did the revocation. > > > Salam-Shalom, > > ? Werner > > -- > Die Gedanken sind frei. ?Auschnahme regelt ein Bundeschgesetz. > > Great, thanks for the help, Werner. By the way, are there any python or PHP bindings for GPGME? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net From wk at gnupg.org Wed Sep 23 18:17:51 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 23 Sep 2009 18:17:51 +0200 Subject: choosing an encryption target from a User ID In-Reply-To: <4ABA23D2.9080108@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 23 Sep 2009 09:34:10 -0400") References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> <4AB92F16.1050300@bellsouth.net> <4AB93627.8040107@fifthhorseman.net> <90E3E1E5-F0AF-40EB-B4C6-61640E7EFED3@jabberwocky.com> <4AB9559F.4020906@fifthhorseman.net> <4ABA23D2.9080108@fifthhorseman.net> Message-ID: <87tyytws7k.fsf@vigenere.g10code.de> On Wed, 23 Sep 2009 15:34, dkg at fifthhorseman.net said: > OK; if i'm proposing one specific alternative, it would be: Please keep in mind that using a user ID is just to help the user in the most common case. Any proper mail tool won't accept such a solution but either presenr the user a list of matching keys and let him select a key or auto select the key based on such information. If possible you should use the fingerprint to select a key. Thus I consider this a wish for a future version. Feel free to add such a request to the bug tracker. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Wed Sep 23 18:22:49 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 23 Sep 2009 18:22:49 +0200 Subject: Details of signature verification status-fd lines In-Reply-To: <4df3a1330909230716r501fde1co5c19701bc7c1227c@mail.gmail.com> (Brian Mearns's message of "Wed, 23 Sep 2009 10:16:59 -0400") References: <4df3a1330909220726y2fda1d60vfa9158f468f10b21@mail.gmail.com> <87pr9jxb0g.fsf@vigenere.g10code.de> <4df3a1330909220850s3bea80c6se41efdde2394c3a9@mail.gmail.com> <87d45ixebs.fsf@vigenere.g10code.de> <4df3a1330909230716r501fde1co5c19701bc7c1227c@mail.gmail.com> Message-ID: <87pr9hwrza.fsf@vigenere.g10code.de> On Wed, 23 Sep 2009 16:16, bmearns at ieee.org said: > By the way, are there any python or PHP bindings for GPGME? Yes, there are several of them and we should really compile a list of them or actually add them to the distribution. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From John at Mozilla-Enigmail.org Wed Sep 23 18:53:25 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 23 Sep 2009 11:53:25 -0500 Subject: Details of signature verification status-fd lines In-Reply-To: <87pr9hwrza.fsf@vigenere.g10code.de> References: <4df3a1330909220726y2fda1d60vfa9158f468f10b21@mail.gmail.com> <87pr9jxb0g.fsf@vigenere.g10code.de> <4df3a1330909220850s3bea80c6se41efdde2394c3a9@mail.gmail.com> <87d45ixebs.fsf@vigenere.g10code.de> <4df3a1330909230716r501fde1co5c19701bc7c1227c@mail.gmail.com> <87pr9hwrza.fsf@vigenere.g10code.de> Message-ID: <4ABA5285.2010602@Mozilla-Enigmail.org> Werner Koch wrote: > On Wed, 23 Sep 2009 16:16, bmearns at ieee.org said: > >> By the way, are there any python or PHP bindings for GPGME? > > Yes, there are several of them and we should really compile a list of > them or actually add them to the distribution. It would be a huge help if added to the distro, Werner. Compiling a list would be a nice bonus for those who already have GPGME downloaded or installed. I was working on updating an application in Pascal that used the old GPGME api and knocked it to the backburner when I couldn't find updated Pascal bindings. (It was free work) -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Wed Sep 23 19:04:05 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 23 Sep 2009 13:04:05 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <87tyytws7k.fsf@vigenere.g10code.de> References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> <4AB92F16.1050300@bellsouth.net> <4AB93627.8040107@fifthhorseman.net> <90E3E1E5-F0AF-40EB-B4C6-61640E7EFED3@jabberwocky.com> <4AB9559F.4020906@fifthhorseman.net> <4ABA23D2.9080108@fifthhorseman.net> <87tyytws7k.fsf@vigenere.g10code.de> Message-ID: <4ABA5505.9020906@fifthhorseman.net> On 09/23/2009 12:17 PM, Werner Koch wrote: > Please keep in mind that using a user ID is just to help the user in the > most common case. Any proper mail tool won't accept such a solution but > either presenr the user a list of matching keys and let him select a key > or auto select the key based on such information. Has this been made this clear to collaborating MUA/plugin developers? I think the "auto select a key" step for MUAs or plugins is often implemented as "let gpg pick the key based on the user ID". I observed this exact behavior from enigmail, and it changed when i re-ordered my keys in my gpg keyring. You can see the discussion here: http://www.mozdev.org/pipermail/enigmail/2009-September/011491.html So it sounds like enigmail is relying on gpg at some level to do key selection among multiple User ID matches. It seemed to me that I could ask enigmail to improve their key selection process (fixing things just for enigmail users), or i could ask gpg to change the selection process (fixing things for enigmail users and all other gpg users). > Thus I consider this a wish for a future version. Feel free to add such > a request to the bug tracker. thanks, done: https://bugs.g10code.com/gnupg/issue1143 Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From tux.tsndcb at free.fr Wed Sep 23 21:28:40 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Wed, 23 Sep 2009 21:28:40 +0200 (CEST) Subject: How to used a smartcard who has already be used to backup my fisrt smartcard ? In-Reply-To: <480780751.6684991253733963004.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <1736710128.6685301253734120346.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi, Sorry, I need help again. I want to used an other smardcard to backup my first smartcard, but this other smartcard has already be used to generate keys so it isn't blank. I've successfully imported the secretkey (encription key) of my first smartcard on it by used bkuptocard command, this is good and the fingerprint is good. On a second PC I want to imported the public key, so I've put the good url (on the backup smartcard) and done a fecth, I've on error at the begin, because it try to import the public key of the old smartcard key but finish to import the good public key of my first smartcard is well imported on the other PC in the keyring. But when I done gpg2 --card-status I see nothing in general key info and sign counter is 0 But by gpa I can see than the three key's as always considerate store on the first card (it's the first smartcard serial number). What I've wrong or what's I've missing ? What is the good way ? Thanks in advanced. Best Regards From kloecker at kde.org Thu Sep 24 00:04:11 2009 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Thu, 24 Sep 2009 00:04:11 +0200 Subject: choosing an encryption target from a User ID In-Reply-To: <4ABA5505.9020906@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <87tyytws7k.fsf@vigenere.g10code.de> <4ABA5505.9020906@fifthhorseman.net> Message-ID: <200909240004.20963@thufir.ingo-kloecker.de> On Wednesday 23 September 2009, Daniel Kahn Gillmor wrote: > On 09/23/2009 12:17 PM, Werner Koch wrote: > > Please keep in mind that using a user ID is just to help the user > > in the most common case. Any proper mail tool won't accept such a > > solution but either presenr the user a list of matching keys and > > let him select a key or auto select the key based on such > > information. > > Has this been made this clear to collaborating MUA/plugin developers? > I think the "auto select a key" step for MUAs or plugins is often > implemented as "let gpg pick the key based on the user ID". I'm pretty sure that this will break horribly as soon as the user ID contains non-ASCII characters (as does my user ID). For exactly this reason I made KMail use the key ID instead of the user ID about 7 years ago. Is enigmail really still using the user ID? Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From dkg at fifthhorseman.net Thu Sep 24 00:32:25 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 23 Sep 2009 18:32:25 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <200909240004.20963@thufir.ingo-kloecker.de> References: <4AB90539.7020809@fifthhorseman.net> <87tyytws7k.fsf@vigenere.g10code.de> <4ABA5505.9020906@fifthhorseman.net> <200909240004.20963@thufir.ingo-kloecker.de> Message-ID: <4ABAA1F9.5090202@fifthhorseman.net> On 09/23/2009 06:04 PM, Ingo Kl?cker wrote: > I'm pretty sure that this will break horribly as soon as the user ID > contains non-ASCII characters (as does my user ID). For exactly this > reason I made KMail use the key ID instead of the user ID about 7 years > ago. What makes you think that non-ASCII characters would break a match? Presumably, all the tools are passing UTF-8 strings to each other, and GPG can easily find a match based on such a string. For example, it certainly works fine from the shell: 0 dkg at pip:~$ echo test | \ > gpg --encrypt --trust-model always -r 'Ingo Kl?cker' | \ > gpg --list-packets :pubkey enc packet: version 3, algo 16, keyid 30CFDDC732319538 data: [2047 bits] data: [2048 bits] :encrypted data packet: length: 64 mdc_method: 2 gpg: encrypted with 2048-bit ELG-E key, ID 32319538, created 2000-10-16 "Ingo Kl?cker " gpg: decryption failed: secret key not available 2 dkg at pip:~$ > Is enigmail really still using the user ID? I haven't dug into it deeply, but what i observed from my tests was that if i switched the order of keys in my gpg keyring, enigmail selected a different key for a recipient who had two keys with matching User IDs. So i suspect that Enigmail is indeed passing the e-mail address at least (if not the name) to gpg to select a reasonable key for encryption. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Thu Sep 24 10:57:04 2009 From: wk at gnupg.org (Werner Koch) Date: Thu, 24 Sep 2009 10:57:04 +0200 Subject: choosing an encryption target from a User ID In-Reply-To: <4ABA5505.9020906@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 23 Sep 2009 13:04:05 -0400") References: <4AB90539.7020809@fifthhorseman.net> <4AB9281E.6040008@Mozilla-Enigmail.org> <4AB92F16.1050300@bellsouth.net> <4AB93627.8040107@fifthhorseman.net> <90E3E1E5-F0AF-40EB-B4C6-61640E7EFED3@jabberwocky.com> <4AB9559F.4020906@fifthhorseman.net> <4ABA23D2.9080108@fifthhorseman.net> <87tyytws7k.fsf@vigenere.g10code.de> <4ABA5505.9020906@fifthhorseman.net> Message-ID: <87ljk4wwin.fsf@vigenere.g10code.de> On Wed, 23 Sep 2009 19:04, dkg at fifthhorseman.net said: > Has this been made this clear to collaborating MUA/plugin developers? I > think the "auto select a key" step for MUAs or plugins is often > implemented as "let gpg pick the key based on the user ID". I added PGP/MIME crypto to several MUA and as far as I can remember I always used the approach to listy all keys and then select the bext matching one. Mutt used this even before gpg; in recent code bases grep for crypt_getkeybyaddr. I have not looked at the enigmail code but I recall that the first PGP/MIME implementation for Mozilla (~2000) worked as I described. Unfortunately they refused this code. > https://bugs.g10code.com/gnupg/issue1143 Thanks. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From marcio.barbado at gmail.com Thu Sep 24 18:30:42 2009 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Thu, 24 Sep 2009 13:30:42 -0300 Subject: Two tidbits of potential interest In-Reply-To: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> References: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> Message-ID: <2df3b0cb0909240930q24d73f59md58b2b51dea27f85@mail.gmail.com> Hi David, about the first "tidbit": On Tue, Sep 22, 2009 at 6:08 PM, David Shaw wrote: > First of all, someone has factored a 512-bit RSA key (the one used to > protect a TI programmable calculator, it seems). ?It took 73 days on a > dual-core 1900Mhz Athlon64. ?It took just under 5 gigs of storage and around > 2.5 gigs of RAM. ?In other words: not much at all. ?It's not some big > distributed project - rather it's a single guy who wanted to factor it and > just left it running in the background for 2 and a half months. ?(This is > actually a month old - forgot to send it before now). > > http://www.unitedti.org/index.php?showtopic=8888 > dummy question: by factoring a public key integer, one can get somehow to its corresponding private key? Regards, Marcio Barbado, Jr. From dshaw at jabberwocky.com Thu Sep 24 19:21:48 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 24 Sep 2009 13:21:48 -0400 Subject: Two tidbits of potential interest In-Reply-To: <2df3b0cb0909240930q24d73f59md58b2b51dea27f85@mail.gmail.com> References: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> <2df3b0cb0909240930q24d73f59md58b2b51dea27f85@mail.gmail.com> Message-ID: <0E344DD2-27E3-4BC0-BC99-CE26A2D756B1@jabberwocky.com> On Sep 24, 2009, at 12:30 PM, M.B.Jr. wrote: > Hi David, > > about the first "tidbit": > > > On Tue, Sep 22, 2009 at 6:08 PM, David Shaw > wrote: >> First of all, someone has factored a 512-bit RSA key (the one used to >> protect a TI programmable calculator, it seems). It took 73 days >> on a >> dual-core 1900Mhz Athlon64. It took just under 5 gigs of storage >> and around >> 2.5 gigs of RAM. In other words: not much at all. It's not some big >> distributed project - rather it's a single guy who wanted to factor >> it and >> just left it running in the background for 2 and a half months. >> (This is >> actually a month old - forgot to send it before now). >> >> http://www.unitedti.org/index.php?showtopic=8888 >> > > > dummy question: > > by factoring a public key integer, one can get somehow to its > corresponding private key? Yes, that's exactly what happens. If you factor the public key, you can derive the private key. In the case above, it seems TI was using that 512-bit key to ensure that only TI could generate software images for their calculator. With the key factored, anyone can sign a software image. David From marcio.barbado at gmail.com Thu Sep 24 21:13:31 2009 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Thu, 24 Sep 2009 16:13:31 -0300 Subject: Two tidbits of potential interest In-Reply-To: <0E344DD2-27E3-4BC0-BC99-CE26A2D756B1@jabberwocky.com> References: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> <2df3b0cb0909240930q24d73f59md58b2b51dea27f85@mail.gmail.com> <0E344DD2-27E3-4BC0-BC99-CE26A2D756B1@jabberwocky.com> Message-ID: <2df3b0cb0909241213y76014c91l158945eacc9aa20f@mail.gmail.com> On Thu, Sep 24, 2009 at 2:21 PM, David Shaw wrote: > On Sep 24, 2009, at 12:30 PM, M.B.Jr. wrote: > >> Hi David, >> >> about the first "tidbit": >> >> >> On Tue, Sep 22, 2009 at 6:08 PM, David Shaw wrote: >>> >>> First of all, someone has factored a 512-bit RSA key (the one used to >>> protect a TI programmable calculator, it seems). ?It took 73 days on a >>> dual-core 1900Mhz Athlon64. ?It took just under 5 gigs of storage and >>> around >>> 2.5 gigs of RAM. ?In other words: not much at all. ?It's not some big >>> distributed project - rather it's a single guy who wanted to factor it >>> and >>> just left it running in the background for 2 and a half months. ?(This is >>> actually a month old - forgot to send it before now). >>> >>> http://www.unitedti.org/index.php?showtopic=8888 >>> >> >> >> dummy question: >> >> by factoring a public key integer, one can get somehow to its >> corresponding private key? > > Yes, that's exactly what happens. ?If you factor the public key, you can > derive the private key. > Is this a generic asymmetric premise? I mean: is it valid both to the (computational) Mathematics behind OpenPGP's and X.509's public keys' integers? Marcio Barbado, Jr. From tux.tsndcb at free.fr Thu Sep 24 22:44:01 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Thu, 24 Sep 2009 22:44:01 +0200 (CEST) Subject: Is it possible to have the same authentication key on several smartcard ? In-Reply-To: <1252468968.6824871253824982466.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <428393760.6824961253825041243.