From kgo at grant-olson.net Wed Sep 1 01:48:41 2010 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 31 Aug 2010 19:48:41 -0400 Subject: Why do smart cards have a 'sex' option? Message-ID: <4C7D94D9.1020906@grant-olson.net> I just got my new crypto-stick, and it's pretty slick. I understand why I'd want to set my name and language preferences, but I was trying to come up with a good scenario where my sex would be useful, or what the rational was for including that field. I'm just curious more than anything. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From kgo at grant-olson.net Wed Sep 1 03:34:37 2010 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 31 Aug 2010 21:34:37 -0400 Subject: Generating smart-card stubs on a clean computer? Message-ID: <4C7DADAD.50307@grant-olson.net> I can find docs on generating a key on a smart card, and migrating an existing key to the smart card. But I can't figure out how to configure the smart card on a clean machine that never had my secret keys. The card has both signing and encryption keys on it. The drivers are installed. I'm running gpg2 (via gpg4win) on a Windows XP box. --card-status and --card-edit work. But if I try to sign something, I'm told I don't have any secret keys. How do I get stubs to show up in the local gpg configuration? Does anyone know how I can do this? Thanks. -- Grant "Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 552 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Wed Sep 1 04:56:26 2010 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 31 Aug 2010 19:56:26 -0700 Subject: Generating smart-card stubs on a clean computer? In-Reply-To: <4C7DADAD.50307@grant-olson.net> References: <4C7DADAD.50307@grant-olson.net> Message-ID: <4C7DC0DA.6060308@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 8/31/2010 6:34 PM, Grant Olson wrote: | I can find docs on generating a key on a smart card, and migrating an | existing key to the smart card. But I can't figure out how to configure | the smart card on a clean machine that never had my secret keys. | | The card has both signing and encryption keys on it. The drivers are | installed. I'm running gpg2 (via gpg4win) on a Windows XP box. | | --card-status and --card-edit work. But if I try to sign something, I'm | told I don't have any secret keys. How do I get stubs to show up in the | local gpg configuration? | | Does anyone know how I can do this? If you run 'gpg --edit-key 0xyourkeyid' does it show that the key is ultimately trusted? If not, edit your trust level and try again. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) iQEcBAEBCAAGBQJMfcDZAAoJEFzGhvEaGryE41YH/1IK+WKPb0LwGq52e6O5J4aT t5ECtTlMYVisiFPTJab3iU/OdZjZQFX3rDQqVx669ZPb76lFmlngsxQbGIwpYrsE eR96kdJLHint1WH911NXeTg8yj2ljEUZgh6H4oNhlQAMDPwYnhgbNg5zs5PAkLS1 RuRtcXkCM/QK4MwQSa45DZ8f/Gr0rAnPyobM5kUk+y82fJG5iPRSCocFvqOxvH2I h3v8micpX/fJaI8tDJ/qsY2lywu2Vn+5Gh9FiElJso0cYXMCP9LRxB6CQnBL4pyx EqW9C5BQPYYTlmV1Y8eajeyVuBKFaKd9jAENSOMIwXfBihPT4PVHr0XtMVUqarc= =S25H -----END PGP SIGNATURE----- From kgo at grant-olson.net Wed Sep 1 05:28:48 2010 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 31 Aug 2010 23:28:48 -0400 Subject: Generating smart-card stubs on a clean computer? In-Reply-To: <4C7DC0DA.6060308@dougbarton.us> References: <4C7DADAD.50307@grant-olson.net> <4C7DC0DA.6060308@dougbarton.us> Message-ID: <4C7DC870.7070306@grant-olson.net> On 8/31/10 10:56 PM, Doug Barton wrote: > On 8/31/2010 6:34 PM, Grant Olson wrote: > | I can find docs on generating a key on a smart card, and migrating an > | existing key to the smart card. But I can't figure out how to configure > | the smart card on a clean machine that never had my secret keys. > | > | The card has both signing and encryption keys on it. The drivers are > | installed. I'm running gpg2 (via gpg4win) on a Windows XP box. > | > | --card-status and --card-edit work. But if I try to sign something, I'm > | told I don't have any secret keys. How do I get stubs to show up in the > | local gpg configuration? > | > | Does anyone know how I can do this? > > If you run 'gpg --edit-key 0xyourkeyid' does it show that the key is > ultimately trusted? If not, edit your trust level and try again. > > > Doug I guess the issue is that I don't have a key at all on the new machine. I thought I could run some magic command that'd load the stubs for my smartcard keys into my secret keyring. If I manually export the stub keys from my 'good' machine, and import them onto the new machine, things work. But that seems clunky. Now I need to carry around my smart-card, and a USB stick with the key stubs, to configure a new machine. If that's what I have to do, I guess that's what I have to do. But I thought there'd be an easier way to get things working?, using nothing but the smartcard. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From John at Mozilla-Enigmail.org Wed Sep 1 04:24:37 2010 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 31 Aug 2010 21:24:37 -0500 Subject: Generating smart-card stubs on a clean computer? In-Reply-To: <4C7DADAD.50307@grant-olson.net> References: <4C7DADAD.50307@grant-olson.net> Message-ID: <4C7DB965.3070004@Mozilla-Enigmail.org> Grant Olson wrote: > I can find docs on generating a key on a smart card, and migrating an > existing key to the smart card. But I can't figure out how to configure > the smart card on a clean machine that never had my secret keys. > > The card has both signing and encryption keys on it. The drivers are > installed. I'm running gpg2 (via gpg4win) on a Windows XP box. > > --card-status and --card-edit work. But if I try to sign something, I'm > told I don't have any secret keys. How do I get stubs to show up in the > local gpg configuration? > > Does anyone know how I can do this? Issuing fetch within 'gpg --card-edit' and then 'gpg --card-status' have always worked for me -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 499 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Wed Sep 1 06:39:09 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 1 Sep 2010 00:39:09 -0400 Subject: Generating smart-card stubs on a clean computer? In-Reply-To: <4C7DADAD.50307@grant-olson.net> References: <4C7DADAD.50307@grant-olson.net> Message-ID: <4383F2D3-D43A-4879-B797-E5FDCA61A9AC@jabberwocky.com> On Aug 31, 2010, at 9:34 PM, Grant Olson wrote: > I can find docs on generating a key on a smart card, and migrating an > existing key to the smart card. But I can't figure out how to configure > the smart card on a clean machine that never had my secret keys. > > The card has both signing and encryption keys on it. The drivers are > installed. I'm running gpg2 (via gpg4win) on a Windows XP box. > > --card-status and --card-edit work. But if I try to sign something, I'm > told I don't have any secret keys. How do I get stubs to show up in the > local gpg configuration? > > Does anyone know how I can do this? Do you have the public key corresponding to the card key on that box? You need the public key plus a run of --card-status to generate the stubs. David From kgo at grant-olson.net Wed Sep 1 06:49:01 2010 From: kgo at grant-olson.net (Grant Olson) Date: Wed, 01 Sep 2010 00:49:01 -0400 Subject: Generating smart-card stubs on a clean computer? In-Reply-To: <4383F2D3-D43A-4879-B797-E5FDCA61A9AC@jabberwocky.com> References: <4C7DADAD.50307@grant-olson.net> <4383F2D3-D43A-4879-B797-E5FDCA61A9AC@jabberwocky.com> Message-ID: <4C7DDB3D.9000204@grant-olson.net> On 9/1/10 12:39 AM, David Shaw wrote: > > Do you have the public key corresponding to the card key on that box? You need the public key plus a run of --card-status to generate the stubs. > That did the trick. As did John's suggestion to run fetch from 'gpg --card-edit' I'm assuming 'fetch' just runs an import for the keys stored on the card. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From John at Mozilla-Enigmail.org Wed Sep 1 07:31:53 2010 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 01 Sep 2010 00:31:53 -0500 Subject: Generating smart-card stubs on a clean computer? In-Reply-To: <4C7DDB3D.9000204@grant-olson.net> References: <4C7DADAD.50307@grant-olson.net> <4383F2D3-D43A-4879-B797-E5FDCA61A9AC@jabberwocky.com> <4C7DDB3D.9000204@grant-olson.net> Message-ID: <4C7DE549.3030104@Mozilla-Enigmail.org> Grant Olson wrote: > On 9/1/10 12:39 AM, David Shaw wrote: >> >> Do you have the public key corresponding to the card key on that box? You >> need the public key plus a run of --card-status to generate the stubs. > > That did the trick. As did John's suggestion to run fetch from 'gpg > --card-edit' I'm assuming 'fetch' just runs an import for the keys > stored on the card. Nope. fetch grabs the public key al? 'gpg --fetch'. From --card-edit's help: > gpg/card> ? > quit quit this menu > admin show admin commands > help show this help > list list all available data > fetch fetch the key specified in the card URL > passwd menu to change or unblock the PIN > verify verify the PIN and list all data > unblock unblock the PIN using a Reset Code Then --card-status creates the needed key stubs -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 499 bytes Desc: OpenPGP digital signature URL: From free10pro at gmail.com Wed Sep 1 07:45:26 2010 From: free10pro at gmail.com (Paul Richard Ramer) Date: Tue, 31 Aug 2010 22:45:26 -0700 Subject: Encryption with no recipient In-Reply-To: <4C7CEC5C.6030500@gmail.com> References: <4C7CCEAA.2000309@gmail.com> <20100831113636.GA3801@straylight.ringlet.net> <4C7CEC5C.6030500@gmail.com> Message-ID: <4C7DE876.1030409@gmail.com> On Tue, 31 Aug 2010 07:49:48 -0400, Ted Rolle Jr. wrote: > I tried -ace and it aways asked for a userid. -c and -ac worked just > fine. Apparently when -e is specified that triggers the request for a > recipient. Hi Ted. "-c" or "--symmetric" encrypts with a symmetric key that is derived from a passphrase. No public key is used. Because of that, using "gpg -c some_file" will ask for a passphrase, and that passphrase must be used when you want to decrypt the file. But when you specify "-e" or "--encrypt", GnuPG will use a public key to encrypt the file, and a recipient's public key must be specified. This means that when you specify both "-c" and "-e", you will get a file that is encrypted by a symmetric key and a public key. That is why GnuPG is asking for a recipient. -Paul -- PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 From skm_mail at yahoo.com Wed Sep 1 09:28:14 2010 From: skm_mail at yahoo.com (khaja mohideen) Date: Wed, 1 Sep 2010 00:28:14 -0700 (PDT) Subject: Fips compliance Message-ID: <590922.6252.qm@web33705.mail.mud.yahoo.com> Hi All, ?? Am newbie to gpg encryption. My question is Is gpg FIPS compliance. ?A quick search reveals its not. http://lists.gnupg.org/pipermail/gnupg-users/2007-January/030159.html Where as in this link its states that libgcrypt is FIPS complaint and its need to be put in that mode explicitly. http://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html Since? libgcrypt library is being used by gpg tool.? can we say that gpg is? fips complaint. Regards, KMS -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Wed Sep 1 06:41:42 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 01 Sep 2010 06:41:42 +0200 Subject: Redirecting STDIN In-Reply-To: <854860.73784.qm@web45901.mail.sp1.yahoo.com> (James Board's message of "Sun, 29 Aug 2010 13:40:13 -0700 (PDT)") References: <854860.73784.qm@web45901.mail.sp1.yahoo.com> Message-ID: <87k4n6t6rd.fsf@gnupg.org> On Sun, 29 Aug 2010 22:40, jpboard2 at yahoo.com said: > This problem exists with gpg and with the older pgp 2.x. I'd like to solve it by redirecting STDIN because pgp 2.x doesn't implement the options that you specify. Use --batch i you don't want to be asked. For automating GPG processing you need to look into --command-fd and --status-fd or better use gpgme. GPG has nothing in common with PGP - it is an entrely different software. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Sep 1 06:47:35 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 01 Sep 2010 06:47:35 +0200 Subject: problem with static libgpg-error 1.9 on MinGW In-Reply-To: <4C7BF846.1040708@mabrand.nl> (Mark Brand's message of "Mon, 30 Aug 2010 20:28:22 +0200") References: <4C7BF846.1040708@mabrand.nl> Message-ID: <87fwxut6hk.fsf@gnupg.org> On Mon, 30 Aug 2010 20:28, mabrand at mabrand.nl said: > I have been working on updating from libgpg-error-1.8 to > libgpg-error-1.9 in mingw-cross-env. Mingw-cross-env is a cross Actually you may only build libgpg-error with a cross compiler; in particular mingw32 (but not using that newer (Debian) gcc-mingw32 thingie, which is broken) > building environment for MinGW. One of its features is that it builds > static versions of all its libraries. I am not sure whether building libgpg-error as static library works. It uses thread local storage and is thus better initialized using dllmain(). "./autogen.sh --build-w32 --enable-static" might build the static lib - I can't test right now. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Wed Sep 1 11:17:25 2010 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 01 Sep 2010 11:17:25 +0200 Subject: Why do smart cards have a 'sex' option? In-Reply-To: <4C7D94D9.1020906@grant-olson.net> References: <4C7D94D9.1020906@grant-olson.net> Message-ID: <4C7E1A25.6050902@digitalbrains.com> > I just got my new crypto-stick, and it's pretty slick. I understand why > I'd want to set my name and language preferences, but I was trying to > come up with a good scenario where my sex would be useful, or what the > rational was for including that field. My guess is it is to address the user correctly in dialogs, in some languages. The sex of the person addressed might determine the grammatical gender of words used in dialogs. I've forgotten which languages have this feature, but I'm pretty sure there are such languages. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt (new, larger key created on Nov 12, 2009) From hidekis at gmail.com Wed Sep 1 11:23:35 2010 From: hidekis at gmail.com (Hideki Saito) Date: Wed, 1 Sep 2010 02:23:35 -0700 Subject: Fips compliance In-Reply-To: <590922.6252.qm@web33705.mail.mud.yahoo.com> References: <590922.6252.qm@web33705.mail.mud.yahoo.com> Message-ID: > > Am newbie to gpg encryption. My question is > > Is gpg FIPS compliance. > > A quick search reveals its not. > > http://lists.gnupg.org/pipermail/gnupg-users/2007-January/030159.html > > Where as in this link its states that libgcrypt is FIPS complaint and its > need to be put in that mode explicitly. > > http://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html > > > Since libgcrypt library is being used by gpg tool. can we say that gpg > is fips complaint. > > > As far as I know, FIPS requirements are quite specific. Library may have been implemented and complaints to FIPS requirement -- but all components would need to be complaints to FIPS to be able to call it FIPS complaint. (and I don't have answer for that...) If your question is if GnuPG is FIPS *certified* then answer is probably no, unless someone has submitted some particular version of GnuPG for certification and passed it. Hideki Saito Buzz: hidekis at gmail.com Wave: hidekis at googlewave.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From expires2010 at ymail.com Wed Sep 1 19:26:55 2010 From: expires2010 at ymail.com (MFPA) Date: Wed, 1 Sep 2010 18:26:55 +0100 Subject: Offtopic: any German speakers who can help translate jokes to English In-Reply-To: <4C7D15FC.1070809@gmail.com> References: <4C7D15FC.1070809@gmail.com> Message-ID: <1695173325.20100901182655@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Tuesday 31 August 2010 at 3:47:24 PM, in , Ted Rolle Jr. wrote: > "Subject: Offtopic:..." Nothing's off-topic for this group. > It doesn't have to be perfect! I visit www.spitzenwitze.de and find > good jokes there. I don't get some of them because I'm not that > familiar with colloquial German. And some don't translate well, if at all. Google translate certainly wrecks the jokes! - -- Best regards MFPA mailto:expires2010 at ymail.com Volvo, Video, Velcro. (I came, I saw, I stuck around.) -----BEGIN PGP SIGNATURE----- iQCVAwUBTH6M7aipC46tDG5pAQq/XQP+MU/VaBtG/ssg215q21/UUQROHfmcpAil pLC09n7cNvgUkn69gLYGjBXHQ+stTmyUyugxvQwXYdOLeV+gv/sNI0NYQASBggcy nNksJGLV8ZEex8kQR6yWNHA13+y3KTzKCyW3M1HH0+ycpBRELFSxWIOr9ldaMo1w v9SBlrnsGw0= =kLio -----END PGP SIGNATURE----- From kgo at grant-olson.net Wed Sep 1 21:55:55 2010 From: kgo at grant-olson.net (Grant Olson) Date: Wed, 01 Sep 2010 15:55:55 -0400 Subject: Why do smart cards have a 'sex' option? In-Reply-To: <4C7E1A25.6050902@digitalbrains.com> References: <4C7D94D9.1020906@grant-olson.net> <4C7E1A25.6050902@digitalbrains.com> Message-ID: <4C7EAFCB.1030502@grant-olson.net> On 9/1/10 5:17 AM, Peter Lebbing wrote: >> I just got my new crypto-stick, and it's pretty slick. I understand why >> I'd want to set my name and language preferences, but I was trying to >> come up with a good scenario where my sex would be useful, or what the >> rational was for including that field. > > My guess is it is to address the user correctly in dialogs, in some languages. > The sex of the person addressed might determine the grammatical gender of words > used in dialogs. I've forgotten which languages have this feature, but I'm > pretty sure there are such languages. > > Peter. > Yeah, that makes perfect sense. I think I did know that somewhere in the back of my head. But I found some smartcard spec doc that indicated the UI is allowed to grab this value and adjust the interface accordingly. And I was just thinking, "What's the UI supposed to do? Show hello-kitty and unicorns if it's a woman, and monster trucks and cyborg ninjas if it's a guy?" Thanks. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From bernhard.kleine at gmx.net Wed Sep 1 22:40:00 2010 From: bernhard.kleine at gmx.net (Bernhard Kleine) Date: Wed, 01 Sep 2010 22:40:00 +0200 Subject: Offtopic: any German speakers who can help translate jokes to English In-Reply-To: <1695173325.20100901182655@my_localhost> References: <4C7D15FC.1070809@gmail.com> <1695173325.20100901182655@my_localhost> Message-ID: <1283373600.2486.3.camel@bernhard-desktop> Am Mittwoch, den 01.09.2010, 18:26 +0100 schrieb MFPA: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi > > > On Tuesday 31 August 2010 at 3:47:24 PM, in > , Ted Rolle Jr. wrote: > > > > "Subject: Offtopic:..." > > > Nothing's off-topic for this group. Good jokes are always encrypted when read by foreigners, in any language, aren't they :-) ? Greetings Bernhard > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Dies ist ein digital signierter Nachrichtenteil URL: From skm_mail at yahoo.com Fri Sep 3 12:04:18 2010 From: skm_mail at yahoo.com (khaja mohideen) Date: Fri, 3 Sep 2010 03:04:18 -0700 (PDT) Subject: Fips compliance In-Reply-To: Message-ID: <63801.27238.qm@web33703.mail.mud.yahoo.com> Hi All, ?? So can I consider the GnuPG tool to be? non FIPS complaint even though the underlying library is fips complaint. Regards, Khaja Mohideen --- On Wed, 9/1/10, Hideki Saito wrote: From: Hideki Saito Subject: Re: Fips compliance To: "khaja mohideen" Cc: gnupg-users at gnupg.org Date: Wednesday, September 1, 2010, 2:23 AM ?? Am newbie to gpg encryption. My question is Is gpg FIPS compliance. ?A quick search reveals its not. http://lists.gnupg.org/pipermail/gnupg-users/2007-January/030159.html Where as in this link its states that libgcrypt is FIPS complaint and its need to be put in that mode explicitly. http://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html Since? libgcrypt library is being used by gpg tool.? can we say that gpg is? fips complaint. As far as I know, FIPS requirements are quite specific. Library may have been implemented and complaints to FIPS requirement -- but all components would need to be complaints to FIPS to be able to call it FIPS complaint. (and I don't have answer for that...) If your question is if GnuPG is FIPS *certified* then answer is probably no, unless someone has submitted some particular version of GnuPG for certification and passed it. Hideki Saito Buzz: hidekis at gmail.com Wave: hidekis at googlewave.com? -------------- next part -------------- An HTML attachment was scrubbed... URL: From skm_mail at yahoo.com Fri Sep 3 12:06:05 2010 From: skm_mail at yahoo.com (khaja mohideen) Date: Fri, 3 Sep 2010 03:06:05 -0700 (PDT) Subject: Fips compliance In-Reply-To: Message-ID: <910750.90342.qm@web33706.mail.mud.yahoo.com> Hi, ??? Thank you? Hideki for your response. ? ?? Yes.? I am? talking about the? gpg which is the main program of GnuPG System.? And a tool used for encryption and signing. ??? So? Can i consider gnupg tool to be non fips complaint even though the underlying library is fips complaint. Regards, Khaja Mohideen Regards, Khaja Mohideen --- On Wed, 9/1/10, Hideki Saito wrote: From: Hideki Saito Subject: Re: Fips compliance To: "khaja mohideen" Cc: gnupg-users at gnupg.org Date: Wednesday, September 1, 2010, 2:23 AM ?? Am newbie to gpg encryption. My question is Is gpg FIPS compliance. ?A quick search reveals its not. http://lists.gnupg.org/pipermail/gnupg-users/2007-January/030159.html Where as in this link its states that libgcrypt is FIPS complaint and its need to be put in that mode explicitly. http://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html Since? libgcrypt library is being used by gpg tool.? can we say that gpg is? fips complaint. As far as I know, FIPS requirements are quite specific. Library may have been implemented and complaints to FIPS requirement -- but all components would need to be complaints to FIPS to be able to call it FIPS complaint. (and I don't have answer for that...) If your question is if GnuPG is FIPS *certified* then answer is probably no, unless someone has submitted some particular version of GnuPG for certification and passed it. Hideki Saito Buzz: hidekis at gmail.com Wave: hidekis at googlewave.com? -------------- next part -------------- An HTML attachment was scrubbed... URL: From emylistsddg at gmail.com Mon Sep 6 21:41:28 2010 From: emylistsddg at gmail.com (eMyListsDDg) Date: Mon, 6 Sep 2010 12:41:28 -0700 Subject: libkleo.dll can't load within TheBat! or be registered In-Reply-To: <1621837573.20100816180708@my_localhost> References: <1619564056.20100814162507@gmail.com> <871v9zugib.fsf@vigenere.g10code.de> <1621837573.20100816180708@my_localhost> Message-ID: <1946142490.20100906124128@gmail.com> Hello MFPA, yep, that path to the .exe file. i'll post on TB forum. thx > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > Hi > On Monday 16 August 2010 at 9:08:12 AM, in > , Werner Koch wrote: >> Please check the source code to see what is going >> wrong. >> Ooops - No source code? - Then please ask the makers of >> The Bat. > You could also try asking on The Bat! User Discussion List, in case > anybody else has issues when they select "OpenPGP Key Manager" from > the menu. FWIW, TB! manages to open GPGshell's key manager for me > without issue. (I'm guessing you have double-checked the "path to > GnuPG external key manager" is set correctly in TB! at > Options | OpenPGP | OpenPGP Preferences | Files tab.) -- Bill Key fingerprint = DB4D 251B FE8A BDCD 2BE4 E889 13F1 78D0 A386 B32B From alex_gnupg at yahoo.in Tue Sep 7 10:26:08 2010 From: alex_gnupg at yahoo.in (Alex Smily) Date: Tue, 7 Sep 2010 13:56:08 +0530 (IST) Subject: generating X.509 certificates using gnupg Message-ID: <648280.61221.qm@web95707.mail.in.yahoo.com> hai please dont mind if this forum in not the correct one to ask...i have installed gnupg on windows... gpg ,gpg2 ,gpgsm are working fine. is it possible to generate x.509 certificates using gnupg??if s please help me. Thanksalex? -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgo at grant-olson.net Wed Sep 8 01:21:56 2010 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 07 Sep 2010 19:21:56 -0400 Subject: scdaemon loses connection when I unplug/replug a crypto-stick Message-ID: <4C86C914.3010808@grant-olson.net> I'm on OSX Snow Leopord, the latest version of MacGPG2. When I remove my cryptostick and plug it back in, scdaemon doesn't see it anymore. This causes gpg-agent to complain that it can't find a smart-card. If I manually lookup the PID for scdaemon and give it a "kill -9" things work again. I imagine that the cryptostick is a little unique in this regard. Most people would have a reader that's more permanently attached, but with the crypto-stick, the reader is integrated with the card. Anyone know of an easy way for me to fix this? -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From free10pro at gmail.com Wed Sep 8 09:50:06 2010 From: free10pro at gmail.com (Paul Richard Ramer) Date: Wed, 08 Sep 2010 00:50:06 -0700 Subject: generating X.509 certificates using gnupg In-Reply-To: <648280.61221.qm@web95707.mail.in.yahoo.com> References: <648280.61221.qm@web95707.mail.in.yahoo.com> Message-ID: <4C87402E.5010206@gmail.com> On Tue, 7 Sep 2010 13:56:08 +0530 (IST), Alex Smily wrote: > please dont mind if this forum in not the correct one to ask...i have > installed gnupg on windows... gpg ,gpg2 ,gpgsm are working fine. > is it possible to generate x.509 certificates using gnupg? if s > please help me. This is the right mailing list. You can generate a certificate signing request with gpgsm, e.g. gpgsm --output certificate.csr --gen-key. If you are looking to do more than that, you may wish to use OpenSSL instead. And if this doesn't fully answer your question, or you have more questions, post back--this mailing list is friendly to newcomers. -Paul -- Please use my PGP key when sending me e-mail, if you can. PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: OpenPGP digital signature URL: From benchoff at bev.net Wed Sep 8 17:45:54 2010 From: benchoff at bev.net (Phil Benchoff) Date: Wed, 8 Sep 2010 11:45:54 -0400 Subject: scdaemon loses connection when I unplug/replug a crypto-stick In-Reply-To: <4C86C914.3010808@grant-olson.net> References: <4C86C914.3010808@grant-olson.net> Message-ID: <20100908154554.GB28536@groupw.cns.vt.edu> On Tue, Sep 07, 2010 at 07:21:56PM -0400, Grant Olson wrote: > I'm on OSX Snow Leopord, the latest version of MacGPG2. > > When I remove my cryptostick and plug it back in, scdaemon doesn't see > it anymore. This causes gpg-agent to complain that it can't find a > smart-card. If I manually lookup the PID for scdaemon and give it a > "kill -9" things work again. > > I imagine that the cryptostick is a little unique in this regard. Most > people would have a reader that's more permanently attached, but with > the crypto-stick, the reader is integrated with the card. > > Anyone know of an easy way for me to fix this? > > -- > Grant I discovered the same thing yesterday. GnuPG 2.0.16 on Linux. The built-in ccid driver is being used: # Start with the GPF Crypto Stick plugged in # Built-in ccid m-6:/usr/local/src/Aladdin/ccid-1.3.13 (2) $ scdaemon --server -v scdaemon[7428]: handler for fd -1 started scdaemon[7428]: reader slot 0: using ccid driver scdaemon[7428]: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C OK GNU Privacy Guard's Smartcard server ready scdaemon[7428]: updating slot 0 status: 0x0000->0x0007 (0->1) serialno scdaemon[7428]: reader slot 0: using ccid driver scdaemon[7428]: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C # bunch of debug messages deleted here OK # Crypto Stick removed scdaemon[7428]: updating slot 0 status: 0x0007->0x0000 (1->1) # Crypto Stick inserted serialno scdaemon[7428]: ccid_transceive failed: (0x1000c) scdaemon[7428]: apdu_send_simple(0) failed: no reader scdaemon[7428]: no supported card application found: No such device ERR 100696144 No such device -------------------------------------------------------------------------- PCSC knows about USB events and works a little bit differently. So long as no scdaemon command is issued while the device is unplugged, it recovers from removal and insertion. As soon as a command is issued with the device unplugged, it never sees the reader again: # PCSC-lite 1.4.6 and ccid 1.3.13 $ scdaemon --server -v scdaemon[7573]: handler for fd -1 started scdaemon[7573]: reader slot 0: not connected scdaemon[7573]: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C OK GNU Privacy Guard's Smartcard server ready scdaemon[7573]: updating slot 0 status: 0x0000->0x0007 (0->1) serialno scdaemon[7573]: AID: D2 76 00 01 24 01 02 00 00 05 00 00 06 87 00 00 # Bunch of messages deleted here OK # Crypto Stick removed scdaemon[7573]: updating slot 0 status: 0x0007->0x0000 (1->2) # Crypto Stick inserted scdaemon[7573]: updating slot 0 status: 0x0000->0x0007 (2->3) serialno scdaemon[7573]: AID: D2 76 00 01 24 01 02 00 00 05 00 00 06 87 00 00 # Bunch of messages deleted here OK # Crypto Stick removed scdaemon[7573]: updating slot 0 status: 0x0007->0x0000 (3->4) # Attempt command with no reader serialno scdaemon[7573]: PC/SC RESET failed: invalid value (0x80100011) ERR 100663404 Card error # Crypto Stick inserted reset OK serialno ERR 100663404 Card error It appears that once scdaemon decides there is no reader, it needs to be restarted. Phil From wk at gnupg.org Fri Sep 10 20:10:00 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 10 Sep 2010 20:10:00 +0200 Subject: scdaemon loses connection when I unplug/replug a crypto-stick In-Reply-To: <4C86C914.3010808@grant-olson.net> (Grant Olson's message of "Tue, 07 Sep 2010 19:21:56 -0400") References: <4C86C914.3010808@grant-olson.net> Message-ID: <87zkvpjwqv.fsf@vigenere.g10code.de> On Wed, 8 Sep 2010 01:21, kgo at grant-olson.net said: > I imagine that the cryptostick is a little unique in this regard. Most Not really, I have an USB stick size card reader and thus the same problem. > Anyone know of an easy way for me to fix this? No. I know how to fix that but it needs some code rewrite. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Tue Sep 14 22:34:31 2010 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 14 Sep 2010 16:34:31 -0400 Subject: gpg-agent ssh authentication sees non-existent key? Message-ID: <4C8FDC57.60402@grant-olson.net> I'm using gpg-agent instead of ssh-agent on OS X with a smart card. When I didn't have the card plugged in, it was falling back to the file ~/.ssh/id_rsa, which seemed reasonable, even though I didn't want to use the old key. When I moved the file, gpg-agent still seems to see it some how. It prompts: Please enter the passphrase for the ssh key /Users/grant/.ssh/id_rsa If I enter the old passphrase, I authenticate. But the file doesn't exist: johnmudhead:.ssh grant$ cd ~/.ssh johnmudhead:.ssh grant$ ls -a . id_rsa.old known_hosts .. id_rsa.pub.old known_hosts~ johnmudhead:.ssh grant$ I even rebooted to make sure that gpg-agent wasn't stashing a copy in memory. Same behavior. Did gpg-agent stash a copy of the private key? How do I delete that copy? -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From hawke at hawkesnest.net Tue Sep 14 23:06:35 2010 From: hawke at hawkesnest.net (Alex Mauer) Date: Tue, 14 Sep 2010 16:06:35 -0500 Subject: gpg-agent ssh authentication sees non-existent key? In-Reply-To: <4C8FDC57.60402__8830.99142597548$1284496619$gmane$org@grant-olson.net> References: <4C8FDC57.60402__8830.99142597548$1284496619$gmane$org@grant-olson.net> Message-ID: On 09/14/2010 03:34 PM, Grant Olson wrote: > Did gpg-agent stash a copy of the private key? How do I delete that copy? I believe it?s one of the files in ~/.gnupg/private-keys-v1.d/ ? at least, that?s where it is in Linux. ?Alex Mauer ?hawke? From RFletes at midsouthcc.edu Tue Sep 14 23:43:39 2010 From: RFletes at midsouthcc.edu (Fletes, Raul) Date: Tue, 14 Sep 2010 16:43:39 -0500 Subject: Converting from PGP to GPG Message-ID: I just installed GPG on a Windows machine. In my old PGP I used to enter: PGP -seat myfile.dat "XYZ abc" -u Myschool to encrypt transcripts and such before sending. How would I replicate that in GPG ??? Thanks! Raul _______________________________________________________________________ This MSCC e-mail has been scanned for viruses by MessageLabs SkyScan! _______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From hawke at hawkesnest.net Wed Sep 15 01:26:10 2010 From: hawke at hawkesnest.net (Alex Mauer) Date: Tue, 14 Sep 2010 18:26:10 -0500 Subject: Converting from PGP to GPG In-Reply-To: References: Message-ID: On 09/14/2010 04:43 PM, Fletes, Raul wrote: > In my old PGP I used to enter: PGP -seat myfile.dat "XYZ abc" -u > Myschool to encrypt transcripts and such before sending. > > How would I replicate that in GPG ??? gpg -sea myfile.dat -r "XYZ abc" -u Myschool Hope this helps. ?Alex Mauer ?hawke? From kgo at grant-olson.net Wed Sep 15 03:17:05 2010 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 14 Sep 2010 21:17:05 -0400 Subject: gpg-agent ssh authentication sees non-existent key? In-Reply-To: References: <4C8FDC57.60402__8830.99142597548$1284496619$gmane$org@grant-olson.net> Message-ID: <4C901E91.80503@grant-olson.net> On 9/14/10 5:06 PM, Alex Mauer wrote: > On 09/14/2010 03:34 PM, Grant Olson wrote: >> Did gpg-agent stash a copy of the private key? How do I delete that >> copy? > > I believe it?s one of the files in ~/.gnupg/private-keys-v1.d/ ? at > least, that?s where it is in Linux. > Thanks, that did the trick. So I've got two questions (for everyone). I tried a bunch of random commands as I was getting things setup. Did I run something that copied the key from ~/.ssh/id_rsa to ~/.gnupg/private-keys-v1.d/DEADBEEFC00FEE.key? Or did gpg-agent do that automatically? Does anyone else think it'd be better for pinentry to list the new location (~/.gnupg/private-keys-v1.d/DEADBEEFC00FEE.key) or something like "imported from ..." to indicate the real location of the gpg-agent version of the key? I could probably write a patch for that if people think it's a good idea. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From hawke at hawkesnest.net Wed Sep 15 17:31:48 2010 From: hawke at hawkesnest.net (Alex Mauer) Date: Wed, 15 Sep 2010 10:31:48 -0500 Subject: gpg-agent ssh authentication sees non-existent key? In-Reply-To: <4C901E91.80503__21015.9704126001$1284513532$gmane$org@grant-olson.net> References: <4C8FDC57.60402__8830.99142597548$1284496619$gmane$org@grant-olson.net> <4C901E91.80503__21015.9704126001$1284513532$gmane$org@grant-olson.net> Message-ID: On 09/14/2010 08:17 PM, Grant Olson wrote: > I tried a bunch of random commands as I was getting things setup. Did I > run something that copied the key from ~/.ssh/id_rsa to > ~/.gnupg/private-keys-v1.d/DEADBEEFC00FEE.key? Or did gpg-agent do that > automatically? GPG does that automatically. I don?t think it?s a good idea especially when adding a key from removable media, but that?s the way it is. ?Alex Mauer ?hawke? From uncle.mike at email.it Wed Sep 15 12:02:04 2010 From: uncle.mike at email.it (uncle mike) Date: Wed, 15 Sep 2010 03:02:04 -0700 (PDT) Subject: gnupg passphrase can't create revocation certificate Message-ID: <29716920.post@talk.nabble.com> hi all, yesterday I created a gnupg rsa key and I pubblished it to the mit keyserver to see how gnupg works. After that I tried to ceate a revocation certificate, but when I enter the passphrase the program say "incorrect passphrase" :s now, i'm sure that the passphrase is "l'hccds:)" is there a problem whit special chars in gnupg (I'm using ubuntu 10.04lts)? I also thinked that I wrote wrong password twice times (zero probability gh) when I created the key and so I used rephrase (http://www.roguedaemon.net/rephrase/) with some patterns like these (l)(')(h)(h|c|)(a|)(c)(d|s|)(s|d|)(s|d|)(:|.|=|0|?||?|\)|\(|9|-)(:|.|=|0|?||?|\)|\(|9|-)(:|.|=|0|?||?|\)|\(|9|-) (l|)(l|k|,|.|?|p|o)('|)(0|'|?|p|?)(h|)(h|g|y|u|j|n|b)(c|)(c|x|d|f|v| )(a|)(c|)(c|x|d|f|v| )(d|)(d|s|e|r|f|c|x)(s|)(s|a|w|e|d|x|z)(:|)(:|;|L|?|_|?|=)(?|?|_|^|?|)(\(|)(\(|I|O|\)|=) with no result I do not know what to think :( -- View this message in context: http://old.nabble.com/gnupg-passphrase-can%27t-create-revocation-certificate-tp29716920p29716920.html Sent from the GnuPG - User mailing list archive at Nabble.com. From ebaymiscsales at gmail.com Fri Sep 17 15:53:29 2010 From: ebaymiscsales at gmail.com (ebay person) Date: Fri, 17 Sep 2010 08:53:29 -0500 Subject: default directory? Message-ID: > Hi > > I have been using GPG for a while now and have not run into this before. I > get a pgp file from a client, when i put in my passpharse it comes up with > this error > > gpg: error creating `/Inet/PGP/filename.daily': No such file or directory > gpg: handle plaintext failed: No such file or directory > gpg: mdc_packet with invalid encoding > gpg: decryption failed: Invalid packet > File: C:\Users\username\Desktop\filename.daily.pgp > Time: 9/16/2010 11:14:56 AM (9/16/2010 4:14:56 PM UTC) > I can open the file fine with the PGP program. I don't see in GPG where I can set the default export directory it always before just put it in the root directory where the file is. I have tried creating the folder Inet and PGP on the desktop but that still didn't put the file in it. I get the same error. I am using GPGshell for Windows v3.76 Any help would be great. thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From expires2010 at ymail.com Sat Sep 18 02:19:47 2010 From: expires2010 at ymail.com (MFPA) Date: Sat, 18 Sep 2010 01:19:47 +0100 Subject: gnupg passphrase can't create revocation certificate In-Reply-To: <29716920.post@talk.nabble.com> References: <29716920.post@talk.nabble.com> Message-ID: <136449200.20100918011947@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 15 September 2010 at 11:02:04 AM, in , uncle mike wrote: > yesterday I created a gnupg rsa key and I pubblished it to the mit keyserver > to see how gnupg works. > After that I tried to ceate a revocation certificate, > but when I enter the passphrase the program say > "incorrect passphrase" :s If you can't enter the correct passphrase, you also cannot sign anything with that key and cannot decrypt anything encrypted to that key. > now, i'm sure that the passphrase is "l'hccds:)" 1. If you manage to work it out, change the passphrase and don't publish the new one. A passphrase should not be public knowledge. 2. That looks like an incredibly short passphrase. > is there a problem whit special chars in gnupg (I'm > using ubuntu 10.04lts)? I don't know. But passphrases are case-sensitive. The caps lock may be in the opposite setting to when you created the key? Additionally, a different nationality of keyboard layout may move certain characters to different keys, so check if this could have changed. - -- Best regards MFPA mailto:expires2010 at ymail.com A candle loses nothing by lighting another candle -----BEGIN PGP SIGNATURE----- iQCVAwUBTJQFraipC46tDG5pAQo/NQP9G4NkEAk0leaf+2QcgVBy2I8DVSmW1rEi vb/NUPHgn6jKFx2dd399YtY2IHGClRbW+7icj2H/m6150ChJZCYwVmf7Xgc13lHB YyGq0oZqe1LIhPKZ4xlsR+cVgQcxh//KHD26WnGyXyp8vSC0miRlkATtGcM7k8W5 +4iTztAXpN0= =2pYr -----END PGP SIGNATURE----- From wk at gnupg.org Sun Sep 19 18:49:00 2010 From: wk at gnupg.org (Werner Koch) Date: Sun, 19 Sep 2010 18:49:00 +0200 Subject: Why do smart cards have a 'sex' option? In-Reply-To: <4C7E1A25.6050902@digitalbrains.com> (Peter Lebbing's message of "Wed, 01 Sep 2010 11:17:25 +0200") References: <4C7D94D9.1020906@grant-olson.net> <4C7E1A25.6050902@digitalbrains.com> Message-ID: <87aandvfur.fsf@vigenere.g10code.de> On Wed, 1 Sep 2010 11:17, peter at digitalbrains.com said: > My guess is it is to address the user correctly in dialogs, in some languages. > The sex of the person addressed might determine the grammatical gender of words > used in dialogs. I've forgotten which languages have this feature, but I'm Right, this is a ISO standard field for smart cards. The name and its uncommon encoding is another example for an ISO standard field. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ebaymiscsales at gmail.com Thu Sep 16 18:20:08 2010 From: ebaymiscsales at gmail.com (ebay person) Date: Thu, 16 Sep 2010 11:20:08 -0500 Subject: default directory? Message-ID: Hi I have been using GPG for a while now and have not run into this before. I get a pgp file from a client, when i put in my passpharse it comes up with this error gpg: error creating `/Inet/PGP/filename.daily': No such file or directory gpg: handle plaintext failed: No such file or directory gpg: mdc_packet with invalid encoding gpg: decryption failed: Invalid packet File: C:\Users\username\Desktop\filename.daily.pgp Time: 9/16/2010 11:14:56 AM (9/16/2010 4:14:56 PM UTC) I can open the file fine with the PGP program. I dont see in GPG where I can set the default export directory it always before just put it in the root directory where the file is. I have tried creating the folder inet and pgp on the desktop but that still didnt put the file in it. I get the same error. I am using GPGshell for Windows v3.76 Any help would be great. thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From ebaymiscsales at gmail.com Mon Sep 20 16:37:20 2010 From: ebaymiscsales at gmail.com (ebay person) Date: Mon, 20 Sep 2010 09:37:20 -0500 Subject: default directory? In-Reply-To: References: Message-ID: Hi > > I have been using GPG for a while now and have not run into this before. I > get a pgp file from a client, when i put in my passpharse it comes up with > this error > > gpg: error creating `/Inet/PGP/filename.daily': No such file or directory > gpg: handle plaintext failed: No such file or directory > gpg: mdc_packet with invalid encoding > gpg: decryption failed: Invalid packet > File: C:\Users\username\Desktop\filename.daily.pgp > Time: 9/16/2010 11:14:56 AM (9/16/2010 4:14:56 PM UTC) > I can open the file fine with the PGP program. I don't see in GPG where I can set the default export directory it always before just put it in the root directory where the file is. I have tried creating the folder Inet and PGP on the desktop but that still didn't put the file in it. I get the same error. I am using GPGshell for Windows v3.76 Any help would be great. thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From singh.madhusudan at gmail.com Wed Sep 22 01:51:27 2010 From: singh.madhusudan at gmail.com (Madhusudan Singh) Date: Tue, 21 Sep 2010 18:51:27 -0500 Subject: Adding keys In-Reply-To: References: Message-ID: Followup. Due to many reasons, I was unable to attempt a backup to my S3 account. Today, with the copied key, the backup failed: Error accessing possibly locked file /Users/sm123/Private/.Trashes GPGError: GPG Failed, see log below: ===== Begin GnuPG log ===== gpg: 81670CBA: There is no assurance this key belongs to the named user gpg: [stdin]: sign+encrypt failed: unusable public key ===== End GnuPG log ===== I have tried to edit the key and given it a trust level of 5. No use. How do I fix this ? On Wed, Aug 18, 2010 at 10:09 AM, Madhusudan Singh < singh.madhusudan at gmail.com> wrote: > Hello, > > I am new to using GPG. I have consulted the manuals and help online, but I > am not sure it addresses my concern. I am trying to use this on Mac OSX Snow > Leopard (so using MacGPG is apparently out of the question). > > Here is the situation: > > On Machine A (that I no longer have), I created a GPG key with email > address A. Before I got rid of the machine, I backed up everything to disk > (so I have the .gnupg folder and when I try using the keys within with > certain scripts (using pathnames), the key works (it authenticates me to my > Amazon S3 backup). > > On Machine B (that I am currently using), I created another GPG key with a > different email address (B). I am using that key to make encrypted duplicity > backups to a local Linux server (which is different from Amazon S3 - I am a > fan of redundant, geographically diverse backups). This key appears in the > output of gpg --list-keys (while the other one, for obvious reasons, does > not). > > I want to merge the two keys in some way so that I get both keys listed. > Importing a public key appears to be standard procedure. But what I need is > access to the secret key for both keys so that I can make both the Amazon S3 > and local Linux server backups without being forced to pass paths to certain > scripts. > > Questions: > > 1. Is my question even well-posed ? > 2. Is this kind of thing even possible ? > 3. How do I do it ? > > Thanks. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Wed Sep 22 05:01:28 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 21 Sep 2010 23:01:28 -0400 Subject: Overflow bug in bzip2 Message-ID: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> Hi folks, This isn't a GnuPG bug per se, but given that many (most?) people using GnuPG have it linked against libbz2, please read http://www.ubuntu.com/usn/usn-986-1 and upgrade appropriately for your platform. To tell if your installation of GnuPG is using libbz2, run "gpg2 --version" (or "gpg --version"). If you see "BZIP2" on the "Compression" line, then you are linked with libbz2. David From wk at gnupg.org Thu Sep 23 12:22:04 2010 From: wk at gnupg.org (Werner Koch) Date: Thu, 23 Sep 2010 12:22:04 +0200 Subject: 1.4.11 release candidate (was: Overflow bug in bzip2) In-Reply-To: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> (David Shaw's message of "Tue, 21 Sep 2010 23:01:28 -0400") References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> Message-ID: <87aan869pv.fsf@vigenere.g10code.de> Hi, The Windows installer version of GnuPG 1.4 uses a statically linked bzip library. Thus the bzip2 bug affects this version. We have not done a gnupg 1.4 release for more than a year. I believe it is best to first do a release candidate. There a couple of bug fixes collected over the last year to go into 1.4.11, but nothing really important. However to build the 1.4 windows installer we better use the new source along with an updated bzip. Here we go: GnuPG 1.4.11 release candidate 1 is availabale at ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.11rc1.tar.bz2 (3360k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.11rc1.tar.bz2.sig and the Windows installer with the updated bzip2 at: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-w32cli-1.4.11rc1.exe (1607k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-w32cli-1.4.11rc1.exe.sig SHA-1 checksums are: 56a9da797bf17f6447f1243ac682d4e7b91e24f0 gnupg-1.4.11rc1.tar.bz2 c6f421a7874c734d1d66bd756d1a5ee3cd5a44ee gnupg-w32cli-1.4.11rc1.exe Please check it out and report problems to this list. Note that translations are not completely up to date. We are also preparing a new version of Gpg4win; this may take a couple of days. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From war_is_peace at privatdemail.net Thu Sep 23 14:20:38 2010 From: war_is_peace at privatdemail.net (war_is_peace at privatdemail.net) Date: Thu, 23 Sep 2010 14:20:38 +0200 Subject: 1.4.11 release candidate In-Reply-To: <87aan869pv.fsf@vigenere.g10code.de> References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> <87aan869pv.fsf@vigenere.g10code.de> Message-ID: <4C9B4616.4040604@privatdemail.net> > However to build the 1.4 windows installer we better use the > new source along with an updated bzip. While you're at it, you might want to update zlib to version 1.2.5 - looking at the source, it seems that the currently used version is 1.1.4. From wk at gnupg.org Thu Sep 23 20:26:19 2010 From: wk at gnupg.org (Werner Koch) Date: Thu, 23 Sep 2010 20:26:19 +0200 Subject: 1.4.11 release candidate In-Reply-To: <4C9B4616.4040604@privatdemail.net> (war is peace's message of "Thu, 23 Sep 2010 14:20:38 +0200") References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> <87aan869pv.fsf@vigenere.g10code.de> <4C9B4616.4040604@privatdemail.net> Message-ID: <871v8k5nas.fsf@vigenere.g10code.de> On Thu, 23 Sep 2010 14:20, war_is_peace at privatdemail.net said: > While you're at it, you might want to update zlib to version 1.2.5 - > looking at the source, it seems that the currently used version is 1.1.4. I see no reason for such an update. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From war_is_peace at privatdemail.net Thu Sep 23 22:04:14 2010 From: war_is_peace at privatdemail.net (war_is_peace at privatdemail.net) Date: Thu, 23 Sep 2010 22:04:14 +0200 Subject: 1.4.11 release candidate In-Reply-To: <871v8k5nas.fsf@vigenere.g10code.de> References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> <87aan869pv.fsf@vigenere.g10code.de> <4C9B4616.4040604@privatdemail.net> <871v8k5nas.fsf@vigenere.g10code.de> Message-ID: <4C9BB2BE.9000506@privatdemail.net> > I see no reason for such an update. I remembered something with fixed security vulnerabilities - but those possible security vulnerabilities seem to be introduced in later versions than 1.1.4, which leaves bug fixes and performance improvements. From lists at michel-messerschmidt.de Thu Sep 23 22:26:20 2010 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Thu, 23 Sep 2010 22:26:20 +0200 Subject: 1.4.11 release candidate In-Reply-To: <871v8k5nas.fsf@vigenere.g10code.de> References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> <87aan869pv.fsf@vigenere.g10code.de> <4C9B4616.4040604@privatdemail.net> <871v8k5nas.fsf@vigenere.g10code.de> Message-ID: <20100923202620.GA9851@rei.matrix> On Thu, Sep 23, 2010 at 08:26:19PM +0200, Werner Koch wrote: > On Thu, 23 Sep 2010 14:20, war_is_peace at privatdemail.net said: > > > While you're at it, you might want to update zlib to version 1.2.5 - > > looking at the source, it seems that the currently used version is 1.1.4. > > I see no reason for such an update. CVE-2003-0107 ? From lists at michel-messerschmidt.de Thu Sep 23 20:59:06 2010 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Thu, 23 Sep 2010 20:59:06 +0200 Subject: 1.4.11 release candidate In-Reply-To: <871v8k5nas.fsf@vigenere.g10code.de> References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> <87aan869pv.fsf@vigenere.g10code.de> <4C9B4616.4040604@privatdemail.net> <871v8k5nas.fsf@vigenere.g10code.de> Message-ID: <20100923185905.GA4265@hiro.matrix> On Thu, Sep 23, 2010 at 08:26:19PM +0200, Werner Koch wrote: > On Thu, 23 Sep 2010 14:20, war_is_peace at privatdemail.net said: > > > While you're at it, you might want to update zlib to version 1.2.5 - > > looking at the source, it seems that the currently used version is 1.1.4. > > I see no reason for such an update. CVE-2003-0107 ? From wk at gnupg.org Fri Sep 24 09:53:16 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 24 Sep 2010 09:53:16 +0200 Subject: 1.4.11 release candidate In-Reply-To: <20100923185905.GA4265@hiro.matrix> (Michel Messerschmidt's message of "Thu, 23 Sep 2010 20:59:06 +0200") References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> <87aan869pv.fsf@vigenere.g10code.de> <4C9B4616.4040604@privatdemail.net> <871v8k5nas.fsf@vigenere.g10code.de> <20100923185905.GA4265@hiro.matrix> Message-ID: <87pqw34lxv.fsf@vigenere.g10code.de> On Thu, 23 Sep 2010 20:59, lists at michel-messerschmidt.de said: > On Thu, Sep 23, 2010 at 08:26:19PM +0200, Werner Koch wrote: >> On Thu, 23 Sep 2010 14:20, war_is_peace at privatdemail.net said: >> >> > While you're at it, you might want to update zlib to version 1.2.5 - >> > looking at the source, it seems that the currently used version is 1.1.4. >> >> I see no reason for such an update. > > CVE-2003-0107 ? That is about a buffer overflow in gzprintf - we don't use those high level functions. Actually the included zlib code is stripped down to the bare minimum. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From vklimovs at gmail.com Fri Sep 24 14:15:24 2010 From: vklimovs at gmail.com (Vjaceslavs Klimovs) Date: Fri, 24 Sep 2010 14:15:24 +0200 Subject: multiple keys vs multiple identities Message-ID: <4C9C965C.1060105@gmail.com> Hi, If I have multiple not related e-mail accounts, is it better to create one key pair with multiple identities or a separate key pair for every account? Is it good idea to create 4096 bit keys when creating new key pair? I read through archives on this mailing list, and it seems there is no real disadvantages of doing so. /VK From Simon.Richter at hogyros.de Fri Sep 24 15:36:14 2010 From: Simon.Richter at hogyros.de (Simon Richter) Date: Fri, 24 Sep 2010 15:36:14 +0200 Subject: multiple keys vs multiple identities In-Reply-To: <4C9C965C.1060105@gmail.com> References: <4C9C965C.1060105@gmail.com> Message-ID: <20100924133614.GB22152@richter> Hi, On Fri, Sep 24, 2010 at 02:15:24PM +0200, Vjaceslavs Klimovs wrote: > If I have multiple not related e-mail accounts, is it better to create > one key pair with multiple identities or a separate key pair for every > account? That depends on your use case mostly. I use a single key with multiple identities, because it is easier to build a strong web of trust this way. It'd be nice if there was a signature notation that specifies which UID(s) this signature would be valid for. > Is it good idea to create 4096 bit keys when creating new key pair? I > read through archives on this mailing list, and it seems there is no > real disadvantages of doing so. Indeed, especially if you use subkeys for actual day-to-day use. Simon From rjh at sixdemonbag.org Fri Sep 24 15:44:01 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 24 Sep 2010 09:44:01 -0400 Subject: multiple keys vs multiple identities In-Reply-To: <4C9C965C.1060105@gmail.com> References: <4C9C965C.1060105@gmail.com> Message-ID: <4C9CAB21.5030304@sixdemonbag.org> On 9/24/10 8:15 AM, Vjaceslavs Klimovs wrote: > If I have multiple not related e-mail accounts, is it better to create > one key pair with multiple identities or a separate key pair for every > account? Like most things in life, the answer is, "it depends." There are some use cases where multiple certificates make sense, and some use cases where multiple identities make sense. Generally speaking, more often than not multiple identities is the right way to go. > Is it good idea to create 4096 bit keys when creating new key pair? Stick with the defaults unless you have a compelling reason not to. From dshaw at jabberwocky.com Fri Sep 24 15:54:41 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 24 Sep 2010 09:54:41 -0400 Subject: multiple keys vs multiple identities In-Reply-To: <4C9C965C.1060105@gmail.com> References: <4C9C965C.1060105@gmail.com> Message-ID: <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> On Sep 24, 2010, at 8:15 AM, Vjaceslavs Klimovs wrote: > Hi, > If I have multiple not related e-mail accounts, is it better to create > one key pair with multiple identities or a separate key pair for every > account? It's really a matter of taste. Some people like using different keys for different roles in their life (similar to how they'd use different email addresses for home and work). Arguing for different keys: if one key is compromised, the other one isn't. Some people have a different machine at home and in the office, so leaving the home key on the office computer is less than optimal. Arguing for the same key: it's easier to build a web of trust if you don't have to get signatures twice. Personally, I'd use different keys, but again, this is a matter of taste. > Is it good idea to create 4096 bit keys when creating new key pair? I > read through archives on this mailing list, and it seems there is no > real disadvantages of doing so. It won't work with the current generation of OpenPGP smartcards. It also will be dreadfully slow if you (or someone you are communicating with) ever uses the key on a small machine (think smart phone). If you are usually on a "full power" computer, then they generally have the CPU to spare for this sort of thing, and you'll rarely if ever notice a difference. David From dkg at fifthhorseman.net Fri Sep 24 16:00:40 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 24 Sep 2010 10:00:40 -0400 Subject: multiple keys vs multiple identities In-Reply-To: <20100924133614.GB22152@richter> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> Message-ID: <4C9CAF08.1030306@fifthhorseman.net> On 09/24/2010 09:36 AM, Simon Richter wrote: > On Fri, Sep 24, 2010 at 02:15:24PM +0200, Vjaceslavs Klimovs wrote: >> If I have multiple not related e-mail accounts, is it better to create >> one key pair with multiple identities or a separate key pair for every >> account? note that if you want to keep the identities dis-associated (that is, you don't want people to know that they belong to the same person, you should not attach them to the same primary key. I know at least one person who did this, and as a result found their online private identity permanently and publicly associated with their work identity, which was not intended :( > It'd be nice if there was a signature notation that specifies which > UID(s) this signature would be valid for. Unless i'm misunderstanding your suggestion, there is no need for such a notation -- OpenPGP certifications are made over a single User ID and its associated primary key. If you certify someone's key and they have three User IDs, and you only can vouch for two of them, you should only certify those two. GnuPG makes this possible by asking "really sign all User IDs?" when you gpg --sign-key $KEYID. if you say "N" to the question above, it will drop you to a shell where you can select the User IDs you want to certify. enter '1' to select the first User ID, '2' for the second, etc. When you've marked all the User IDs you want to certify, then type 'sign'. Note that the primary keyholder can add new User IDs at any time. If you were certifying the primary key itself (and only by implication all User IDs, instead of each one explicitly), then the primary keyholder could (after the fact) add an entirely bogus User ID which it would look like you had certified. That would be a Bad Thing. OpenPGP doesn't work that way. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 892 bytes Desc: OpenPGP digital signature URL: From Simon.Richter at hogyros.de Fri Sep 24 16:30:56 2010 From: Simon.Richter at hogyros.de (Simon Richter) Date: Fri, 24 Sep 2010 16:30:56 +0200 Subject: multiple keys vs multiple identities In-Reply-To: <4C9CAF08.1030306@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> Message-ID: <20100924143056.GA30278@richter> Hi, On Fri, Sep 24, 2010 at 10:00:40AM -0400, Daniel Kahn Gillmor wrote: > > It'd be nice if there was a signature notation that specifies which > > UID(s) this signature would be valid for. > Unless i'm misunderstanding your suggestion, there is no need for such a > notation -- OpenPGP certifications are made over a single User ID and > its associated primary key. If you certify someone's key and they have > three User IDs, and you only can vouch for two of them, you should only > certify those two. Of course. I was talking about data signatures, i.e. "I'm signing this with my work hat on". The main use case I have is my Debian work -- when I sign a .changes file, the Debian archive will accept it, even if the package in question was really intended for another repository (where I use the same key for authentication). As my main key is well-established in the WoT, I'd like to use the existing connections to get a trust path; however using the key directly leads to the problem that the signature can be interpreted in multiple ways. Simon From dkg at fifthhorseman.net Fri Sep 24 17:23:01 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 24 Sep 2010 11:23:01 -0400 Subject: per-user data signatures [was: Re: multiple keys vs multiple identities] In-Reply-To: <20100924143056.GA30278@richter> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> Message-ID: <4C9CC255.6020901@fifthhorseman.net> On 09/24/2010 10:30 AM, Simon Richter wrote: > Of course. I was talking about data signatures, i.e. "I'm signing this > with my work hat on". ah, gotcha. sorry for the misunderstanding. > The main use case I have is my Debian work -- when I sign a .changes > file, the Debian archive will accept it, even if the package in question > was really intended for another repository (where I use the same key for > authentication). > > As my main key is well-established in the WoT, I'd like to use the > existing connections to get a trust path; however using the key directly > leads to the problem that the signature can be interpreted in multiple > ways. yeah, this makes sense. in the context of debian packaging, the material signed is relevant. if your changelog says "unstable" then debian will accept it. if you're uploading it to some other repo, that repo would presumably be named something other than "unstable". fwiw, it wouldn't be difficult to propose such a notation, and it should be possible to implement it quickly in debsign using gpg's --set-notation. However, testing right now, it doesn't seem to work with gpg for regular data signatures: echo test | gpg --sign --set-notation 'test at example.org=test' | \ gpg --list-packets does not show the notation :( Werner, David, is this expected behavior? am i doing something wrong? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 892 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Fri Sep 24 17:53:17 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 24 Sep 2010 11:53:17 -0400 Subject: per-user data signatures [was: Re: multiple keys vs multiple identities] In-Reply-To: <4C9CC255.6020901@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> <4C9CC255.6020901@fifthhorseman.net> Message-ID: <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> On Sep 24, 2010, at 11:23 AM, Daniel Kahn Gillmor wrote: > On 09/24/2010 10:30 AM, Simon Richter wrote: >> Of course. I was talking about data signatures, i.e. "I'm signing this >> with my work hat on". > > ah, gotcha. sorry for the misunderstanding. > >> The main use case I have is my Debian work -- when I sign a .changes >> file, the Debian archive will accept it, even if the package in question >> was really intended for another repository (where I use the same key for >> authentication). >> >> As my main key is well-established in the WoT, I'd like to use the >> existing connections to get a trust path; however using the key directly >> leads to the problem that the signature can be interpreted in multiple >> ways. > > yeah, this makes sense. in the context of debian packaging, the > material signed is relevant. if your changelog says "unstable" then > debian will accept it. if you're uploading it to some other repo, that > repo would presumably be named something other than "unstable". > > fwiw, it wouldn't be difficult to propose such a notation, and it should > be possible to implement it quickly in debsign using gpg's --set-notation. There is actually a defined field for this in OpenPGP (see section 5.2.3.22, Signer's User ID). I don't think anyone implements it though. > However, testing right now, it doesn't seem to work with gpg for regular > data signatures: > > echo test | gpg --sign --set-notation 'test at example.org=test' | \ > gpg --list-packets > > does not show the notation :( It works for me. I even cut and paste your exact command line. hashed subpkt 20 len 28 (notation: test at example.org=test) David From dkg at fifthhorseman.net Fri Sep 24 18:47:32 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 24 Sep 2010 12:47:32 -0400 Subject: per-user data signatures [was: Re: multiple keys vs multiple identities] In-Reply-To: <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> <4C9CC255.6020901@fifthhorseman.net> <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> Message-ID: <4C9CD624.4080605@fifthhorseman.net> On 09/24/2010 11:53 AM, David Shaw wrote: > There is actually a defined field for this in OpenPGP (see section 5.2.3.22, Signer's User ID). I don't think anyone implements it though. Ah, so there is! Thanks, David. >> However, testing right now, it doesn't seem to work with gpg for regular >> data signatures: >> >> echo test | gpg --sign --set-notation 'test at example.org=test' | \ >> gpg --list-packets >> >> does not show the notation :( > > It works for me. I even cut and paste your exact command line. > > hashed subpkt 20 len 28 (notation: test at example.org=test) Weird. What am i doing wrong? what version of gpg are you using? Here's my full transcript: >> 0 dkg at pip:~$ echo test | gpg --sign --set-notation 'test at example.org=test' | gpg --list-packets >> >> You need a passphrase to unlock the secret key for >> user: "Daniel Kahn Gillmor " >> 4096-bit RSA key, ID D21739E9, created 2007-06-02 >> >> :compressed packet: algo=1 >> :onepass_sig packet: keyid CCD2ED94D21739E9 >> version 3, sigclass 0x00, digest 10, pubkey 1, last=1 >> :literal data packet: >> mode b (62), created 1285346618, name="", >> raw data: 5 bytes >> :signature packet: algo 1, keyid CCD2ED94D21739E9 >> version 3, created 1285346618, md5len 5, sigclass 0x00 >> digest algo 10, begin of digest d5 88 >> data: [4096 bits] >> 0 dkg at pip:~$ gpg --version >> gpg (GnuPG) 1.4.10 >> Copyright (C) 2008 Free Software Foundation, Inc. >> License GPLv3+: GNU GPL version 3 or later >> This is free software: you are free to change and redistribute it. >> There is NO WARRANTY, to the extent permitted by law. >> >> Home: ~/.gnupg >> Supported algorithms: >> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA >> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, >> CAMELLIA192, CAMELLIA256 >> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 >> Compression: Uncompressed, ZIP, ZLIB, BZIP2 >> 0 dkg at pip:~$ --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 892 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Fri Sep 24 18:57:06 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 24 Sep 2010 12:57:06 -0400 Subject: per-user data signatures [was: Re: multiple keys vs multiple identities] In-Reply-To: <4C9CD624.4080605@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> <4C9CC255.6020901@fifthhorseman.net> <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> <4C9CD624.4080605@fifthhorseman.net> Message-ID: On Sep 24, 2010, at 12:47 PM, Daniel Kahn Gillmor wrote: > On 09/24/2010 11:53 AM, David Shaw wrote: >> There is actually a defined field for this in OpenPGP (see section 5.2.3.22, Signer's User ID). I don't think anyone implements it though. > > Ah, so there is! Thanks, David. > >>> However, testing right now, it doesn't seem to work with gpg for regular >>> data signatures: >>> >>> echo test | gpg --sign --set-notation 'test at example.org=test' | \ >>> gpg --list-packets >>> >>> does not show the notation :( >> >> It works for me. I even cut and paste your exact command line. >> >> hashed subpkt 20 len 28 (notation: test at example.org=test) > > Weird. What am i doing wrong? what version of gpg are you using? > Here's my full transcript: >>> :signature packet: algo 1, keyid CCD2ED94D21739E9 >>> version 3, created 1285346618, md5len 5, sigclass 0x00 >>> digest algo 10, Hmm. It's a v3 sig which can't carry a notation. Do you have force-v3-sigs set anywhere? Or any of the --pgpX options (which set force-v3-sigs) ? David From dkg at fifthhorseman.net Fri Sep 24 19:17:47 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 24 Sep 2010 13:17:47 -0400 Subject: per-user data signatures [was: Re: multiple keys vs multiple identities] In-Reply-To: References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> <4C9CC255.6020901@fifthhorseman.net> <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> <4C9CD624.4080605@fifthhorseman.net> Message-ID: <4C9CDD3B.1090203@fifthhorseman.net> On 09/24/2010 12:57 PM, David Shaw wrote: > Hmm. It's a v3 sig which can't carry a notation. Do you have force-v3-sigs set anywhere? Or any of the --pgpX options (which set force-v3-sigs) ? yup, that was it. i don't recall putting that in my gpg.conf explicitly -- it must have been there from an early templated gpg.conf :( Removing it makes things work as expected, thanks. time to review the rest of the file for cruft, i suppose. the man page is a bit confusing: >> --force-v3-sigs >> >> --no-force-v3-sigs >> OpenPGP states that an implementation should generate v4 signa? >> tures but PGP versions 5 through 7 only recognize v4 signatures >> on key material. This option forces v3 signatures for signatures >> on data. Note that this option implies --ask-sig-expire, --sig- >> policy-url, --sig-notation, and --sig-keyserver-url, as these >> features cannot be used with v3 signatures. --no-force-v3-sigs >> disables this option. first, there is no mention of what the default is (i assume it's --no-force-v3-sigs). second, what does "this option implies --ask-sig-expire ..." mean? it seems to mean "this implies that the following options are not available" or something like that. The attached patch clarifies things to my current understanding of them (but i might be wrong!) Thanks, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: clarify-force-v3-sigs.diff Type: text/x-diff Size: 1013 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Sep 24 19:25:18 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 24 Sep 2010 13:25:18 -0400 Subject: force-v3-sigs [was: Re: per-user data signatures] In-Reply-To: <4C9CDD3B.1090203@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> <4C9CC255.6020901@fifthhorseman.net> <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> <4C9CD624.4080605@fifthhorseman.net> <4C9CDD3B.1090203@fifthhorseman.net> Message-ID: <4C9CDEFE.5040709@fifthhorseman.net> On 09/24/2010 01:17 PM, Daniel Kahn Gillmor wrote: > The attached patch clarifies things to my current understanding of them > (but i might be wrong!) hrm. g10/options.skel contains the following: >> # By default GnuPG creates version 3 signatures for data files. This >> # is not strictly OpenPGP compliant but PGP 6 and most versions of PGP >> # 7 require them. To disable this behavior, you may use this option >> # or --openpgp. >> >> #no-force-v3-sigs Now i'm extra confused. Removing the force-v3-sigs line from my gpg.conf enabled me to make a v4 data signature. but the above text seems to suggest that i need to *add* an option to make that happen. at any rate, shouldn't the use of contradictory options (e.g. --sig-notation with --force-v3-sigs) raise an error or a warning to the user? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From expires2010 at ymail.com Fri Sep 24 20:25:36 2010 From: expires2010 at ymail.com (MFPA) Date: Fri, 24 Sep 2010 19:25:36 +0100 Subject: multiple keys vs multiple identities In-Reply-To: <4C9C965C.1060105@gmail.com> References: <4C9C965C.1060105@gmail.com> Message-ID: <1863743024.20100924192536@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 24 September 2010 at 1:15:24 PM, in , Vjaceslavs Klimovs wrote: > Hi, If I have multiple not related e-mail accounts, is > it better to create one key pair with multiple > identities or a separate key pair for every account? If you choose to include your email addresses in your user-IDs, having all your identities on the same key means sharing all your email addresses with anybody who knows any one of them. If you have a problem with this, use multiple keys. If there is any potential clash between the activities of somebody's various identities themn multiple keys would be the way to go. A single key-pair for all purposes is simpler to administrate (you can't accidentally use the wrong key, for example, and you can more easily participate in the web of trust). - -- Best regards MFPA mailto:expires2010 at ymail.com War is a matter of vital importance to the State. -----BEGIN PGP SIGNATURE----- iQCVAwUBTJztJKipC46tDG5pAQp97gP9EUDj0be5uE1tPoBZxwbwwF3Q4VySRlOW sRobCnQoXcIzI2ugp5iLu6ziKhrWTOIuaKPcL6sF9ph0PWzk4suWebXHcJzytKCP mTS24jt/9u4FE/kuOkfoq9xChMCPZ3RS/8FjhKSB3fZ1rsCRVYlqnb8CnKRmB4HW BQTClfgfHCY= =9CUb -----END PGP SIGNATURE----- From expires2010 at ymail.com Fri Sep 24 20:32:07 2010 From: expires2010 at ymail.com (MFPA) Date: Fri, 24 Sep 2010 19:32:07 +0100 Subject: multiple keys vs multiple identities In-Reply-To: <4C9CAF08.1030306@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> Message-ID: <17010480411.20100924193207@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 24 September 2010 at 3:00:40 PM, in , Daniel Kahn Gillmor wrote: Vjaceslavs Klimovs wrote: >> It'd be nice if there was a signature notation that >> specifies which UID(s) this signature would be valid >> for. > Unless i'm misunderstanding your suggestion, there is > no need for such a notation -- OpenPGP certifications > are made over a single User ID and its associated > primary key. If you certify someone's key and they > have three User IDs, and you only can vouch for two of > them, you should only certify those two. I thought that gnupg and other openpgp implementations calculated trust without regard to which user IDs had been certified. - -- Best regards MFPA mailto:expires2010 at ymail.com Is it possible to be a closet claustrophobic? -----BEGIN PGP SIGNATURE----- iQCVAwUBTJzusaipC46tDG5pAQoU5wP/a1MN6sPicx12DLhof1iLBwRnGmKiVFhg 4wvTApxPlAg/CwuiFUObPvvUza2FtLKR6x1BOOAacJqVuHFw0yw4JPzdTmlCqg6l qUFu2tKgKOLF5sGmYodPUkuI5gcyJFOdUdhnR0XfdUENOEYOGjAxakU56yLg2Jdu DUDNTnueVyk= =FtMA -----END PGP SIGNATURE----- From pjb at scm.tees.ac.uk Fri Sep 24 20:52:02 2010 From: pjb at scm.tees.ac.uk (Phil Brooke) Date: Fri, 24 Sep 2010 19:52:02 +0100 (BST) Subject: per-user data signatures [was: Re: multiple keys vs multiple identities] In-Reply-To: <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> <4C9CC255.6020901@fifthhorseman.net> <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> Message-ID: On Fri, 24 Sep 2010, David Shaw wrote: > There is actually a defined field for this in OpenPGP (see section > 5.2.3.22, Signer's User ID). I don't think anyone implements it though. Is there any particular difficulty or reason for it not being implemented by anyone? (It looks very similar to, for example, the policy URL signature subpacket.) Thanks, Phil. From dkg at fifthhorseman.net Fri Sep 24 21:58:00 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 24 Sep 2010 15:58:00 -0400 Subject: how long should a gpg --import of 886 users take? Message-ID: <4C9D02C8.50805@fifthhorseman.net> I just started with a clean gpg homedir, imported one key (my own), and then imported the full keyring of all debian developers: mkdir -m 0700 test export GNUPGHOME=test gpg --keyserver keys.gnupg.net ( --recv D21739E9 gpg --import < /usr/share/keyrings/debian-keyring.gpg this last step imports 886 keys. gpg then processes for a *long* time before returning control to the calling shell. Overall, the process consumed over 3 hours of CPU time on a 900MHz Celeron (it took more than 3 hours by clock time because i was trying to use the machine for other work concurrently). Less than half of that was during the import step (that is, before the "Total number processed: 886" line was emitted). This is a reasonably interconnected set of keys, but 3 hours of CPU seems like a really long time. Should i expect that? This is with gnupg 1.4.10-4 and debian-keyring 2010.06.08, if anyone cares to try to replicate the results. If you do, i doubt my initial one-key import is relevant, but i don't feel like trying the whole thing over again right now because i need my CPU back :) --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Sep 24 22:21:10 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 24 Sep 2010 16:21:10 -0400 Subject: multiple keys vs multiple identities In-Reply-To: <17010480411.20100924193207@my_localhost> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <17010480411.20100924193207@my_localhost> Message-ID: <4C9D0836.6030608@fifthhorseman.net> On 09/24/2010 02:32 PM, MFPA wrote: > On Friday 24 September 2010 at 3:00:40 PM, in > , Daniel Kahn Gillmor wrote: > Vjaceslavs Klimovs wrote: >>> It'd be nice if there was a signature notation that >>> specifies which UID(s) this signature would be valid >>> for. > >> Unless i'm misunderstanding your suggestion, there is >> no need for such a notation -- OpenPGP certifications >> are made over a single User ID and its associated >> primary key. If you certify someone's key and they >> have three User IDs, and you only can vouch for two of >> them, you should only certify those two. > > I thought that gnupg and other openpgp implementations calculated > trust without regard to which user IDs had been certified. "trust" is a different issue than the validity of User IDs, and both are unrelated to data signatures. When GnuPG talks about "trust", it's usually referring to the concept of "ownertrust", which is a value associated with a primary key. "ownertrust" addresses the question "how much am i willing to rely on identity certifications made by this key?" "Validity" is a concept associated with the binding between a User ID and its public key. "validity" addresses the question "how much do i believe that the entity named by the User ID is in fact the entity who actually controls the secret part of this key?" Put another way, "validity" addresses the question "does this key really belong to X?" (where X is the entity referred to by the User ID) If none of the User IDs on a given key are considered to be valid, then i believe that GnuPG will refuse to honor any ownertrust set on that key (unless the key itself is marked with "ultimate" ownertrust). Note that "ownertrust" says *nothing* about whether a data signature made by a given key is trustworthy. By "data signature", i mean a signature over regular data, either text or binary -- as opposed to an identity certification made over another User ID and key. That is, I can: * believe that you are who you claim to be, and * that the key in use is actually your key, and * decline to rely on any other identity certifications you make, and * still find it useful to know whether your key signed a given document These are nuanced concepts, but they're worth understanding. I hope someone will correct me if i've made any mistakes in the above. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Sep 24 22:29:16 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 24 Sep 2010 16:29:16 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> Message-ID: <4C9D0A1C.5000002@fifthhorseman.net> On 09/24/2010 09:54 AM, David Shaw wrote: > On Sep 24, 2010, at 8:15 AM, Vjaceslavs Klimovs wrote: >> Is it good idea to create 4096 bit keys when creating new key pair? I >> read through archives on this mailing list, and it seems there is no >> real disadvantages of doing so. > > It won't work with the current generation of OpenPGP smartcards. It also > will be dreadfully slow if you (or someone you are communicating with) ever > uses the key on a small machine (think smart phone). If you are usually on > a "full power" computer, then they generally have the CPU to spare for this > sort of thing, and you'll rarely if ever notice a difference. i'm curious to see some quantitative data about what "dreadfully slow" means. For starters, i tried verifying an SHA512-sum signature on a reasonable size message (the text of a previous message in this thread), made with a 4096-bit key. The message itself is 1819 bytes, with --clearsign attached it is 2696 bytes total. I tested on two fairly low-powered machines: a) ASUS eeePC900 900Mhz intel celeron M CPU 1GB DDR2 400MHz RAM b) Linksys NSLU2 (de-underclocked) 266Mhz ARM CPU (no FPU) 32MB of RAM Both are running reasonably up-to-date versions of debian squeeze, with gpg 1.4.10. The file i was verifying was already in the fs cache, so disk contention wasn't an issue. I verified the message from a GNUPGHOME whose pubring contains a single key (my own) and no secret keys, like this: mkdir -m 0700 testhome GNUPGHOME=testhome gpg --keyserver keys.gnupg.org --recv D21739E9 cat > /dev/null < testfile time GNUPGHOME=testhome gpg --verify < testfile on machine (a), the results were: real 0m0.027s user 0m0.020s sys 0m0.004s on machine (b) the results were: real 0m0.154s user 0m0.130s sys 0m0.020s I'd be curious to hear other people's results. fwiw, 154ms doesn't seem "dreadfully slow" to me, given that my rtt ping times to gnupg.org have a mean of 117ms. and i don't know that many smartphones are significantly underpowered compared to the NSLU2. What *does* change the speed of such an operation is having a large keyring. If i import 866 keys from /usr/share/debian-keyring.gpg, then remove my key from the keyring and re-append it to the end, verifying the same file on machine (a) takes: real 0m0.384s user 0m0.307s sys 0m0.075s (more than 14x slower than the same hardware with one key in the public keyring). I didn't try this on machine (b) because of how long the 866-key import took on (a) (see the other thread from today). My conclusion from the above data points is that if we're concerned about computational inefficiencies, 4096-bit RSA keys are not particularly bad offenders. Are there other interpretations of the above results? does anyone else want to post comparable data points on different hardware? How powerful is a typical smartphone anyway? What kind of a cutoff are people willing to accept in terms of CPU cycles per signature validated? or am i measuring the wrong thing entirely? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From kgo at grant-olson.net Fri Sep 24 23:23:22 2010 From: kgo at grant-olson.net (Grant Olson) Date: Fri, 24 Sep 2010 17:23:22 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4C9D0A1C.5000002@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> Message-ID: <4C9D16CA.6050704@grant-olson.net> On 9/24/10 4:29 PM, Daniel Kahn Gillmor wrote: > > My conclusion from the above data points is that if we're concerned > about computational inefficiencies, 4096-bit RSA keys are not > particularly bad offenders. > > Are there other interpretations of the above results? does anyone else > want to post comparable data points on different hardware? How powerful > is a typical smartphone anyway? What kind of a cutoff are people > willing to accept in terms of CPU cycles per signature validated? or am > i measuring the wrong thing entirely? > I can test on a Motorola i1 (Boost' droid) with APG, but I'll only be able to do a stopwatch test. As far as I'm concerned, under one sec is good. I believe you've got a 4096 bit key that uses a serious hash. Would you mind posting a test clearsigned message so that we're all using the same document to test against? -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." From expires2010 at ymail.com Sat Sep 25 03:20:13 2010 From: expires2010 at ymail.com (MFPA) Date: Sat, 25 Sep 2010 02:20:13 +0100 Subject: multiple keys vs multiple identities In-Reply-To: <4C9D0836.6030608@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <17010480411.20100924193207@my_localhost> <4C9D0836.6030608@fifthhorseman.net> Message-ID: <1505070051.20100925022013@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 24 September 2010 at 9:21:10 PM, in , Daniel Kahn Gillmor wrote: >> I thought that gnupg and other openpgp implementations >> calculated trust without regard to which user IDs had >> been certified. > "trust" is a different issue than the validity of User > IDs, and both are unrelated to data signatures. OK, this is "validity" rather than "trust". What I meant is that (for example) gnupg will refuse to encrypt to a key if it has no signature from yourself and not enough signatures from other keys that you "trust." And that it makes no difference which user-IDs have been signed by yourself (or by the keys that you trust). > When GnuPG talks about "trust", it's usually referring > to the concept of "ownertrust", which is a value > associated with a primary key. "ownertrust" addresses > the question "how much am i willing to rely on identity > certifications made by this key?" I've never managed to properly internalise this. I thought keys, that you have not signed yourself, were "trusted" or not, based on how many certifications that key carried from keys that you "trust" and regardless of which individual uids actually carried those certifications. Please correct me if this is incorrect. > "Validity" is a concept associated with the binding > between a User ID and its public key. "validity" > addresses the question "how much do i believe that the > entity named by the User ID is in fact the entity who > actually controls the secret part of this key?" > Put another way, "validity" addresses the question > "does this key really belong to X?" (where X is the > entity referred to by the User ID) - From http://www.gnupg.org/faq.html#q4.7 4.7) What are trust, validity and ownertrust? With GnuPG, the term "ownertrust" is used instead of "trust" to help clarify that this is the value you have assigned to a key to express how much you trust the owner of this key to correctly sign (and thereby introduce) other keys. The "validity", or calculated trust, is a value which indicates how much GnuPG considers a key as being valid (that it really belongs to the one who claims to be the owner of the key). For more information on trust values see the chapter "The Web of Trust" in The GNU Privacy Handbook. Not sure what any of this has to do with the binding between a User ID and its public key. But clear (while looking at definitions) that "ownertrust" is whether you trust the key owner to make reliable certifications, and that validity is whether you accept the key as really belonging to the entity it purports to belong to. > Note that "ownertrust" says *nothing* about whether a > data signature made by a given key is trustworthy. By > "data signature", i mean a signature over regular data, > either text or binary -- as opposed to an identity > certification made over another User ID and key. That > is, I can: > * believe that you are who you claim to be, and * that > the key in use is actually your key, and * decline to > rely on any other identity certifications you make, > and * still find it useful to know whether your key > signed a given document Perfectly consistent. Keeping their private key and passphrase secure says nothing about how thoroughly somebody will check credentials before signing other people's keys. I would note that it could still be useful to know your key signed a particular document, even if I didn't believe who you claimed to be. - -- Best regards MFPA mailto:expires2010 at ymail.com CAUTION! - Beware of Warnings! -----BEGIN PGP SIGNATURE----- iQCVAwUBTJ1OUKipC46tDG5pAQqqOgP/WzxJqVdua4U7uOd9l3FIX5Fxnezl47cv cHF77gd5XSKEU6O/KcXQXwEzVNDwCAQxK2276fq79NUtuVJheKBLrQcaWuoKSLr8 D5WBn/VQksFdcvMZFmou4Nbzeigakh2nONAxgrl3F576U5JeM7IARuaFToj9kmu6 oRGeilAtXj0= =Acat -----END PGP SIGNATURE----- From kloecker at kde.org Sat Sep 25 13:10:42 2010 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Sat, 25 Sep 2010 13:10:42 +0200 Subject: how long should a gpg --import of 886 users take? In-Reply-To: <4C9D02C8.50805@fifthhorseman.net> References: <4C9D02C8.50805@fifthhorseman.net> Message-ID: <201009251310.52680@thufir.ingo-kloecker.de> On Friday 24 September 2010, Daniel Kahn Gillmor wrote: > I just started with a clean gpg homedir, imported one key (my own), > and then imported the full keyring of all debian developers: > > mkdir -m 0700 test > export GNUPGHOME=test > gpg --keyserver keys.gnupg.net ( --recv D21739E9 > gpg --import < /usr/share/keyrings/debian-keyring.gpg > > this last step imports 886 keys. gpg then processes for a *long* > time before returning control to the calling shell. > > Overall, the process consumed over 3 hours of CPU time on a 900MHz > Celeron (it took more than 3 hours by clock time because i was > trying to use the machine for other work concurrently). Less than > half of that was during the import step (that is, before the "Total > number processed: 886" line was emitted). > > This is a reasonably interconnected set of keys, but 3 hours of CPU > seems like a really long time. Should i expect that? > > This is with gnupg 1.4.10-4 and debian-keyring 2010.06.08, if anyone > cares to try to replicate the results. If you do, i doubt my initial > one-key import is relevant, but i don't feel like trying the whole > thing over again right now because i need my CPU back :) I have run the test on my machine (4 year old Core 2 2.4 GHz) using gpg 2.0.12 (openSUSE 11.2). The first part of the import took a couple of minutes. The more keys were imported the longer the processing of a single key took. I suppose this is to be expected. The second part of the import took much longer: # time gpg --import From allen.schultz at gmail.com Sat Sep 25 23:33:26 2010 From: allen.schultz at gmail.com (Allen Schultz) Date: Sat, 25 Sep 2010 15:33:26 -0600 Subject: Advanced Sub-key Management Link Message-ID: <4C9E6AA6.6040707@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 GnuPG-Users: One of you previously gave me a link last year for advanced sub-key management where I was using a master key to create limited yearly expired sub-keys, just in case they were compromised. I cant seem to find it on Google searches. I have tried any combination of the following: gpg gnupg subkey advanced management ..to no avail. If someone on here still has the link, can you please send me the link again? Thanks in advance, Allen Schultz PS: I'm back from Afghanistan. Those 'radicals' need help. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJMnmqmAAoJELfkwqOvUDIKlKEP/22Jilzre4Lf0l2Bk7ju9ujB yOtIxp1qTdh9v1uohni3ew1qmXnFdBeTz1cvTUUHYYNLz9WD30O/nklXrUSBgOAO 30PHz9L/uwdTXC1rMF9wm1T1lkie3J8fbH98U4mdj2Gt5xePlPCUMGh5T7lVsKvm FaWNMscR7m3W3pRevnIrJYJL9CJOqdS9eQBwWDtouOZV0846lEt/i3j/NmkjRxI4 P17s0En47w7YGniXJbu8zEP5IMQ8Br4fdCjN3AJC1WyrgB+C5FxqE//5Zs1tbVZ3 vPuW4BmSdLllrwUHIFAFdZUBQPYPO2aVEhzcnStsqkwDa3HlxoL6pxVKT4fysYTo zndNarj3NvaYKu3jAAYfjk09qH/uAT/no5S00V0Qho4+UFzDDvAGztd22pNLlltI Hy/UAxI+L2RK9Yzo2SGIkYeOwoiA4NR9BN3iO7X68XOSSFbdXWsjbMHGWSnELF1O JcKDjn59eWAnmEIwRnAOLhswNVJ9YwZMNjyDrxRIfyhoUx7Gxa3dO4o1r1xg7RVm dIuw0YlsK822RbmTDLAnSLgeMof8tJ5mjB8eXmmwDYgg/bcYnj/2Luvp2fOhQJBg /h72mhb7O7vvTelcTrbUoc+RXdPf5UzrqCaIXL3aASkolz9twUCvdveiWjH+3fAT aaiE1tEH3nWFv4w+oNmU =Bx8M -----END PGP SIGNATURE----- From kgo at grant-olson.net Sun Sep 26 01:37:53 2010 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 25 Sep 2010 19:37:53 -0400 Subject: Advanced Sub-key Management Link In-Reply-To: <4C9E6AA6.6040707@gmail.com> References: <4C9E6AA6.6040707@gmail.com> Message-ID: <4C9E87D1.5030805@grant-olson.net> On 9/25/10 5:33 PM, Allen Schultz wrote: > One of you previously gave me a link last year for advanced sub-key > management where I was using a master key to create limited yearly > expired sub-keys, just in case they were compromised. I cant seem to > find it on Google searches. I have tried any combination of the following: > > gpg gnupg subkey advanced management > > ..to no avail. > > If someone on here still has the link, can you please send me the link > again? > It's probably either: http://tjl73.altervista.org/secure_keygen/en/index.html or http://fortytwo.ch/gpg/subkeys -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From allen.schultz at gmail.com Sun Sep 26 02:28:41 2010 From: allen.schultz at gmail.com (Allen Schultz) Date: Sat, 25 Sep 2010 18:28:41 -0600 Subject: Advanced Sub-key Management Link In-Reply-To: <4C9E87D1.5030805@grant-olson.net> References: <4C9E6AA6.6040707@gmail.com> <4C9E87D1.5030805@grant-olson.net> Message-ID: <4C9E93B9.1070201@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2010-09-25 17:37, Grant Olson wrote: > It's probably either: > > http://tjl73.altervista.org/secure_keygen/en/index.html This was the one. Thank you very much. Allen Schultz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJMnpO5AAoJELfkwqOvUDIKyR4P/2wrsz+37k4OFipPRgsO69mm 4ereNP5zg7uhQeW1d4Dq8fFZlgYJ0SSaEBidXC/49yUhvjD3WUUHhOhV+W8Y9f+G DT0WAPiRV1G6Xl1ma5wDzH33eEy6BtG/DHt0M+8fwJYLAfiswV1gyOXch9rnKC9F Gm7xmYsEDFNyS4Hvba4UqKP4hA71F/c8jxUh6xNTbh/wGsmxDDySUanHeNqH3kbq huGmgdea/5Z5Y3t5b/80z/2cEkTDv/UnSpnFkteDCpnjsimK7v86oe2i4v/gTFP+ oc3W2NaqJUVjLofa+HBc9iln6UxF1A2NDIH5KwvaV4RFHq97BJxTDX/Amc6AmmP2 5XMDQZIbTdOu7scUS8KryF3dMwILZcAQTkmjhLgniay26ueX5SnoseKE4b7uDhPs 0WQTjx5YsSw/yyFnFX0o3uqRgi6NSavElTU5tMytC2cGerBf300XEYKcWhJTobDZ PKUfjVGITwqhZ+frukFrxVoGcTzy2MGVfKVSboOnmalNlHntJE6hwn4EosQ3asoJ CP6TjyJyx/lCTTxZlDJOeyAzN0XYqxa2PzTeBqgvyMSlSZLC/vpDq3SMyc8n5UOp Uodo4jabAdS0f2vvQ5hAQSFzw8tHn4vC8WQpHH4vRnLuKgGHhLpPBnXEfDn4qTQv wl0uQViorxGapD78dRkl =NwDQ -----END PGP SIGNATURE----- From jcruff at gmail.com Sun Sep 26 15:53:19 2010 From: jcruff at gmail.com (Chris Ruff) Date: Sun, 26 Sep 2010 09:53:19 -0400 Subject: gpg.conf for subkeys Message-ID: <4C9F504F.8090205@gmail.com> I've setup subkeys for my Open PGP v2.0 smartcard. However, I seem to be unclear about how/what configuration options should be used in gpg.conf (ie encrypt-to, hidden-encrypt-to, default-recipient, etc). So far I've reference the how-to on gnupg.org and we.riseup.net http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2507429 https://we.riseup.net/debian/using-the-openpgp-card-with-subkeys If there are any additional how-to I should reference, please let me know. Thanks. -- __________________________________ Chris Ruff email: jcruff at gmail.com From Dave.Smith at st.com Mon Sep 27 11:12:41 2010 From: Dave.Smith at st.com (David Smith) Date: Mon, 27 Sep 2010 10:12:41 +0100 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4C9D0A1C.5000002@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> Message-ID: <4CA06009.10900@st.com> Daniel Kahn Gillmor wrote: > On 09/24/2010 09:54 AM, David Shaw wrote: >> It won't work with the current generation of OpenPGP smartcards. It also >> will be dreadfully slow if you (or someone you are communicating with) ever >> uses the key on a small machine (think smart phone). If you are usually on >> a "full power" computer, then they generally have the CPU to spare for this >> sort of thing, and you'll rarely if ever notice a difference. > > i'm curious to see some quantitative data about what "dreadfully slow" > means. Not truly "quantitative, but I notice a significant difference between encrypting emails to people with 1024-bit keys vs people with 4096-bit keys. I'd say that the difference is in the order 3-6 seconds. I'm running GnuPG 1.4.x on a Sun Ultra10 with a 500 MHz CPU and 1 GB RAM. Yes, I know it's old. :-) We're forced to use 4096-bit keys because some of our customers require it. From vklimovs at gmail.com Mon Sep 27 12:42:19 2010 From: vklimovs at gmail.com (Vjaceslavs Klimovs) Date: Mon, 27 Sep 2010 12:42:19 +0200 Subject: multiple keys vs multiple identities In-Reply-To: <1863743024.20100924192536@my_localhost> References: <4C9C965C.1060105@gmail.com> <1863743024.20100924192536@my_localhost> Message-ID: <4CA0750B.9050600@gmail.com> Hi, Thank you for all your replies. It seems that multiple separate keys is the way to go for me. Is it socially acceptable to ask someone to sign several keys, for example during key signing event? Is this a common occurrence? From Simon.Richter at hogyros.de Mon Sep 27 13:37:49 2010 From: Simon.Richter at hogyros.de (Simon Richter) Date: Mon, 27 Sep 2010 13:37:49 +0200 Subject: multiple keys vs multiple identities In-Reply-To: <4CA0750B.9050600@gmail.com> References: <4C9C965C.1060105@gmail.com> <1863743024.20100924192536@my_localhost> <4CA0750B.9050600@gmail.com> Message-ID: <20100927113748.GA25338@richter> Hi, On Mon, Sep 27, 2010 at 12:42:19PM +0200, Vjaceslavs Klimovs wrote: > Thank you for all your replies. It seems that multiple separate keys is > the way to go for me. Is it socially acceptable to ask someone to sign > several keys, for example during key signing event? Is this a common > occurrence? Yes, although you should probably limit it to two or three keys at the most, as verification of key fingerprints takes time and most keysigning party modes are only as fast as the slowest pair. If you have a "main" key, it is usually best to make sure it is well-connected by presenting it at every key signing party during the official part, and negotiating individual signings for the other keys unofficially. It all depends on the circumstances at the party though. Simon From vklimovs at gmail.com Mon Sep 27 15:56:52 2010 From: vklimovs at gmail.com (Vjaceslavs Klimovs) Date: Mon, 27 Sep 2010 15:56:52 +0200 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4CA06009.10900@st.com> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> Message-ID: <4CA0A2A4.6050807@gmail.com> On 27/09/10 11:12, David Smith wrote: > Daniel Kahn Gillmor wrote: >> On 09/24/2010 09:54 AM, David Shaw wrote: >>> It won't work with the current generation of OpenPGP smartcards. It also >>> will be dreadfully slow if you (or someone you are communicating with) ever >>> uses the key on a small machine (think smart phone). If you are usually on >>> a "full power" computer, then they generally have the CPU to spare for this >>> sort of thing, and you'll rarely if ever notice a difference. >> >> i'm curious to see some quantitative data about what "dreadfully slow" >> means. > > Not truly "quantitative, but I notice a significant difference between > encrypting emails to people with 1024-bit keys vs people with 4096-bit > keys. I'd say that the difference is in the order 3-6 seconds. > > I'm running GnuPG 1.4.x on a Sun Ultra10 with a 500 MHz CPU and 1 GB > RAM. Yes, I know it's old. :-) > > We're forced to use 4096-bit keys because some of our customers require it. > I did some quick tests on Nokia N900 (600 MHz ARM CPU), with gnupg 1.4.6, here is what I got: Encrypting and signing, 2048 bit RSA keys: real 0m 2.50s user 0m 0.50s sys 0m 0.02s Decrypting and verifying, 2048 bit RSA keys: real 0m 1.74s user 0m 0.41s sys 0m 0.04s Encrypting and signing, 4096 bit RSA keys: real 0m 3.58s user 0m 1.92s sys 0m 0.06s Decrypting and veryfying, 4096 bit RSA keys: real 0m 3.80s user 0m 1.89s sys 0m 0.03s Is one second considered a rule of thumb limit? That would mean that 4096 keys are not suitable for widespread use yet. From dshaw at jabberwocky.com Mon Sep 27 15:57:18 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 27 Sep 2010 09:57:18 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4C9D0A1C.5000002@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> Message-ID: On Sep 24, 2010, at 4:29 PM, Daniel Kahn Gillmor wrote: > Are there other interpretations of the above results? does anyone else > want to post comparable data points on different hardware? How powerful > is a typical smartphone anyway? What kind of a cutoff are people > willing to accept in terms of CPU cycles per signature validated? or am > i measuring the wrong thing entirely? Sort of, yes. You are measuring verify performance. At it happens, that is the operation that RSA really excels at, CPU-wise. Try measuring signing or decryption performance instead. People on smartphones don't just verify signatures :) "Dreadfully" is a difficult thing to enumerate anyway. For me, FWIW, it would be "over 1-2 seconds". David From dkg at fifthhorseman.net Mon Sep 27 15:59:58 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 27 Sep 2010 09:59:58 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4CA06009.10900@st.com> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> Message-ID: <4CA0A35E.4000605@fifthhorseman.net> On 09/27/2010 05:12 AM, David Smith wrote: > Not truly "quantitative, but I notice a significant difference between > encrypting emails to people with 1024-bit keys vs people with 4096-bit > keys. I'd say that the difference is in the order 3-6 seconds. ah, ok. i'll add encrypting messages to the benchmarking script i'm building. (i aim to publish it shortly so other people can post their results) > I'm running GnuPG 1.4.x on a Sun Ultra10 with a 500 MHz CPU and 1 GB > RAM. Yes, I know it's old. :-) Sounds better than my NSLU2 :) I'm happy folks are still using old hardware. The hardware upgrade treadmill sucks. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From vklimovs at gmail.com Mon Sep 27 16:28:07 2010 From: vklimovs at gmail.com (Vjaceslavs Klimovs) Date: Mon, 27 Sep 2010 16:28:07 +0200 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <87bp7j5ktj.fsf@servo.finestructure.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> <4CA0A2A4.6050807@gmail.com> <87bp7j5ktj.fsf@servo.finestructure.net> Message-ID: <4CA0A9F7.80102@gmail.com> On 27/09/10 16:21, Jameson Rollins wrote: > On Mon, 27 Sep 2010 15:56:52 +0200, Vjaceslavs Klimovs wrote: >> I did some quick tests on Nokia N900 (600 MHz ARM CPU), with gnupg >> 1.4.6, here is what I got: >> >> Encrypting and signing, 2048 bit RSA keys: >> >> real 0m 2.50s >> user 0m 0.50s >> sys 0m 0.02s >> >> Decrypting and verifying, 2048 bit RSA keys: >> >> real 0m 1.74s >> user 0m 0.41s >> sys 0m 0.04s >> >> Encrypting and signing, 4096 bit RSA keys: >> >> real 0m 3.58s >> user 0m 1.92s >> sys 0m 0.06s >> >> Decrypting and veryfying, 4096 bit RSA keys: >> >> real 0m 3.80s >> user 0m 1.89s >> sys 0m 0.03s >> >> Is one second considered a rule of thumb limit? That would mean that >> 4096 keys are not suitable for widespread use yet. > > Then by that logic neither are 2048 bit keys. > > jamie. 2048 bit keys are suitable - it's "user+sys" what matters in this case, but not "real" by all means, as that includes waiting for passphrase input too. From jrollins at finestructure.net Mon Sep 27 16:55:26 2010 From: jrollins at finestructure.net (Jameson Rollins) Date: Mon, 27 Sep 2010 10:55:26 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4CA0A9F7.80102@gmail.com> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> <4CA0A2A4.6050807@gmail.com> <87bp7j5ktj.fsf@servo.finestructure.net> <4CA0A9F7.80102@gmail.com> Message-ID: <878w2n5j8h.fsf@servo.finestructure.net> On Mon, 27 Sep 2010 16:28:07 +0200, Vjaceslavs Klimovs wrote: > 2048 bit keys are suitable - it's "user+sys" what matters in this case, > but not "real" by all means, as that includes waiting for passphrase > input too. I think this is really a UI issue, in which case "real" is what you really care about. An operation that takes >1s is annoying if it needs to be done frequently, but I'm not sure the operations we're talking about here really ones that are done that frequently. jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From jrollins at finestructure.net Mon Sep 27 16:21:12 2010 From: jrollins at finestructure.net (Jameson Rollins) Date: Mon, 27 Sep 2010 10:21:12 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4CA0A2A4.6050807@gmail.com> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> <4CA0A2A4.6050807@gmail.com> Message-ID: <87bp7j5ktj.fsf@servo.finestructure.net> On Mon, 27 Sep 2010 15:56:52 +0200, Vjaceslavs Klimovs wrote: > I did some quick tests on Nokia N900 (600 MHz ARM CPU), with gnupg > 1.4.6, here is what I got: > > Encrypting and signing, 2048 bit RSA keys: > > real 0m 2.50s > user 0m 0.50s > sys 0m 0.02s > > Decrypting and verifying, 2048 bit RSA keys: > > real 0m 1.74s > user 0m 0.41s > sys 0m 0.04s > > Encrypting and signing, 4096 bit RSA keys: > > real 0m 3.58s > user 0m 1.92s > sys 0m 0.06s > > Decrypting and veryfying, 4096 bit RSA keys: > > real 0m 3.80s > user 0m 1.89s > sys 0m 0.03s > > Is one second considered a rule of thumb limit? That would mean that > 4096 keys are not suitable for widespread use yet. Then by that logic neither are 2048 bit keys. jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From jeandavid8 at verizon.net Mon Sep 27 16:46:15 2010 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Mon, 27 Sep 2010 10:46:15 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4CA06009.10900@st.com> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> Message-ID: <4CA0AE37.3020605@verizon.