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi Werner, Sorry, but I've need more informations about it. I tried this : gpg2 --edit-key commande > genkey => commande invalide , may be you wanted to say addkey ?, but in this case what choice : RSA (sign only) or RSA (encrypt only) ? Thanks in advanced for these informations and your answer. Best Regards ----- Mail Original ----- De: "tux tsndcb" ?: "Werner Koch" Cc: gnupg-users at gnupg.org Envoy?: Mercredi 23 Septembre 2009 14h45:37 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Is it possible to have the same authentication key on several smartcard ? Hi Werner, Many thanks for your answer, I will try it. Best Regard ----- Mail Original ----- De: "Werner Koch" ?: "tux tsndcb" Cc: gnupg-users at gnupg.org Envoy?: Mercredi 23 Septembre 2009 13h36:49 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Is it possible to have the same authentication key on several smartcard ? On Wed, 23 Sep 2009 11:46, tux.tsndcb at free.fr said: > Is it possible to have the same authentication key on several smartcard ? Yes. You need to generate the key off-card and and then put it onto the card. Use gpg --edit-key and the subcommands genkey and keytocard for this. > Is it possible to done an authentication key backup when it has been generated directly on a smartcard ? No. An on-card generated key can't be extracted from the card (except for the public part of course). Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From kloecker at kde.org Thu Sep 24 22:56:10 2009 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Thu, 24 Sep 2009 22:56:10 +0200 Subject: choosing an encryption target from a User ID In-Reply-To: <4ABAA1F9.5090202@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <200909240004.20963@thufir.ingo-kloecker.de> <4ABAA1F9.5090202@fifthhorseman.net> Message-ID: <200909242256.15411@thufir.ingo-kloecker.de> On Thursday 24 September 2009, Daniel Kahn Gillmor wrote: > On 09/23/2009 06:04 PM, Ingo Kl?cker wrote: > > I'm pretty sure that this will break horribly as soon as the user > > ID contains non-ASCII characters (as does my user ID). For exactly > > this reason I made KMail use the key ID instead of the user ID > > about 7 years ago. > > What makes you think that non-ASCII characters would break a match? > Presumably, all the tools are passing UTF-8 strings to each other, > and GPG can easily find a match based on such a string. Does it also work with keys like 0xCB0D4CAF or 0xAB1BC4E6 created with PGP 6 (or earlier) where the user ID is not UTF-8 encoded? KMail applies some heuristics to guess the correct encoding if UTF-8 doesn't seem to work, but even if KMail guesses wrong and is not able to decode the user ID properly it's still possible to use such a key for encryption. Moreover, user IDs are not unique while key IDs (usually) are. So if you want to be sure that the correct key is used you cannot use the user ID. > For example, it certainly works fine from the shell: > > 0 dkg at pip:~$ echo test | \ > > > gpg --encrypt --trust-model always -r 'Ingo Kl?cker' | \ > > gpg --list-packets > > > :pubkey enc packet: version 3, algo 16, keyid 30CFDDC732319538 > > data: [2047 bits] > data: [2048 bits] > > :encrypted data packet: > > length: 64 > mdc_method: 2 > gpg: encrypted with 2048-bit ELG-E key, ID 32319538, created > 2000-10-16 "Ingo Kl?cker " > gpg: decryption failed: secret key not available > 2 dkg at pip:~$ Good to see that it works nowadays for UTF-8 encoded user IDs on systems using a UTF-8 locale. > > Is enigmail really still using the user ID? > > I haven't dug into it deeply, but what i observed from my tests was > that if i switched the order of keys in my gpg keyring, enigmail > selected a different key for a recipient who had two keys with > matching User IDs. > > So i suspect that Enigmail is indeed passing the e-mail address at > least (if not the name) to gpg to select a reasonable key for > encryption. Yeah, not very clever if you ask me. But, of course, I'm biased. :-) Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From tux.tsndcb at free.fr Thu Sep 24 23:01:46 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Thu, 24 Sep 2009 23:01:46 +0200 (CEST) Subject: Is it possible to have the same authentication key on several smartcard ? In-Reply-To: <662716871.6826111253825835617.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <1066992406.6826671253826106910.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi werner, I think I've the solution, could you confirm it please : gpg2 --edit-key commande > addkey RSA (sign only) Thanks in advanced for your answer Best Regards ----- Mail Original ----- De: "tux tsndcb" ?: "Werner Koch" Cc: gnupg-users at gnupg.org Envoy?: Jeudi 24 Septembre 2009 22h44:01 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Is it possible to have the same authentication key on several smartcard ? Hi Werner, Sorry, but I've need more informations about it. I tried this : gpg2 --edit-key commande > genkey => commande invalide , may be you wanted to say addkey ?, but in this case what choice : RSA (sign only) or RSA (encrypt only) ? Thanks in advanced for these informations and your answer. Best Regards ----- Mail Original ----- De: "tux tsndcb" ?: "Werner Koch" Cc: gnupg-users at gnupg.org Envoy?: Mercredi 23 Septembre 2009 14h45:37 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Is it possible to have the same authentication key on several smartcard ? Hi Werner, Many thanks for your answer, I will try it. Best Regard ----- Mail Original ----- De: "Werner Koch" ?: "tux tsndcb" Cc: gnupg-users at gnupg.org Envoy?: Mercredi 23 Septembre 2009 13h36:49 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Is it possible to have the same authentication key on several smartcard ? On Wed, 23 Sep 2009 11:46, tux.tsndcb at free.fr said: > Is it possible to have the same authentication key on several smartcard ? Yes. You need to generate the key off-card and and then put it onto the card. Use gpg --edit-key and the subcommands genkey and keytocard for this. > Is it possible to done an authentication key backup when it has been generated directly on a smartcard ? No. An on-card generated key can't be extracted from the card (except for the public part of course). Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From tux.tsndcb at free.fr Fri Sep 25 10:33:13 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Fri, 25 Sep 2009 10:33:13 +0200 (CEST) Subject: How to reset a smartcard ? In-Reply-To: <519085313.6855561253867361457.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <35780835.6856351253867593937.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi all, No body has an idea to "reset" a smartcard as factory settings ? I think it is possible, but I don't know how to do that. Thanks in advanced for your help. Best Regard ----- Mail Original ----- De: "tux tsndcb" ?: gnupg-users at gnupg.org Envoy?: Dimanche 20 Septembre 2009 08h51:52 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: How to reset a smartcard ? Hi, I wanted to hown how to "reset" a smartcard as factory settings or how to blanck all informations on the smartcard (Signature key, Encrpytion key, Authentication key ... to none) as on the first use. Thanks in advanced for your help. Best Regards _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Fri Sep 25 11:19:26 2009 From: wk at gnupg.org (Werner Koch) Date: Fri, 25 Sep 2009 11:19:26 +0200 Subject: Two tidbits of potential interest In-Reply-To: <2df3b0cb0909241213y76014c91l158945eacc9aa20f@mail.gmail.com> (M. B., Jr.'s message of "Thu, 24 Sep 2009 16:13:31 -0300") References: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> <2df3b0cb0909240930q24d73f59md58b2b51dea27f85@mail.gmail.com> <0E344DD2-27E3-4BC0-BC99-CE26A2D756B1@jabberwocky.com> <2df3b0cb0909241213y76014c91l158945eacc9aa20f@mail.gmail.com> Message-ID: <87eipvv0td.fsf@vigenere.g10code.de> On Thu, 24 Sep 2009 21:13, marcio.barbado at gmail.com said: > Is this a generic asymmetric premise? > I mean: is it valid both to the (computational) Mathematics behind > OpenPGP's and X.509's public keys' integers? Yes. All real world asymmetric algorithms are build on a hard so solve computional problem. Factoring is such a hard problem and the RSA algorithm is based on it. Another widely used hard problem is solving the discrete logarithm, the DSA and Elgamal algorithms are based on it. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Sep 25 11:48:36 2009 From: wk at gnupg.org (Werner Koch) Date: Fri, 25 Sep 2009 11:48:36 +0200 Subject: How to reset a smartcard ? In-Reply-To: <35780835.6856351253867593937.JavaMail.root@zimbra7-e1.priv.proxad.net> (tux tsndcb's message of "Fri, 25 Sep 2009 10:33:13 +0200 (CEST)") References: <35780835.6856351253867593937.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <87ab0juzgr.fsf@vigenere.g10code.de> On Fri, 25 Sep 2009 10:33, tux.tsndcb at free.fr said: > No body has an idea to "reset" a smartcard as factory settings ? I think it is possible, but I don't know how to do that. If you have a version 2 card, this is possible. WARNING: Don't run the commands given below on version 1 cards - you will brick the card. 1. First you have to lock the PIN by decremeting the retry counters. I do it this way: $ gpg-connect-agent --hex > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 83 i. > scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 D[0000] 69 83 i. The status code 6983 says that the PIN is locked. I use a PIN of "@@@@@@@@" which is very likey invalid. 2. You terminate the card and activate it again: > scd apdu 00 e6 00 00 D[0000] 90 00 .. OK > scd apdu 00 44 00 00 D[0000] 90 00 .. OK > bye OK closing connection > Remove the card and insert it again. That's all. gpg --card-status shows a fresh card. To make things easier you may send the lines below as input to gpg-connect-agent (store them in a file and run "gpg-connect-agent < FILE"). ====== /hex scd serialno scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 e6 00 00 scd apdu 00 44 00 00 /echo card has been reset to factory defaults ===== gpg-connect-agent has a complete scripting language, you may use it to write a more robust script with error checking etc. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tux.tsndcb at free.fr Fri Sep 25 12:42:25 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Fri, 25 Sep 2009 12:42:25 +0200 (CEST) Subject: How to reset a smartcard ? In-Reply-To: <176879562.6876541253875236451.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <2072141048.6876711253875345199.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi Werner, Your help is a pleasure, thanks you very much, it works fine. Best Regars. ----- Mail Original ----- De: "Werner Koch" ?: "tux tsndcb" Cc: gnupg-users at gnupg.org Envoy?: Vendredi 25 Septembre 2009 11h48:36 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: How to reset a smartcard ? On Fri, 25 Sep 2009 10:33, tux.tsndcb at free.fr said: > No body has an idea to "reset" a smartcard as factory settings ? I think it is possible, but I don't know how to do that. If you have a version 2 card, this is possible. WARNING: Don't run the commands given below on version 1 cards - you will brick the card. 1. First you have to lock the PIN by decremeting the retry counters. I do it this way: $ gpg-connect-agent --hex > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 83 i. > scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 D[0000] 69 82 i. OK > scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 D[0000] 69 83 i. The status code 6983 says that the PIN is locked. I use a PIN of "@@@@@@@@" which is very likey invalid. 2. You terminate the card and activate it again: > scd apdu 00 e6 00 00 D[0000] 90 00 .. OK > scd apdu 00 44 00 00 D[0000] 90 00 .. OK > bye OK closing connection > Remove the card and insert it again. That's all. gpg --card-status shows a fresh card. To make things easier you may send the lines below as input to gpg-connect-agent (store them in a file and run "gpg-connect-agent < FILE"). ====== /hex scd serialno scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 e6 00 00 scd apdu 00 44 00 00 /echo card has been reset to factory defaults ===== gpg-connect-agent has a complete scripting language, you may use it to write a more robust script with error checking etc. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dshaw at jabberwocky.com Fri Sep 25 13:50:47 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 25 Sep 2009 07:50:47 -0400 Subject: Two tidbits of potential interest Message-ID: On Sep 24, 2009, at 3:13 PM, M.B.Jr. wrote: > On Thu, Sep 24, 2009 at 2:21 PM, David Shaw > wrote: >> On Sep 24, 2009, at 12:30 PM, M.B.Jr. wrote: >> >>> Hi David, >>> >>> about the first "tidbit": >>> >>> >>> On Tue, Sep 22, 2009 at 6:08 PM, David Shaw >>> wrote: >>>> >>>> First of all, someone has factored a 512-bit RSA key (the one >>>> used to >>>> protect a TI programmable calculator, it seems). It took 73 days >>>> on a >>>> dual-core 1900Mhz Athlon64. It took just under 5 gigs of storage >>>> and >>>> around >>>> 2.5 gigs of RAM. In other words: not much at all. It's not some >>>> big >>>> distributed project - rather it's a single guy who wanted to >>>> factor it >>>> and >>>> just left it running in the background for 2 and a half months. >>>> (This is >>>> actually a month old - forgot to send it before now). >>>> >>>> http://www.unitedti.org/index.php?showtopic=8888 >>>> >>> >>> >>> dummy question: >>> >>> by factoring a public key integer, one can get somehow to its >>> corresponding private key? >> >> Yes, that's exactly what happens. If you factor the public key, >> you can >> derive the private key. >> > > > Is this a generic asymmetric premise? > I mean: is it valid both to the (computational) Mathematics behind > OpenPGP's and X.509's public keys' integers? Factoring is an attack against RSA. It applies to wherever RSA keys are used, whether OpenPGP, X.509, or whatever you like. This idea is not specific to RSA though: there are other, similar (in general concept, though not in the specific math of course) attacks against other asymmetric systems. The goal is to make it hard (for whatever definition of "hard" works for your particular environment) to derive anything non-public from the public key. Keep in mind that nobody has used a 512-bit key in many years (they're too small, as this result makes clear). It seems TI's mistake here was in choosing a 512-bit key in the (around) 1999-2001 time frame, and not realizing that less than a decade later, that key length would be small enough for someone to factor in their spare time. It's a little surprising, as it was well known around that time that 512 bits were not sufficient. I wonder if the memory size and CPU capability of what is essentially a pocket calculator influenced that decision. David From dkg at fifthhorseman.net Fri Sep 25 16:04:36 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 25 Sep 2009 10:04:36 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <200909242256.15411@thufir.ingo-kloecker.de> References: <4AB90539.7020809@fifthhorseman.net> <200909240004.20963@thufir.ingo-kloecker.de> <4ABAA1F9.5090202@fifthhorseman.net> <200909242256.15411@thufir.ingo-kloecker.de> Message-ID: <4ABCCDF4.9090808@fifthhorseman.net> On 09/24/2009 04:56 PM, Ingo Kl?cker wrote: > Does it also work with keys like 0xCB0D4CAF or 0xAB1BC4E6 created with > PGP 6 (or earlier) where the user ID is not UTF-8 encoded? hm; 0xCB0D4CAF looks to me like it expired 5 years ago; and 0xAB1BC4E6 doesn't appear to be available on the public keyservers at all. Do you have any examples that are both public and still valid? RFC 2440 (over a decade ago) mandates UTF-8 for user IDs: http://tools.ietf.org/html/rfc2440#section-5.11 > Moreover, user IDs are not unique while key IDs (usually) are. So if you > want to be sure that the correct key is used you cannot use the user > ID. 8-xdigit key IDs are fairly easy to replicate with today's hardware, so relying on their uniqueness is not a good idea from a security perspective. Full 40-xdigit fingerprints are probably effectively unique for the time being, though. You're not the first person to suggest that supplying the key ID (or fingerprint) directly is the best approach, but doing this just moves a serious problem from GnuPG onto the shoulders of the user (or their MUA or other tools). The problem that gets shifted in this case is: what key should you use to encrypt data to a specific person? This is a potentially complicated problem, and the right answer changes in the face of changed/updated/revoked certifications, expirations, altered trust relationships, etc. Asking the user (or their MUA) to hard-code a single key ID means that you're asking them to ignore all these possible changes when they happen. Asking every MUA to implement their own mapping from User IDs to key IDs seems like a recipe for either weird divergence (should kmail select a different key than enigmail for foo at example.org?) or plain insecure mappings (e.g. an MUA developer who doesn't understand the problem of certificate validation as well as the GnuPG developers). Since most of these tools rely on gpg as a backend, implementing a more-reasonable choice in gpg seems like a good idea. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Fri Sep 25 17:06:12 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 25 Sep 2009 11:06:12 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4ABCCDF4.9090808@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <200909240004.20963@thufir.ingo-kloecker.de> <4ABAA1F9.5090202@fifthhorseman.net> <200909242256.15411@thufir.ingo-kloecker.de> <4ABCCDF4.9090808@fifthhorseman.net> Message-ID: <4807E3A0-5D24-4853-B173-E45AB64E1E87@jabberwocky.com> On Sep 25, 2009, at 10:04 AM, Daniel Kahn Gillmor wrote: > Since most of > these tools rely on gpg as a backend, implementing a more-reasonable > choice in gpg seems like a good idea. What troubles me about this sort of behavior is that it is genuinely good and helpful in some cases and baffling and off-putting in others. For example, someone has two different Alice keys in their keyring. Both keys have a single UID, which is signed by Baker. One of the Alices (call her Alice1) is also signed by Charlie. The other Alice (Alice2) is signed by Dan. Alice2 is a newer key than Alice1. At the moment, the keyring contains Alice1, Alice2, and Baker. We have full trust in Charlie and Dan, but they are not currently present in the keyring. We have a marginal trust in both Alices through Baker, so following the suggested algorithm we pick Alice2 (as it is a newer key). Now, the user imports Charlie's key. This completely changes the calculation: we have full trust in Alice1 through Charlie, so Alice1 is now fully trusted. We switch over to encrypting to Alice1 - it's the older key, but it has full trust. Then, the user imports Dan's key. This completely changes the calculation again: we now have full trust in both Alices, so we again pick the more recent key, and pick Alice2. Then there is the case where someone doesn't automatically rebuild their trustdb - they can be in a position of having GPG pick one key, then a rebuild is triggered, causing the other key to be picked. I'm not against that behavior - it's reasonable and makes sense... to someone who really understands the web of trust and OpenPGP. My problem is that there is the potential for a lot of confusion here. Making the behavior optional doesn't really resolve that, as to be useful, you want this sort of key-picking behavior to be the default (I might even argue that if we do it, it shouldn't be something that could be switched off, as at least there would be only 1 confusing behavior to document, rather than two). David From marcio.barbado at gmail.com Fri Sep 25 19:22:00 2009 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Fri, 25 Sep 2009 14:22:00 -0300 Subject: Two tidbits of potential interest In-Reply-To: <87eipvv0td.fsf@vigenere.g10code.de> References: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> <2df3b0cb0909240930q24d73f59md58b2b51dea27f85@mail.gmail.com> <0E344DD2-27E3-4BC0-BC99-CE26A2D756B1@jabberwocky.com> <2df3b0cb0909241213y76014c91l158945eacc9aa20f@mail.gmail.com> <87eipvv0td.fsf@vigenere.g10code.de> Message-ID: <2df3b0cb0909251022v4dbadca2p5dd4d9868abf1280@mail.gmail.com> Hi Werner, On Fri, Sep 25, 2009 at 6:19 AM, Werner Koch wrote: > On Thu, 24 Sep 2009 21:13, marcio.barbado at gmail.com said: > >> Is this a generic asymmetric premise? >> I mean: is it valid both to the (computational) Mathematics behind >> OpenPGP's and X.509's public keys' integers? > > Yes. All real world asymmetric algorithms are build on a hard so solve > computional problem. Factoring is such a hard problem and the RSA > algorithm is based on it. Another widely used hard problem is solving > the discrete logarithm, the DSA and Elgamal algorithms are based on it. > so, focusing on key pair generation, one could state RSA keys are built upon the product of large primes, which would put factoring as the main problem to be solved; whereas Elgamal keys are more complex than that, once it involves primes under the discrete logarithms' context. And as a conclusion, Elgamal problems would be harder to solve. Is it correct? Regards, Marcio Barbado, Jr. From kloecker at kde.org Fri Sep 25 20:40:41 2009 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Fri, 25 Sep 2009 20:40:41 +0200 Subject: choosing an encryption target from a User ID In-Reply-To: <4ABCCDF4.9090808@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <200909242256.15411@thufir.ingo-kloecker.de> <4ABCCDF4.9090808@fifthhorseman.net> Message-ID: <200909252040.46154@thufir.ingo-kloecker.de> On Friday 25 September 2009, Daniel Kahn Gillmor wrote: > On 09/24/2009 04:56 PM, Ingo Kl?cker wrote: > > Does it also work with keys like 0xCB0D4CAF or 0xAB1BC4E6 created > > with PGP 6 (or earlier) where the user ID is not UTF-8 encoded? > > hm; 0xCB0D4CAF looks to me like it expired 5 years ago; and > 0xAB1BC4E6 doesn't appear to be available on the public keyservers at > all. I guess that's just my luck picking exactly those two keys in my keyring that have either expired or are not publically available. :-) > Do you have any examples that are both public and still valid? 0xF661F608 (This is _not_ one of my keys. Funny enough this Ingo Kl?cker went to the same school and the same university as I did.) 0x104B0FAF, 0x5706A4B4, 0xD96484AC, 0x7C52AC99, 0xAFA03822, 0x91190EF9 (this last one is definitely still in use) > RFC 2440 (over a decade ago) mandates UTF-8 for user IDs: > > http://tools.ietf.org/html/rfc2440#section-5.11 I'm fully aware of this. > > Moreover, user IDs are not unique while key IDs (usually) are. So > > if you want to be sure that the correct key is used you cannot use > > the user ID. > > 8-xdigit key IDs are fairly easy to replicate with today's hardware, > so relying on their uniqueness is not a good idea from a security > perspective. Full 40-xdigit fingerprints are probably effectively > unique for the time being, though. True. Actually, I lied about KMail using key IDs. Since about 6.5 years KMail uses gpgme and leaves all of those hairy details (like telling gpg what keys to use) to this library. > You're not the first person to suggest that supplying the key ID (or > fingerprint) directly is the best approach, but doing this just moves > a serious problem from GnuPG onto the shoulders of the user (or their > MUA or other tools). > > The problem that gets shifted in this case is: what key should you > use to encrypt data to a specific person? This is a potentially > complicated problem, and the right answer changes in the face of > changed/updated/revoked certifications, expirations, altered trust > relationships, etc. Asking the user (or their MUA) to hard-code a > single key ID means that you're asking them to ignore all these > possible changes when they happen. I don't see why harmless changes (see David's example) shouldn't be ignored. If the user hard-coded the key Alice1, then what's wrong with using this key as long as it's valid. Obviously, any changes making a hard-coded key invalid need to be escalated and such a key must not be used anymore by the MUA. > Asking every MUA to implement their own mapping from User IDs to key > IDs seems like a recipe for either weird divergence (should kmail > select a different key than enigmail for foo at example.org?) If for some email address multiple matching valid keys are found by KMail (or rather gpgme) then KMail asks the user which key(s) to use (and then remembers the user's choice). This transparency gives me a better feeling than some automagic behind-my-back key selection based on user ID/email address. > or plain > insecure mappings (e.g. an MUA developer who doesn't understand the > problem of certificate validation as well as the GnuPG developers). Full ACK. That's why MUA developers should use gpgme or an appropriate binding. > Since most of these tools rely on gpg as a backend, implementing a > more-reasonable choice in gpg seems like a good idea. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From dkg at fifthhorseman.net Fri Sep 25 21:40:11 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 25 Sep 2009 15:40:11 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <4807E3A0-5D24-4853-B173-E45AB64E1E87@jabberwocky.com> References: <4AB90539.7020809@fifthhorseman.net> <200909240004.20963@thufir.ingo-kloecker.de> <4ABAA1F9.5090202@fifthhorseman.net> <200909242256.15411@thufir.ingo-kloecker.de> <4ABCCDF4.9090808@fifthhorseman.net> <4807E3A0-5D24-4853-B173-E45AB64E1E87@jabberwocky.com> Message-ID: <4ABD1C9B.4000503@fifthhorseman.net> On 09/25/2009 11:06 AM, David Shaw wrote: > What troubles me about this sort of behavior is that it is genuinely > good and helpful in some cases and baffling and off-putting in others. > For example, someone has two different Alice keys in their keyring. > Both keys have a single UID, which is signed by Baker. One of the > Alices (call her Alice1) is also signed by Charlie. The other Alice > (Alice2) is signed by Dan. Alice2 is a newer key than Alice1. just to be clear: these are two keys with User IDs corresponding to the same e-mail address, right? And that person knows Baker, and Baker has verified them with the keyholder, so presumably they're held by the same person. > At the moment, the keyring contains Alice1, Alice2, and Baker. We have > full trust in Charlie and Dan, but they are not currently present in the > keyring. How does the keyring holder indicate full trust in charlie and dan without them being present in the keyring? Have they done some sort of weird gpg --import-trustdb operation without pulling in the key itself? Is this something people normally do? If the user is assigning trust to charlie and dan explicitly during the key imports you describe, does that make the change in key selection behavior less confusing? > I'm not against that behavior - it's reasonable and makes sense... to > someone who really understands the web of trust and OpenPGP. Your implication here is that it doesn't make sense to someone who doesn't understand the WoT and OpenPGP. i think you're correct, sadly. But i think that the current behavior also doesn't make sense to those same people; if you haven't thought about how to choose a key based on the user ID, the whole process doesn't make sense. In that (admittedly confused) state, it's even more important that the tools make healthy choices. What's more, there are (unusual) use cases for the current behavior that result in confusion and dangerously bad security. For example, Charlie imported Alice's key a few years ago, and he imported Bob's key more recently. Charlie has certified both Alice and Bob's keys, so from his perspective they both have full calculated validity. Charlie granted Alice marginal ownertrust, because he think she's pretty good at making reasonable certifications. Charlie conscientiously runs a "gpg --refresh" every so often, and one day Alice adds some new User IDs to her key (one of which matches "Bob"'s User ID). Every message Charlie now sends to Bob is going to be encrypted to this bad User ID. Bob won't be able to read them. Even worse: if Alice has the ability to tamper with the mail stream between Charlie and Bob, she can intercept the messages, decrypt them, and re-encrypt them to Bob. Even if Charlie hadn't granted Alice marginal ownertrust, after he updated her key, every time he tried to encrypt data to Bob, he'd get a big warning about using a key with a poorly-bound User ID. > My problem is that there is the potential for a lot of confusion here. > Making the behavior optional doesn't really resolve that, as to be > useful, you want this sort of key-picking behavior to be the default (I > might even argue that if we do it, it shouldn't be something that could > be switched off, as at least there would be only 1 confusing behavior to > document, rather than two). Yeah, i think this is reasonable. I think the simple description of the behavior is: Any time you encrypt data to another person, gpg figures out which key to use for them. To make sure gpg can decide well, be sure to keep your keyring up-to-date and only mark keys with "ownertrust" if you seriously believe the keyholder will only issue valid certifications. People who want further detail gets into "how does gpg make that decision?" (with the exact algorithm description) and "what if i want to map names or e-mail addresses to keys differently?" (answer: use another tool that can do the bindings for you; that tool should specify full key fingerprints to gpg for encryption) I'm glad to see that werner thinks this might be possible for 2.1: https://bugs.g10code.com/gnupg/issue1143 can you or Werner point to more documentation about how the keybox will work with OpenPGP certificates as well as X.509? Or should i just read the source? I'm interested to learn more about how you break that down. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From kloecker at kde.org Sat Sep 26 00:58:57 2009 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Sat, 26 Sep 2009 00:58:57 +0200 Subject: choosing an encryption target from a User ID In-Reply-To: <4ABD1C9B.4000503@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <4807E3A0-5D24-4853-B173-E45AB64E1E87@jabberwocky.com> <4ABD1C9B.4000503@fifthhorseman.net> Message-ID: <200909260058.57863@thufir.ingo-kloecker.de> On Friday 25 September 2009, Daniel Kahn Gillmor wrote: > On 09/25/2009 11:06 AM, David Shaw wrote: > > What troubles me about this sort of behavior is that it is > > genuinely good and helpful in some cases and baffling and > > off-putting in others. For example, someone has two different Alice > > keys in their keyring. Both keys have a single UID, which is signed > > by Baker. One of the Alices (call her Alice1) is also signed by > > Charlie. The other Alice (Alice2) is signed by Dan. Alice2 is a > > newer key than Alice1. > > just to be clear: these are two keys with User IDs corresponding to > the same e-mail address, right? And that person knows Baker, and > Baker has verified them with the keyholder, so presumably they're > held by the same person. > > > At the moment, the keyring contains Alice1, Alice2, and Baker. We > > have full trust in Charlie and Dan, but they are not currently > > present in the keyring. > > How does the keyring holder indicate full trust in charlie and dan > without them being present in the keyring? Have they done some sort > of weird gpg --import-trustdb operation without pulling in the key > itself? Is this something people normally do? > > If the user is assigning trust to charlie and dan explicitly during > the key imports you describe, does that make the change in key > selection behavior less confusing? > > > I'm not against that behavior - it's reasonable and makes sense... > > to someone who really understands the web of trust and OpenPGP. > > Your implication here is that it doesn't make sense to someone who > doesn't understand the WoT and OpenPGP. i think you're correct, > sadly. But i think that the current behavior also doesn't make sense > to those same people; if you haven't thought about how to choose a > key based on the user ID, the whole process doesn't make sense. In > that (admittedly confused) state, it's even more important that the > tools make healthy choices. > > What's more, there are (unusual) use cases for the current behavior > that result in confusion and dangerously bad security. For example, > Charlie imported Alice's key a few years ago, and he imported Bob's > key more recently. Charlie has certified both Alice and Bob's keys, > so from his perspective they both have full calculated validity. > Charlie granted Alice marginal ownertrust, because he think she's > pretty good at making reasonable certifications. > > Charlie conscientiously runs a "gpg --refresh" every so often, and > one day Alice adds some new User IDs to her key (one of which matches > "Bob"'s User ID). Every message Charlie now sends to Bob is going to > be encrypted to this bad User ID. Bob won't be able to read them. > Even worse: if Alice has the ability to tamper with the mail stream > between Charlie and Bob, she can intercept the messages, decrypt > them, and re-encrypt them to Bob. > > Even if Charlie hadn't granted Alice marginal ownertrust, after he > updated her key, every time he tried to encrypt data to Bob, he'd get > a big warning about using a key with a poorly-bound User ID. This example is a good example why "hard-coding" what key to use for a which contact/recipient (e.g. in the address book of the MUA) isn't such a bad idea. Once Bob's key has been stored in my address book Alice won't be able to trick me into using her key instead of Bob's. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From nschroth at fuse.net Sat Sep 26 01:19:12 2009 From: nschroth at fuse.net (nschroth) Date: Fri, 25 Sep 2009 16:19:12 -0700 (PDT) Subject: Decryption Fails on UserName but not on EmailAddress ??? Message-ID: <25577787.post@talk.nabble.com> I have been reading previous posts on this topic but have not found my answer. When I ENcrypt on BoxA using -r UserName, decryption on BoxB errors with : "decryption failed: secret key not available". However, doing the same test using the email address associated with the recipient, Decryption WORKS. Can anyone offer some reasons for this? Did we gen or export or import the key incorrectly? -- View this message in context: http://www.nabble.com/Decryption-Fails-on-UserName-but-not-on-EmailAddress-----tp25577787p25577787.html Sent from the GnuPG - User mailing list archive at Nabble.com. From dshaw at jabberwocky.com Sat Sep 26 01:42:22 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 25 Sep 2009 19:42:22 -0400 Subject: Decryption Fails on UserName but not on EmailAddress ??? In-Reply-To: <25577787.post@talk.nabble.com> References: <25577787.post@talk.nabble.com> Message-ID: <36596EBE-7E17-43B3-AA65-83059CF87169@jabberwocky.com> On Sep 25, 2009, at 7:19 PM, nschroth wrote: > > I have been reading previous posts on this topic but have not found my > answer. > When I ENcrypt on BoxA using -r UserName, decryption on BoxB errors > with : > "decryption failed: secret key not available". > However, doing the same test using the email address associated with > the > recipient, Decryption WORKS. It sounds like you have two keys. When you use "-r username" you're matching one of them. When you use "-r emailaddress at example.com" you're matching the other one. Check your keyring to be sure: do a "gpg --list-keys username" to see all keys that match that name. David From sdutt at allstate.com Thu Sep 10 17:27:59 2009 From: sdutt at allstate.com (Dutta, Sudip) Date: Thu, 10 Sep 2009 15:27:59 -0000 Subject: GPG decryption error Message-ID: <977A9EC68BD8664DB7F43C1FFD23D2D006928E72@a0001-xpo0150-s.hodc.ad.allstate.com> Hello, I'd really appreciate if someone can provide feedback with a decryption-related error we're getting. For an encrypted file of size approx. 2 - 4 gigs, encrypted by a user using the same key that is being used for decrypting it, there are errors, as listed below - however there are no errors on decrypting a smaller file of size less than 1 gig - sdutt at gl5705rk02 [/work/ew11/IS/Data/CreditArchives/mainframe/gpgtest/test] $ --> gpg --output r02_allvar_il --decrypt r02_allvar_il.pgp gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information You need a passphrase to unlock the secret key for user: "sdutt " 2048-bit ELG-E key, ID CAB7C3F4, created 2009-08-11 (main key ID D36BE972) gpg: encrypted with 2048-bit ELG-E key, ID CAB7C3F4, created 2009-08-11 "sdutt " gpg: [don't know]: invalid packet (ctb=41) gpg: [don't know]: invalid packet (ctb=20) gpg: mdc_packet with invalid encoding gpg: decryption failed: invalid packet gpg: [don't know]: invalid packet (ctb=41) sdutt at gl5705rk02 [/work/ew11/IS/Data/CreditArchives/mainframe/gpgtest/test] $ --> ________________________________________________________________________ ______________________________________ Not sure if there are restrictions on size of a file that can be encrypted or decrypted, or if there are separate options that need to be used for large files. The file encrypted by us with the key of a user, is sent by remote ftp to that user, who after decrypting it, and a few necessary modifications to the data in the file, encrypts it using our key, which then is received by us by remote ftp - this process, with the same keys, works without any issues for smaller files less than a gig. We are using the latest version of GPG on a UNIX Solaris server. Your help on this will be appreciated. Thanks, Sudip -------------- next part -------------- An HTML attachment was scrubbed... URL: From horos11 at gmail.com Sat Sep 12 03:36:31 2009 From: horos11 at gmail.com (Edward Peschko) Date: Fri, 11 Sep 2009 18:36:31 -0700 Subject: gnupg and encrypted empty files. Message-ID: <5cfa99000909111836o6969c070pd8e5ee97b9ca4c5b@mail.gmail.com> All, I'm trying to use gpg-1.4.9, and noticed an odd thing. When a file that is empty is encrypted, decrypting it with --output does not produce an empty file.. It produces NO file at all, and NO system errors. This is exceedingly odd - is this by design, and if so, why? It sure is a pain.. Ed From adrian.koszorus at gmail.com Wed Sep 16 16:39:31 2009 From: adrian.koszorus at gmail.com (adrian_k) Date: Wed, 16 Sep 2009 07:39:31 -0700 (PDT) Subject: GPG key not working with other username Message-ID: <25473855.post@talk.nabble.com> Hi all, I need your help really urgent. I created a GPG key on a server with a username. When i try to encrypt a file using that same key but using a different NT user account it doesn't work. How can I grant other users access to the key? Thanks -- View this message in context: http://www.nabble.com/GPG-key-not-working-with-other-username-tp25473855p25473855.html Sent from the GnuPG - User mailing list archive at Nabble.com. From gordian.klein at googlemail.com Tue Sep 22 20:17:11 2009 From: gordian.klein at googlemail.com (Gordian Klein) Date: Tue, 22 Sep 2009 18:17:11 +0000 Subject: =?windows-1252?Q?Einladung=3A_How_secure_asymmetric_encryption_to_yours?= =?windows-1252?Q?elf=3F_=40_Sa_21=2E_M=E4r=2E_02=3A00_=96_03=3A00_=28GnuPG_Users=29?= Message-ID: <001636c5bc986f1c0f04742e9b69@google.com> Sie wurden f?r den folgenden Termin eingeladen. Titel: How secure asymmetric encryption to yourself? Hi! gerry_lowry (alliston ontario canada) schrieb: > Sven Radde wrote, in part: > > "... there are more usable ways of managing one's passwords > than storing them in a GnuPG file". > > I'm curious what "more usable ways" there are that Sven and others > can recommend. /First of all, @Listowner: Let me know if this should be taken off-list because it's too OT.../ I mean tools like Keepass/KeepassX, PasswordSafe, or similar (even the Firefox password manager can encrypt stored passwords with 3DES and a master password). I also mean a Truecrypt volume or loopback container for storing the password file. For Linux, encfs or ecryptfs come to mind, too. The reasons are as follows: With GnuPG, you have encrypted one file. To be secure, you must now delete the original copy, which is not easy in itself, although recent research [1] seems to show that a single overwrite is sufficient for secure wiping. Didn't we have a discussion about secure deletion not too long ago? Now, to access your encrypted passwords, you need to decrypt the file, resulting in an unencrypted version of it on your drive. When you are done, you have to securely delete it again. If you have modified the file, you have to remember to encrypt it between having saved the changes and deleting it. Of course, you can set the thing up in a way that the unencrypted file is written to a RAM-only disk, but keep hibernation and swapfile issues in mind. You can also have GnuPG output the data to the console only, if you just have to read a password (I have no idea if there are possibilities that console output find its way into logfiles or similar, though). Depending on the size of your password file, you have quite a number of lines written to the console where you have to find the password that you need for the moment. If you'd format the file like: purpose1 -> password1 purpose2 -> password2 you could do something like "gpg passwords.gpg | grep purpose2" to find the password you need. As mentioned, some shellscripts could automate the process (create a ramfs mountpoint, decrypt the password file to there, grep it to find a desired password, or launch a text editor, re-encrypt the file after the editor closes, unmount the ramfs). KeepassX, e.g., supports organizing your password file into groups, adding metadata such as URLs to the passwords, comfortable hotkeys, integrated random password generator, password entropy estimation etc. The main difference, though is the transparent way to access your passwords (this is also true for Truecrypt and the other mentioned encrypting filesystems): Enter the master-password, work with the password file(s), lock the storage again. Done. No unencrypted copy on disk, ever (apart from the abovementioned swapfile and hibernation). Given these tools I also disagree with the notion that "frequently used passwords reside in one's memory" (although I remember quite some passwords, myself). Password-reuse is one of the greatest problems with passwords (and, btw, becomes quite infeasible once you have to deal with varying complexity-policies, different expiration-intervals etc) and passwords you have to remember tend, in general, to be weaker than those that you don't have to remember. With Keepass, you can have a different 20-character pseudo-random password for every stupid web forum (not to mention the more important things). It just doesn't matter whether your password is "123" or "las2ieu7hxalm5iuemalie" if it's just pressing "Ctrl-Shift-A" to auto-type username and password into the login form. I do not mean to endorse specific pieces of software here, nor do I mean to belittle GnuPG. But I think you need the right tool for right task. And GnuPG IMHO has its strengths not in providing protection to frequently accessed (and modified) files. If you need to archive a backup copy of your passwords on a remote server, that's a wholly different issue, though. GnuPG will do an excellent job there and digital signatures are even a bonus. cu, Sven [1] http://www.springerlink.com/content/408263ql11460147/ -- unfortunately only the abstract is free for general access _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Wann: Sa 21. M?r. 02:00 ? 03:00 Berlin Kalender: GnuPG Users Wer: * Gordian Klein- Organisator * GnuPG Users * gerry_lowry (alliston ontario canada) Termindetails: http://www.google.com/calendar/event?action=VIEW&eid=X2M0bzM4ZTlpNnBnbThiYjVjb3BqY2I5azc1aWplYjlwNmRoM2FiOWs2MWozZWQzMzY5aDMwYzlnNjggZ251cGctdXNlcnNAZ251cGcub3Jn&tok=MjgjZ29yZGlhbi5rbGVpbkBnb29nbGVtYWlsLmNvbWE4ZDVjMmRjZmE0ZWNkNTBiMGI1M2VhZjUxNzA2NDEyN2MzOTNlM2E&ctz=Europe%2FBerlin&hl=de Einladung von Google Kalender: http://www.google.com/calendar/ Diese E-Mail wurde an gnupg-users at gnupg.org gesendet, da Sie ein Teilnehmer dieses Termins sind. Lehnen Sie diesen Termin ab, um keine weiteren Nachrichten zu diesem Termin zu erhalten. Sie k?nnen sich alternativ f?r ein Google-Konto unter http://www.google.com/calendar/ anmelden und Ihre Benachrichtigungseinstellungen f?r Ihren gesamten Kalender steuern. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/calendar Size: 5770 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: invite.ics Type: application/ics Size: 5859 bytes Desc: not available URL: From manekineko at gmail.com Tue Sep 22 20:40:46 2009 From: manekineko at gmail.com (Maneki Neko) Date: Tue, 22 Sep 2009 14:40:46 -0400 Subject: manual for gpgme Message-ID: Where can I find a manual for gpgme's API? On gnupg's homepage, a reference manual is referenced, but there is no such manual under Documentation -> Manuals. A search on Google only turns up a non-downloadable outdated version of the manual for 1.1.6 on pyme.sourceforge.net. I see in gpgme download readme that there is supposed to be a manual included in /doc, but I'm not sure what to do with those. I understand I should be doing something with texinfo, so I downloaded and installed it, but I get a segfault when I run makeinfo --html texinfo.tex. Am I doing something wrong there? Is there anyway to read the manual directly without having to convert it into another format? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From forex500 at hotmail.com Wed Sep 23 02:42:32 2009 From: forex500 at hotmail.com (maxim kozlov) Date: Tue, 22 Sep 2009 17:42:32 -0700 Subject: Open or Decrypt an SEF file ? Message-ID: Hello sir, I have a file that compressed in an .SEF format, I was wondering if you know how to open an SEF file or maybe you can direct me to someone who can ? It contains trading indicators but without open source code they can't be used and I can't see the source code without opening this file. Thank you for taking time to read this, please get back to me... You can E-mail me at forex500 at hotmail.com _________________________________________________________________ Hotmail? has ever-growing storage! Don?t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage_062009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From nschroth at fuse.net Thu Sep 24 18:19:31 2009 From: nschroth at fuse.net (nschroth) Date: Thu, 24 Sep 2009 09:19:31 -0700 (PDT) Subject: Decryption Fails on UserName but not on EmailAddress ??? Message-ID: <25577787.post@talk.nabble.com> I have been reading previous posts on this topic but have not found my answer. When I ENcrypt on BoxA using -r UserName, decryption on BoxB errors with : "decryption failed: secret key not available". However, doing the same test using the email address associated with the recipient, Decryption WORKS. Can anyone offer some reasons for this? Did we gen or export or import the key incorrectly? -- View this message in context: http://www.nabble.com/Decryption-Fails-on-UserName-but-not-on-EmailAddress-----tp25577787p25577787.html Sent from the GnuPG - User mailing list archive at Nabble.com. From a.thompson at fairfx.com Thu Sep 24 19:00:47 2009 From: a.thompson at fairfx.com (Andrew Thompson) Date: Thu, 24 Sep 2009 18:00:47 +0100 Subject: seeding agent cache with gpg-preset-passphrase does not seem to work Message-ID: <4ABBA5BF.6040701@fairfx.com> Greetings gnupg-users, I'm trying to seed gnupg-agent using the not-so-majikal gpg-preset-passphrase tool. Emphasis on *trying* - it's not working atm (yet?) All the gory details follow bellow, but in a nutshell, this is what I think is happening: * use of gpg-preset-passphrase results in a successful PRESET_PASSPHRASE message that includes the hexified passphrase (and successful agent_put_cache call according to the log) * then attempting a decryption results in a "hit" for the agent_get_cache call ("hit" implying that the cached passphrase was found, right?) But I can only assume that this passphrase isn't in the correct format, or has been truncated, or somehting, as the cache for that key is cleared and a second GET_PASSPHRASE occurs with the pin-entry message "Invalid passphrase; please try again etc..." * caching of passphrases entered through pin-entries works as expected Could this be a regression related to this: http://lists.gnupg.org/pipermail/gnupg-devel/2008-August/024559.html ?? Anyway, here's the -vvvvv version. Firstly, I fire up the agent for debugging like so: $ eval `gpg-agent --daemon --write-env-file $HOME/.gpg-agent-info --enable-ssh-support --debug-all --allow-preset-passphrase --verbose --log-file $HOME/gpg-agent-verbose.log` gpg-agent[1994]: NOTE: no default option file `/home/andrew/.gnupg/gpg-agent.conf' And yes, I make sure GPG_TTY is exported too: $ GPG_TTY=$(tty);export GPG_TTY; The log so far: 2009-09-24 16:54:43 gpg-agent[1994] listening on socket `/tmp/gpg-LLlkyo/S.gpg-agent' 2009-09-24 16:54:43 gpg-agent[1994] listening on socket `/tmp/gpg-H7nzb6/S.gpg-agent.ssh' Now for the passphrase presetting (yes, I know the passphrase is visible - this is a test run for you people): $ /usr/lib/gnupg2/gpg-preset-passphrase --preset C778704A03AED6F241BBBEA001D190DE22248DEB 12341234 Side Note: The only way I could figure out how to get that darn keygrip is to pull it out of a running agent's debug log - is there another way, similar to gpgsm's --dump-secret-keys or something?? Anyway, on with the show... The preset passphrase log: 2009-09-24 16:57:55 gpg-agent[1995] handler 0x1847f90 for fd 7 started gpg-agent[1995.7] DBG: -> OK Pleased to meet you gpg-agent[1995.7] DBG: <- OPTION display=:0.0 gpg-agent[1995.7] DBG: -> OK gpg-agent[1995.7] DBG: <- OPTION ttyname=/dev/pts/16 gpg-agent[1995.7] DBG: -> OK gpg-agent[1995.7] DBG: <- OPTION ttytype=xterm gpg-agent[1995.7] DBG: -> OK gpg-agent[1995.7] DBG: <- OPTION lc-ctype=en_GB.UTF-8 gpg-agent[1995.7] DBG: -> OK gpg-agent[1995.7] DBG: <- OPTION lc-messages=en_GB.UTF-8 gpg-agent[1995.7] DBG: -> OK gpg-agent[1995.7] DBG: <- OPTION xauthority=/tmp/.gdmKJ11XU gpg-agent[1995.7] DBG: -> OK gpg-agent[1995.7] DBG: <- PRESET_PASSPHRASE C778704A03AED6F241BBBEA001D190DE22248DEB -1 3132333431323334 2009-09-24 16:57:55 gpg-agent[1995] DBG: agent_put_cache `C778704A03AED6F241BBBEA001D190DE22248DEB' requested ttl=-1 mode=1 gpg-agent[1995.7] DBG: -> OK gpg-agent[1995.7] DBG: <- [EOF] 2009-09-24 16:57:55 gpg-agent[1995] handler 0x1847f90 for fd 7 terminated Note that the hexified passphrase is correct: $ echo -n "12341234" | xxd -c 256 -ps 3132333431323334 Now, encrypt something: $ gpg -e -r test at test.test encrypt_this.txt Then decrypt: $ gpg -d encrypt_this.txt.gpg You need a passphrase to unlock the secret key for user: "Test Test (Testing 123) " 2048-bit ELG-E key, ID 22248DEB, created 2009-09-24 (main key ID 8CAC7B50) gpg: encrypted with 2048-bit ELG-E key, ID 22248DEB, created 2009-09-24 "Test Test (Testing 123) " Some text to encrypt. Obviously, the above requires pin-entry, the log shows the preset cached passphrase rejection I think: 2009-09-24 17:21:10 gpg-agent[2397] handler 0x1aafb00 for fd 7 started gpg-agent[2397.7] DBG: -> OK Pleased to meet you gpg-agent[2397.7] DBG: <- OPTION display=:0.0 gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- OPTION ttyname=/dev/pts/16 gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- OPTION ttytype=xterm gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- OPTION lc-ctype=en_GB.UTF-8 gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- OPTION lc-messages=en_GB.UTF-8 gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- GET_PASSPHRASE C778704A03AED6F241BBBEA001D190DE22248DEB X X You+need+a+passphrase+to+unlock+the+secret+key+for+user:%0A"Test+Test+(Testing+123)+"%0A2048-bit+ELG-E+key,+ID+22248DEB,+created+2009-09-24+(main+key+ID+8CAC7B50)%0A 2009-09-24 17:21:10 gpg-agent[2397] DBG: agent_get_cache `C778704A03AED6F241BBBEA001D190DE22248DEB'... 2009-09-24 17:21:10 gpg-agent[2397] DBG: ... hit gpg-agent[2397.7] DBG: -> [Confidential data not shown] gpg-agent[2397.7] DBG: <- BYE gpg-agent[2397.7] DBG: -> OK closing connection 2009-09-24 17:21:10 gpg-agent[2397] handler 0x1aafb00 for fd 7 terminated 2009-09-24 17:21:10 gpg-agent[2397] handler 0x1aafb00 for fd 7 started gpg-agent[2397.7] DBG: -> OK Pleased to meet you gpg-agent[2397.7] DBG: <- OPTION display=:0.0 gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- OPTION ttyname=/dev/pts/16 gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- OPTION ttytype=xterm gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- OPTION lc-ctype=en_GB.UTF-8 gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- OPTION lc-messages=en_GB.UTF-8 gpg-agent[2397.7] DBG: -> OK gpg-agent[2397.7] DBG: <- CLEAR_PASSPHRASE C778704A03AED6F241BBBEA001D190DE22248DEB 2009-09-24 17:21:10 gpg-agent[2397] DBG: agent_put_cache `C778704A03AED6F241BBBEA001D190DE22248DEB' requested ttl=0 mode=3 gpg-agent[2397.7] DBG: -> OK 2009-09-24 17:21:10 gpg-agent[2397] handler 0x1a6d7a0 for fd 8 started gpg-agent[2397.8] DBG: -> OK Pleased to meet you gpg-agent[2397.7] DBG: <- BYE gpg-agent[2397.7] DBG: -> OK closing connection 2009-09-24 17:21:10 gpg-agent[2397] handler 0x1aafb00 for fd 7 terminated gpg-agent[2397.8] DBG: <- OPTION display=:0.0 gpg-agent[2397.8] DBG: -> OK gpg-agent[2397.8] DBG: <- OPTION ttyname=/dev/pts/16 gpg-agent[2397.8] DBG: -> OK gpg-agent[2397.8] DBG: <- OPTION ttytype=xterm gpg-agent[2397.8] DBG: -> OK gpg-agent[2397.8] DBG: <- OPTION lc-ctype=en_GB.UTF-8 gpg-agent[2397.8] DBG: -> OK gpg-agent[2397.8] DBG: <- OPTION lc-messages=en_GB.UTF-8 gpg-agent[2397.8] DBG: -> OK gpg-agent[2397.8] DBG: <- GET_PASSPHRASE C778704A03AED6F241BBBEA001D190DE22248DEB Invalid+passphrase;+please+try+again X You+need+a+passphrase+to+unlock+the+secret+key+for+user:%0A"Test+Test+(Testing+123)+"%0A2048-bit+ELG-E+key,+ID+22248DEB,+created+2009-09-24+(main+key+ID+8CAC7B50)%0A 2009-09-24 17:21:10 gpg-agent[2397] DBG: agent_get_cache `C778704A03AED6F241BBBEA001D190DE22248DEB'... 2009-09-24 17:21:10 gpg-agent[2397] DBG: ... miss 2009-09-24 17:21:10 gpg-agent[2397] starting a new PIN Entry 2009-09-24 17:21:10 gpg-agent[2397] DBG: connection to PIN entry established 2009-09-24 17:21:16 gpg-agent[2397] DBG: agent_put_cache `C778704A03AED6F241BBBEA001D190DE22248DEB' requested ttl=0 mode=3 gpg-agent[2397.8] DBG: -> [Confidential data not shown] gpg-agent[2397.8] DBG: <- BYE gpg-agent[2397.8] DBG: -> OK closing connection 2009-09-24 17:21:16 gpg-agent[2397] handler 0x1a6d7a0 for fd 8 terminated The pin-entry-entered passphrases are cached and work without any problems. I'm running Ubuntu 9.04 64bit, gpg versions as follows: gnupg : 1.4.9-3ubuntu1 gnupg2 : 2.0.9-3.1 gnupg-agent : 2.0.9-3.1 Need any other info? Thanks in anticipation, Andrew. From awingnut at hotmail.com Fri Sep 18 16:52:40 2009 From: awingnut at hotmail.com (gw1500se) Date: Fri, 18 Sep 2009 07:52:40 -0700 (PDT) Subject: Network Mounted Home Directory and removal of --passphrase option Message-ID: <25510161.post@talk.nabble.com> I am trying to upgrade to GPG2 and am having trouble, I think all stemming from the new user agent feature. My first question: is there a way to simply not use the user agent (i.e. just enter the passphrase as before) since it does not seem to work in my environment? I tried using 'echo' and piping it to the 'gpg' command with '--passphrase-fd 0' but it prompts for the password anyway. Also, it appears to be looking for something related to the user agent in .gnupg and produces an error because whatever path it is using it completely wrong for a network mounted home directory. Where can I fix that path? FWIW, this is on an OS X 10.5 machine managed by Open Directory. Thanks. -- View this message in context: http://www.nabble.com/Network-Mounted-Home-Directory-and-removal-of---passphrase-option-tp25510161p25510161.html Sent from the GnuPG - User mailing list archive at Nabble.com. From laurent.jumet at skynet.be Sat Sep 26 08:40:59 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 26 Sep 2009 08:40:59 +0200 Subject: Decryption Fails on UserName but not on EmailAddress ??? In-Reply-To: <25577787.post@talk.nabble.com> Message-ID: Hello nschroth ! nschroth wrote: > I have been reading previous posts on this topic but have not found my > answer. > When I ENcrypt on BoxA using -r UserName, decryption on BoxB errors with : > "decryption failed: secret key not available". > However, doing the same test using the email address associated with the > recipient, Decryption WORKS. > Can anyone offer some reasons for this? Did we gen or export or import the > key incorrectly? May be there are two similar usernames or part of them in your keyring. -- Laurent Jumet KeyID: 0xCFAF704C From laurent.jumet at skynet.be Sat Sep 26 08:43:06 2009 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 26 Sep 2009 08:43:06 +0200 Subject: GPG key not working with other username In-Reply-To: <25473855.post@talk.nabble.com> Message-ID: Hello adrian_k ! adrian_k wrote: > I need your help really urgent. I created a GPG key on a server with a > username. When i try to encrypt a file using that same key but using a > different NT user account it doesn't work. > How can I grant other users access to the key? Sounds like the directories and sub-directories where GPG stands have not enough permissions for other users. -- Laurent Jumet KeyID: 0xCFAF704C From reuleaux at web.de Sat Sep 26 07:48:32 2009 From: reuleaux at web.de (Andreas Reuleaux) Date: Sat, 26 Sep 2009 07:48:32 +0200 Subject: manual for gpgme In-Reply-To: References: Message-ID: <20090926054832.GA10575@atom> This is what I did (I am new to this list however, so more experienced people might have better answers): download the source code of gpgme, cd into the directory, there is a doc directory in there, with some Makefile stanza Makefile.am or the like. I ran $ ./configure from the main directory (the one above doc), just so that the real Makefile was produced in doc I also had to also install libgpg-error-dev (I am on Debian squeeze), # apt-get install libgpg-error-dev so that the ./configure would go through smoothly (just as if I had wanted to really build gpgme, I happen to feel more comfortable however, if everything - the Makefile in this case - is built automatically) Then (with a Makefile in doc), I ran $ make pdf there, complains still about texi2dvi not being found on my system, fixed that by installing # apt-get install texinfo and there you go: $ make pdf should work now. hope this helps, -Andreas On Tue, Sep 22, 2009 at 02:40:46PM -0400, Maneki Neko wrote: > Where can I find a manual for gpgme's API? > On gnupg's homepage, a reference manual is referenced, but there is no such > manual under Documentation -> Manuals. > A search on Google only turns up a non-downloadable outdated version of the > manual for 1.1.6 on pyme.sourceforge.net. > I see in gpgme download readme that there is supposed to be a manual > included in /doc, but I'm not sure what to do with those. I understand I > should be doing something with texinfo, so I downloaded and installed it, > but I get a segfault when I run makeinfo --html texinfo.tex. Am I doing > something wrong there? Is there anyway to read the manual directly without > having to convert it into another format? > Thanks > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Sat Sep 26 12:43:04 2009 From: wk at gnupg.org (Werner Koch) Date: Sat, 26 Sep 2009 12:43:04 +0200 Subject: Network Mounted Home Directory and removal of --passphrase option In-Reply-To: <25510161.post@talk.nabble.com> (gw1500se's message of "Fri, 18 Sep 2009 07:52:40 -0700 (PDT)") References: <25510161.post@talk.nabble.com> Message-ID: <87ab0irnpj.fsf@vigenere.g10code.de> On Fri, 18 Sep 2009 16:52, awingnut at hotmail.com said: > I am trying to upgrade to GPG2 and am having trouble, I think all stemming > from the new user agent feature. My first question: is there a way to simply Well, it is available for 6 years and GnuPG 2.0 was released 3 years ago. Gpg-agent is not optional but a cornerstone of GnuPG-2. To let us help you fixing your installation, you should give us a bit more detailed information and exact error messages. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Sat Sep 26 12:46:46 2009 From: wk at gnupg.org (Werner Koch) Date: Sat, 26 Sep 2009 12:46:46 +0200 Subject: Two tidbits of potential interest In-Reply-To: <2df3b0cb0909251022v4dbadca2p5dd4d9868abf1280@mail.gmail.com> (M. B., Jr.'s message of "Fri, 25 Sep 2009 14:22:00 -0300") References: <904C2C3E-0ED4-4997-9F3F-79FFCA97BF68@jabberwocky.com> <2df3b0cb0909240930q24d73f59md58b2b51dea27f85@mail.gmail.com> <0E344DD2-27E3-4BC0-BC99-CE26A2D756B1@jabberwocky.com> <2df3b0cb0909241213y76014c91l158945eacc9aa20f@mail.gmail.com> <87eipvv0td.fsf@vigenere.g10code.de> <2df3b0cb0909251022v4dbadca2p5dd4d9868abf1280@mail.gmail.com> Message-ID: <8763b6rnjd.fsf@vigenere.g10code.de> On Fri, 25 Sep 2009 19:22, marcio.barbado at gmail.com said: > And as a conclusion, Elgamal problems would be harder to solve. Is it correct? No; it is not sure that the discrete logarithm problem is harder to solve that the factoring problem. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From nschroth at fuse.net Sat Sep 26 16:48:04 2009 From: nschroth at fuse.net (nschroth) Date: Sat, 26 Sep 2009 07:48:04 -0700 (PDT) Subject: Decryption Fails on UserName but not on EmailAddress ??? In-Reply-To: <36596EBE-7E17-43B3-AA65-83059CF87169@jabberwocky.com> References: <25577787.post@talk.nabble.com> <36596EBE-7E17-43B3-AA65-83059CF87169@jabberwocky.com> Message-ID: <25625892.post@talk.nabble.com> David, On the target (recipient) machine: --list-keys shows my Primary Key, My desktop Key and a co-worker's desktop key --list-secret-keys shows only my Primary Ke --list-keys PrimaryKeyUserName it only lists my primary key. This has happen when a file was encrypted from EITHER my desktop or mycoworker's desktop. Nelson David Shaw wrote: > > On Sep 25, 2009, at 7:19 PM, nschroth wrote: > >> >> I have been reading previous posts on this topic but have not found my >> answer. >> When I ENcrypt on BoxA using -r UserName, decryption on BoxB errors >> with : >> "decryption failed: secret key not available". >> However, doing the same test using the email address associated with >> the >> recipient, Decryption WORKS. > > It sounds like you have two keys. When you use "-r username" you're > matching one of them. When you use "-r emailaddress at example.com" > you're matching the other one. > > Check your keyring to be sure: do a "gpg --list-keys username" to see > all keys that match that name. > > David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://www.nabble.com/Decryption-Fails-on-UserName-but-not-on-EmailAddress-----tp25577787p25625892.html Sent from the GnuPG - User mailing list archive at Nabble.com. From kloecker at kde.org Sat Sep 26 17:26:35 2009 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sat, 26 Sep 2009 17:26:35 +0200 Subject: Decryption Fails on UserName but not on EmailAddress ??? In-Reply-To: <25625892.post@talk.nabble.com> References: <25577787.post@talk.nabble.com> <36596EBE-7E17-43B3-AA65-83059CF87169@jabberwocky.com> <25625892.post@talk.nabble.com> Message-ID: <200909261726.36488@thufir.ingo-kloecker.de> On Saturday 26 September 2009, nschroth wrote: > David, > > On the target (recipient) machine: > --list-keys shows my Primary Key, My desktop Key and a co-worker's > desktop key > --list-secret-keys shows only my Primary Ke > --list-keys PrimaryKeyUserName it only lists my primary key. > > This has happen when a file was encrypted from EITHER my desktop or > mycoworker's desktop. You have to check the source (sender) machine. The wrong key is used during encryption. Regards, Ingo > David Shaw wrote: > > On Sep 25, 2009, at 7:19 PM, nschroth wrote: > >> I have been reading previous posts on this topic but have not > >> found my answer. > >> When I ENcrypt on BoxA using -r UserName, decryption on BoxB > >> errors with : > >> "decryption failed: secret key not available". > >> However, doing the same test using the email address associated > >> with the > >> recipient, Decryption WORKS. > > > > It sounds like you have two keys. When you use "-r username" > > you're matching one of them. When you use "-r > > emailaddress at example.com" you're matching the other one. > > > > Check your keyring to be sure: do a "gpg --list-keys username" to > > see all keys that match that name. > > > > David > > > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users at gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From tux.tsndcb at free.fr Sun Sep 27 09:38:52 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Sun, 27 Sep 2009 09:38:52 +0200 (CEST) Subject: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ? In-Reply-To: <584367854.7020541254037016059.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <2057893376.7020711254037132292.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi, Just for information, I wanted to known why you don't propose a full backup of the three keys (Sign, encryption and authentication) when keys are generated "on-card". Because only encryption key is backupted, a good idea will be perhaps to add also authentication key in the backup. Thanks for more information about it. Best Regards From wk at gnupg.org Sun Sep 27 13:09:36 2009 From: wk at gnupg.org (Werner Koch) Date: Sun, 27 Sep 2009 13:09:36 +0200 Subject: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ? In-Reply-To: <2057893376.7020711254037132292.JavaMail.root@zimbra7-e1.priv.proxad.net> (tux tsndcb's message of "Sun, 27 Sep 2009 09:38:52 +0200 (CEST)") References: <2057893376.7020711254037132292.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <87eipsr6dr.fsf@vigenere.g10code.de> On Sun, 27 Sep 2009 09:38, tux.tsndcb at free.fr said: > Just for information, I wanted to known why you don't propose a full backup of the three keys (Sign, encryption and authentication) when keys are generated "on-card". Because only encryption key is backupted, a good idea will be perhaps to add also authentication key in the backup. A lost of a signing or authentication key is usually not that problematic. You can simply create a new one and use it from then on. If you don't have access to the decryption key anymore you won't be able to decrypt any of the data you decrypted in the past to that key. Thus some kind of recovery is in most cases very useful. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tux.tsndcb at free.fr Sun Sep 27 20:59:29 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Sun, 27 Sep 2009 20:59:29 +0200 (CEST) Subject: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ? In-Reply-To: <758798736.7084231254077840345.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <1299600025.7084601254077969736.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi Werner, Thanks for your answer, I'm agree with you for sign key, but for the authentication key, if it's used to ssh server connection on more than 100 servers for the user root for example, if you lost this key, you cannot more connect on server with the user root. In this case, I think it will be a big problematic. It's for that than I suggested to add the authentication key, but it's just a suggestion. Best Regards ----- Mail Original ----- De: "Werner Koch" ?: "tux tsndcb" Cc: gnupg-users at gnupg.org Envoy?: Dimanche 27 Septembre 2009 13h09:36 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ? On Sun, 27 Sep 2009 09:38, tux.tsndcb at free.fr said: > Just for information, I wanted to known why you don't propose a full backup of the three keys (Sign, encryption and authentication) when keys are generated "on-card". Because only encryption key is backupted, a good idea will be perhaps to add also authentication key in the backup. A lost of a signing or authentication key is usually not that problematic. You can simply create a new one and use it from then on. If you don't have access to the decryption key anymore you won't be able to decrypt any of the data you decrypted in the past to that key. Thus some kind of recovery is in most cases very useful. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dkg at fifthhorseman.net Mon Sep 28 00:51:46 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 27 Sep 2009 18:51:46 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <200909252040.46154@thufir.ingo-kloecker.de> References: <4AB90539.7020809@fifthhorseman.net> <200909242256.15411@thufir.ingo-kloecker.de> <4ABCCDF4.9090808@fifthhorseman.net> <200909252040.46154@thufir.ingo-kloecker.de> Message-ID: <4ABFEC82.6080203@fifthhorseman.net> On 09/25/2009 02:40 PM, Ingo Kl?cker wrote: > 0xF661F608 (This is _not_ one of my keys. Funny enough this Ingo Kl?cker > went to the same school and the same university as I did.) > > 0x104B0FAF, 0x5706A4B4, 0xD96484AC, 0x7C52AC99, 0xAFA03822, 0x91190EF9 > (this last one is definitely still in use) ok, thanks, those are not expired, though i only see non-unicode in three of them: 104B0FAF and F661F608, and 91190EF9. Those keyholders should probably create a new User ID that *is* UTF-8, with the same e-mail address as the non-UTF-8 one, and encourage the people who have certified the old User ID to re-certify the new one. Once enough certifications are through on the new, valid one, they can revoke the old one and move forward with a fully OpenPGP-compliant key. > True. Actually, I lied about KMail using key IDs. Since about 6.5 years > KMail uses gpgme and leaves all of those hairy details (like telling > gpg what keys to use) to this library. This seems like a reasonable stance for authors of MUAs and Plugins to use. Werner, it looks like you're the upstream author on GpgME; does GpgME do any different selection technique than GPG? > I don't see why harmless changes (see David's example) shouldn't be > ignored. If the user hard-coded the key Alice1, then what's wrong with > using this key as long as it's valid. Obviously, any changes making a > hard-coded key invalid need to be escalated and such a key must not be > used anymore by the MUA. If the user hard-coded a specific key (by fingerprint) to the Alice User ID, then of course GPG should respect that preference (and it should emit warnings if the key ever becomes invalid), but i don't think that users should be asked to make permanent choices like this, since they might become invalidated by future circumstances; how will they know that another (maybe better) choice is available, or should be made? > If for some email address multiple matching valid keys are found by > KMail (or rather gpgme) then KMail asks the user which key(s) to use > (and then remembers the user's choice). This transparency gives me a > better feeling than some automagic behind-my-back key selection based > on user ID/email address. I hear what you're saying, but i think there are two problems with it: 0) for many users, they are being asked to make a choice that they don't understand; there are few things more frustrating than this. If the tool *can* make a good choice based on the knowledge available to it, it shouldn't need to pester the user, who may or may not have as much understanding of the problem space. 1) users are being asked to make an effectively permanent decision, even though relevant circumstances may change in the future. Presumably, this binding will produce warnings (with the option to change the binding) if the bound key suddenly actually drops into unknown calculated validity (for example, if you decide to revoke ownertrust on a relevant intermediary; has this been tested?) But there might be other changes that make this selection suboptimal without causing it to throw warnings. so i'm not a big fan of prompting users to hardcode bindings in general (though i certainly support allowing users to hardcode bindings if they prefer) --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From Joachim.Blomberg at vr-leasing.de Mon Sep 28 04:01:44 2009 From: Joachim.Blomberg at vr-leasing.de (Joachim.Blomberg at vr-leasing.de) Date: Mon, 28 Sep 2009 04:01:44 +0200 Subject: =?ISO-8859-1?Q?Joachim_Blomberg=2FVRD=2FVR-GRUPPE_ist_au=DFer_Haus=2E?= Message-ID: Ich werde ab 28.09.2009 nicht im B?ro sein. Ich kehre zur?ck am 02.10.2009. Ich werde Ihre Nachricht nach meiner R?ckkehr beantworten. In dringenden F?llen bin auf meinm Dienst-Handy erreichbar . From wk at gnupg.org Mon Sep 28 09:34:28 2009 From: wk at gnupg.org (Werner Koch) Date: Mon, 28 Sep 2009 09:34:28 +0200 Subject: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ? In-Reply-To: <1299600025.7084601254077969736.JavaMail.root@zimbra7-e1.priv.proxad.net> (tux tsndcb's message of "Sun, 27 Sep 2009 20:59:29 +0200 (CEST)") References: <1299600025.7084601254077969736.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <87ab0fr08r.fsf@vigenere.g10code.de> On Sun, 27 Sep 2009 20:59, tux.tsndcb at free.fr said: > Thanks for your answer, I'm agree with you for sign key, but for the > authentication key, if it's used to ssh server connection on more than > 100 servers for the user root for example, if you lost this key, you It is always a tradeoff between security and convenience. Most users don't have access to that many machines and thus it is easier to use a console login to replace the lost key than to have a backup somewhere floating around. It is anyway only the default and you can just replace the authentication key with an on-disk created one. Or manually initialize the card using keytocard. Another approach is to have a second card and also install its public key on the servers. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tux.tsndcb at free.fr Mon Sep 28 11:22:57 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Mon, 28 Sep 2009 11:22:57 +0200 (CEST) Subject: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ? In-Reply-To: <87ab0fr08r.fsf@vigenere.g10code.de> Message-ID: <1689294387.7152771254129777654.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi Werner, Thanks for these informations. Best Regards ----- Mail Original ----- De: "Werner Koch" ?: "tux tsndcb" Cc: gnupg-users at gnupg.org Envoy?: Lundi 28 Septembre 2009 09h34:28 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ? On Sun, 27 Sep 2009 20:59, tux.tsndcb at free.fr said: > Thanks for your answer, I'm agree with you for sign key, but for the > authentication key, if it's used to ssh server connection on more than > 100 servers for the user root for example, if you lost this key, you It is always a tradeoff between security and convenience. Most users don't have access to that many machines and thus it is easier to use a console login to replace the lost key than to have a backup somewhere floating around. It is anyway only the default and you can just replace the authentication key with an on-disk created one. Or manually initialize the card using keytocard. Another approach is to have a second card and also install its public key on the servers. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tux.tsndcb at free.fr Mon Sep 28 22:36:18 2009 From: tux.tsndcb at free.fr (tux.tsndcb at free.fr) Date: Mon, 28 Sep 2009 22:36:18 +0200 (CEST) Subject: poldi logon screen In-Reply-To: <1650999768.7299461254169674620.JavaMail.root@zimbra7-e1.priv.proxad.net> Message-ID: <1097098412.7302011254170178164.JavaMail.root@zimbra7-e1.priv.proxad.net> Hi all, This is the last functionnaly than I've to setup. I'm on debian squeeze with limpam-poldi 0.4.1-2, I can logon with my smartcard, so poldi is ok, but I've the normal debian logon screen, not the poldi screen like this : http://www.g10code.com/graphics/poldi-screenshot-gdm.png So my question, how to have this logon screen ? Thanks in advanced for your answer. Best Regards. From yenrak at gmail.com Mon Sep 28 18:46:13 2009 From: yenrak at gmail.com (kearney) Date: Mon, 28 Sep 2009 09:46:13 -0700 (PDT) Subject: Export key to multiple servers Message-ID: <25648831.post@talk.nabble.com> I am trying to export a secret key created on my local box to multiple servers. Let's say the key is 12345678. The goal is to have 1 script which runs on all the servers to encrypt and backup the data to S3. And 1 script to decrypt the data for restores. currently i've done gpg --output secret --export-secret-keys "Real name" gpg --output public --export "Real name" secret & public have been scp'd to the servers. >From the servers I ran gpg --import secret gpg --import public Now, when I try to encrypt the data gpg --recipient 12345678 --encrypt file I get gpg: 12345678: There is no assurance this key belongs to the named user It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. I don't have a public key so I can't use gpg --sign-key. And if I do create a public key; can the same script be used to "decrypt" the files for restores across all the servers? How can I import the keys on the servers so the servers can encrypt data? And data can be decrypted using the key (12345678)? -- View this message in context: http://www.nabble.com/Export-key-to-multiple-servers-tp25648831p25648831.html Sent from the GnuPG - User mailing list archive at Nabble.com. From nschroth at fuse.net Tue Sep 29 14:10:03 2009 From: nschroth at fuse.net (nschroth) Date: Tue, 29 Sep 2009 05:10:03 -0700 (PDT) Subject: Decryption Fails on UserName but not on EmailAddress ??? In-Reply-To: <25577787.post@talk.nabble.com> References: <25577787.post@talk.nabble.com> Message-ID: <25661872.post@talk.nabble.com> Interesting. The key is not listed twice, but... --list-keys PrimaryUserName shows ALL THREE keys while --list-keys PrimaryEmailAddress shows only the primary host key. Could it be that the name I used for the primary key was CompanyName and the email addresses for all the people had that as their domain (ex: Bill at companyname.com) ??? nschroth wrote: > > I have been reading previous posts on this topic but have not found my > answer. > When I ENcrypt on BoxA using -r UserName, decryption on BoxB errors with : > "decryption failed: secret key not available". > However, doing the same test using the email address associated with the > recipient, Decryption WORKS. > > Can anyone offer some reasons for this? Did we gen or export or import > the key incorrectly? > > > > -- View this message in context: http://www.nabble.com/Decryption-Fails-on-UserName-but-not-on-EmailAddress-----tp25577787p25661872.html Sent from the GnuPG - User mailing list archive at Nabble.com. From free10pro at gmail.com Tue Sep 29 20:19:19 2009 From: free10pro at gmail.com (Paul R. Ramer) Date: Tue, 29 Sep 2009 11:19:19 -0700 Subject: Export key to multiple servers In-Reply-To: <25648831.post@talk.nabble.com> References: <25648831.post@talk.nabble.com> Message-ID: <1254248359.21086.54.camel@localhost> On Mon, 2009-09-28 at 09:46 -0700, kearney wrote: > I am trying to export a secret key created on my local box to multiple > servers. Let's say the key is 12345678. > > The goal is to have 1 script which runs on all the servers to encrypt and > backup the data to S3. And 1 script to decrypt the data for restores. > > currently i've done > > gpg --output secret --export-secret-keys "Real name" > gpg --output public --export "Real name" > > secret & public have been scp'd to the servers. > > >From the servers I ran > > gpg --import secret > gpg --import public > > Now, when I try to encrypt the data > > gpg --recipient 12345678 --encrypt file > > I get > > gpg: 12345678: There is no assurance this key belongs to the named user > It is NOT certain that the key belongs to the person named in the user > ID. If you *really* know what you are doing, you may answer the next > question with yes. > > I don't have a public key so I can't use gpg --sign-key. And if I do create > a public key; can the same script be used to "decrypt" the files for > restores across all the servers? > > How can I import the keys on the servers so the servers can encrypt data? > And data can be decrypted using the key (12345678)? You don't need a public key to suppress this warning. The reason gpg is warning about the validity of this key is that when gpg exports keys, the ownertrust information, which is kept in ~/.gnupg/trustdb.gpg, isn't exported with the key. When you imported the keys onto your server, gpg didn't import any ownertrust information. If you created a signing key (we'll call it AABBCCDD) and signed your key 12345678 with AABBCCDD, gpg wouldn't trust the signature unless it trusted the owner of the key (ownertrust). The answer lies in fixing the ownertrust. You need to edit the key with the following commands. gpg --edit-key 12345678 trust Gpg will ask how much trust to give. Choose 5, which is ultimate, because you own the secret key. From kloecker at kde.org Tue Sep 29 22:32:28 2009 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Tue, 29 Sep 2009 22:32:28 +0200 Subject: choosing an encryption target from a User ID In-Reply-To: <4ABFEC82.6080203@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <200909252040.46154@thufir.ingo-kloecker.de> <4ABFEC82.6080203@fifthhorseman.net> Message-ID: <200909292232.29640@thufir.ingo-kloecker.de> On Monday 28 September 2009, Daniel Kahn Gillmor wrote: > On 09/25/2009 02:40 PM, Ingo Kl?cker wrote: > > 0xF661F608 (This is _not_ one of my keys. Funny enough this Ingo > > Kl?cker went to the same school and the same university as I did.) > > > > 0x104B0FAF, 0x5706A4B4, 0xD96484AC, 0x7C52AC99, 0xAFA03822, > > 0x91190EF9 (this last one is definitely still in use) > > ok, thanks, those are not expired, though i only see non-unicode in > three of them: 104B0FAF and F661F608, and 91190EF9. > > Those keyholders should probably create a new User ID that *is* > UTF-8, with the same e-mail address as the non-UTF-8 one, and > encourage the people who have certified the old User ID to re-certify > the new one. Once enough certifications are through on the new, valid > one, they can revoke the old one and move forward with a fully > OpenPGP-compliant key. Yes, I suppose this would be a sensible solution. > > I don't see why harmless changes (see David's example) shouldn't be > > ignored. If the user hard-coded the key Alice1, then what's wrong > > with using this key as long as it's valid. Obviously, any changes > > making a hard-coded key invalid need to be escalated and such a key > > must not be used anymore by the MUA. > > If the user hard-coded a specific key (by fingerprint) to the Alice > User ID, then of course GPG should respect that preference (and it > should emit warnings if the key ever becomes invalid), but i don't > think that users should be asked to make permanent choices like this, > since they might become invalidated by future circumstances; how will > they know that another (maybe better) choice is available, or should > be made? If Alice does not tell them, then they might not know this. But I'm not sure whether this is a common problem or more an academic problem. Let's say Alice loses her first key and cannot revoke it because she didn't create a revocation certificate. She creates a new key, but Bob continues to use the old key. Unless Bob automatically imports unknown keys, he will notice that Alice now uses a different key because he cannot verify her signature anymore. And if Bob uses the old key to send an encrypted message to Alice, Alice will surely tell him what happened. So I don't really see the problem with a hardcoded choice. > > If for some email address multiple matching valid keys are found by > > KMail (or rather gpgme) then KMail asks the user which key(s) to > > use (and then remembers the user's choice). This transparency gives > > me a better feeling than some automagic behind-my-back key > > selection based on user ID/email address. > > I hear what you're saying, but i think there are two problems with > it: > > 0) for many users, they are being asked to make a choice that they > don't understand; there are few things more frustrating than this. > If the tool *can* make a good choice based on the knowledge available > to it, it shouldn't need to pester the user, who may or may not have > as much understanding of the problem space. I agree, but I also disagree. I agree that it's preferable to save the user from having to make a choice. But then again I disagree about the "not have as much understanding of the problem space". People who do not understand to a certain degree how the WoT works would be better off using a centralized PKI. IMO this is a major weakness of the WoT. > 1) users are being asked to make an effectively permanent decision, > even though relevant circumstances may change in the future. > Presumably, this binding will produce warnings (with the option to > change the binding) if the bound key suddenly actually drops into > unknown calculated validity (for example, if you decide to revoke > ownertrust on a relevant intermediary; has this been tested?) But > there might be other changes that make this selection suboptimal > without causing it to throw warnings. See above. I wonder how much of a real problem this is. How many people have multiple valid keys bound to the same email addresses? What is the use case for having multiple valid keys bound to the same addresses? In the past, when I worked at the university, I used a private/home key and a work key. At home I could read anything. At work I could only read messages encrypted with my work key. So anything I was supposed to read at work needed to be encrypted with my work key. To make things more complicated my home key did have my work address as one user ID. So hardcoding my work address to my work key was basically mandatory. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From dkg at fifthhorseman.net Wed Sep 30 00:10:38 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 29 Sep 2009 18:10:38 -0400 Subject: choosing an encryption target from a User ID In-Reply-To: <200909292232.29640@thufir.ingo-kloecker.de> References: <4AB90539.7020809@fifthhorseman.net> <200909252040.46154@thufir.ingo-kloecker.de> <4ABFEC82.6080203@fifthhorseman.net> <200909292232.29640@thufir.ingo-kloecker.de> Message-ID: <4AC285DE.2050806@fifthhorseman.net> Thanks for the discussion, Ingo! This is really useful to me, and i appreciate the thought you've obviously put in here. On 09/29/2009 04:32 PM, Ingo Kl?cker wrote: > She creates a new key, but Bob > continues to use the old key. Unless Bob automatically imports unknown > keys, he will notice that Alice now uses a different key because he > cannot verify her signature anymore. And if Bob uses the old key to > send an encrypted message to Alice, Alice will surely tell him what > happened. will she? will Alice know how to resolve the problem? If she sends Bob her new key, and Bob imports it, that would be great. They've already had to do some work manually. Let's say that Bob even takes the time to properly certify Alice's new key. You're now asking Bob to take an *additional* step of "re-binding" the new Key ID to the User ID -- why would he need to do that, when he's already certified the key? > I agree, but I also disagree. I agree that it's preferable to save the > user from having to make a choice. But then again I disagree about > the "not have as much understanding of the problem space". People who > do not understand to a certain degree how the WoT works would be better > off using a centralized PKI. IMO this is a major weakness of the WoT. if you're doing explicit, hard-coded keyID-to-UserID bindings, you're not using the WoT. You're using your bindings, perhaps with a smidgen of the WoT to make sure that the key isn't totally invalid or revoked. The way i'd like to see the WoT actually used is to get people to think about two things which are well within the range of normal human activity: a) who can i identify? b) who can i rely on to identify others? and then let reasonable, well-thought-out mechanisms draw the links for the people automatically, without them having to think about it. If the tools don't do the Right Thing by default, then we start to ask users to think about a bunch of extra arcane ideas beyond a and b (ideas that folks on this list have actually thought about in-depth). Those are tough to understand, and non-experts are justifiably confused by them. This is why we need the tools to draw the right patterns by default, not an argument to use hard-coded bindings or some centralized PKI that asks the user to make none of these decisions at all. > See above. I wonder how much of a real problem this is. How many people > have multiple valid keys bound to the same email addresses? What is the > use case for having multiple valid keys bound to the same addresses? I agree that it's not currently a common situation. here are the few legitimate situations with multiple keys that i know of: * several people are going through key transitions right now, for the same reasons that the defaults are changing in gpg. These people often have two keys for a period of time. * Some people also have old keys that they have accidentally lost access to. once that happens, it's too late. But: Malicious people can upload keys with arbitrary User IDs to public keyservers; if a user fetches one of those from a search (perhaps to check the validity of any attached signatures), it's still in their keyring, possible before the valid key of the corresponding user. If we say "it's not a common situation, so we won't worry about extra hassle; only a few people will have to deal with the hassle", but anyone can inject material into the public keyservers that trigger the hassle for anyone else, i think that's a problem, even if no one has chosen to exploit it yet that we know of. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From lists at chrissutton.org Wed Sep 30 11:27:45 2009 From: lists at chrissutton.org (Chris Sutton) Date: Wed, 30 Sep 2009 10:27:45 +0100 Subject: Mismatch between binary and ASCII-armored output for encrypted message Message-ID: <4AC32491.6040702@chrissutton.org> Hi, I'm using the GPG command-line tool to generate test data for a system and I'm having trouble with the binary and ASCII-armored output not seeming to correspond for encrypted messages. If anyone could point out where I'm going wrong or what I've misunderstood, I'd really appreciate it. What works ---------- When I generate private and public keys, I can export them in binary form and then use a base64 encoder (in this case http://base64.sourceforge.net/) to generate a base64-encoded version. I can also export them using GPG's -a option to generate the base64-encoded version directly. If I remove the '-----' header and footer, and the checksum, the two blocks match. Similarly, if I use the corresponding base64 decoder to decode GPG's ASCII-armored block, the binary file it produces matches GPG's binary output. So far, so good! What doesn't work ----------------- I was under the impression that exactly the same process should work for a message encrypted using GPG. I pass in a plaintext file with the -e and -r options, and generate the binary and ASCII-armored versions as above. However, when I base64 encode the binary, or base64 decode the ASCII, the result does not match GPG's other version. It appears as if GPG is putting slightly different binary data into the ASCII-armored version as into the direct binary output. Is this possible? Any advice would be much appreciated, Thanks, Chris Sutton From talmage at orange.zero.jp Wed Sep 30 13:51:32 2009 From: talmage at orange.zero.jp (Talmage) Date: Wed, 30 Sep 2009 20:51:32 +0900 Subject: OpenPGP-Card2.0 and Omnikey Cardman 3021? Message-ID: <6539A033-8048-4CEC-830A-1819D410CE8E@orange.zero.jp> Has anyone gotten the Omnikey Cardman 3021 to work with the internal drivers? I'm having trouble getting it to work properly. I know, I should've just bought the SCM SCR335, but this Cardman 3021 looks better and was cheap. ;) The --card-status works great, and so I had thought all was good till I tried generating keys on it. Every other command I tried worked fine. I'm on a Mac OS X 10.6 system, with OpenPGPCard v2.0. I've got rid of the ifd-ccid.bundle as recommended on another thread in this list, so I'm pretty sure it's using the gnupg internal driver. I've tried with gnupg 1.4.10 and 2.0.12, and both fail on 'generate' Here's the output for gnupg 1.4.10 (sorry, it's really long) -------------------------- $ gpg --version gpg (GnuPG) 1.4.10 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ gpg --card-edit Application ID ...: D27600012401020000050000012E0000 Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: 0000012E Name of cardholder: Test User Language prefs ...: en Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Private DO 1 .....: [not set] Private DO 2 .....: [not set] Signature PIN ....: not forced Key attributes ...: 2048R 3072R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] Command> admin Admin commands are allowed Command> generate Make off-card backup of encryption key? (Y/n) n Please enter the PIN What keysize do you want for the Signature key? (2048) 3072 The card will now be re-configured to generate a key of 3072 bits NOTE: There is no guarantee that the card supports the requested size. If the key generation does not succeed, please check the documentation of your card to see what sizes are allowed. gpg: 3 Admin PIN attempts remaining before card is permanently locked Please enter the Admin PIN gpg: size of key 1 changed to 3072 bits What keysize do you want for the Encryption key? (3072) What keysize do you want for the Authentication key? (2048) Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: test Email address: test at domain Comment: test1 You selected this USER-ID: "test (test1) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o gpg: generating new key gpg: 3 Admin PIN attempts remaining before card is permanently locked Please enter the Admin PIN gpg: please wait while key is being generated ... gpg: ccid_transceive failed: (0x1000a) gpg: apdu_send_simple(0) failed: card I/O error gpg: generating key failed gpg: key generation failed: general error Key generation failed: general error Command> quit $ gpg --card-status --debug-ccid-driver gpg: DBG: ccid-driver: using CCID reader 0 (ID=076B:3021:X:0) gpg: DBG: ccid-driver: idVendor: 076B idProduct: 3021 bcdDevice: 0302 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 7 ? gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4800 gpg: DBG: ccid-driver: dwMaxiumumClock 8000 gpg: DBG: ccid-driver: bNumClockSupported 4 gpg: DBG: ccid-driver: dwDataRate 10752 bps gpg: DBG: ccid-driver: dwMaxDataRate 412903 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 106 gpg: DBG: ccid-driver: dwMaxIFSD 254 gpg: DBG: ccid-driver: dwSyncProtocols 00000007 2-wire 3-wire I2C gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000207B2 gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: CCID can set ICC in clock stop mode gpg: DBG: ccid-driver: NAD value other than 0x00 accepted gpg: DBG: ccid-driver: Auto IFSD exchange gpg: DBG: ccid-driver: Short APDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 271 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: PC_to_RDR_IccPowerOn: gpg: DBG: ccid-driver: dwLength ..........: 0 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 1 gpg: DBG: ccid-driver: bPowerSelect ......: 0x00 (auto) gpg: DBG: ccid-driver: [0008] 00 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 21 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 1 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 3B DA 18 FF 81 B1 gpg: DBG: ccid-driver: [0016] FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C gpg: DBG: ccid-driver: PC_to_RDR_GetParameters: gpg: DBG: ccid-driver: dwLength ..........: 0 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 2 gpg: DBG: ccid-driver: [0007] 00 00 00 gpg: DBG: ccid-driver: RDR_to_PC_Parameters: gpg: DBG: ccid-driver: dwLength ..........: 7 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 2 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: protocol ..........: T=1 gpg: DBG: ccid-driver: bmFindexDindex ....: 11 gpg: DBG: ccid-driver: bmTCCKST1 .........: 10 gpg: DBG: ccid-driver: bGuardTimeT1 ......: FF gpg: DBG: ccid-driver: bmWaitingIntegersT1: 75 gpg: DBG: ccid-driver: bClockStop ........: 00 gpg: DBG: ccid-driver: bIFSC .............: 254 gpg: DBG: ccid-driver: bNadValue .........: 0 gpg: DBG: ccid-driver: PC_to_RDR_SetParameters: gpg: DBG: ccid-driver: dwLength ..........: 7 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 3 gpg: DBG: ccid-driver: bProtocolNum ......: 0x01 gpg: DBG: ccid-driver: [0008] 00 00 11 10 FF 75 00 FE gpg: DBG: ccid-driver: [0016] 00 gpg: DBG: ccid-driver: RDR_to_PC_Parameters: gpg: DBG: ccid-driver: dwLength ..........: 7 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 3 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: protocol ..........: T=1 gpg: DBG: ccid-driver: bmFindexDindex ....: 18 gpg: DBG: ccid-driver: bmTCCKST1 .........: 10 gpg: DBG: ccid-driver: bGuardTimeT1 ......: FF gpg: DBG: ccid-driver: bmWaitingIntegersT1: 75 gpg: DBG: ccid-driver: bClockStop ........: 00 gpg: DBG: ccid-driver: bIFSC .............: 254 gpg: DBG: ccid-driver: bNadValue .........: 0 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 11 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 4 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 A4 04 00 06 D2 gpg: DBG: ccid-driver: [0016] 76 00 01 24 01 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 2 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 4 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 5 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 4F 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 18 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 5 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] D2 76 00 01 24 01 gpg: DBG: ccid-driver: [0016] 02 00 00 05 00 00 01 2E 00 00 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 6 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 5F 52 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 12 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 6 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 00 31 C5 73 C0 01 gpg: DBG: ccid-driver: [0016] 40 05 90 00 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 7 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 C4 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 9 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 7 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 01 20 20 20 03 00 gpg: DBG: ccid-driver: [0016] 03 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 8 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 6E 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 219 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 8 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 4F 10 D2 76 00 01 gpg: DBG: ccid-driver: [0016] 24 01 02 00 00 05 00 00 01 2E 00 00 5F 52 0A 00 gpg: DBG: ccid-driver: [0032] 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 gpg: DBG: ccid-driver: [0048] 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0064] C2 06 01 0C 00 00 20 00 C3 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0080] C4 07 01 20 20 20 03 00 03 C5 3C 00 00 00 00 00 gpg: DBG: ccid-driver: [0096] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0112] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0128] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0144] 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0176] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0192] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0208] 00 00 00 00 00 CD 0C 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0224] 00 00 00 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 9 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 5E 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 2 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 9 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 10 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 6E 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 219 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 10 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 4F 10 D2 76 00 01 gpg: DBG: ccid-driver: [0016] 24 01 02 00 00 05 00 00 01 2E 00 00 5F 52 0A 00 gpg: DBG: ccid-driver: [0032] 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 gpg: DBG: ccid-driver: [0048] 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0064] C2 06 01 0C 00 00 20 00 C3 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0080] C4 07 01 20 20 20 03 00 03 C5 3C 00 00 00 00 00 gpg: DBG: ccid-driver: [0096] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0112] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0128] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0144] 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0176] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0192] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0208] 00 00 00 00 00 CD 0C 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0224] 00 00 00 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 11 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 6E 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 219 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 11 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 4F 10 D2 76 00 01 gpg: DBG: ccid-driver: [0016] 24 01 02 00 00 05 00 00 01 2E 00 00 5F 52 0A 00 gpg: DBG: ccid-driver: [0032] 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 gpg: DBG: ccid-driver: [0048] 