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Smith wrote: > Daniel Kahn Gillmor wrote: >> On 09/24/2010 09:54 AM, David Shaw wrote: >>> It won't work with the current generation of OpenPGP smartcards. >>> It also will be dreadfully slow if you (or someone you are >>> communicating with) ever uses the key on a small machine (think >>> smart phone). If you are usually on a "full power" computer, >>> then they generally have the CPU to spare for this sort of thing, >>> and you'll rarely if ever notice a difference. >> i'm curious to see some quantitative data about what "dreadfully >> slow" means. > > Not truly "quantitative, but I notice a significant difference > between encrypting emails to people with 1024-bit keys vs people with > 4096-bit keys. I'd say that the difference is in the order 3-6 > seconds. > > I'm running GnuPG 1.4.x on a Sun Ultra10 with a 500 MHz CPU and 1 GB > RAM. Yes, I know it's old. :-) > > We're forced to use 4096-bit keys because some of our customers > require it. > Am I missing something? I thought the keys were used to encrypt the block containing the session key (that is, IIRC, 512 bits). And it is the session key that is used to encrypt and decrypt the actual message. Since the session key is small, encrypting or decrypting it should not take a lot of time compared with doing an entire message (depends on its length, of course). So unless the time to encrypt or decrypt the session key is large compared with the time to encrypt or decrypt the actual message, is this discussion not about the wrong thing? What is the message size of the messages being used to come up with the numbers on this thread? Are they realistically large (whatever that might be)? - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 10:35:01 up 6 days, 2:03, 3 users, load average: 4.96, 4.74, 4.57 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFMoK43Ptu2XpovyZoRAu73AJ0dIGF415+emazvMRK7OYEpjzzYVACdFNQu Y4rA9L516xM4TFSkw9T6Ako= =AYQV -----END PGP SIGNATURE----- From Dave.Smith at st.com Mon Sep 27 18:09:28 2010 From: Dave.Smith at st.com (David Smith) Date: Mon, 27 Sep 2010 17:09:28 +0100 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4CA0AE37.3020605@verizon.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> <4CA0AE37.3020605@verizon.net> Message-ID: <4CA0C1B8.9070906@st.com> Jean-David Beyer wrote: > David Smith wrote: >> Not truly "quantitative", but I notice a significant difference >> between encrypting emails to people with 1024-bit keys vs people with >> 4096-bit keys. I'd say that the difference is in the order 3-6 >> seconds. > >> I'm running GnuPG 1.4.x on a Sun Ultra10 with a 500 MHz CPU and 1 GB >> RAM. Yes, I know it's old. :-) > >> We're forced to use 4096-bit keys because some of our customers >> require it. > > Am I missing something? > > I thought the keys were used to encrypt the block containing the session > key (that is, IIRC, 512 bits). And it is the session key that is used to > encrypt and decrypt the actual message. Since the session key is small, > encrypting or decrypting it should not take a lot of time compared with > doing an entire message (depends on its length, of course). Yes, that's partially true, although I thought that the symmetric cipher is usually a 256-bit key (often AES-256). > So unless the time to encrypt or decrypt the session key is large > compared with the time to encrypt or decrypt the actual message, is this > discussion not about the wrong thing? What is the message size of the > messages being used to come up with the numbers on this thread? Are they > realistically large (whatever that might be)? I was talking about small emails (e.g. a couple of kB). Since the symmetric cipher is usually much easier computationally (that's one of the reasons for going for a hybrid cipher system), the encryption of the session key starts to dominate the operation, and in my case, there's a noticable difference of the order of a number of seconds between the two types of keys. Most of my emails are short, between members of the team, some of which have 1024-bit keys, some 2048, some 4096. Adding on a 5-second delay to the sending of every email can be a bit of an annoyance (although we have to live with it...), and although the effect is less pronounced on decryption, it's still noticeable and probably even more important. From dkg at fifthhorseman.net Mon Sep 27 21:33:36 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 27 Sep 2010 15:33:36 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <878w2n5j8h.fsf@servo.finestructure.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> <4CA0A2A4.6050807@gmail.com> <87bp7j5ktj.fsf@servo.finestructure.net> <4CA0A9F7.80102@gmail.com> <878w2n5j8h.fsf@servo.finestructure.net> Message-ID: <4CA0F190.2060605@fifthhorseman.net> On 09/27/2010 10:55 AM, Jameson Rollins wrote: > On Mon, 27 Sep 2010 16:28:07 +0200, Vjaceslavs Klimovs wrote: >> 2048 bit keys are suitable - it's "user+sys" what matters in this case, >> but not "real" by all means, as that includes waiting for passphrase >> input too. > > I think this is really a UI issue, in which case "real" is what you > really care about. It's true that we really do care about "real", but that measurement is confounded by other factors (human password entry, CPU and I/O contention, etc) that gnupg developers have no control over. So in terms of "what kinds of responsiveness can we expect from GnuPG", i think measuring user+sys is the way to go. > An operation that takes >1s is annoying if it needs to be done > frequently, but I'm not sure the operations we're talking about here > really ones that are done that frequently. So i think the tradeoff is the cost of the algorithms that require secret-key use (decrypting, signing) vs. the cost of the algorithms that require public-key use (encrypting, verifying). David Shaw pointed out that RSA excels in speed at the pubkey operations, but is fairly slow on the secret-key operations, if i understand correctly. so if you're just exchanging signed mails with a group of N people, that's 1 expensive operation (signing) per message, and N cheap operations per message (verification). if you're sending encrypted e-mail to someone, that should be 1 cheap operation per message (encryption) and one expensive (decryption). If you receive lots of encrypted mail, and you have to decrypt it each time you read it on a weak device, that could certainly be expensive computationally. None of this seems to preclude using large/strong primary keys alongside weaker/shorter, time-limited subkeys, though, afaict. It sounds like the only concern is about doing your own secret key operations on low-powered devices. So concern that your correspondents might be using OpenPGP on a low-power device shouldn't constrain your own choice of key strength, since your secret key won't be used on that device anyway. Does that seem like the right analysis? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From mlisten at hammernoch.net Mon Sep 27 21:25:21 2010 From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Mon, 27 Sep 2010 21:25:21 +0200 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> Message-ID: <4CA0EFA1.8050100@hammernoch.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Shaw wrote on 27.09.10 15:57: > "Dreadfully" is a difficult thing to enumerate anyway. For me, FWIW, it would be "over 1-2 seconds". Ack. 1.5 seconds is about the limit where a good GUI should issue a reaction. This is where the human mind is starting to think there's something wrong. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11rc1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJMoO+hAAoJEA52XAUJWdLjUiEIAIA8L4BLmHtFUY/skTX0vmuq 54YNsEv5d0hybk5AGIrQtyJMxTmwYWT4Kf8Zj/00wDAEf0Bhjlv5YnXt7FeWyy2T e6hwO8wtYyC5vmeCJD8TcH01VRyVQvu1zIvbC9eSXyUix2X8P8k0zuWHdoo8e7mX o166H1xbLkRx5QkPj6daRIY6rNMIBnmh96Mois7yxnFGR7fczZOpCwX2lf/dY1Fc usTgzJMSrI3Fjj60UImuwWZU6kO5yNdHyyMj9ZIh1Ft1HxuTCEbbOFXTO1/u8uXV Z2j997YzdAkn51X1+4mo6RlBWxOVofkTjq82PEmh/JmxStOKyp4JsKHjWXZVlQU= =hr9E -----END PGP SIGNATURE----- From jrollins at finestructure.net Mon Sep 27 21:51:10 2010 From: jrollins at finestructure.net (Jameson Rollins) Date: Mon, 27 Sep 2010 15:51:10 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4CA0EFA1.8050100@hammernoch.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA0EFA1.8050100@hammernoch.net> Message-ID: <87sk0v3qz5.fsf@servo.finestructure.net> On Mon, 27 Sep 2010 21:25:21 +0200, Ludwig H?gelsch?fer wrote: > Ack. 1.5 seconds is about the limit where a good GUI should issue a > reaction. This is where the human mind is starting to think there's > something wrong. We should be careful not to overstate the impatience of users too much. I've seen plenty of people wait many seconds for google maps to load on phones without giving up on the whole process. I also have an extremely slow machine were I routinely have to wait a long time (many seconds) for certain operations to complete. It's certainly not ideal, but I don't give up on those operations just because they take a little longer. I get used to it and figure out ways to deal. I'm not saying we shouldn't care about operations taking a noticeable amount of time, but I wouldn't state out-right that users will revolt and refuse to do something just because it takes more than a second. jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From htd at fritha.org Mon Sep 27 21:14:31 2010 From: htd at fritha.org (Heinz Diehl) Date: Mon, 27 Sep 2010 21:14:31 +0200 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <4CA0A9F7.80102@gmail.com> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> <4CA0A2A4.6050807@gmail.com> <87bp7j5ktj.fsf@servo.finestructure.net> <4CA0A9F7.80102@gmail.com> Message-ID: <20100927191431.GA15152@fritha.org> On 27.09.2010, Vjaceslavs Klimovs wrote: > 2048 bit keys are suitable - it's "user+sys" what matters in this case, > but not "real" by all means, as that includes waiting for passphrase > input too. Hmm, maybe I miss the point, but hey, we're living in the age where dual- and quadcore processors are as common as our daily bread, who cares about 1 second? Regarding an ARM or any other tablet pc, it doesn't really matter eiter, does it? From bblake at celgene.com Mon Sep 27 22:49:48 2010 From: bblake at celgene.com (BradBlake) Date: Mon, 27 Sep 2010 13:49:48 -0700 (PDT) Subject: Need help doing gpg encryption without prompting for passphrase Message-ID: <29823038.post@talk.nabble.com> Hi all, I could REALLY use some assistance ? I need to encrypt a file with gpg (my Linux server is on version 1.2.6), I need to encrypt it with the public key from our client, and sign it with our private PGP key. I?ve got this all working (I imported their public key, and sent them our key), so I can run a command like this from the command line to encrypt the file: gpg --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com" --local-user "myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt This works fine (and our client is able to decrypt), but it is prompting for my passphrase each time. We want to set this up to run as an automated process via a script, without prompting for a passphrase. So I was trying to follow the instructions found here: http://www.gnupg.org/faq.html#q4.14 Here are the steps I just ran: 1. I ran the command ?gpg --edit-key myusername at mycompany.com?, then specified ?addkey?, selected the DSA key type. It prompted me for my passphrase, and ran successfully, so I saved and quit. 2. I ran the command ?gpg --export-secret-subkeys --no-sk-comments > secring.auto? that generated the secring.auto file, that I assume I need to email to the client to import on their side? (when I tried to run it just like in step 3 on the website, I got errors, and not sure if I need to follow steps 4-7?) 3. Now to try and encrypt without a passphrase, I tried this command (same command as above, just added the flag --batch?): a. gpg --batch --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com" --local-user myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt b. And I am seeing this error: $ gpg --batch --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com" --local-user "myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt gpg: can't query password in batchmode gpg: skipped `myusername at mycompany.com': bad passphrase gpg: file_to_encrypt.txt: sign+encrypt failed: bad passphrase Are you able to help me with this? I appreciate any assistance you can offer, thanks!!! Am I just missing something simple? Am I better off to delete and recreate the keys? Thank you, Brad Blake -- View this message in context: http://old.nabble.com/Need-help-doing-gpg-encryption-without-prompting-for-passphrase-tp29823038p29823038.html Sent from the GnuPG - User mailing list archive at Nabble.com. From BBlake at celgene.com Mon Sep 27 22:41:49 2010 From: BBlake at celgene.com (Brad Blake) Date: Mon, 27 Sep 2010 16:41:49 -0400 Subject: Need help doing gpg encryption without prompting for passphrase Message-ID: Hi all, I could REALLY use some assistance - I need to encrypt a file with gpg (my server is on version 1.2.6), I need to encrypt it with the public key from our client, and sign it with our private PGP key. I've got this all working (I imported their public key, and sent them our key), so I can run a command like this from the command line to encrypt the file: gpg --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com" --local-user "myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt This works fine (and our client is able to decrypt), but it is prompting for my passphrase each time. We want to set this up to run as an automated process via a script, without prompting for a passphrase. So I was trying to follow the instructions here: http://www.gnupg.org/faq.html#q4.14 Here are the steps I just ran: 1. I ran the command "gpg --edit-key myusername at mycompany.com", then specified "addkey", selected the DSA key type. It prompted me for my passphrase, and ran successfully, so I saved and quit. 2. I ran the command "gpg --export-secret-subkeys --no-sk-comments > secring.auto" that generated the secring.auto file, that I assume I need to email to the client to import on their side? (when I tried to run it just like in step 3 on the website, I got errors, and not sure if I need to follow steps 4-7?) 3. Now to try and encrypt without a passphrase, I tried this command (same command as above, just added the flag --batch"): a. gpg --batch --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com" --local-user myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt b. And I am seeing this error: $ gpg --batch --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com" --local-user "myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt gpg: can't query password in batchmode gpg: skipped `myusername at mycompany.com': bad passphrase gpg: file_to_encrypt.txt: sign+encrypt failed: bad passphrase Are you able to help me with this? I appreciate any assistance you can offer, thanks!!! Am I just missing something simple? Am I better off to delete and recreate the keys? Thank you, Brad Blake ********************************************************* THIS ELECTRONIC MAIL MESSAGE AND ANY ATTACHMENT IS CONFIDENTIAL AND MAY CONTAIN LEGALLY PRIVILEGED INFORMATION INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR INDIVIDUALS NAMED ABOVE. If the reader is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender to notify us of the error and delete the original message. Thank You. ********************************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From John at Mozilla-Enigmail.org Tue Sep 28 00:25:22 2010 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Mon, 27 Sep 2010 17:25:22 -0500 Subject: Need help doing gpg encryption without prompting for passphrase In-Reply-To: <29823038.post@talk.nabble.com> References: <29823038.post@talk.nabble.com> Message-ID: <4CA119D2.7040407@Mozilla-Enigmail.org> BradBlake wrote: > I could REALLY use some assistance ? I need to encrypt a file with gpg (my > Linux server is on version 1.2.6), I need to encrypt it with the public key > from our client, and sign it with our private PGP key. I?ve got this all > working (I imported their public key, and sent them our key), so I can run a > command like this from the command line to encrypt the file: > > gpg --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com" > --local-user "myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt > > This works fine (and our client is able to decrypt), but it is prompting for > my passphrase each time. We want to set this up to run as an automated > process via a script, without prompting for a passphrase. So I was trying > to follow the instructions found here: http://www.gnupg.org/faq.html#q4.14 > echo passphrase | gpg --armor --output encrypted_file.gpg \ --recipient "pgpadmin at ourclient.com" --local-user \ "myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt /should/ work You may want to look at using --passphrase-file or --passphrase-fd (see man page). These problems go away by removing the passphrase from the key. Removing the passphrase also removes the charade that things are all that secure when the passphrase is in a file readable by anyone with enough access. ;-) -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 483 bytes Desc: OpenPGP digital signature URL: From expires2010 at ymail.com Tue Sep 28 02:15:20 2010 From: expires2010 at ymail.com (MFPA) Date: Tue, 28 Sep 2010 01:15:20 +0100 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <20100927191431.GA15152@fritha.org> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA06009.10900@st.com> <4CA0A2A4.6050807@gmail.com> <87bp7j5ktj.fsf@servo.finestructure.net> <4CA0A9F7.80102@gmail.com> <20100927191431.GA15152@fritha.org> Message-ID: <1303322930.20100928011520@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 27 