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0064] C2 06 01 0C 00 00 20 00 C3 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0080] C4 07 01 20 20 20 03 00 03 C5 3C 00 00 00 00 00 gpg: DBG: ccid-driver: [0096] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0112] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0128] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0144] 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0176] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0192] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0208] 00 00 00 00 00 CD 0C 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0224] 00 00 00 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 12 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 6E 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 219 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 12 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 4F 10 D2 76 00 01 gpg: DBG: ccid-driver: [0016] 24 01 02 00 00 05 00 00 01 2E 00 00 5F 52 0A 00 gpg: DBG: ccid-driver: [0032] 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 gpg: DBG: ccid-driver: [0048] 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0064] C2 06 01 0C 00 00 20 00 C3 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0080] C4 07 01 20 20 20 03 00 03 C5 3C 00 00 00 00 00 gpg: DBG: ccid-driver: [0096] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0112] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0128] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0144] 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0176] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0192] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0208] 00 00 00 00 00 CD 0C 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0224] 00 00 00 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 13 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 65 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 23 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 13 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 5B 0A 55 73 65 72 gpg: DBG: ccid-driver: [0016] 3C 3C 54 65 73 74 5F 2D 02 65 6E 5F 35 01 39 90 gpg: DBG: ccid-driver: [0032] 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 14 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 5F 50 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 2 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 14 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 15 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 6E 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 219 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 15 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 4F 10 D2 76 00 01 gpg: DBG: ccid-driver: [0016] 24 01 02 00 00 05 00 00 01 2E 00 00 5F 52 0A 00 gpg: DBG: ccid-driver: [0032] 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 gpg: DBG: ccid-driver: [0048] 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0064] C2 06 01 0C 00 00 20 00 C3 06 01 08 00 00 20 00 gpg: DBG: ccid-driver: [0080] C4 07 01 20 20 20 03 00 03 C5 3C 00 00 00 00 00 gpg: DBG: ccid-driver: [0096] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0112] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0128] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0144] 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0176] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0192] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0208] 00 00 00 00 00 CD 0C 00 00 00 00 00 00 00 00 00 gpg: DBG: ccid-driver: [0224] 00 00 00 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 16 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 C4 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 9 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 16 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 01 20 20 20 03 00 gpg: DBG: ccid-driver: [0016] 03 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 17 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 00 7A 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 7 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 17 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 93 03 00 00 00 90 gpg: DBG: ccid-driver: [0016] 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 18 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 01 01 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 2 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 18 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 90 00 gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock: gpg: DBG: ccid-driver: dwLength ..........: 5 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 19 gpg: DBG: ccid-driver: bBWI ..............: 0x04 gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000 gpg: DBG: ccid-driver: [0010] 00 CA 01 02 00 gpg: DBG: ccid-driver: RDR_to_PC_DataBlock: gpg: DBG: ccid-driver: dwLength ..........: 2 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 19 gpg: DBG: ccid-driver: bStatus ...........: 0 gpg: DBG: ccid-driver: [0010] 90 00 Application ID ...: D27600012401020000050000012E0000 Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: 0000012E Name of cardholder: Test User Language prefs ...: en Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Private DO 1 .....: [not set] Private DO 2 .....: [not set] Signature PIN ....: not forced Key attributes ...: 2048R 3072R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg: DBG: ccid-driver: PC_to_RDR_IccPowerOff: gpg: DBG: ccid-driver: dwLength ..........: 0 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 20 gpg: DBG: ccid-driver: [0007] 00 00 00 gpg: DBG: ccid-driver: RDR_to_PC_SlotStatus: gpg: DBG: ccid-driver: dwLength ..........: 0 gpg: DBG: ccid-driver: bSlot .............: 0 gpg: DBG: ccid-driver: bSeq ..............: 20 gpg: DBG: ccid-driver: bStatus ...........: 1 gpg: DBG: ccid-driver: bClockStatus ......: 0x01 (stopped-L) ------------------------ Thanks in advance. Talmage From dkg at fifthhorseman.net Wed Sep 30 15:38:00 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 30 Sep 2009 09:38:00 -0400 Subject: Mismatch between binary and ASCII-armored output for encrypted message In-Reply-To: <4AC32491.6040702@chrissutton.org> References: <4AC32491.6040702@chrissutton.org> Message-ID: <4AC35F38.7090209@fifthhorseman.net> On 09/30/2009 05:27 AM, Chris Sutton wrote: > It appears as if GPG is putting slightly different binary data into the > ASCII-armored version as into the direct binary output. Is this possible? OpenPGP encryption is a hybrid model: first, a random session key is generated. then the random session key is used with a reasonable stream cipher (3DES, AES, etc) to symmetrically encrypt the data in question. then the session key is asymmetrically encrypted (once for each recipient's key). The resultant block is the concatenation of the ciphertext and the encrypted session keys. Note that the first step involves some randomization (as it should!) -- this means that each encryption of the same cleartext will yield radically different ciphertext. I suspect this difference is what you're seeing, not any issue with base64-encoding. does this make sense? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From lists at chrissutton.org Wed Sep 30 15:53:04 2009 From: lists at chrissutton.org (Chris Sutton) Date: Wed, 30 Sep 2009 14:53:04 +0100 Subject: Mismatch between binary and ASCII-armored output for encrypted message In-Reply-To: <4AC35F38.7090209@fifthhorseman.net> References: <4AC32491.6040702@chrissutton.org> <4AC35F38.7090209@fifthhorseman.net> Message-ID: <4AC362C0.4050107@chrissutton.org> Hi Daniel, Thanks for your reply, that does make perfect sense. In theory I do understand how PGP works, but this is the first time I've gotten my hands dirty so things are still clicking into place! The actual problem I was debugging is why the binary output decrypts okay in another crypto library, but my base64-decoded version of the ASCII-armored output does not. I over-simplified my test case to expecting the two to be identical! I've now tracked this down as a problem with compression/decompression which I was able to fix. Thanks again, Chris Daniel Kahn Gillmor wrote: > On 09/30/2009 05:27 AM, Chris Sutton wrote: >> It appears as if GPG is putting slightly different binary data into the >> ASCII-armored version as into the direct binary output. Is this possible? > > OpenPGP encryption is a hybrid model: > > first, a random session key is generated. > > then the random session key is used with a reasonable stream cipher > (3DES, AES, etc) to symmetrically encrypt the data in question. > > then the session key is asymmetrically encrypted (once for each > recipient's key). > > The resultant block is the concatenation of the ciphertext and the > encrypted session keys. > > > Note that the first step involves some randomization (as it should!) -- > this means that each encryption of the same cleartext will yield > radically different ciphertext. > > I suspect this difference is what you're seeing, not any issue with > base64-encoding. > > does this make sense? > > --dkg > From wk at gnupg.org Wed Sep 30 16:06:23 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 30 Sep 2009 16:06:23 +0200 Subject: OpenPGP-Card2.0 and Omnikey Cardman 3021? In-Reply-To: <6539A033-8048-4CEC-830A-1819D410CE8E@orange.zero.jp> (talmage@orange.zero.jp's message of "Wed, 30 Sep 2009 20:51:32 +0900") References: <6539A033-8048-4CEC-830A-1819D410CE8E@orange.zero.jp> Message-ID: <874oqk5xy8.fsf@vigenere.g10code.de> On Wed, 30 Sep 2009 13:51, talmage at orange.zero.jp said: > Has anyone gotten the Omnikey Cardman 3021 to work with the internal > drivers? That one does not work reliable with 2048 bit keys. The Windows driver seems to have a workaround for it and I tried to come up with a similar workaround. However the protocol analysis I did is not complete and we often get out of sync. Avoid Omnikey or ask them to explain how to correctly switch and operation in TPDU mode. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From kloecker at kde.org Wed Sep 30 23:32:27 2009 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Wed, 30 Sep 2009 23:32:27 +0200 Subject: choosing an encryption target from a User ID In-Reply-To: <4AC285DE.2050806@fifthhorseman.net> References: <4AB90539.7020809@fifthhorseman.net> <200909292232.29640@thufir.ingo-kloecker.de> <4AC285DE.2050806@fifthhorseman.net> Message-ID: <200909302332.36254@thufir.ingo-kloecker.de> On Wednesday 30 September 2009, Daniel Kahn Gillmor wrote: > Thanks for the discussion, Ingo! This is really useful to me, and i > appreciate the thought you've obviously put in here. Thank you, the same to you! You really make me thinking. > On 09/29/2009 04:32 PM, Ingo Kl?cker wrote: > > She creates a new key, but Bob > > continues to use the old key. Unless Bob automatically imports > > unknown keys, he will notice that Alice now uses a different key > > because he cannot verify her signature anymore. And if Bob uses the > > old key to send an encrypted message to Alice, Alice will surely > > tell him what happened. > > will she? will Alice know how to resolve the problem? If she sends > Bob her new key, and Bob imports it, that would be great. They've > already had to do some work manually. Let's say that Bob even takes > the time to properly certify Alice's new key. You're now asking Bob > to take an *additional* step of "re-binding" the new Key ID to the > User ID -- why would he need to do that, when he's already certified > the key? True, but this could be solved by improving the used tools. People using KMail and OpenPGP will probably use KGpg for key management. So it would probably make sense to make KGpg aware of the "key-bindings" (which are stored in the KDE-wide address book btw, so this isn't strictly KMail-specific) and ask Bob after he certified Alice key. Just an idea. > > I agree, but I also disagree. I agree that it's preferable to save > > the user from having to make a choice. But then again I disagree > > about the "not have as much understanding of the problem space". > > People who do not understand to a certain degree how the WoT works > > would be better off using a centralized PKI. IMO this is a major > > weakness of the WoT. > > if you're doing explicit, hard-coded keyID-to-UserID bindings, you're > not using the WoT. You're using your bindings, perhaps with a > smidgen of the WoT to make sure that the key isn't totally invalid or > revoked. > > The way i'd like to see the WoT actually used is to get people to > think about two things which are well within the range of normal > human activity: > > a) who can i identify? I have no problem doing this. > b) who can i rely on to identify others? This is what is giving me major headaches. Maybe I'm too pessimistic or paranoid, but I trust almost nobody. I prefer to go to keysigning parties and check the ids myself. You are correct, that this is not what the WoT is about. > and then let reasonable, well-thought-out mechanisms draw the links > for the people automatically, without them having to think about it. > > If the tools don't do the Right Thing by default, then we start to > ask users to think about a bunch of extra arcane ideas beyond a and b > (ideas that folks on this list have actually thought about in-depth). > Those are tough to understand, and non-experts are justifiably > confused by them. > > This is why we need the tools to draw the right patterns by default, > not an argument to use hard-coded bindings or some centralized PKI > that asks the user to make none of these decisions at all. I see the value in tools doing the Right Thing by default, so I agree that gpg should probably be improved in this respect. Maybe I'm really doing something wrong. Maybe you are right in that I should stick to what gpg thinks is best and only use hard-coded bindings if it's really necessary. Hmm. I need to think about this. > > See above. I wonder how much of a real problem this is. How many > > people have multiple valid keys bound to the same email addresses? > > What is the use case for having multiple valid keys bound to the > > same addresses? > > I agree that it's not currently a common situation. here are the few > legitimate situations with multiple keys that i know of: > > * several people are going through key transitions right now, for > the same reasons that the defaults are changing in gpg. These people > often have two keys for a period of time. Yes. That's a good use case. > * Some people also have old keys that they have accidentally lost > access to. once that happens, it's too late. Yeah. That's basically a variation of the above use case. > But: > > Malicious people can upload keys with arbitrary User IDs to public > keyservers; if a user fetches one of those from a search (perhaps to > check the validity of any attached signatures), it's still in their > keyring, possible before the valid key of the corresponding user. > > If we say "it's not a common situation, so we won't worry about extra > hassle; only a few people will have to deal with the hassle", but > anyone can inject material into the public keyservers that trigger > the hassle for anyone else, i think that's a problem, even if no one > has chosen to exploit it yet that we know of. Hmm, AFAIU, for someone who does not blindly certify such keys this shouldn't be a problem since those malicious keys wouldn't be valid and thus wouldn't take preference over a valid key ... unless somebody else this person trusts is trying to screw them. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From email at sven-radde.de Wed Sep 30 22:43:56 2009 From: email at sven-radde.de (Sven Radde) Date: Wed, 30 Sep 2009 22:43:56 +0200 Subject: Mismatch between binary and ASCII-armored output for encrypted message In-Reply-To: <4AC32491.6040702@chrissutton.org> References: <4AC32491.6040702@chrissutton.org> Message-ID: <4AC3C30C.3060808@sven-radde.de> Hi! Chris Sutton schrieb: > What doesn't work > ----------------- > > I was under the impression that exactly the same process should work for > a message encrypted using GPG. I pass in a plaintext file with the -e > and -r options, and generate the binary and ASCII-armored versions as > above. However, when I base64 encode the binary, or base64 decode > the ASCII, the result does not match GPG's other version. If you encrypt the same file twice, the output will be almost totally different, as GnuPG uses a "session key" for encryption that changes randomly for each call to GnuPG. This will be true even for two subsequent encryptions of the same file with both being either binary of ASCII mode. When exporting a public/private key once as binary and once as ASCII, you are processing the very same block of data using two different data representations. Converting should work here. HTH, Sven