September 2010 at 8:14:31 PM, in , Heinz Diehl wrote: > Hmm, maybe I miss the point, but hey, we're living in > the age where dual- and quadcore processors are as > common as our daily bread, In "proper" computers. But in mobile phones and the like? > who cares about 1 second? For tasks that are repeated frequently, more than about 0.7 seconds quickly becomes an irritation. For operations repeated just a handful of times a day, it's a different story. > Regarding an ARM or any other tablet pc, it doesn't > really matter eiter, does it? Not to me, because I don't use one. (-; - -- Best regards MFPA mailto:expires2010 at ymail.com Those who do not read are no better off than those who cannot. -----BEGIN PGP SIGNATURE----- iQCVAwUBTKEz5aipC46tDG5pAQo1YwP/Vtvg5TmNJWZhrAP9IOaeylfSUrym5Uki B+nbbWXKvEOrYEEB5/sViU+pbAJNmCQb8LVSdmKQur6sdP++Y/jFg0rz5uw9iq67 R9fcwgtYhRHCW9F8WpmpmbE6SGV0bs/+pjLlpqG0TABeX+2fcrtVW5yqyNvgDtYJ 5hNzXn0/z34= =Pz2B -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Sep 28 04:51:24 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 27 Sep 2010 22:51:24 -0400 Subject: per-user data signatures [was: Re: multiple keys vs multiple identities] In-Reply-To: References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> <4C9CC255.6020901@fifthhorseman.net> <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> Message-ID: On Sep 24, 2010, at 2:52 PM, Phil Brooke wrote: > On Fri, 24 Sep 2010, David Shaw wrote: >> There is actually a defined field for this in OpenPGP (see section 5.2.3.22, Signer's User ID). I don't think anyone implements it though. > > Is there any particular difficulty or reason for it not being implemented by anyone? (It looks very similar to, for example, the policy URL signature subpacket.) No real reason. Nobody has ever shown a major need for it - it's been in the spec for almost 12 years without much fanfare. Even if it were implemented today, it would suffer from the fact that all the software to date assumes that a valid signature is a valid signature, and does not take into account which "hat" the signer was wearing at the time. David From Chris.Knadle at coredump.us Tue Sep 28 14:07:32 2010 From: Chris.Knadle at coredump.us (Chris Knadle) Date: Tue, 28 Sep 2010 08:07:32 -0400 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <87sk0v3qz5.fsf@servo.finestructure.net> References: <4C9C965C.1060105@gmail.com> <4CA0EFA1.8050100@hammernoch.net> <87sk0v3qz5.fsf@servo.finestructure.net> Message-ID: <201009280807.44253.Chris.Knadle@coredump.us> On Monday 27 September 2010 15:51:10 Jameson Rollins wrote: > On Mon, 27 Sep 2010 21:25:21 +0200, Ludwig H?gelsch?fer wrote: > > Ack. 1.5 seconds is about the limit where a good GUI should issue a > > reaction. This is where the human mind is starting to think there's > > something wrong. > > We should be careful not to overstate the impatience of users too much. > I've seen plenty of people wait many seconds for google maps to load on > phones without giving up on the whole process. I also have an extremely > slow machine were I routinely have to wait a long time (many seconds) > for certain operations to complete. It's certainly not ideal, but I > don't give up on those operations just because they take a little > longer. I get used to it and figure out ways to deal. > > I'm not saying we shouldn't care about operations taking a noticeable > amount of time, but I wouldn't state out-right that users will revolt > and refuse to do something just because it takes more than a second. > > jamie. There are GUI operations that can routinely take several seconds to complete, such as sending an email via authenticated SMTP over TLS, opening an .ogv file, converting a document to a .PDF, adding a picture to a big presentation, etc. My personal threshold before I think something is wrong is somewhere between 3-4 seconds for when I don't know something is computationally expensive. Encryption using a 4096-bit key is something I /expect/ is computationally expensive, so if there's a few second delay there I wouldn't personally be worried about it. In fact if I was using old or slow hardware and it only took a couple of seconds to complete, I'd be pleased it was that fast. I'm personally pleased at the performance I get from 4096R key encryption. It's a good thing for speed be considered nonetheless, but there's also only so much that can be done about it. There are organizations that have deemed 1024-bit DSA keys not to be secure enough [due to SHA-1 collisions], and some have stated in this thread that encryption using 2048-bit and 4096-bit keys "takes too long". To reconcile this, there are basically two choices in my mind: A) grow patience, or B) tolerate being less secure... because I don't think there's going to suddenly be a wild advance in code efficiency. -- Chris -- Chris Knadle Chris.Knadle at coredump.us -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. URL: From Dave.Smith at st.com Tue Sep 28 14:16:59 2010 From: Dave.Smith at st.com (David Smith) Date: Tue, 28 Sep 2010 13:16:59 +0100 Subject: how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities] In-Reply-To: <87sk0v3qz5.fsf@servo.finestructure.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4CA0EFA1.8050100@hammernoch.net> <87sk0v3qz5.fsf@servo.finestructure.net> Message-ID: <4CA1DCBB.80903@st.com> Jameson Rollins wrote: > We should be careful not to overstate the impatience of users too much. > I've seen plenty of people wait many seconds for google maps to load on > phones without giving up on the whole process. I also have an extremely > slow machine were I routinely have to wait a long time (many seconds) > for certain operations to complete. It's certainly not ideal, but I > don't give up on those operations just because they take a little > longer. I get used to it and figure out ways to deal. > > I'm not saying we shouldn't care about operations taking a noticeable > amount of time, but I wouldn't state out-right that users will revolt > and refuse to do something just because it takes more than a second. Whilst it's not something I've had to do, there's also the (potential) issue of wanting to search a mailbox containing a number of encrypted mails. Those seconds can add up... :-) From dshaw at jabberwocky.com Tue Sep 28 18:00:10 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 28 Sep 2010 12:00:10 -0400 Subject: per-user data signatures [was: Re: multiple keys vs multiple identities] In-Reply-To: <4C9CDD3B.1090203@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <20100924133614.GB22152@richter> <4C9CAF08.1030306@fifthhorseman.net> <20100924143056.GA30278@richter> <4C9CC255.6020901@fifthhorseman.net> <4E10ACBA-C2E4-4FF3-B0E2-3B675A6C1C9D@jabberwocky.com> <4C9CD624.4080605@fifthhorseman.net> <4C9CDD3B.1090203@fifthhorseman.net> Message-ID: On Sep 24, 2010, at 1:17 PM, Daniel Kahn Gillmor wrote: > second, what does "this option implies --ask-sig-expire ..." mean? it > seems to mean "this implies that the following options are not > available" or something like that. You are correct. The manual is incorrect. Setting force-v3-sigs *disables* ask-sig-expire, sig-policy-url, etc. > The attached patch clarifies things to my current understanding of them > (but i might be wrong!) I've applied something similar (also fixing ask-sig-expire which had a similar problem). David From dkg at fifthhorseman.net Wed Sep 29 06:02:03 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 29 Sep 2010 00:02:03 -0400 Subject: Benchmarking OpenPGP operations with GnuPG [was: Re: how slow are 4Kbit RSA keys?] In-Reply-To: <4C9D16CA.6050704@grant-olson.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4C9D16CA.6050704@grant-olson.net> Message-ID: <4CA2BA3B.6050905@fifthhorseman.net> On 09/24/2010 05:23 PM, Grant Olson wrote: > I can test on a Motorola i1 (Boost' droid) with APG, but I'll only be > able to do a stopwatch test. As far as I'm concerned, under one sec is > good. i'd be interested in seeing the results, even if the mechanism is clunky (btw, you could also use a webcam or other digital video and count frames, if you want sub 1Hz resolution) -- it's still wall-clock measurements, and not CPU usage measurements, but it's a reasonable data point. > I believe you've got a 4096 bit key that uses a serious hash. Would you > mind posting a test clearsigned message so that we're all using the same > document to test against? sure. I just wrote a test script that generates a bunch of tabular data, comparing the four different operations (encrypt, decrypt, sign, verify) against different algorithms and keylengths. It's a bash script that you can fetch here: http://lair.fifthhorseman.net/~dkg/openpgp/benchmark/openpgp-benchmark My OpenPGP signature is available for the script here: http://lair.fifthhorseman.net/~dkg/openpgp/benchmark/openpgp-benchmark.asc If you'd rather just check the checksum of the file, itshould have the sha1sum of 5ae139246aee983a3d9b7e7ba6975191d09ba0ae. you'll need to make it executable before running it, of course. And it shouldn't require any special system privileges, nor should it tamper with any files outside of the log it creates and a working directory that it also creates. If you run it, it will generate a plaintext report. if you mail me back the report (off-list), i'll use your data in a summary of results that i'll post to the list. If you do this, please let me know what kind of machine you were running it on (e.g. "this is my smartphone", "this is a server", "this is my little embedded router"). I'm particularly interested in the marginal cases -- systems that are significantly low-powered. Be aware that on low-powered machines, the full set of benchmarks may take quite a long time, and hammer your CPU. If battery life is a concern for your computer, please only run this when the computer is plugged in. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From singh.madhusudan at gmail.com Wed Sep 29 22:49:16 2010 From: singh.madhusudan at gmail.com (Madhusudan Singh) Date: Wed, 29 Sep 2010 15:49:16 -0500 Subject: Can't use GPG key - secret key not available Message-ID: I finally bit the bullet and cleaned out my old S3 bucket on Amazon and started afresh with a new key. Generated an RSA and RSA (4096 bit) key. Tried to use it with duplicity. It fails: ===== Begin GnuPG log ===== gpg: no default secret key: secret key not available gpg: [stdin]: sign+encrypt failed: secret key not available ===== End GnuPG log ===== GPGError: GPG Failed, see log below: ===== Begin GnuPG log ===== gpg: no default secret key: secret key not available gpg: [stdin]: sign+encrypt failed: secret key not available ===== End GnuPG log ===== OS: Mac OSX 10.6.4 What gives ? I have two keys (corresponding to two different email addresses listed - both --list-keys and --list-secret-keys attest to that fact). Thanks for your help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgo at grant-olson.net Thu Sep 30 00:25:00 2010 From: kgo at grant-olson.net (Grant Olson) Date: Wed, 29 Sep 2010 18:25:00 -0400 Subject: Benchmarking OpenPGP operations with GnuPG [was: Re: how slow are 4Kbit RSA keys?] In-Reply-To: <4CA2BA3B.6050905@fifthhorseman.net> References: <4C9C965C.1060105@gmail.com> <33C67726-7BEC-4EDA-B032-3E2359A2E102@jabberwocky.com> <4C9D0A1C.5000002@fifthhorseman.net> <4C9D16CA.6050704@grant-olson.net> <4CA2BA3B.6050905@fifthhorseman.net> Message-ID: <4CA3BCBC.5020504@grant-olson.net> On 9/29/10 12:02 AM, Daniel Kahn Gillmor wrote: > On 09/24/2010 05:23 PM, Grant Olson wrote: >> I can test on a Motorola i1 (Boost' droid) with APG, but I'll only be >> able to do a stopwatch test. As far as I'm concerned, under one sec is >> good. > > i'd be interested in seeing the results, even if the mechanism is clunky > (btw, you could also use a webcam or other digital video and count > frames, if you want sub 1Hz resolution) -- it's still wall-clock > measurements, and not CPU usage measurements, but it's a reasonable data > point. > I did a few quick tests with APG using both 2048 and 4096 bit keys. AGP is promising, but it's still pretty beta. Anything it does do seems to work well, but there's a lot of stuff it doesn't do. I couldn't figure out how to sign a document without encrypting, couldn't import keys from keyservers, etc. I used the UTF-8 text version of "The Raven" from Project Gutenberg as my test document. Of course the document length will only effect the hash calcs or symmetric encryption inside the envelope, so those portions should be the same for either document. But I want interested parties to have a rough idea of the length of the document. Basic times for decrypting the document were about 4-5 seconds for the 2048 bit key and 5-6 seconds for the 4096 bit key. Basic times to encrypt-to-self and sign with the same key were 5-6 seconds for the 2048 bit key, and 6-7 for the 4096 bit key. It looks like the times do include using the passphrase to decrypt the public key, nothing like GPGAgent running... There's also a mail app, K-9 mail, that has basic GPG integration. It can only verify and sign inline, and doesn't seem to be able to import keys for a given message. I might go ahead and copy my normal keyring to the phone and subscribe to a few gpg lists with a dummy account to see how things work on that front. If I do, I'll be sure to post a report. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From noiano at lavabit.com Thu Sep 30 09:48:59 2010 From: noiano at lavabit.com (Noiano) Date: Thu, 30 Sep 2010 09:48:59 +0200 Subject: Can't use GPG key - secret key not available In-Reply-To: References: Message-ID: On 09/29/2010 10:49 PM, Madhusudan Singh wrote: > I finally bit the bullet and cleaned out my old S3 bucket on Amazon and > started afresh with a new key. > > Generated an RSA and RSA (4096 bit) key. > > Tried to use it with duplicity. It fails: > > ===== Begin GnuPG log ===== > gpg: no default secret key: secret key not available > gpg: [stdin]: sign+encrypt failed: secret key not available > ===== End GnuPG log ===== > > > GPGError: GPG Failed, see log below: > ===== Begin GnuPG log ===== > gpg: no default secret key: secret key not available > gpg: [stdin]: sign+encrypt failed: secret key not available > ===== End GnuPG log ===== > > OS: Mac OSX 10.6.4 > > What gives ? > > I have two keys (corresponding to two different email addresses listed - > both --list-keys and --list-secret-keys attest to that fact). > > Thanks for your help. Hi, check your gpg.conf. You should have a "default-key" parameter set. I have "default-key AB10E8D2". Hope this helps. Noiano -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 222 bytes Desc: OpenPGP digital signature URL: From shavital at mac.com Thu Sep 30 15:53:10 2010 From: shavital at mac.com (Charly Avital) Date: Thu, 30 Sep 2010 09:53:10 -0400 Subject: Can't use GPG key - secret key not available In-Reply-To: References: Message-ID: <4CA49646.1010104@mac.com> Noiano wrote the following on 9/30/10 3:48 AM: > Hi, > check your gpg.conf. You should have a "default-key" parameter set. I > have "default-key AB10E8D2". > > Hope this helps. > > > Noiano If the above does not help, try using the long key ID, 16 last characters (instead of 8) of the key's fingerprint. Charly MacOS 10.6.4-MacBook Intel C2Duo 2GHz-GnuPG 1.4.10-MacGPG 2.0.14 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 - Running Enigmail version 1.1.2 (20100629-1412) From singh.madhusudan at gmail.com Thu Sep 30 17:40:21 2010 From: singh.madhusudan at gmail.com (Madhusudan Singh) Date: Thu, 30 Sep 2010 10:40:21 -0500 Subject: Can't use GPG key - secret key not available In-Reply-To: <4CA49646.1010104@mac.com> References: <4CA49646.1010104@mac.com> Message-ID: It did not work. I still get the same error as before. I somehow doubt that this suggested solution would work, but how do I get the 16 last characters ? I remember seeing it when it was generated. On Thu, Sep 30, 2010 at 8:53 AM, Charly Avital wrote: > Noiano wrote the following on 9/30/10 3:48 AM: > > Hi, > > check your gpg.conf. You should have a "default-key" parameter set. I > > have "default-key AB10E8D2". > > > > Hope this helps. > > > > > > Noiano > > If the above does not help, try using the long key ID, 16 last > characters (instead of 8) of the key's fingerprint. > > Charly > MacOS 10.6.4-MacBook Intel C2Duo 2GHz-GnuPG 1.4.10-MacGPG 2.0.14 > Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.8) > Gecko/20100802 Thunderbird/3.1.2 - Running Enigmail version 1.1.2 > (20100629-1412) > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shavital at mac.com Thu Sep 30 19:04:18 2010 From: shavital at mac.com (Charly Avital) Date: Thu, 30 Sep 2010 13:04:18 -0400 Subject: Can't use GPG key - secret key not available In-Reply-To: References: <4CA49646.1010104@mac.com> Message-ID: <4CA4C312.9000102@mac.com> Madhusudan Singh wrote the following on 9/30/10 11:40 AM: > It did not work. I still get the same error as before. > > I somehow doubt that this suggested solution would work, but how do I > get the 16 last characters ? I remember seeing it when it was generated. In Terminal: gpg --fingerprint [your 8 characters Key ID) return. Select the last four 4 hexadecimal characters groups, and merge them into one 8 characters string. 1. It works for me. and/or 2. Configure your default key in the settings of the MUA you are using. Charly